Merge pull request #11337 from 18F/stages/rc-2024-10-10

Deploy RC 421 to Production
18F · Oct 10, 2024 · eb88a3f · eb88a3f
2 parents 9ac762c + a2e33f7
commit eb88a3f
Show file tree

Hide file tree

Showing 61 changed files with 3,105 additions and 1,255 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -11,6 +11,7 @@ variables:
   IDP_CI_SHA: 'sha256:5c4953f8efba18b7a6d6a9a961cb77ba7143059cbb2176499432b4275fbe67db'
   PKI_IMAGE_TAG: 'main'
   DASHBOARD_IMAGE_TAG: 'main'
+  APPLICATION_MANIFEST: dockerfiles/application.yaml
 
 default:
   image: '${ECR_REGISTRY}/idp/ci@${IDP_CI_SHA}'
@@ -433,129 +434,18 @@ trigger_devops:
     - export SANITIZED_BRANCH_NAME=$(echo "$CI_COMMIT_REF_NAME" | tr '/' '-' | tr -c '[:alnum:]-_' '-' | sed 's/-*$//')
     - echo "${CI_COMMIT_REF_NAME}"
     - echo "${SANITIZED_BRANCH_NAME}"
-    - |-
-      export IDP_CONFIG=$(cat <<EOF
-      {
-        "kubernetesReviewApp": "true",
-        "postgres": {
-          "sslmode": "prefer",
-          "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
-        },
-        "postgresWorker": {
-          "sslmode": "prefer",
-          "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
-        },
-        "railsOffline": "true",
-        "redis": {
-          "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
-          "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
-        },
-        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "loginDatacenter": "true",
-        "loginDomain": "identitysandbox.gov",
-        "loginEnv": "$CI_ENVIRONMENT_SLUG",
-        "loginHostRole": "idp",
-        "loginSkipRemoteConfig": "true",
-        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
-        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
-        "dashboardUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
-      }
-      EOF
-      )
-    - |-
-      export WORKER_CONFIG=$(cat <<EOF
-      {
-        "kubernetesReviewApp": "true",
-        "postgres": {
-          "sslmode": "prefer",
-          "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
-        },
-        "postgresWorker": {
-          "sslmode": "prefer",
-          "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
-        },
-        "railsOffline": "true",
-        "redis": {
-          "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1",
-          "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379"
-        },
-        "assetHost": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "loginDatacenter": "true",
-        "loginDomain": "identitysandbox.gov",
-        "loginEnv": "$CI_ENVIRONMENT_SLUG",
-        "loginHostRole": "worker",
-        "loginSkipRemoteConfig": "true",
-        "pivcacServiceUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/",
-        "pivcacVerifyTokenUrl": "https://$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov/"
-      }
-      EOF
-      )
-    - |-
-      export PIVCAC_CONFIG=$(cat <<EOF
-      {
-        "kubernetesReviewApp": "true",
-        "clientCertS3Bucket": "login-gov-pivcac-public-cert-reviewapps.894947205914-us-west-2",
-        "postgres": {
-          "sslmode": "prefer",
-          "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pivcac-pg.review-apps"
-        },
-        "idpHost": "$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov"
-      }
-      EOF
-      )
-    - |-
-      export DASHBOARD_CONFIG=$(cat <<EOF
-      {
-        "kubernetesReviewApp": "true",
-        "postgres": {
-          "sslmode": "prefer",
-          "name": "dashboard",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-dashboard-pg.review-apps"
-        },
-        "newrelic": {
-          "enabled": "false"
-        },
-        "samlSpIssuer": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
