Merge pull request #11341 from 18F/stages/rc-2024-10-15

Deploy RC 422 to Prod

.gitlab-ci.yml

@@ -442,6 +442,7 @@ trigger_devops:
     - sed -i "s|{{DASHBOARD_CONTAINER_TAG}}|${DASHBOARD_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
     - sed -i "s|{{PIVCAC_CONTAINER_TAG}}|${PKI_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
     - sed -i "s|{{ECR_REGISTRY}}|${ECR_REGISTRY}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{CI_PROJECT_NAME}}|${CI_PROJECT_NAME}|g" ${APPLICATION_MANIFEST}
     - cat ${APPLICATION_MANIFEST}
     # Apply our ArgoCD Application
     - kubectl apply -f ${APPLICATION_MANIFEST} -n argocd

app/controllers/concerns/idv/verify_info_concern.rb

@@ -185,10 +185,10 @@ def async_state_done(current_async_state)
         state: pii[:state],
         state_id_jurisdiction: pii[:state_id_jurisdiction],
         state_id_number: pii[:state_id_number],
-        # todo: add other edited fields?
         extra: {
           address_edited: !!idv_session.address_edited,
           address_line2_present: !pii[:address2].blank?,
+          previous_ssn_edit_distance: previous_ssn_edit_distance,
           pii_like_keypaths: [
             [:errors, :ssn],
             [:proofing_results, :context, :stages, :resolution, :errors, :ssn],

app/controllers/concerns/idv_session_concern.rb

@@ -63,4 +63,9 @@ def user_needs_facial_match?
     resolved_authn_context_result.facial_match? &&
       !idv_session_user.identity_verified_with_facial_match?
   end
+
+  def previous_ssn_edit_distance
+    return if idv_session.ssn.blank? || idv_session.previous_ssn.blank?
+    DidYouMean::Levenshtein.distance(idv_session.previous_ssn, idv_session.ssn)
+  end
 end

app/controllers/idv/in_person/ssn_controller.rb

@@ -45,17 +45,19 @@ def update
           ssn_form: ssn_form,
           step_indicator_steps: step_indicator_steps,
         )
-        analytics.idv_doc_auth_ssn_submitted(
-          **analytics_arguments.merge(form_response.to_h),
-        )
 
         if form_response.success?
+          idv_session.previous_ssn = idv_session.ssn
           idv_session.ssn = params[:doc_auth][:ssn]
           redirect_to next_url
         else
           flash[:error] = form_response.first_error_message
           render 'idv/shared/ssn', locals: threatmetrix_view_variables(ssn_presenter.updating_ssn?)
         end
+
+        analytics.idv_doc_auth_ssn_submitted(
+          **analytics_arguments.merge(form_response.to_h),
+        )
       end
 
       def self.step_info
@@ -89,6 +91,7 @@ def analytics_arguments
           flow_path: idv_session.flow_path,
           step: 'ssn',
           analytics_id: 'In Person Proofing',
+          previous_ssn_edit_distance: previous_ssn_edit_distance,
         }.merge(ab_test_analytics_buckets).
           merge(**extra_analytics_properties)
       end

app/controllers/idv/ssn_controller.rb

@@ -43,17 +43,19 @@ def update
         ssn_form: ssn_form,
         step_indicator_steps: step_indicator_steps,
       )
-      analytics.idv_doc_auth_ssn_submitted(
-        **analytics_arguments.merge(form_response.to_h),
-      )
 
       if form_response.success?
+        idv_session.previous_ssn = idv_session.ssn
         idv_session.ssn = params[:doc_auth][:ssn]
         redirect_to next_url
       else
         flash[:error] = form_response.first_error_message
         render 'idv/shared/ssn', locals: threatmetrix_view_variables(ssn_presenter.updating_ssn?)
       end
+
+      analytics.idv_doc_auth_ssn_submitted(
+        **analytics_arguments.merge(form_response.to_h),
+      )
     end
 
     def self.step_info
@@ -81,6 +83,7 @@ def analytics_arguments
         flow_path: idv_session.flow_path,
         step: 'ssn',
         analytics_id: 'Doc Auth',
+        previous_ssn_edit_distance: previous_ssn_edit_distance,
       }.merge(ab_test_analytics_buckets)
     end
   end

