diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0dfcf3388a2..4dcf6078669 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: FF_SCRIPT_SECTIONS: 'true' JUNIT_OUTPUT: 'true' ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com' - IDP_CI_SHA: 'sha256:5c4953f8efba18b7a6d6a9a961cb77ba7143059cbb2176499432b4275fbe67db' + IDP_CI_SHA: 'sha256:37766e5b4aaeaad72dc8d18aa73236558ae5abd478073f5005783c44d6d6e87e' PKI_IMAGE_TAG: 'main' DASHBOARD_IMAGE_TAG: 'main' APPLICATION_MANIFEST: dockerfiles/application.yaml diff --git a/.nvmrc b/.nvmrc index 209e3ef4b62..2bd5a0a98a3 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20 +22 diff --git a/.rubocop.yml b/.rubocop.yml index e4e614283cd..44b0c7a76db 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -127,7 +127,7 @@ Layout/DefEndAlignment: Layout/DotPosition: Description: Checks the position of the dot in multi-line method calls. StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-multi-line-chains - EnforcedStyle: trailing + EnforcedStyle: leading SupportedStyles: - leading - trailing diff --git a/.ruby-version b/.ruby-version index a0891f563f3..9c25013dbb8 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.3.4 +3.3.6 diff --git a/Brewfile b/Brewfile index 2018d5ff118..f087878fea3 100644 --- a/Brewfile +++ b/Brewfile @@ -1,6 +1,6 @@ brew 'postgresql@14' brew 'redis' -brew 'node@20' +brew 'node@22' brew 'yarn' brew 'openssl@1.1' brew 'jq' diff --git a/Gemfile.lock b/Gemfile.lock index 037d8d04e17..6ffcee2c82b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -80,29 +80,29 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (7.2.1.1) - actionpack (= 7.2.1.1) - activesupport (= 7.2.1.1) + actioncable (7.2.2.1) + actionpack (= 7.2.2.1) + activesupport (= 7.2.2.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.1.1) - actionpack (= 7.2.1.1) - activejob (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionmailbox (7.2.2.1) + actionpack (= 7.2.2.1) + activejob (= 7.2.2.1) + activerecord (= 7.2.2.1) + activestorage (= 7.2.2.1) + activesupport (= 7.2.2.1) mail (>= 2.8.0) - actionmailer (7.2.1.1) - actionpack (= 7.2.1.1) - actionview (= 7.2.1.1) - activejob (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionmailer (7.2.2.1) + actionpack (= 7.2.2.1) + actionview (= 7.2.2.1) + activejob (= 7.2.2.1) + activesupport (= 7.2.2.1) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.1.1) - actionview (= 7.2.1.1) - activesupport (= 7.2.1.1) + actionpack (7.2.2.1) + actionview (= 7.2.2.1) + activesupport (= 7.2.2.1) nokogiri (>= 1.8.5) racc rack (>= 2.2.4, < 3.2) @@ -111,36 +111,37 @@ GEM rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.1.1) - actionpack (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + actiontext (7.2.2.1) + actionpack (= 7.2.2.1) + activerecord (= 7.2.2.1) + activestorage (= 7.2.2.1) + activesupport (= 7.2.2.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.1.1) - activesupport (= 7.2.1.1) + actionview (7.2.2.1) + activesupport (= 7.2.2.1) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.1.1) - activesupport (= 7.2.1.1) + activejob (7.2.2.1) + activesupport (= 7.2.2.1) globalid (>= 0.3.6) - activemodel (7.2.1.1) - activesupport (= 7.2.1.1) - activerecord (7.2.1.1) - activemodel (= 7.2.1.1) - activesupport (= 7.2.1.1) + activemodel (7.2.2.1) + activesupport (= 7.2.2.1) + activerecord (7.2.2.1) + activemodel (= 7.2.2.1) + activesupport (= 7.2.2.1) timeout (>= 0.4.0) - activestorage (7.2.1.1) - actionpack (= 7.2.1.1) - activejob (= 7.2.1.1) - activerecord (= 7.2.1.1) - activesupport (= 7.2.1.1) + activestorage (7.2.2.1) + actionpack (= 7.2.2.1) + activejob (= 7.2.2.1) + activerecord (= 7.2.2.1) + activesupport (= 