Merge pull request #11538 from 18F/stages/rc-2024-11-21

Deploy RC 433 to Prod

app/controllers/concerns/idv/document_capture_concern.rb

@@ -89,10 +89,5 @@ def track_document_issuing_state(user, state)
       doc_auth_log.state = state
       doc_auth_log.save!
     end
-
-    def cancel_establishing_in_person_enrollments(user: current_user)
-      UspsInPersonProofing::EnrollmentHelper.
-        cancel_stale_establishing_enrollments_for_user(user)
-    end
   end
 end

app/controllers/concerns/idv/verify_info_concern.rb

@@ -232,6 +232,7 @@ def async_state_done(current_async_state)
 
       if form_response.success?
         save_threatmetrix_status(form_response)
+        save_source_check_vendor(form_response)
         move_applicant_to_idv_session
         idv_session.mark_verify_info_step_complete!
 
@@ -251,21 +252,38 @@ def save_threatmetrix_status(form_response)
       idv_session.threatmetrix_review_status = review_status
     end
 
+    def save_source_check_vendor(form_response)
+      vendor = form_response.extra.dig(
+        :proofing_results,
+        :context,
+        :stages,
+        :state_id,
+        :vendor_name,
+      )
+      idv_session.source_check_vendor = vendor
+    end
+
     def summarize_result_and_rate_limit(summary_result)
       proofing_results_exception = summary_result.extra.dig(:proofing_results, :exception)
       resolution_rate_limiter.increment! if proofing_results_exception.blank?
 
       if summary_result.success?
-        add_proofing_components
+        add_proofing_components(summary_result)
       else
         idv_failure(summary_result)
       end
     end
 
-    def add_proofing_components
+    def add_proofing_components(summary_result)
       ProofingComponent.create_or_find_by(user: current_user).update(
         resolution_check: Idp::Constants::Vendors::LEXIS_NEXIS,
-        source_check: Idp::Constants::Vendors::AAMVA,
+        source_check: summary_result.extra.dig(
+          :proofing_results,
+          :context,
+          :stages,
+          :state_id,
+          :vendor_name,
+        ),
       )
     end
 

app/controllers/idv/document_capture_controller.rb

@@ -35,8 +35,6 @@ def update
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
         call('document_capture', :update, true)
 
-      cancel_establishing_in_person_enrollments
-
       if result.success?
         redirect_to idv_ssn_url
       else
@@ -51,7 +49,6 @@ def extra_view_variables
         flow_path: 'standard',
         sp_name: decorated_sp_session.sp_name,
         failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
-        skip_doc_auth: idv_session.skip_doc_auth,
         skip_doc_auth_from_how_to_verify: idv_session.skip_doc_auth_from_how_to_verify,
         skip_doc_auth_from_handoff: idv_session.skip_doc_auth_from_handoff,
         opted_in_to_in_person_proofing: idv_session.opted_in_to_in_person_proofing,
@@ -71,7 +68,6 @@ def self.step_info
                            # mobile
                            idv_session.skip_doc_auth_from_handoff ||
                            idv_session.skip_hybrid_handoff ||
-                            idv_session.skip_doc_auth ||
                             idv_session.skip_doc_auth_from_how_to_verify ||
                             !idv_session.selfie_check_required || # desktop but selfie not required
                              idv_session.desktop_selfie_test_mode_enabled?

app/controllers/idv/how_to_verify_controller.rb

@@ -34,13 +34,11 @@ def update
       if result.success?
         if how_to_verify_form_params['selection'] == Idv::HowToVerifyForm::REMOTE
           idv_session.opted_in_to_in_person_proofing = false
-          idv_session.skip_doc_auth = false
           idv_session.skip_doc_auth_from_how_to_verify = false
           redirect_to idv_hybrid_handoff_url
         else
           idv_session.opted_in_to_in_person_proofing = true
           idv_session.flow_path = 'standard'
-          idv_session.skip_doc_auth = true
           idv_session.skip_doc_auth_from_how_to_verify = true
           redirect_to idv_document_capture_url
         end
@@ -65,7 +63,6 @@ def self.step_info
           idv_session.service_provider&.in_person_proofing_enabled
         end,
         undo_step: ->(idv_session:, user:) {
-                     idv_session.skip_doc_auth = nil
                      idv_session.skip_doc_auth_from_how_to_verify = nil
                      idv_session.opted_in_to_in_person_proofing = nil
                    },