app/forms/idv/ssn_format_form.rb

@@ -24,8 +24,13 @@ def submit(params)
       FormResponse.new(
         success: valid?,
         errors: errors,
-        extra: { pii_like_keypaths: [[:same_address_as_id], [:errors, :ssn],
-                                     [:error_details, :ssn]] },
+        extra: {
+          pii_like_keypaths: [
+            [:same_address_as_id],
+            [:errors, :ssn],
+            [:error_details, :ssn],
+          ],
+        },
       )
     end
 

app/javascript/packs/document-capture.tsx

@@ -15,6 +15,7 @@ import {
 import { isCameraCapableMobile } from '@18f/identity-device';
 import { FlowContext } from '@18f/identity-verify-flow';
 import { trackEvent as baseTrackEvent } from '@18f/identity-analytics';
+import { extendSession } from '@18f/identity-session';
 import type { FlowPath, DeviceContextValue } from '@18f/identity-document-capture';
 
 /**
@@ -40,6 +41,7 @@ interface AppRootData {
   docAuthSelfieDesktopTestMode: string;
   locationsUrl: string;
   addressSearchUrl: string;
+  sessionsUrl: string;
   docAuthSeparatePagesEnabled: string;
 }
 
@@ -112,6 +114,7 @@ const {
   docAuthSeparatePagesEnabled,
   locationsUrl: locationsURL,
   addressSearchUrl: addressSearchURL,
+  sessionsUrl: sessionsURL,
 } = appRoot.dataset as DOMStringMap & AppRootData;
 
 let parsedUsStatesTerritories = [];
@@ -201,7 +204,12 @@ const App = composeComponents(
       maxSubmissionAttemptsBeforeNativeCamera: Number(maxSubmissionAttemptsBeforeNativeCamera),
     },
   ],
-  [DocumentCapture],
+  [
+    DocumentCapture,
+    {
+      onStepChange: () => extendSession(sessionsURL),
+    },
+  ],
 );
 
 render(<App />, appRoot);

app/services/analytics_events.rb

@@ -1484,13 +1484,15 @@ def idv_doc_auth_link_sent_visited(
   # @param [Boolean] same_address_as_id
   # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active
   # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing
+  # @param [Number] previous_ssn_edit_distance The edit distance to the previous submitted SSN
   def idv_doc_auth_redo_ssn_submitted(
     step:,
     analytics_id:,
     flow_path:,
     opted_in_to_in_person_proofing: nil,
     skip_hybrid_handoff: nil,
     same_address_as_id: nil,
+    previous_ssn_edit_distance: nil,
     **extra
   )
     track_event(
@@ -1501,6 +1503,7 @@ def idv_doc_auth_redo_ssn_submitted(
       opted_in_to_in_person_proofing:,
       skip_hybrid_handoff:,
       same_address_as_id:,
+      previous_ssn_edit_distance:,
       **extra,
     )
   end
@@ -1541,6 +1544,7 @@ def idv_doc_auth_socure_webhook_received(
   # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active
   # @param [Boolean] same_address_as_id
   # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing
+  # @param [Number] previous_ssn_edit_distance The edit distance to the previous submitted SSN
   def idv_doc_auth_ssn_submitted(
     success:,
     errors:,
@@ -1552,6 +1556,7 @@ def idv_doc_auth_ssn_submitted(
     acuant_sdk_upgrade_ab_test_bucket: nil,
     skip_hybrid_handoff: nil,
     same_address_as_id: nil,
+    previous_ssn_edit_distance: nil,
     **extra
   )
     track_event(
@@ -1566,6 +1571,7 @@ def idv_doc_auth_ssn_submitted(
       flow_path:,
       opted_in_to_in_person_proofing:,
       same_address_as_id:,
+      previous_ssn_edit_distance:,
       **extra,
     )
   end
@@ -1579,6 +1585,7 @@ def idv_doc_auth_ssn_submitted(
   # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active
   # @param [Boolean] same_address_as_id
   # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing
+  # @param [Number] previous_ssn_edit_distance The edit distance to the previous submitted SSN
   def idv_doc_auth_ssn_visited(
     step:,
     analytics_id:,
@@ -1587,6 +1594,7 @@ def idv_doc_auth_ssn_visited(
     acuant_sdk_upgrade_ab_test_bucket: nil,
     skip_hybrid_handoff: nil,
     same_address_as_id: nil,
+    previous_ssn_edit_distance: nil,
     **extra
   )
     track_event(
@@ -1598,6 +1606,7 @@ def idv_doc_auth_ssn_visited(
       flow_path:,
       opted_in_to_in_person_proofing:,
       same_address_as_id:,
+      previous_ssn_edit_distance:,
       **extra,
     )
   end
@@ -1939,6 +1948,7 @@ def idv_doc_auth_verify_polling_wait_visited(**extra)
   # @param ssn_is_unique [Boolean] Whether another Profile existed with the same SSN at the time the profile associated with the current IdV session was minted.
   # @param step [String] Always "verify" (leftover from flow state machine days)
   # @param success [Boolean] Whether identity resolution succeeded overall
+  # @param previous_ssn_edit_distance [Number] The edit distance to the previous submitted SSN
   def idv_doc_auth_verify_proofing_results(
     ab_tests: nil,
     acuant_sdk_upgrade_ab_test_bucket: nil,
@@ -1955,6 +1965,7 @@ def idv_doc_auth_verify_proofing_results(
     step: nil,
     success: nil,
     same_address_as_id: nil,
+    previous_ssn_edit_distance: nil,
     **extra
   )
     track_event(
@@ -1974,6 +1985,7 @@ def idv_doc_auth_verify_proofing_results(
       step:,
       success:,
       same_address_as_id:,
+      previous_ssn_edit_distance:,
       **extra,
     )
   end

