Merge pull request #11524 from 18F/stages/rc-2024-11-19

Deploy RC 432 to Prod
18F · Nov 19, 2024 · e558656 · e558656
2 parents d603cd4 + 272549b
commit e558656
Show file tree

Hide file tree

Showing 25 changed files with 1,480 additions and 1,203 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -231,7 +231,7 @@ migrate:
     POSTGRES_HOST_AUTH_METHOD: trust
     RAILS_ENV: test
   services:
-    - name: public.ecr.aws/docker/library/postgres:13.9
+    - name: public.ecr.aws/docker/library/postgres:16.4
       alias: db-postgres
       command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false']
   script:
@@ -263,7 +263,7 @@ specs:
     POSTGRES_HOST_AUTH_METHOD: trust
     RAILS_ENV: test
   services:
-    - name: public.ecr.aws/docker/library/postgres:13.9
+    - name: public.ecr.aws/docker/library/postgres:16.4
       alias: db-postgres
       command: ['--fsync=false', '--synchronous_commit=false', '--full_page_writes=false']
     - name: public.ecr.aws/docker/library/redis:7.0

diff --git a/app/controllers/concerns/idv/step_indicator_concern.rb b/app/controllers/concerns/idv/step_indicator_concern.rb
@@ -26,11 +26,7 @@ module StepIndicatorConcern
 
     def step_indicator_steps
       if in_person_proofing?
-        if gpo_address_verification?
-          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS_GPO
-        else
-          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS
-        end
+        Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS
       elsif gpo_address_verification?
         Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
       else

diff --git a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb
@@ -8,6 +8,7 @@ class DocumentCaptureController < ApplicationController
         include DocumentCaptureConcern
         include Idv::HybridMobile::HybridMobileConcern
         include RenderConditionConcern
+        include DocumentCaptureConcern
 
         check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
         before_action :check_valid_document_capture_session, except: [:update]
@@ -19,7 +20,7 @@ def show
 
           # document request
           document_request = DocAuth::Socure::Requests::DocumentRequest.new(
-            redirect_url: idv_hybrid_mobile_socure_document_capture_url,
+            redirect_url: idv_hybrid_mobile_socure_document_capture_update_url,
             language: I18n.locale,
           )
           document_response = document_request.fetch
@@ -49,7 +50,16 @@ def show
         end
 
         def update
-          render plain: 'stub to ensure Socure callback exists and the route works'
+          result = handle_stored_result(
+            user: document_capture_session.user,
+            store_in_session: false,
+          )
+
+          if result.success?
+            redirect_to idv_hybrid_mobile_capture_complete_url
+          else
+            redirect_to idv_hybrid_mobile_socure_document_capture_url
+          end
         end
       end
     end

diff --git a/app/controllers/idv/in_person/address_controller.rb b/app/controllers/idv/in_person/address_controller.rb
@@ -7,7 +7,6 @@ class AddressController < ApplicationController
       include IdvStepConcern
 
       before_action :confirm_in_person_state_id_step_complete
-      ## before_action :confirm_step_allowed # pending FSM removal of state id step
       before_action :confirm_in_person_address_step_needed, only: :show
       before_action :set_usps_form_presenter
 

diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb
@@ -72,8 +72,6 @@ def update
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
           call('socure_document_capture', :update, true)
 
-        cancel_establishing_in_person_enrollments
-
         if result.success?
           redirect_to idv_ssn_url
         else

diff --git a/app/controllers/socure_webhook_controller.rb b/app/controllers/socure_webhook_controller.rb
@@ -82,7 +82,7 @@ def log_webhook_receipt
     analytics.idv_doc_auth_socure_webhook_received(
       created_at: event[:created],
       customer_user_id: event[:customerUserId],
-      docv_transaction_token: event[:docvTransactionToken],
+      docv_transaction_token:,
       event_type: event[:eventType],
       reference_id: event[:referenceId],
       user_id: user&.uuid,

diff --git a/app/javascript/packages/webauthn/enroll-webauthn-device.spec.ts b/app/javascript/packages/webauthn/enroll-webauthn-device.spec.ts
@@ -87,6 +87,7 @@ describe('enrollWebauthnDevice', () => {
           authenticatorSelection: {
             userVerification: 'discouraged',
             authenticatorAttachment: 'cross-platform',
+            residentKey: undefined,
           },
           excludeCredentials: [
             {
@@ -126,7 +127,7 @@ describe('enrollWebauthnDevice', () => {
     });
 
     context('platform authenticator', () => {
-      it('enrolls a device with correct authenticatorAttachment', async () => {
+      it('enrolls a device with correct authenticatorAttachment and residentKey', async () => {
         await enrollWebauthnDevice({
           platformAuthenticator: true,
           user,
@@ -139,6 +140,7 @@ describe('enrollWebauthnDevice', () => {
             hints: undefined,
             authenticatorSelection: {
               authenticatorAttachment: 'platform',
+              residentKey: 'preferred',
             },
           },
         });

diff --git a/app/javascript/packages/webauthn/enroll-webauthn-device.ts b/app/javascript/packages/webauthn/enroll-webauthn-device.ts
@@ -101,6 +101,7 @@ async function enrollWebauthnDevice({
         // contributes to abandonment or loss of access.
         userVerification: 'discouraged',
         authenticatorAttachment: platformAuthenticator ? 'platform' : 'cross-platform',
+        residentKey: platformAuthenticator ? 'preferred' : undefined,
       },
       excludeCredentials,
     } as PublicKeyCredentialCreationOptionsWithHints,