app/controllers/idv/hybrid_handoff_controller.rb

@@ -47,12 +47,10 @@ def self.selected_remote(idv_session:)
       if IdentityConfig.store.in_person_proofing_opt_in_enabled &&
          IdentityConfig.store.in_person_proofing_enabled &&
          idv_session.service_provider&.in_person_proofing_enabled
-        idv_session.skip_doc_auth_from_how_to_verify == false ||
-          idv_session.skip_doc_auth == false
+        idv_session.skip_doc_auth_from_how_to_verify == false
       else
         idv_session.skip_doc_auth_from_how_to_verify.nil? ||
-          idv_session.skip_doc_auth_from_how_to_verify == false || idv_session.skip_doc_auth.nil? ||
-          idv_session.skip_doc_auth == false
+          idv_session.skip_doc_auth_from_how_to_verify == false
       end
     end
 

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -10,7 +10,7 @@ class DocumentCaptureController < ApplicationController
         include RenderConditionConcern
         include DocumentCaptureConcern
 
-        check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
+        check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled }
         before_action :check_valid_document_capture_session, except: [:update]
         before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, true) }
 

app/controllers/idv/in_person/verify_info_controller.rb

@@ -46,6 +46,7 @@ def self.step_info
             idv_session.resolution_successful = nil
             idv_session.verify_info_step_document_capture_session_uuid = nil
             idv_session.threatmetrix_review_status = nil
+            idv_session.source_check_vendor = nil
             idv_session.applicant = nil
           end,
         )

app/controllers/idv/socure/document_capture_controller.rb

@@ -8,7 +8,7 @@ class DocumentCaptureController < ApplicationController
       include DocumentCaptureConcern
       include RenderConditionConcern
 
-      check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
+      check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled }
       before_action :confirm_not_rate_limited
       before_action :confirm_step_allowed
       before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, false) }
@@ -22,6 +22,8 @@ class DocumentCaptureController < ApplicationController
       skip_before_action :confirm_step_allowed, only: [:update]
 
       def show
+        idv_session.socure_docv_wait_polling_started_at = nil
+
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
           call('socure_document_capture', :view, true)
 
@@ -65,6 +67,22 @@ def update
         # Not used in standard flow, here for data consistency with hybrid flow.
         document_capture_session.confirm_ocr
 
+        # If the stored_result is nil, the job fetching the results has not completed.
+        if stored_result.nil?
+          analytics.idv_doc_auth_document_capture_polling_wait_visited(**analytics_arguments)
+          if wait_timed_out?
+            # flash[:error] = I18n.t('errors.doc_auth.polling_timeout')
+            # TODO: redirect to try again page LG-14873/14952/15059
+            render plain: 'Technical difficulties!!!', status: :ok
+          else
+            @refresh_interval =
+              IdentityConfig.store.doc_auth_socure_wait_polling_refresh_max_seconds
+            render 'idv/socure/document_capture/wait'
+          end
+
+          return
+        end
+
         result = handle_stored_result
         # TODO: new analytics event?
         analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments))
@@ -89,20 +107,31 @@ def self.step_info
               # mobile
               idv_session.skip_doc_auth_from_handoff ||
               idv_session.skip_hybrid_handoff ||
-              idv_session.skip_doc_auth ||
               idv_session.skip_doc_auth_from_how_to_verify ||
               !idv_session.selfie_check_required ||
               idv_session.desktop_selfie_test_mode_enabled?)
           },
           undo_step: ->(idv_session:, user:) do
             idv_session.pii_from_doc = nil
+            idv_session.socure_docv_wait_polling_started_at = nil
             idv_session.invalidate_in_person_pii_from_user!
           end,
         )
       end
 
       private
 
+      def wait_timed_out?
+        if idv_session.socure_docv_wait_polling_started_at.nil?
+          idv_session.socure_docv_wait_polling_started_at = Time.zone.now.to_s
+          return false
+        end
+        start = DateTime.parse(idv_session.socure_docv_wait_polling_started_at)
+        timeout_period =
+          IdentityConfig.store.doc_auth_socure_wait_polling_timeout_minutes.minutes || 5.minutes
+        start + timeout_period < Time.zone.now
+      end
+
       def analytics_arguments
         {
           flow_path: flow_path,

