Merge pull request #1499 from 18F/stages/int

Deploy int to staging

.codeclimate.yml

@@ -1,6 +1,11 @@
 engines:
   brakeman:
     enabled: true
+    exclude_paths:
+    # Excluding User Flows tools since these are not loaded
+    # except when explicitly called from the User Flow rake tasks
+    - 'lib/user_flow_exporter.rb'
+    - 'lib/rspec/formatters/user_flow_formatter.rb'
   bundler-audit:
     enabled: true
   coffeelint:
@@ -19,6 +24,8 @@ engines:
     - 'node_modules/**/*'
     - 'db/schema.rb'
     - 'app/forms/password_form.rb'
+    - 'lib/user_flow_exporter.rb'
+    - 'lib/rspec/formatters/user_flow_formatter.rb'
   eslint:
     enabled: true
   fixme:
@@ -38,6 +45,8 @@ engines:
     exclude_paths:
     - 'spec/**/*'
     - 'db/migrate/*'
+    - 'lib/user_flow_exporter.rb'
+    - 'lib/rspec/formatters/user_flow_formatter.rb'
   rubocop:
     enabled: true
   scss-lint:
@@ -50,4 +59,5 @@ ratings:
   - '**.rb'
   - '**.go'
   exclude_paths:
-    - 'lib/rspec/formatters/*'
+    - 'lib/user_flow_exporter.rb'
+    - 'lib/rspec/formatters/user_flow_formatter.rb'

.rubocop.yml

@@ -14,6 +14,8 @@ AllCops:
     - 'config/initializers/devise.rb'
     - 'db/migrate/*'
     - 'spec/services/pii/nist_encryption_spec.rb'
+    - 'lib/rspec/user_flow_formatter.rb'
+    - 'lib/user_flow_exporter.rb'
   TargetRubyVersion: 2.3
   UseCache: true
 

Dockerfile

@@ -33,5 +33,8 @@ RUN bundle install --jobs=20 --retry=5 --frozen --without deploy production
 
 COPY . /upaya
 
+RUN gpg --dearmor < keys/equifax_gpg.pub.example > keys/equifax_gpg.pub.bin
+RUN gpg --batch --import keys/equifax_gpg.example
+
 EXPOSE 3000
 CMD ["rackup", "config.ru", "--host", "0.0.0.0", "--port", "3000"]

Gemfile

@@ -80,6 +80,7 @@ end
 
 group :development, :test do
   gem 'bullet'
+  gem 'front_matter_parser'
   gem 'i18n-tasks'
   gem 'mailcatcher', require: false
   gem 'pry-byebug'

Gemfile.lock

@@ -265,6 +265,7 @@ GEM
       thor (~> 0.14)
     formatador (0.2.5)
     foundation_emails (2.2.1.0)
+    front_matter_parser (0.1.0)
     geocoder (1.4.4)
     get_process_mem (0.2.1)
     gibberish (2.1.0)
@@ -678,6 +679,7 @@ DEPENDENCIES
   fasterer
   figaro
   foundation_emails
+  front_matter_parser
   gibberish
   guard-rspec
   gyoku

README.md

@@ -179,6 +179,16 @@ $ RAILS_ASSET_HOST=localhost:3000 rake spec:user_flows
 
 Then, visit http://localhost:3000/user_flows in your browser!
 