diff --git a/app/services/proofing/resolution/plugins/instant_verify_residential_address_plugin.rb b/app/services/proofing/resolution/plugins/instant_verify_residential_address_plugin.rb
@@ -24,8 +24,36 @@ def call(
         end
 
         def proofer
-          @proofer ||=
-            if IdentityConfig.store.proofer_mock_fallback
+          @proofer ||= begin
+            # Historically, proofer_mock_fallback has controlled whether we
+            # use mock implementations of the Resolution and Address proofers
+            # (true = use mock, false = don't use mock).
+            # We are transitioning to a place where we will have separate
+            # configs for both. For the time being, we want to keep support for
+            # proofer_mock_fallback here. This can be removed after this code
+            # has been deployed and configs have been updated in all relevant
+            # environments.
+
+            old_config_says_mock = IdentityConfig.store.proofer_mock_fallback
+            old_config_says_iv = !old_config_says_mock
+            new_config_says_mock =
+              IdentityConfig.store.idv_resolution_default_vendor == :mock
+            new_config_says_iv =
+              IdentityConfig.store.idv_resolution_default_vendor == :instant_verify
+
+            proofer_type =
+              if new_config_says_mock && old_config_says_iv
+                # This will be the case immediately after deployment, when
+                # environment configs have not been updated. We need to
+                # fall back to the old config here.
+                :instant_verify
+              elsif new_config_says_iv
+                :instant_verify
+              else
+                :mock
+              end
+
+            if proofer_type == :mock
               Proofing::Mock::ResolutionMockClient.new
             else
               Proofing::LexisNexis::InstantVerify::Proofer.new(
@@ -39,6 +67,7 @@ def proofer
                 request_mode: IdentityConfig.store.lexisnexis_request_mode,
               )
             end
+          end
         end
 
         def residential_address_unnecessary_result

diff --git a/app/services/proofing/resolution/plugins/instant_verify_state_id_address_plugin.rb b/app/services/proofing/resolution/plugins/instant_verify_state_id_address_plugin.rb
@@ -44,8 +44,36 @@ def call(
         end
 
         def proofer
-          @proofer ||=
-            if IdentityConfig.store.proofer_mock_fallback
+          @proofer ||= begin
+            # Historically, proofer_mock_fallback has controlled whether we
+            # use mock implementations of the Resolution and Address proofers
+            # (true = use mock, false = don't use mock).
+            # We are transitioning to a place where we will have separate
+            # configs for both. For the time being, we want to keep support for
+            # proofer_mock_fallback here. This can be removed after this code
+            # has been deployed and configs have been updated in all relevant
+            # environments.
+
+            old_config_says_mock = IdentityConfig.store.proofer_mock_fallback
+            old_config_says_iv = !old_config_says_mock
+            new_config_says_mock =
+              IdentityConfig.store.idv_resolution_default_vendor == :mock
+            new_config_says_iv =
+              IdentityConfig.store.idv_resolution_default_vendor == :instant_verify
+
+            proofer_type =
+              if new_config_says_mock && old_config_says_iv
+                # This will be the case immediately after deployment, when
+                # environment configs have not been updated. We need to
+                # fall back to the old config here.
+                :instant_verify
+              elsif new_config_says_iv
+                :instant_verify
+              else
+                :mock
+              end
+
+            if proofer_type == :mock
               Proofing::Mock::ResolutionMockClient.new
             else
               Proofing::LexisNexis::InstantVerify::Proofer.new(
@@ -59,6 +87,7 @@ def proofer
                 request_mode: IdentityConfig.store.lexisnexis_request_mode,
               )
             end
+          end
         end
 
         def resolution_cannot_pass

diff --git a/app/validators/idv/form_state_id_validator.rb b/app/validators/idv/form_state_id_validator.rb
@@ -13,6 +13,7 @@ module FormStateIdValidator
                 :identity_doc_city,
                 :state_id_jurisdiction,
                 :state_id_number,
+                :same_address_as_id,
                 presence: true
 
       validates_with UspsInPersonProofing::TransliterableValidator,

diff --git a/config/application.yml.default b/config/application.yml.default
@@ -158,6 +158,7 @@ idv_available: true
 idv_contact_phone_number: (844) 555-5555
 idv_max_attempts: 5
 idv_min_age_years: 13
+idv_resolution_default_vendor: mock
 idv_send_link_attempt_window_in_minutes: 10
 idv_send_link_max_attempts: 5
 idv_socure_reason_code_download_enabled: false

diff --git a/config/routes.rb b/config/routes.rb
@@ -368,7 +368,7 @@
       put '/hybrid_mobile/document_capture' => 'hybrid_mobile/document_capture#update'
       get '/hybrid_mobile/capture_complete' => 'hybrid_mobile/capture_complete#show'
       get '/hybrid_mobile/socure/document_capture' => 'hybrid_mobile/socure/document_capture#show'
-      post '/hybrid_mobile/socure/document_capture' => 'hybrid_mobile/socure/document_capture#update'
+      get '/hybrid_mobile/socure/document_capture_update' => 'hybrid_mobile/socure/document_capture#update', as: :hybrid_mobile_socure_document_capture_update
       get '/hybrid_handoff' => 'hybrid_handoff#show'
       put '/hybrid_handoff' => 'hybrid_handoff#update'
       get '/link_sent' => 'link_sent#show'