7.2.2.1) marcel (~> 1.0) - activesupport (7.2.1.1) + activesupport (7.2.2.1) base64 + benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) @@ -197,12 +198,14 @@ GEM aws-sigv4 (~> 1.1) aws-sigv4 (1.9.1) aws-eventstream (~> 1, >= 1.0.2) - axe-core-api (4.10.0) + axe-core-api (4.10.2) dumb_delegator + ostruct virtus - axe-core-rspec (4.10.0) - axe-core-api (= 4.10.0) + axe-core-rspec (4.10.2) + axe-core-api (= 4.10.2) dumb_delegator + ostruct virtus axiom-types (0.1.1) descendants_tracker (~> 0.0.4) @@ -211,7 +214,8 @@ GEM barby (0.6.8) base32-crockford (0.1.0) base64 (0.2.0) - bcrypt (3.1.19) + bcrypt (3.1.20) + benchmark (0.4.0) benchmark-ips (2.12.0) better_errors (2.10.1) erubi (>= 1.0.0) @@ -228,13 +232,14 @@ GEM bindata (2.4.15) bootsnap (1.18.3) msgpack (~> 1.2) - brakeman (6.1.0) + brakeman (6.2.2) + racc browser (6.0.0) builder (3.3.0) bullet (7.2.0) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) - bundler-audit (0.9.1) + bundler-audit (0.9.2) bundler (>= 1.2.0, < 3) thor (~> 1.0) byebug (11.1.3) @@ -253,6 +258,8 @@ GEM nokogiri (~> 1.10, >= 1.10.4) rubyzip (>= 1.3.0, < 3) cbor (0.5.9.8) + childprocess (5.1.0) + logger (~> 1.5) chunky_png (1.4.0) coderay (1.1.3) coercible (1.0.0) @@ -271,7 +278,7 @@ GEM cssbundling-rails (1.4.0) railties (>= 6.0.0) csv (3.2.8) - date (3.3.4) + date (3.4.1) dead_end (4.0.0) derailed_benchmarks (2.1.2) benchmark-ips (~> 2) @@ -301,9 +308,9 @@ GEM i18n drb (2.2.1) dumb_delegator (1.0.0) - email_spec (2.2.2) + email_spec (2.3.0) htmlentities (~> 4.3.3) - launchy (~> 2.1) + launchy (>= 2.1, < 4.0) mail (~> 2.7) erb_lint (0.7.0) activesupport @@ -316,23 +323,24 @@ GEM erubi (1.13.0) et-orbi (1.2.11) tzinfo - factory_bot (6.4.6) + factory_bot (6.5.0) activesupport (>= 5.0.0) - factory_bot_rails (6.4.3) - factory_bot (~> 6.4) + factory_bot_rails (6.4.4) + factory_bot (~> 6.5) railties (>= 5.0.0) - faker (3.4.2) + faker (3.5.1) i18n (>= 1.8.11, < 2) - faraday (2.10.0) - faraday-net_http (>= 2.0, < 3.2) + faraday (2.12.2) + faraday-net_http (>= 2.0, < 3.5) + json logger - faraday-net_http (3.1.1) - net-http + faraday-net_http (3.4.0) + net-http (>= 0.5.0) faraday-retry (2.0.0) faraday (~> 2.0) - ffi (1.15.5) - ffi-compiler (1.0.1) - ffi (>= 1.0.0) + ffi (1.17.0) + ffi-compiler (1.3.2) + ffi (>= 1.15.5) rake foundation_emails (2.2.1.0) fugit (1.11.1) @@ -350,10 +358,10 @@ GEM fugit (>= 1.11.0) railties (>= 6.1.0) thor (>= 1.0.0) - google-protobuf (4.28.2) + google-protobuf (4.29.1) bigdecimal rake (>= 13) - hashdiff (1.1.0) + hashdiff (1.1.2) heapy (0.2.0) thor highline (3.1.0) @@ -375,8 +383,8 @@ GEM rainbow (>= 2.2.2, < 4.0) terminal-table (>= 1.5.1) ice_nine (0.11.2) - io-console (0.7.2) - irb (1.14.1) + io-console (0.8.0) + irb (1.14.2) rdoc (>= 4.0.0) reline (>= 0.4.2) jmespath (1.6.2) @@ -388,14 +396,15 @@ GEM knapsack (4.0.0) rake language_server-protocol (3.17.0.3) - launchy (2.5.2) + launchy (3.0.1) addressable (~> 2.8) - letter_opener (1.8.1) - launchy (>= 2.2, < 3) + childprocess (~> 5.0) + letter_opener (1.10.0) + launchy (>= 2.2, < 4) listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.1) + logger (1.6.2) lograge (0.11.2) actionpack (>= 4) activesupport (>= 4) @@ -430,14 +439,14 @@ GEM mini_histogram (0.3.1) mini_mime (1.1.5) mini_portile2 (2.8.8) - minitest (5.25.1) - msgpack (1.7.2) + minitest (5.25.4) + msgpack (1.7.5) multiset (0.5.3) - net-http (0.4.1) + net-http (0.6.0) uri net-http-persistent (4.0.2) connection_pool (~> 2.2) - net-imap (0.5.0) + net-imap (0.5.1) date net-protocol net-pop (0.1.2) @@ -450,7 +459,7 @@ GEM net-protocol net-ssh (6.1.0) newrelic_rpm (9.7.0) - nio4r (2.7.3) + nio4r (2.7.4) nokogiri (1.16.8) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -460,11 +469,12 @@ GEM openssl-signature_algorithm (1.2.1) openssl (> 2.0, < 3.1) orm_adapter (0.5.0) + ostruct (0.6.1) parallel (1.26.3) parser (3.3.4.2) ast (~> 2.4.1) racc - pg (1.5.6) + pg (1.5.9) pg_query (5.1.0) google-protobuf (>= 3.22.3) phonelib (0.9.1) @@ -496,7 +506,8 @@ GEM yard (~> 0.9.11) pry-rails (0.3.11) pry (>= 0.13.0) - psych (5.1.2) + psych (5.2.1) + date stringio public_suffix (6.0.1) puma (6.4.3) @@ -522,20 +533,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.2.1.1) - actioncable (= 7.2.1.1) - actionmailbox (= 7.2.1.1) - actionmailer (= 7.2.1.1) - actionpack (= 7.2.1.1) - actiontext (= 7.2.1.1) - actionview (= 7.2.1.1) - activejob (= 7.2.1.1) - activemodel (= 7.2.1.1) - activerecord (= 7.2.1.1) - activestorage (= 7.2.1.1) - activesupport (= 7.2.1.1) + rails (7.2.2.1) + actioncable (= 7.2.2.1) + actionmailbox (= 7.2.2.1) + actionmailer (= 7.2.2.1) + actionpack (= 7.2.2.1) + actiontext (= 7.2.2.1) + actionview (= 7.2.2.1) + activejob (= 7.2.2.1) + activemodel (= 7.2.2.1) + activerecord (= 7.2.2.1) + activestorage (= 7.2.2.1) + activesupport (= 7.2.2.1) bundler (>= 1.15.0) - railties (= 7.2.1.1) + railties (= 7.2.2.1) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -550,9 +561,9 @@ GEM rails-i18n (7.0.6) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.2.1.1) - actionpack (= 7.2.1.1) - activesupport (= 7.2.1.1) + railties (7.2.2.1) + actionpack (= 7.2.2.1) + activesupport (= 7.2.2.1) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -563,16 +574,16 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rdoc (6.7.0) + rdoc (6.8.1) psych (>= 4.0.0) redacted_struct (2.0.0) redcarpet (3.6.0) - redis (5.2.0) + redis (5.3.0) redis-client (>= 0.22.0) - redis-client (0.22.2) + redis-client (0.23.0) connection_pool regexp_parser (2.9.3) - reline (0.5.9) + reline (0.5.12) io-console (~> 0.5) request_store (1.5.1) rack (>= 1.4) @@ -591,7 +602,7 @@ GEM rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) - rspec-core (3.13.1) + rspec-core (3.13.2) rspec-support (~> 3.13.0) rspec-expectations (3.13.3) diff-lcs (>= 1.2.0, < 2.0) @@ -609,7 +620,7 @@ GEM rspec-support (~> 3.13) rspec-retry (0.6.2) rspec-core (> 3.3) - rspec-support (3.13.1) + rspec-support (3.13.2) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) rubocop (1.69.1) @@ -646,10 +657,11 @@ GEM errbase (>= 0.1.1) safety_net_attestation (0.4.0) jwt (~> 2.0) - scrypt (3.0.7) + scrypt (3.0.8) ffi-compiler (>= 1.0, < 2.0) - securerandom (0.3.1) - selenium-webdriver (4.22.0) + rake (>= 9, < 14) + securerandom (0.4.0) + selenium-webdriver (4.27.0) base64 (~> 0.2) logger (~> 1.4) rexml (~> 3.2, >= 3.2.5) @@ -672,34 +684,30 @@ GEM simplecov (~> 0.19) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - simpleidn (0.2.1) - unf (~> 0.1.4) + simpleidn (0.2.3) smart_properties (1.17.0) - sqlite3 (2.1.0) + sqlite3 (2.4.1) mini_portile2 (~> 2.8.0) stringex (2.8.5) - stringio (3.1.1) + stringio (3.1.2) strong_migrations (2.0.0) activerecord (>= 6.1) tableparser (1.0.1) terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) - thor (1.3.1) + thor (1.3.2) thread_safe (0.3.6) - timeout (0.4.1) + timeout (0.4.2) tpm-key_attestation (0.11.0) bindata (~> 2.4) openssl (> 2.0, < 3.1) openssl-signature_algorithm (~> 1.