app/controllers/idv/verify_info_controller.rb

@@ -52,6 +52,7 @@ def self.step_info
         end,
         undo_step: ->(idv_session:, user:) do
           idv_session.resolution_successful = nil
+          idv_session.source_check_vendor = nil
           idv_session.address_edited = nil
           idv_session.verify_info_step_document_capture_session_uuid = nil
           idv_session.threatmetrix_review_status = nil

app/controllers/socure_webhook_controller.rb

@@ -4,7 +4,7 @@ class SocureWebhookController < ApplicationController
   include RenderConditionConcern
 
   skip_before_action :verify_authenticity_token
-  check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
+  check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled }
   before_action :check_token
   before_action :check_socure_event
 
@@ -65,12 +65,12 @@ def token_valid?
   def verify_current_key(authorization_header:)
     ActiveSupport::SecurityUtils.secure_compare(
       authorization_header,
-      IdentityConfig.store.socure_webhook_secret_key,
+      IdentityConfig.store.socure_docv_webhook_secret_key,
     )
   end
 
   def verify_queue(authorization_header:)
-    IdentityConfig.store.socure_webhook_secret_key_queue.any? do |key|
+    IdentityConfig.store.socure_docv_webhook_secret_key_queue.any? do |key|
       ActiveSupport::SecurityUtils.secure_compare(
         authorization_header,
         key,

app/javascript/packages/document-capture/components/document-capture.tsx

@@ -42,7 +42,6 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
   const {
     inPersonFullAddressEntryEnabled,
     inPersonURL,
-    skipDocAuth,
     skipDocAuthFromHandoff,
     skipDocAuthFromHowToVerify,
   } = useContext(InPersonContext);
@@ -140,9 +139,9 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
   if (submissionError && formValues) {
     initialValues = formValues;
   }
-  // If the user got here by opting-in to in-person proofing, when skipDocAuthFromHowToVerify === true || skipDocAuth === true,
+  // If the user got here by opting-in to in-person proofing, when skipDocAuthFromHowToVerify === true
   // then set steps to inPersonSteps
-  const isInPersonStepEnabled = skipDocAuthFromHowToVerify || skipDocAuthFromHandoff || skipDocAuth;
+  const isInPersonStepEnabled = skipDocAuthFromHowToVerify || skipDocAuthFromHandoff;
   const inPersonSteps: FormStep[] =
     inPersonURL === undefined
       ? []
@@ -156,7 +155,7 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
   } else if (submissionError) {
     steps = [reviewFormStep, ...inPersonSteps];
   }
-  // If the user got here by opting-in to in-person proofing, when skipDocAuthFromHowToVerify === true || skipDocAuth === true;
+  // If the user got here by opting-in to in-person proofing, when skipDocAuthFromHowToVerify === true
   // or opting-in ipp from handoff page, and selfie is required, when skipDocAuthFromHandoff === true
   // then set stepIndicatorPath to VerifyFlowPath.IN_PERSON
   const stepIndicatorPath =

app/javascript/packages/document-capture/components/in-person-prepare-step.tsx

@@ -19,7 +19,6 @@ function InPersonPrepareStep({ toPreviousStep }) {
     inPersonURL,
     inPersonOutageMessageEnabled,
     inPersonOutageExpectedUpdateDate,
-    skipDocAuth,
     skipDocAuthFromHowToVerify,
     skipDocAuthFromHandoff,
     howToVerifyURL,
@@ -30,7 +29,7 @@ function InPersonPrepareStep({ toPreviousStep }) {
     if (skipDocAuthFromHandoff && previousStepURL) {
       // directly from handoff page
       forceRedirect(previousStepURL);
-    } else if ((skipDocAuthFromHowToVerify || skipDocAuth) && howToVerifyURL) {
+    } else if (skipDocAuthFromHowToVerify && howToVerifyURL) {
       forceRedirect(howToVerifyURL);
     } else {
       toPreviousStep();

app/javascript/packages/document-capture/context/in-person.ts

@@ -42,13 +42,6 @@ export interface InPersonContextProps {
    */
   usStatesTerritories: Array<[string, string]>;
 
