Merge pull request #6224 from 18F/stages/rc-2022-04-21

Deploy RC 187 to Production

Makefile

@@ -15,7 +15,6 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz
 	brakeman \
 	build_artifact \
 	check \
-	check_asset_strings \
 	docker_setup \
 	fast_setup \
 	fast_test \
@@ -77,8 +76,6 @@ lint: ## Runs all lint tests
 	@echo "--- es5-safe ---"
 	NODE_ENV=production yarn build && yarn es5-safe
 	# Other
-	@echo "--- asset check ---"
-	make check_asset_strings
 	@echo "--- lint yaml ---"
 	make lint_yaml
 	@echo "--- check assets are optimized ---"
@@ -164,9 +161,6 @@ update_pinpoint_supported_countries: ## Updates list of countries supported by P
 lint_country_dialing_codes: update_pinpoint_supported_countries ## Checks that countries supported by Pinpoint for voice and SMS are up to date
 	(! git diff --name-only | grep config/country_dialing_codes.yml) || (echo "Error: Run 'make update_pinpoint_supported_countries' to update country codes"; exit 1)
 
-check_asset_strings: ## Checks for strings
-	find ./app/javascript -name "*.js*" | xargs ./scripts/check-assets
-
 build_artifact $(ARTIFACT_DESTINATION_FILE): ## Builds zipped tar file artifact with IDP source code and Ruby/JS dependencies
 	@echo "Building artifact into $(ARTIFACT_DESTINATION_FILE)"
 	bundle config set --local cache_all true

app/assets/stylesheets/components/_step-indicator.scss

@@ -2,7 +2,8 @@ $step-indicator-current-step-border-width: 3px;
 $step-indicator-line-height: 4px;
 $step-indicator-pending-color: #a8b6c6;
 
-.step-indicator {
+lg-step-indicator {
+  display: block;
   border-bottom: 1px solid color('primary-light');
   box-shadow: 0 2px 2px rgba(0, 0, 0, 0.1);
   margin-bottom: units(4);

app/assets/stylesheets/components/_troubleshooting-options.scss

@@ -13,6 +13,10 @@
     height: 4px;
     width: 5rem;
   }
+
+  &.troubleshooting-options--no-bar::before {
+    content: none;
+  }
 }
 
 .troubleshooting-options__heading {

app/assets/stylesheets/components/all.scss

@@ -5,6 +5,7 @@
 @import 'card';
 @import 'container';
 @import 'file-input';
+@import 'form-steps';
 @import 'footer';
 @import 'form';
 @import 'hr';

app/components/clipboard_button_component.rb

@@ -12,6 +12,6 @@ def call
   end
 
   def content
-    t('links.copy')
+    t('components.clipboard_button.label')
   end
 end

app/components/clipboard_button_component.ts

@@ -0,0 +1 @@
+import '@18f/identity-clipboard-button';

app/components/print_button_component.rb

@@ -0,0 +1,15 @@
+class PrintButtonComponent < ButtonComponent
+  attr_reader :tag_options
+
+  def initialize(**tag_options)
+    super(**tag_options, type: :button, icon: :print)
+  end
+
+  def call
+    content_tag(:'lg-print-button', super)
+  end
+
+  def content
+    t('components.print_button.label')
+  end
+end

app/components/print_button_component.ts

@@ -0,0 +1 @@
+import '@18f/identity-print-button';

app/components/troubleshooting_options_component.html.erb

@@ -1,4 +1,10 @@
 <%= tag.section(**tag_options, class: css_class) do %>
+  <% if new_features? %>
+    <span class="usa-tag bg-accent-cool-darker text-uppercase display-inline-block">
+      <%= t('components.troubleshooting_options.new_feature') %>
+    </span>
+  <% end %>
+
   <%= header %>
   <ul class="troubleshooting-options__options">
     <% options.each do |option| %>

app/components/troubleshooting_options_component.rb

@@ -4,16 +4,25 @@ class TroubleshootingOptionsComponent < BaseComponent
 
   attr_reader :tag_options
 
-  def initialize(**tag_options)
-    @tag_options = tag_options
+  def initialize(new_features: false, **tag_options)
+    @new_features = new_features
+    @tag_options = tag_options.dup
   end
 
   def render?
     options?
   end
 
+  def new_features?
+    @new_features
+  end
+
   def css_class
-    ['troubleshooting-options', *tag_options[:class]]
+    [
+      'troubleshooting-options',
+      new_features? && 'troubleshooting-options--no-bar',
+      *tag_options[:class],
+    ].select(&:present?)
   end
 
   class TroubleshootingOptionsHeadingComponent < BaseComponent

app/controllers/concerns/mfa_setup_concern.rb

@@ -1,6 +1,25 @@
 module MfaSetupConcern
   extend ActiveSupport::Concern
 
+  def user_next_authentication_setup_path!(final_path = nil)
+    case user_session[:selected_mfa_options]&.shift
+    when 'voice', 'sms', 'phone'
+      phone_setup_url
+    when 'auth_app'
+      authenticator_setup_url
+    when 'piv_cac'
+      setup_piv_cac_url
+    when 'webauthn'
+      webauthn_setup_url
+    when 'webauthn_platform'
+      webauthn_setup_url(platform: true)
+    when 'backup_code'
+      backup_code_setup_url
+    else
+      final_path
+    end
+  end
+
   def confirm_user_authenticated_for_2fa_setup
     authenticate_user!(force: true)
     return if user_fully_authenticated?