app/services/id_token_builder.rb

@@ -63,16 +63,7 @@ def timestamp_claims
 
   def acr
     return nil unless identity.acr_values.present?
-
-    if resolved_authn_context_result.facial_match?
-      Vot::AcrComponentValues::IAL2_BIO_REQUIRED.name
-    elsif resolved_authn_context_result.ialmax?
-      determine_ial_max_acr.name
-    elsif resolved_authn_context_result.identity_proofing?
-      Vot::AcrComponentValues::IAL2.name
-    else
-      Vot::AcrComponentValues::IAL1.name
-    end
+    resolved_authn_context.asserted_ial_acr
   end
 
   def sp_requests_vot?
@@ -82,7 +73,7 @@ def sp_requests_vot?
 
   def vot
     return nil unless sp_requests_vot?
-    resolved_authn_context_result.component_values.map(&:name).join('.')
+    resolved_authn_context.result.component_values.map(&:name).join('.')
   end
 
   def determine_ial_max_acr
@@ -93,13 +84,13 @@ def determine_ial_max_acr
     end
   end
 
-  def resolved_authn_context_result
-    @resolved_authn_context_result ||= AuthnContextResolver.new(
+  def resolved_authn_context
+    @resolved_authn_context ||= AuthnContextResolver.new(
       user: identity.user,
       service_provider: identity.service_provider_record,
       vtr: parsed_vtr_value,
       acr_values: identity.acr_values,
-    ).result
+    )
   end
 
   def parsed_vtr_value

app/services/idv/session.rb

@@ -21,6 +21,7 @@ class Session
       personal_key_acknowledged
       phone_for_mobile_flow
       previous_phone_step_params
+      previous_ssn
       profile_id
       proofing_started_at
       redo_document_capture

app/views/idv/shared/_document_capture.html.erb

@@ -43,6 +43,7 @@
       how_to_verify_url: idv_how_to_verify_url,
       previous_step_url: @previous_step_url,
       locations_url: idv_in_person_usps_locations_url,
+      sessions_url: api_internal_sessions_path,
       doc_auth_separate_pages_enabled: IdentityConfig.store.doc_auth_separate_pages_enabled,
       address_search_url: '',
     } %>

config/application.yml.default

@@ -523,6 +523,8 @@ test:
   aamva_private_key: 123abc
   aamva_public_key: 123abc
   account_reset_fraud_user_wait_period_days: 30
+  allowed_biometric_ial_providers: '["urn:gov:gsa:openidconnect:sp:server"]'
+  allowed_valid_authn_contexts_semantic_providers: '["urn:gov:gsa:openidconnect:sp:server"]'
   attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25
   attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]'
   dashboard_api_token: 123ABC

dockerfiles/application.yaml

@@ -4,6 +4,8 @@ metadata:
   name: {{ENVIRONMENT}}
   finalizers:
   - resources-finalizer.argocd.argoproj.io
+  labels:
+    project-name: {{CI_PROJECT_NAME}}
 spec:
   project: default
   source: