Deploy RC 452 to Production

Gemfile

@@ -58,7 +58,7 @@ gem 'phonelib'
 gem 'premailer-rails', '>= 1.12.0'
 gem 'profanity_filter'
 gem 'propshaft'
-gem 'rack', '>= 3.0'
+gem 'rack', '~> 3.0.12'
 gem 'rack-attack', github: 'rack/rack-attack', ref: 'd9fedfae4f7f6409f33857763391f4e18a6d7467'
 gem 'rack-cors', '> 2.0.1', require: 'rack/cors'
 gem 'rack-headers_filter'

Gemfile.lock

@@ -512,7 +512,7 @@ GEM
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.0.11)
+    rack (3.0.12)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-headers_filter (0.0.1)
@@ -831,7 +831,7 @@ DEPENDENCIES
   pry-rails
   psych
   puma (~> 6.0)
-  rack (>= 3.0)
+  rack (~> 3.0.12)
   rack-attack!
   rack-cors (> 2.0.1)
   rack-headers_filter

Makefile

@@ -40,6 +40,7 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz
 	lint_readme \
 	lint_spec_file_name \
 	lintfix \
+	lint_openapi \
 	normalize_yaml \
 	optimize_assets \
 	optimize_svg \
@@ -107,6 +108,8 @@ endif
 	make lint_spec_file_name
 	@echo "--- lint migrations ---"
 	make lint_migrations
+	@echo "--- lint openapi spec ---"
+	make lint_openapi
 
 audit: ## Checks packages for vulnerabilities
 	@echo "--- bundler-audit ---"
@@ -181,6 +184,9 @@ lint_spec_file_name:
 		-exec false {} + \
 		-exec echo "Error: Spec files named incorrectly, should end in '.spec.(js|ts|jsx|tsx)':" {} +
 
+lint_openapi:
+	@yarn lint:openapi	
+
 lintfix: ## Try to automatically fix any Ruby, ERB, JavaScript, YAML, or CSS lint errors
 	@echo "--- rubocop fix ---"
 	bundle exec rubocop -a

app/components/status_page_component.rb

@@ -5,6 +5,7 @@ class StatusPageComponent < BaseComponent
     info: [:question],
     warning: [nil],
     error: [nil, :lock],
+    delete: [nil],
   }.freeze
 
   renders_one :header, ::PageHeadingComponent
@@ -16,7 +17,7 @@ class StatusPageComponent < BaseComponent
 
   attr_reader :status, :icon
 
-  validates_inclusion_of :status, in: %i[info error warning]
+  validates_inclusion_of :status, in: %i[info error warning delete]
   validate :validate_status_icon
 
   def initialize(status: :error, icon: nil)

app/components/tab_navigation_component.html.erb

@@ -1,29 +1,14 @@
 <%= content_tag(:nav, aria: { label: }, **tag_options, class: [*tag_options[:class], 'tab-navigation']) do %>
-  <ul class="usa-button-group usa-button-group--segmented">
+  <ul class="usa-button-group">
     <% routes.each do |route| %>
-      <% if current_path?(route[:path]) %>
-        <%= render ClickObserverComponent.new(
-              event_name: 'tab_navigation_current_page_clicked',
-              payload: { path: route[:path] },
-              role: 'listitem',
-              class: 'usa-button-group__item display-list-item',
-            ) do %>
-          <%= render ButtonComponent.new(
-                url: route[:path],
-                big: true,
-                outline: !current_path?(route[:path]),
-                aria: { current: current_path?(route[:path]) ? 'page' : nil },
-              ).with_content(route[:text]) %>
-        <% end %>
-      <% else %>
-        <li class="usa-button-group__item">
-          <%= render ButtonComponent.new(
-                url: route[:path],
-                big: true,
-                outline: !current_path?(route[:path]),
-                aria: { current: current_path?(route[:path]) ? 'page' : nil },
-              ).with_content(route[:text]) %>
-        </li>
+      <%= nav_list_item(route) do %>
+        <%= render ButtonComponent.new(
+              url: route[:path],
+              big: true,
+              outline: current_path?(route[:path]),
+              unstyled: !current_path?(route[:path]),
+              aria: { current: current_path?(route[:path]) ? 'page' : nil },
+            ).with_content(route[:text]) %>
       <% end %>
     <% end %>
   </ul>

app/components/tab_navigation_component.rb

@@ -10,10 +10,35 @@ def initialize(label:, routes:, **tag_options)
   end
 
   def current_path?(path)
-    recognized_path = Rails.application.routes.recognize_path(path, method: request.method)
-    request.params[:controller] == recognized_path[:controller] &&
-      request.params[:action] == recognized_path[:action]
-  rescue ActionController::RoutingError
-    false
+    @current_path ||= {}
+    if !@current_path.key?(path)
+      @current_path[path] = begin
+        recognized_path = Rails.application.routes.recognize_path(path, method: request.method)
+        request.params[:controller] == recognized_path[:controller] &&
+          request.params[:action] == recognized_path[:action]
+      rescue ActionController::RoutingError
+        false
+      end
+    end
+
+    @current_path[path]
+  end
+
+  private
+
+  def nav_list_item(route, &block)
+    if current_path?(route[:path])
+      render(
+        ClickObserverComponent.new(
+          event_name: 'tab_navigation_current_page_clicked',
+          payload: { path: route[:path] },
+          role: 'listitem',
+          class: 'usa-button-group__item display-list-item',
+        ),
+        &block
+      )
+    else
+      tag.li(class: 'usa-button-group__item', &block)
+    end
   end
 end

app/components/tab_navigation_component.scss

@@ -2,16 +2,27 @@
 
 @forward 'usa-button-group/src/styles';
 
-.tab-navigation .usa-button-group--segmented {
+.tab-navigation .usa-button-group {
+  @include u-bg('base-lightest');
+  border-radius: 1.625rem;
+  flex-flow: nowrap;
+
   .usa-button-group__item {
     flex-basis: 50%;
   }
 
-  .usa-button-group__item:last-child > .usa-button,
   .usa-button {
+    @include u-flex('align-center', 'justify-center');
+    @include u-padding(1.5);
+    border-radius: 1.375rem;
     width: 100%;
   }
 
+  .usa-button--unstyled {
+    @include u-text('bold');
+    text-decoration: none;
+  }
+
   .usa-button--big {
     @include at-media-max('tablet') {
       font-size: units(2);

app/controllers/concerns/idv/document_capture_concern.rb

@@ -106,6 +106,8 @@ def track_document_request_event(document_request:, document_response:, timer:)
         success: @url.present?,
         document_type: document_request_body[:documentType],
         docv_transaction_token: response_hash.dig(:data, :docvTransactionToken),
+        socure_status: response_hash[:status],
+        socure_msg: response_hash[:msg],
       }
       analytics_hash = log_extras
         .merge(analytics_arguments)

app/controllers/idv/document_capture_controller.rb

@@ -125,14 +125,19 @@ def allow_direct_ipp?
       # Only allow direct access to document capture if IPP available
       return false unless IdentityConfig.store.in_person_doc_auth_button_enabled &&
                           Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer)
-      @previous_step_url = params[:step] == 'hybrid_handoff' ? idv_hybrid_handoff_path : nil
+      @previous_step_url = step_is_handoff? ? idv_hybrid_handoff_path : nil
       # allow
       idv_session.flow_path = 'standard'
-      idv_session.skip_doc_auth_from_handoff = true
+      idv_session.skip_doc_auth_from_handoff = step_is_handoff?
+      idv_session.skip_doc_auth_from_how_to_verify = params[:step] == 'how_to_verify'
       idv_session.skip_hybrid_handoff = nil
       true
     end
 
+    def step_is_handoff?
+      params[:step] == 'hybrid_handoff'
+    end
+
     def set_usps_form_presenter
       @presenter = Idv::InPerson::UspsFormPresenter.new
     end

app/controllers/idv/socure/document_capture_controller.rb

@@ -91,13 +91,11 @@ def self.step_info
           controller: self,
           next_steps: [:ssn, :ipp_ssn],
           preconditions: ->(idv_session:, user:) {
-            idv_session.flow_path == 'standard' && (
-              # mobile
-              idv_session.skip_doc_auth_from_handoff ||
-              idv_session.skip_hybrid_handoff ||
-              idv_session.skip_doc_auth_from_how_to_verify ||
-              !idv_session.selfie_check_required ||
-              idv_session.desktop_selfie_test_mode_enabled?)
+            idv_session.flow_path == 'standard' &&
+              !idv_session.selfie_check_required && (
+                # mobile
+                idv_session.skip_hybrid_handoff ||
+                idv_session.desktop_selfie_test_mode_enabled?)
           },
           undo_step: ->(idv_session:, user:) do
             idv_session.pii_from_doc = nil

app/javascript/packages/analytics/README.md

@@ -40,3 +40,8 @@ The custom element will implement the analytics logging behavior, but all markup
   <button type="button">Click me!</button>
 </lg-click-observer>
 ```
+
+The element supports the following attributes to customize its behavior:
+
+- `event-name`: The name of the analytics event that should be logged when clicked
+- `payload`: (Optional) JSON payload of additional data that should be included in the logged event

app/javascript/packages/phone-input/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.0",
   "dependencies": {
     "intl-tel-input": "^24.5.0",
-    "libphonenumber-js": "^1.11.19"
+    "libphonenumber-js": "^1.11.20"
   },
   "sideEffects": [
     "./index.ts"

app/jobs/socure_docv_results_job.rb

@@ -18,6 +18,7 @@ def perform(document_capture_session_uuid:, async: true, docv_transaction_token_
     docv_result_response = timer.time('vendor_request') do
       socure_document_verification_result
     end
+
     log_verification_request(
       docv_result_response:,
       vendor_request_time_in_ms: timer.results['vendor_request'],
@@ -56,7 +57,6 @@ def analytics
   def log_verification_request(docv_result_response:, vendor_request_time_in_ms:)
     analytics.idv_socure_verification_data_requested(
       **docv_result_response.to_h.merge(
-        docv_transaction_token: document_capture_session.socure_docv_transaction_token,
         submit_attempts: rate_limiter&.attempts,
         remaining_submit_attempts: rate_limiter&.remaining_count,
         vendor_request_time_in_ms:,

app/models/user.rb

@@ -3,7 +3,6 @@
 class User < ApplicationRecord
   include NonNullUuid
 
-  include ::NewRelic::Agent::MethodTracer
   include ActionView::Helpers::DateHelper
 
   devise(
@@ -508,8 +507,6 @@ def send_confirmation_instructions
     # no-op
   end
 
-  add_method_tracer :send_devise_notification, "Custom/#{name}/send_devise_notification"
-
   def analytics
     @analytics ||= Analytics.new(user: self, request: nil, session: {}, sp: nil)
   end

app/presenters/confirmation_email_presenter.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class ConfirmationEmailPresenter
-  include ::NewRelic::Agent::MethodTracer
-
   def initialize(user, view)
     @user = user
     @view = view
@@ -40,8 +38,4 @@ def confirmation_period
   private
 
   attr_reader :user, :view
-
-  add_method_tracer :initialize, "Custom/#{name}/initialize"
-  add_method_tracer :first_sentence, "Custom/#{name}/first_sentence"
-  add_method_tracer :confirmation_period, "Custom/#{name}/confirmation_period"
 end

app/services/analytics_events.rb

@@ -4992,6 +4992,8 @@ def idv_session_error_visited(
   # @param [Boolean] liveness_enabled Whether or not the selfie result is included in response
   # @param [String] vendor which 2rd party we are using for doc auth
   # @param [Hash] document_type type of socument submitted (Drivers Licenese, etc.)
+  # @param [String] socure_status Socure's status value for internal errors on their side.
+  # @param [String] socure_msg Socure's status message for interal errors on their side.
   # The request for socure verification was sent
   def idv_socure_document_request_submitted(
     success:,
@@ -5014,6 +5016,8 @@ def idv_socure_document_request_submitted(
     document_type: nil,
     docv_transaction_token: nil,
     flow_path: nil,
+    socure_status: nil,
+    socure_msg: nil,
     **extra
   )
     track_event(
@@ -5038,6 +5042,8 @@ def idv_socure_document_request_submitted(
       document_type:,
       docv_transaction_token:,
       flow_path:,
+      socure_status:,
+      socure_msg:,
       **extra,
     )
   end
@@ -5121,36 +5127,40 @@ def idv_socure_shadow_mode_proofing_result_missing(**extra)
   # @param [String] birth_year Birth year from document
   # @param [Integer] issue_year Year document was issued
   # @param [Boolean] biometric_comparison_required does doc auth require biometirc
+  # @param [String] vendor_status Socure's request status (used for errors)
+  # @param [String] vendor_status_message socure's error message (used for errors)
   # The request for socure verification was sent
   def idv_socure_verification_data_requested(
     success:,
     errors:,
     async:,
-    reference_id:,
-    reason_codes:,
-    document_type:,
-    decision:,
-    state:,
-    state_id_type:,
     submit_attempts:,
-    remaining_submit_attempts:,
-    liveness_checking_required:,
-    issue_year:,
     vendor_request_time_in_ms:,
     doc_type_supported:,
     doc_auth_success:,
     vendor:,
-    address_line2_present:,
-    zip_code:,
-    birth_year:,
-    liveness_enabled:,
-    biometric_comparison_required:,
+    remaining_submit_attempts:,
+    reference_id: nil,
+    reason_codes: nil,
+    document_type: nil,
+    decision: nil,
+    state: nil,
+    state_id_type: nil,
+    liveness_checking_required: nil,
+    issue_year: nil,
+    address_line2_present: nil,
+    zip_code: nil,
+    birth_year: nil,
+    liveness_enabled: nil,
+    biometric_comparison_required: nil,
     customer_profile: nil,
     docv_transaction_token: nil,
     user_id: nil,
     exception: nil,
     flow_path: nil,
     billed: nil,
+    vendor_status: nil,
+    vendor_status_message: nil,
     **extra
   )
     track_event(
@@ -5183,6 +5193,8 @@ def idv_socure_verification_data_requested(
       issue_year:,
       liveness_enabled:,
       biometric_comparison_required:,
+      vendor_status:,
+      vendor_status_message:,
       **extra,
     )
   end