app/controllers/concerns/render_condition_concern.rb

@@ -0,0 +1,9 @@
+module RenderConditionConcern
+  extend ActiveSupport::Concern
+
+  module ClassMethods
+    def check_or_render_not_found(callable, **kwargs)
+      before_action(**kwargs) { render_not_found if !callable.call }
+    end
+  end
+end

app/controllers/event_disavowal_controller.rb

@@ -4,19 +4,17 @@ class EventDisavowalController < ApplicationController
   def new
     # Memoize the form for use in the views
     password_reset_from_disavowal_form
-    analytics.track_event(
-      Analytics::EVENT_DISAVOWAL,
-      FormResponse.new(
-        success: true,
-        extra: EventDisavowal::BuildDisavowedEventAnalyticsAttributes.call(disavowed_event),
-      ).to_h,
+    result = FormResponse.new(
+      success: true,
+      extra: EventDisavowal::BuildDisavowedEventAnalyticsAttributes.call(disavowed_event),
     )
+    analytics.event_disavowal(**result.to_h)
     @forbidden_passwords = forbidden_passwords
   end
 
   def create
     result = password_reset_from_disavowal_form.submit(password_reset_params)
-    analytics.track_event(Analytics::EVENT_DISAVOWAL_PASSWORD_RESET, result.to_h)
+    analytics.event_disavowal_password_reset(**result.to_h)
     if result.success?
       handle_successful_password_reset
     else

app/controllers/idv/address_controller.rb

@@ -6,12 +6,12 @@ class AddressController < ApplicationController
     before_action :confirm_pii_from_doc
 
     def new
-      analytics.track_event(Analytics::IDV_ADDRESS_VISIT)
+      analytics.idv_address_visit
     end
 
     def update
       form_result = idv_form.submit(profile_params)
-      analytics.track_event(Analytics::IDV_ADDRESS_SUBMITTED, form_result.to_h)
+      analytics.idv_address_submitted(**form_result.to_h)
       capture_address_edited(form_result)
       if form_result.success?
         success

app/controllers/idv/phone_controller.rb

@@ -32,6 +32,7 @@ def new
     def create
       result = idv_form.submit(step_params)
       analytics.track_event(Analytics::IDV_PHONE_CONFIRMATION_FORM, result.to_h)
+      flash[:error] = result.first_error_message if !result.success?
       return render :new, locals: { gpo_letter_available: gpo_letter_available } if !result.success?
       submit_proofing_attempt
       redirect_to idv_phone_path

app/controllers/two_factor_authentication/otp_verification_controller.rb

@@ -1,6 +1,7 @@
 module TwoFactorAuthentication
   class OtpVerificationController < ApplicationController
     include TwoFactorAuthenticatable
+    include MfaSetupConcern
 
     before_action :check_sp_required_mfa_bypass
     before_action :confirm_multiple_factors_enabled
@@ -16,7 +17,11 @@ def create
       result = OtpVerificationForm.new(current_user, sanitized_otp_code).submit
       post_analytics(result)
       if result.success?
-        handle_valid_otp
+        next_url = nil
+        if UserSessionContext.confirmation_context?(context)
+          next_url = user_next_authentication_setup_path!
+        end
+        handle_valid_otp(next_url)
       else
         handle_invalid_otp
       end

app/controllers/users/backup_code_setup_controller.rb

@@ -25,7 +25,7 @@ def edit; end
 
     def continue
       flash[:success] = t('notices.backup_codes_configured')
-      redirect_to after_mfa_setup_path
+      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
     end
 
     def download

app/controllers/users/email_language_controller.rb

@@ -3,12 +3,12 @@ class EmailLanguageController < ApplicationController
     before_action :confirm_two_factor_authenticated
 
     def show
-      analytics.track_event(Analytics::EMAIL_LANGUAGE_VISITED)
+      analytics.email_language_visited
     end
 
     def update
       form_response = UpdateEmailLanguageForm.new(current_user).submit(update_email_params)
-      analytics.track_event(Analytics::EMAIL_LANGUAGE_UPDATED, form_response.to_h)
+      analytics.email_language_updated(**form_response.to_h)
 
       flash[:success] = I18n.t('account.email_language.updated') if form_response.success?
 

app/controllers/users/emails_controller.rb

@@ -43,7 +43,7 @@ def confirm_delete
 
     def delete
       result = DeleteUserEmailForm.new(current_user, email_address).submit
-      analytics.track_event(Analytics::EMAIL_DELETION_REQUEST, result.to_h)
+      analytics.email_deletion_request(**result.to_h)
       if result.success?
         handle_successful_delete
       else

app/controllers/users/piv_cac_authentication_setup_controller.rb

@@ -103,7 +103,8 @@ def process_valid_submission
       create_user_event(:piv_cac_enabled)
       Funnel::Registration::AddMfa.call(current_user.id, 'piv_cac')
       session[:needs_to_setup_piv_cac_after_sign_in] = false
-      redirect_to after_sign_in_path_for(current_user)
+      final_path = after_sign_in_path_for(current_user)
+      redirect_to user_next_authentication_setup_path!(final_path)
     end
 
     def piv_cac_enabled?

app/controllers/users/totp_setup_controller.rb

@@ -78,8 +78,8 @@ def process_valid_code
       mark_user_as_fully_authenticated
       handle_remember_device
       flash[:success] = t('notices.totp_configured')
-      redirect_to after_mfa_setup_path
       user_session.delete(:new_totp_secret)
+      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
     end
 
     def handle_remember_device

app/controllers/users/two_factor_authentication_controller.rb

@@ -1,6 +1,7 @@
 module Users
   class TwoFactorAuthenticationController < ApplicationController
     include TwoFactorAuthenticatable
+    include ActionView::Helpers::DateHelper
 
     before_action :check_remember_device_preference
     before_action :redirect_to_vendor_outage_if_phone_only, only: [:show]
@@ -164,6 +165,7 @@ def handle_valid_otp_params(method, default = nil)
       return handle_too_many_otp_sends if exceeded_otp_send_limit?
       otp_rate_limiter.increment
       return handle_too_many_otp_sends if exceeded_otp_send_limit?
+      return handle_too_many_confirmation_sends if exceeded_phone_confirmation_limit?
 
       @telephony_result = send_user_otp(method)
       handle_telephony_result(method: method, default: default)
@@ -177,8 +179,7 @@ def handle_telephony_result(method:, default:)
           otp_make_default_number: default,
           reauthn: reauthn?,
         )
-      elsif @telephony_result.error.is_a?(Telephony::OptOutError) &&
-            IdentityConfig.store.sms_resubscribe_enabled
+      elsif @telephony_result.error.is_a?(Telephony::OptOutError)
         # clear message from https://github.com/18F/identity-idp/blob/7ad3feab24f6f9e0e45224d9e9be9458c0a6a648/app/controllers/users/phones_controller.rb#L40
         flash.delete(:info)
         opt_out = PhoneNumberOptOut.mark_opted_out(phone_to_deliver_to)
@@ -197,6 +198,18 @@ def exceeded_otp_send_limit?
       return otp_rate_limiter.lock_out_user if otp_rate_limiter.exceeded_otp_send_limit?
     end
 
+    def phone_confirmation_throttle
+      @phone_confirmation_throttle ||= Throttle.for(
+        user: current_user,
+        throttle_type: :phone_confirmation,
+      )
+    end
+
+    def exceeded_phone_confirmation_limit?
+      return false unless UserSessionContext.confirmation_context?(context)
+      phone_confirmation_throttle.throttled_else_increment?
+    end
+
     def send_user_otp(method)
       if PhoneNumberOptOut.find_with_phone(phone_to_deliver_to)
         return Telephony::Response.new(
@@ -275,5 +288,21 @@ def webauthn_params
       params[:platform] = current_user.webauthn_configurations.platform_authenticators.present?
       params
     end
+
+    def handle_too_many_confirmation_sends
+      flash[:error] = t(
+        'errors.messages.phone_confirmation_throttled',
+        timeout: distance_of_time_in_words(
+          Time.zone.now,
+          [phone_confirmation_throttle.expires_at, Time.zone.now].compact.max,
+          except: :seconds,
+        ),
+      )
+      if user_fully_authenticated?
+        redirect_to account_url
+      else
+        redirect_to two_factor_options_url
+      end
+    end
   end
 end

app/controllers/users/two_factor_authentication_setup_controller.rb

@@ -43,20 +43,8 @@ def two_factor_options_presenter
     end
 
     def process_valid_form
-      case @two_factor_options_form.selection
-      when 'voice', 'sms', 'phone'
-        redirect_to phone_setup_url
-      when 'auth_app'
-        redirect_to authenticator_setup_url
-      when 'piv_cac'
-        redirect_to setup_piv_cac_url
-      when 'webauthn'
-        redirect_to webauthn_setup_url
-      when 'webauthn_platform'
-        redirect_to webauthn_setup_url(platform: true)
-      when 'backup_code'
-        redirect_to backup_code_setup_url
-      end
+      user_session[:selected_mfa_options] = @two_factor_options_form.selection
+      redirect_to user_next_authentication_setup_path!(user_session[:selected_mfa_options].first)
     end
 
     def handle_empty_selection
@@ -73,7 +61,7 @@ def confirm_user_needs_2fa_setup
     end
 
     def two_factor_options_form_params
-      params.require(:two_factor_options_form).permit(:selection)
+      params.require(:two_factor_options_form).permit(:selection, selection: [])
     end
   end
 end

app/controllers/users/webauthn_setup_controller.rb

@@ -138,7 +138,8 @@ def process_valid_webauthn(form)
         flash[:success] = t('notices.webauthn_configured')
       end
       user_session[:auth_method] = 'webauthn'
-      redirect_to after_mfa_setup_path
+
+      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
     end
 
     def handle_remember_device