-        "idpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "idpSpUrl": "https://$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov",
-        "postLogoutUrl": "https://$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov",
-        "domainName": "$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov"
-      }
-      EOF
-      )
-    - git clone -b main --single-branch https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.login.gov/lg-public/identity-idp-helm-chart.git
-    - >-
-      helm upgrade --install --namespace review-apps
-      --debug
-      --set global.labels.branch="${SANITIZED_BRANCH_NAME}"
-      --set env="reviewapps-$CI_ENVIRONMENT_SLUG"
-      --set idp.image.repository="${ECR_REGISTRY}/identity-idp/review"
-      --set idp.image.tag="${CI_COMMIT_SHA}"
-      --set worker.image.repository="${ECR_REGISTRY}/identity-idp/review"
-      --set worker.image.tag="${CI_COMMIT_SHA}"
-      --set pivcac.image.repository="${ECR_REGISTRY}/identity-pivcac/review"
-      --set pivcac.image.tag="${PKI_IMAGE_TAG}"
-      --set pivcac.image.pullPolicy="Always"
-      --set dashboard.image.repository="${ECR_REGISTRY}/identity-dashboard/review"
-      --set dashboard.image.tag="${DASHBOARD_IMAGE_TAG}"
-      --set dashboard.image.pullPolicy="Always"
-      --set-json dashboard.config="$DASHBOARD_CONFIG"
-      --set-json dashboard.enabled=true
-      --set-json idp.config="$IDP_CONFIG"
-      --set-json worker.config="$WORKER_CONFIG"
-      --set-json pivcac.config="$PIVCAC_CONFIG"
-      --set-json idp.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
-      --set-json pivcac.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG.pivcac.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
-      --set-json dashboard.ingress.hosts="[{\"host\": \"$CI_ENVIRONMENT_SLUG-dashboard.reviewapps.identitysandbox.gov\", \"paths\": [{\"path\": \"/\", \"pathType\": \"Prefix\"}]}]"
-      $CI_ENVIRONMENT_SLUG ./identity-idp-helm-chart
+    #TODO put in kustomize based deploy
+    # Dynamically populate review environment settings
+    - sed -i "s|{{ENVIRONMENT}}|${CI_ENVIRONMENT_SLUG}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{SANITIZED_BRANCH_NAME}}|${SANITIZED_BRANCH_NAME}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{IDP_CONTAINER_TAG}}|${CI_COMMIT_SHA}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{DASHBOARD_CONTAINER_TAG}}|${DASHBOARD_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{PIVCAC_CONTAINER_TAG}}|${PKI_IMAGE_TAG}|g" ${APPLICATION_MANIFEST}
+    - sed -i "s|{{ECR_REGISTRY}}|${ECR_REGISTRY}|g" ${APPLICATION_MANIFEST}
+    - cat ${APPLICATION_MANIFEST}
+    # Apply our ArgoCD Application
+    - kubectl apply -f ${APPLICATION_MANIFEST} -n argocd
+    - echo "View your applications deployment progress at https://argocd.reviewapp.identitysandbox.gov/applications/argocd/${CI_ENVIRONMENT_SLUG}?view=tree&resource="
     - echo "DNS may take a while to propagate, so be patient if it doesn't show up right away"
     - echo "To access the rails console, first run 'aws-vault exec sandbox-power -- aws eks update-kubeconfig --name reviewapp'"
     - echo "Then run aws-vault exec sandbox-power -- kubectl exec -it service/$CI_ENVIRONMENT_SLUG-login-chart-idp -n review-apps -- /app/bin/rails console"
@@ -589,7 +479,7 @@ stop-review-app:
   script:
     - export CONTEXT=$(kubectl config get-contexts | grep reviewapp | awk '{print $1}' | head -1)
     - kubectl config use-context "$CONTEXT"
-    - helm uninstall --namespace review-apps $CI_ENVIRONMENT_SLUG
+    - kubectl delete application $CI_ENVIRONMENT_SLUG -n argocd
   stage: review
   image:
     name: dtzar/helm-kubectl:latest

diff --git a/app/controllers/account_reset/pending_controller.rb b/app/controllers/account_reset/pending_controller.rb
@@ -19,7 +19,10 @@ def confirm
 
     def cancel
       analytics.pending_account_reset_cancelled
-      AccountReset::CancelRequestForUser.new(current_user).call
+      AccountReset::PendingRequestForUser.new(current_user).cancel_account_reset_request!(
+        account_reset_request_id: pending_account_reset_request.id,
+        cancelled_at: Time.zone.now,
+      )
     end
 
     private
@@ -29,9 +32,9 @@ def confirm_account_reset_request_exists
     end
 
     def pending_account_reset_request
-      @pending_account_reset_request ||= AccountReset::FindPendingRequestForUser.new(
+      @pending_account_reset_request ||= AccountReset::PendingRequestForUser.new(
         current_user,
-      ).call
+      ).get_account_reset_request
     end
   end
 end
diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -19,7 +19,12 @@ def show
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
         call('document_capture', :view, true)
 
-      render :show, locals: extra_view_variables
+      case doc_auth_vendor
+      when Idp::Constants::Vendors::SOCURE
+        redirect_to idv_socure_document_capture_url
+      when Idp::Constants::Vendors::LEXIS_NEXIS, Idp::Constants::Vendors::MOCK
+        render :show, locals: extra_view_variables
+      end
     end
 
     def update

diff --git a/app/controllers/idv/hybrid_handoff_controller.rb b/app/controllers/idv/hybrid_handoff_controller.rb
@@ -22,15 +22,14 @@ def show
 
       @selfie_required = idv_session.selfie_check_required
 
-      analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)
-
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).call(
         'upload', :view,
         true
       )
-
+      analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)
       # reset if we visit or come back
       idv_session.skip_doc_auth_from_handoff = nil
+
       render :show, locals: extra_view_variables
     end
 
@@ -59,7 +58,7 @@ def self.step_info
       Idv::StepInfo.new(
         key: :hybrid_handoff,
         controller: self,
-        next_steps: [:link_sent, :document_capture],
+        next_steps: [:link_sent, :document_capture, :socure_document_capture],
         preconditions: ->(idv_session:, user:) {
                          idv_session.idv_consent_given? &&
                            (self.selected_remote(idv_session: idv_session) || # from opt-in screen

diff --git a/app/controllers/idv/hybrid_mobile/entry_controller.rb b/app/controllers/idv/hybrid_mobile/entry_controller.rb
@@ -7,13 +7,19 @@ module HybridMobile
     class EntryController < ApplicationController
       include Idv::AvailabilityConcern
       include HybridMobileConcern
+      include DocAuthVendorConcern
 
       def show
         return handle_invalid_document_capture_session if !validate_document_capture_session_id
 
         return handle_invalid_document_capture_session if !validate_document_capture_user_id
 
-        redirect_to idv_hybrid_mobile_document_capture_url
+        case doc_auth_vendor
+        when Idp::Constants::Vendors::SOCURE
+          redirect_to idv_hybrid_mobile_socure_document_capture_url
+        when Idp::Constants::Vendors::MOCK, Idp::Constants::Vendors::LEXIS_NEXIS
+          redirect_to idv_hybrid_mobile_document_capture_url
+        end
       end
 