+##### Exporting
+
+The user flows tool also has an export feature which allows you to export everything for the web. You may host these assets with someting like [`simplehttpserver`](https://www.npmjs.com/package/simplehttpserver) or publish to [Federalist](https://federalist.18f.gov/). To publish user flows for Federalist, first make sure the application is running locally (eg. localhost:3000) and run:
+
+```
+$ RAILS_ASSET_HOST=localhost:3000 FEDERALIST_PATH=/site/user/repository rake spec:user_flows:web
+```
+
+This will output your site to `public/site/user/repository` for quick publishing to [Federalist](https://federalist-docs.18f.gov/pages/using-federalist/). To test compatibility, run `simplehttpserver` from the app's `public` folder and visit `http://localhost:8000/<FEDERALIST PATH>/user_flows` in your browser.
+
 ### Load testing
 
 We provide some [Locust.io] Python scripts you can run to test how the

app/assets/stylesheets/components/_background.scss

@@ -5,4 +5,5 @@
 @media #{$breakpoint-sm} {
   .sm-bg-light-blue { background-color: $blue-light; }
   .sm-bg-none { background-color: transparent; }
+  .sm-bg-navy { background-color: $navy; }
 }

app/assets/stylesheets/components/_color.scss

@@ -0,0 +1,3 @@
+@media #{$breakpoint-sm} {
+  .sm-white { color: $white; }
+}

app/assets/stylesheets/components/_util.scss

@@ -19,6 +19,17 @@
   vertical-align: middle;
 }
 
+
+.block-center {
+  margin: 0 auto;
+}
+
+.scale-down {
+  // trigger anti-aliasing in chrome
+  backface-visibility: hidden;
+  transform: scale(.7);
+}
+
 @media #{$breakpoint-sm} {
   // scss-lint:disable ImportantRule
   .sm-display-inline-block { display: inline-block !important; }

app/assets/stylesheets/components/all.scss

@@ -4,6 +4,7 @@
 @import 'border';
 @import 'btn';
 @import 'card';
+@import 'color';
 @import 'container';
 @import 'footer';
 @import 'form';

app/controllers/concerns/idv_session.rb

@@ -25,7 +25,11 @@ def confirm_idv_vendor_session_started
   end
 
   def idv_session
-    @_idv_session ||= Idv::Session.new(user_session, current_user)
+    @_idv_session ||= Idv::Session.new(
+      user_session: user_session,
+      current_user: current_user,
+      issuer: sp_session[:issuer]
+    )
   end
 
   def idv_vendor

app/controllers/concerns/two_factor_authenticatable.rb

@@ -152,7 +152,11 @@ def update_phone_attributes
   def update_idv_state
     now = Time.zone.now
     if idv_context?
-      Idv::Session.new(user_session, current_user).params['phone_confirmed_at'] = now
+      Idv::Session.new(
+        user_session: user_session,
+        current_user: current_user,
+        issuer: sp_session[:issuer]
+      ).params['phone_confirmed_at'] = now
     elsif profile_context?
       Idv::ProfileActivator.new(user: current_user).call
     end
@@ -186,7 +190,7 @@ def after_otp_action_path
     elsif @updating_existing_number
       account_path
     elsif decorated_user.password_reset_profile.present?
-      reactivate_account_path
+      manage_reactivate_account_path
     else
       account_path
     end

app/controllers/reactivate_account_controller.rb

@@ -0,0 +1,20 @@
+class ReactivateAccountController < ApplicationController
+  before_action :confirm_two_factor_authenticated
+  before_action :confirm_password_reset_profile
+
+  def index
+    user_session[:acknowledge_personal_key] ||= true
+  end
+
+  def update
+    user_session.delete(:acknowledge_personal_key)
+    redirect_to verify_url
+  end
+
+  protected
+
+  def confirm_password_reset_profile
+    return if current_user.decorate.password_reset_profile
+    redirect_to root_url
+  end
+end

app/controllers/users_controller.rb

@@ -1,8 +1,9 @@
 class UsersController < ApplicationController
   def destroy
+    path_after_cancellation = decorated_session.cancel_link_path
     destroy_user
     flash[:success] = t('sign_up.cancel.success')
-    redirect_to root_path
+    redirect_to path_after_cancellation
   end
 
   private

app/controllers/verify_controller.rb

@@ -3,6 +3,7 @@ class VerifyController < ApplicationController
 
   before_action :confirm_two_factor_authenticated
   before_action :confirm_idv_needed, only: %i[cancel fail]
+  before_action :profile_needs_reactivation?, only: [:index]
 