-  /**
-   * When skipDocAuth is true and in_person_proofing_opt_in_enabled is true,
-   * users are directed to the beginning of the IPP flow. This is set to true when
-   * they choose Opt-in IPP on the new How To Verify page
-   */
-  skipDocAuth?: boolean;
-
   /**
    * When skipDocAuthFromHowToVerify is true and in_person_proofing_opt_in_enabled is true,
    * users are directed to the beginning of the IPP flow. This is set to true when

app/javascript/packs/document-capture.tsx

@@ -33,7 +33,6 @@ interface AppRootData {
   idvInPersonUrl?: string;
   optedInToInPersonProofing: string;
   securityAndPrivacyHowItWorksUrl: string;
-  skipDocAuth: string;
   skipDocAuthFromHowToVerify: string;
   skipDocAuthFromHandoff: string;
   howToVerifyURL: string;
@@ -106,7 +105,6 @@ const {
   inPersonOutageExpectedUpdateDate,
   optedInToInPersonProofing,
   usStatesTerritories = '',
-  skipDocAuth,
   skipDocAuthFromHowToVerify,
   skipDocAuthFromHandoff,
   howToVerifyUrl,
@@ -138,7 +136,6 @@ render(
           inPersonFullAddressEntryEnabled: inPersonFullAddressEntryEnabled === 'true',
           optedInToInPersonProofing: optedInToInPersonProofing === 'true',
           usStatesTerritories: parsedUsStatesTerritories,
-          skipDocAuth: skipDocAuth === 'true',
           skipDocAuthFromHowToVerify: skipDocAuthFromHowToVerify === 'true',
           skipDocAuthFromHandoff: skipDocAuthFromHandoff === 'true',
           howToVerifyURL: howToVerifyUrl,

app/jobs/data_warehouse/daily_sensitive_column_job.rb

@@ -10,7 +10,8 @@ def perform(timestamp)
     end
 
     def fetch_columns
-      tables = ActiveRecord::Base.connection.tables - %w[schema_migrations ar_internal_metadata]
+      tables = ActiveRecord::Base.connection.tables - %w[schema_migrations ar_internal_metadata
+                                                         awsdms_ddl_audit]
 
       sensitive_hash = []
       insensitive_hash = []

app/services/analytics_events.rb

@@ -1240,6 +1240,44 @@ def idv_doc_auth_capture_complete_visited(
     )
   end
 
+  # User returns from Socure document capture, but is waiting on a result to be fetched
+  # @param ["hybrid","standard"] flow_path Document capture user flow
+  # @param [String] step Current IdV step
+  # @param [String] analytics_id Current IdV flow identifier
+  # @param [Boolean] redo_document_capture Whether user is redoing document capture after barcode
+  # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active
+  # @param [Boolean] liveness_checking_required Whether facial match check is required
+  # @param [Boolean] selfie_check_required Whether facial match check is required
+  # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing
+  # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture
+  # SDK upgrades
+  def idv_doc_auth_document_capture_polling_wait_visited(
+    flow_path:,
+    step:,
+    analytics_id:,
+    redo_document_capture:,
+    skip_hybrid_handoff:,
+    liveness_checking_required:,
+    selfie_check_required:,
+    opted_in_to_in_person_proofing: nil,
+    acuant_sdk_upgrade_ab_test_bucket: nil,
+    **extra
+  )
+    track_event(
+      :idv_doc_auth_document_capture_polling_wait_visited,
+      flow_path:,
+      step:,
+      analytics_id:,
+      redo_document_capture:,
+      skip_hybrid_handoff:,
+      liveness_checking_required:,
+      selfie_check_required:,
+      opted_in_to_in_person_proofing:,
+      acuant_sdk_upgrade_ab_test_bucket:,
+      **extra,
+    )
+  end
+
   # User submits IdV document capture step
   # @param [Boolean] success Whether form validation was successful
   # @param [Hash] errors Errors resulting from form validation

app/services/doc_auth/socure/requests/document_request.rb

@@ -63,7 +63,7 @@ def method
         end
 
         def endpoint
-          IdentityConfig.store.socure_document_request_endpoint
+          IdentityConfig.store.socure_docv_document_request_endpoint
         end
 
         def metric_name