       private

diff --git a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Idv
+  module HybridMobile
+    module Socure
+      class DocumentCaptureController < ApplicationController
+        include Idv::AvailabilityConcern
+        include DocumentCaptureConcern
+        include Idv::HybridMobile::HybridMobileConcern
+        include RenderConditionConcern
+
+        check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
+        before_action :check_valid_document_capture_session, except: [:update]
+
+        def show
+          Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]).
+            call('hybrid_mobile_socure_document_capture', :view, true)
+
+          # document request
+          document_request = DocAuth::Socure::Requests::DocumentRequest.new(
+            document_capture_session_uuid: document_capture_session_uuid,
+            redirect_url: idv_hybrid_mobile_socure_document_capture_url,
+            language: I18n.locale,
+          )
+          document_response = document_request.fetch
+
+          @document_request = document_request
+          @document_response = document_response
+          @url = document_response.dig(:data, :url)
+
+          document_capture_session = DocumentCaptureSession.find_by(
+            uuid: document_capture_session_uuid,
+          )
+          document_capture_session.socure_docv_token = document_response.dig(
+            :data,
+            :docvTransactionToken,
+          )
+          document_capture_session.save
+
+          # useful for analytics
+          @msg = document_response[:msg]
+          @reference_id = document_response[:referenceId]
+        end
+
+        def update
+          render plain: 'stub to ensure Socure callback exists and the route works'
+        end
+      end
+    end
+  end
+end
diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb
@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module Idv
+  module Socure
+    class DocumentCaptureController < ApplicationController
+      include Idv::AvailabilityConcern
+      include IdvStepConcern
+      include DocumentCaptureConcern
+      include RenderConditionConcern
+
+      check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
+      before_action :confirm_not_rate_limited
+      before_action :confirm_step_allowed
+
+      # reconsider and maybe remove these when implementing the real
+      # update handler
+      skip_before_action :redirect_unless_idv_session_user, only: [:update]
+      skip_before_action :confirm_two_factor_authenticated, only: [:update]
+      skip_before_action :confirm_idv_needed, only: [:update]
+      skip_before_action :confirm_not_rate_limited, only: [:update]
+      skip_before_action :confirm_step_allowed, only: [:update]
+
+      def show
+        Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
+          call('socure_document_capture', :view, true)
+
+        # document request
+        document_request = DocAuth::Socure::Requests::DocumentRequest.new(
+          document_capture_session_uuid: document_capture_session_uuid,
+          redirect_url: idv_socure_document_capture_url,
+          language: I18n.locale,
+        )
+
+        document_response = document_request.fetch
+
+        @document_request = document_request
+        @document_response = document_response
+        @url = document_response.dig(:data, :url)
+
+        document_capture_session = DocumentCaptureSession.find_by(
+          uuid: document_capture_session_uuid,
+        )
+
+        document_capture_session.socure_docv_token = document_response.dig(
+          :data,
+          :docvTransactionToken,
+        )
+        document_capture_session.save
+
+        # useful for analytics
+        @msg = document_response[:msg]
+        @reference_id = document_response[:referenceId]
+      end
+
+      def update
+        render plain: 'stub to ensure Socure callback exists and the route works'
+      end
+
+      def self.step_info
+        Idv::StepInfo.new(
+          key: :socure_document_capture,
+          controller: self,
+          next_steps: [:ssn, :ipp_ssn],
+          preconditions: ->(idv_session:, user:) {
+                           idv_session.flow_path == 'standard' && (
+                            # mobile
+                            idv_session.skip_doc_auth_from_handoff ||
+                            idv_session.skip_hybrid_handoff ||
+                              idv_session.skip_doc_auth ||
+                              idv_session.skip_doc_auth_from_how_to_verify ||
+                              !idv_session.selfie_check_required ||
+                              idv_session.desktop_selfie_test_mode_enabled?
+                          )
+                         },
+          undo_step: ->(idv_session:, user:) do
+            idv_session.pii_from_doc = nil
+            idv_session.invalidate_in_person_pii_from_user!
+          end,
+        )
+      end
+    end
+  end
+end
diff --git a/app/controllers/sign_up/select_email_controller.rb b/app/controllers/sign_up/select_email_controller.rb
@@ -13,12 +13,16 @@ def show
       @user_emails = user_emails
       @last_sign_in_email_address = last_email
       @select_email_form = build_select_email_form
+      analytics.sp_select_email_visited(needs_completion_screen_reason:)
     end
 
     def create
       @select_email_form = build_select_email_form
 
       result = @select_email_form.submit(form_params)
+
+      analytics.sp_select_email_submitted(**result.to_h, needs_completion_screen_reason:)
+
       if result.success?
         user_session[:selected_email_id] = form_params[:selected_email_id]
         redirect_to sign_up_completed_path