   def index
     if active_profile?
@@ -26,6 +27,15 @@ def fail
 
   private
 
+  def profile_needs_reactivation?
+    return unless password_reset_profile && user_session[:acknowledge_personal_key] == true
+    redirect_to manage_reactivate_account_url
+  end
+
+  def password_reset_profile
+    current_user.decorate.password_reset_profile
+  end
+
   def active_profile?
     current_user.active_profile.present?
   end

app/decorators/service_provider_session_decorator.rb

@@ -58,15 +58,15 @@ def sp_name
   end
 
   def sp_return_url
-    if sp.redirect_uri.present? && openid_connect_redirector.valid?
+    if sp.redirect_uris.present? && openid_connect_redirector.valid?
       openid_connect_redirector.decline_redirect_uri
     else
       sp.return_to_sp_url
     end
   end
 
-  def cancel_link_url
-    sign_up_start_url(request_id: sp_session[:request_id])
+  def cancel_link_path
+    sign_up_start_path(request_id: sp_session[:request_id])
   end
 
   private

app/decorators/session_decorator.rb

@@ -37,7 +37,7 @@ def sp_return_url; end
 
   def requested_attributes; end
 
-  def cancel_link_url
-    root_url
+  def cancel_link_path
+    root_path
   end
 end

app/forms/openid_connect_authorize_form.rb

@@ -61,7 +61,7 @@ def loa3_requested?
   end
 
   def sp_redirect_uri
-    service_provider.redirect_uri
+    openid_connect_redirector.validated_input_redirect_uri
   end
 
   def service_provider

app/forms/reactivate_account_form.rb

@@ -45,6 +45,7 @@ def decrypted_pii
   def reencrypt_pii
     personal_key = password_reset_profile.encrypt_pii(user_access_key, decrypted_pii)
     password_reset_profile.deactivation_reason = nil
+    password_reset_profile.active = true
     password_reset_profile.save!
     personal_key
   end

app/models/null_service_provider.rb

@@ -31,5 +31,7 @@ def friendly_name; end
 
   def return_to_sp_url; end
 
-  def redirect_uri; end
+  def redirect_uris
+    []
+  end
 end

app/models/service_provider.rb

@@ -43,4 +43,8 @@ def encryption_opts
   def live?
     active? && approved?
   end
+
+  def redirect_uris
+    super.presence || Array(redirect_uri)
+  end
 end

app/services/idv/session.rb

@@ -17,9 +17,10 @@ class Session
       vendor_session_id
     ].freeze
 
-    def initialize(user_session, current_user)
+    def initialize(user_session:, current_user:, issuer:)
       @user_session = user_session
       @current_user = current_user
+      @issuer = issuer
       @user_session[:idv] ||= new_idv_session
     end
 
@@ -82,7 +83,7 @@ def create_usps_entry
         self.pii = Pii::Attributes.new_from_json(user_session[:decrypted_pii])
       end
 
-      UspsConfirmationMaker.new(pii: pii).perform
+      UspsConfirmationMaker.new(pii: pii, issuer: issuer).perform
     end
 
     def alive?
@@ -95,7 +96,7 @@ def address_mechanism_chosen?
 
     private
 
-    attr_accessor :user_session, :current_user
+    attr_accessor :user_session, :current_user, :issuer
 
     def new_idv_session
       { params: {}, step_attempts: { financials: 0, phone: 0 } }

app/services/idv/vendor_validator.rb

@@ -42,9 +42,7 @@ def agent_error_resolution(err_msg)
       Proofer::Resolution.new(
         success: false,
         errors: { agent: [err_msg] },
-        vendor_resp: Proofer::Vendor::MockResponse.new(
-          reasons: [err_msg]
-        )
+        vendor_resp: OpenStruct.new(reasons: [err_msg])
       )
     end
   end