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.9.1) unicode-display_width (2.5.0) uniform_notifier (1.16.0) uri (0.13.0) - useragent (0.16.10) + useragent (0.16.11) view_component (3.9.0) activesupport (>= 5.2.0, < 8.0) concurrent-ruby (~> 1.0) @@ -719,12 +727,12 @@ GEM openssl (>= 2.2, < 3.1) safety_net_attestation (~> 0.4.0) tpm-key_attestation (~> 0.11.0) - webmock (3.18.1) + webmock (3.24.0) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - webrick (1.8.2) - websocket (1.2.10) + webrick (1.9.1) + websocket (1.2.11) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -741,7 +749,7 @@ GEM nokogiri (~> 1.8) yard (0.9.37) zeitwerk (2.7.1) - zlib (3.0.0) + zlib (3.2.0) zonebie (0.6.1) zxcvbn (0.1.12) @@ -876,7 +884,7 @@ DEPENDENCIES zxcvbn (= 0.1.12) RUBY VERSION - ruby 3.3.4p94 + ruby 3.3.6p108 BUNDLED WITH - 2.5.6 + 2.5.23 diff --git a/app/components/flash_component.rb b/app/components/flash_component.rb index a09e31605eb..703342b2a57 100644 --- a/app/components/flash_component.rb +++ b/app/components/flash_component.rb @@ -10,11 +10,11 @@ def initialize(flash:) end def alerts - flash. - to_hash. - slice(*VALID_FLASH_TYPES). - select { |_flash_type, message| message.present? }. - map { |flash_type, message| [alert_type(flash_type), message] } + flash + .to_hash + .slice(*VALID_FLASH_TYPES) + .select { |_flash_type, message| message.present? } + .map { |flash_type, message| [alert_type(flash_type), message] } end def alert_type(flash_type) diff --git a/app/components/manageable_authenticator_component.html.erb b/app/components/manageable_authenticator_component.html.erb index d26a684a5ec..f1f7a2f47d5 100644 --- a/app/components/manageable_authenticator_component.html.erb +++ b/app/components/manageable_authenticator_component.html.erb @@ -9,10 +9,10 @@ ) do %> <%= content_tag( :script, - strings. - slice(:renamed, :delete_confirm, :deleted). - transform_keys { |key| key.to_s.camelcase(:lower) }. - to_json, + strings + .slice(:renamed, :delete_confirm, :deleted) + .transform_keys { |key| key.to_s.camelcase(:lower) } + .to_json, { type: 'application/json', class: 'manageable-authenticator__strings', diff --git a/app/components/phone_input_component.rb b/app/components/phone_input_component.rb index 8b251b4139a..d4c97f71a91 100644 --- a/app/components/phone_input_component.rb +++ b/app/components/phone_input_component.rb @@ -43,8 +43,8 @@ def translated_country_code_names def international_phone_codes translated_international_codes = PhoneNumberCapabilities.translated_international_codes - supported_country_codes. - map do |code_key| + supported_country_codes + .map do |code_key| code_data = translated_international_codes[code_key] [ @@ -52,8 +52,8 @@ def international_phone_codes code_key, { data: international_phone_codes_data(code_data) }, ] - end. - sort_by do |label, code_key, _data| + end + .sort_by do |label, code_key, _data| # Sort alphabetically by label, but put the US first in the list [code_key == 'US' ? -1 : 1, label] end diff --git a/app/components/step_indicator_component.rb b/app/components/step_indicator_component.rb index 72e64dae105..c3e4fabd79f 100644 --- a/app/components/step_indicator_component.rb +++ b/app/components/step_indicator_component.rb @@ -3,8 +3,6 @@ class StepIndicatorComponent < BaseComponent attr_reader :current_step, :locale_scope, :tag_options - ALL_STEPS_COMPLETE = :all_steps_complete - def initialize(steps:, current_step:, locale_scope: nil, **tag_options) @steps = steps @current_step = current_step @@ -23,8 +21,6 @@ def steps private def step_status(step) - return :complete if current_step == ALL_STEPS_COMPLETE - if step[:name] == current_step :current elsif step_index(step[:name]) < step_index(current_step) diff --git a/app/controllers/accounts/personal_keys_controller.rb b/app/controllers/accounts/personal_keys_controller.rb index 3dbbd850ba7..146704d95c5 100644 --- a/app/controllers/accounts/personal_keys_controller.rb +++ b/app/controllers/accounts/personal_keys_controller.rb @@ -40,12 +40,12 @@ def pii_locked? # @return [FormResponse] def send_new_personal_key_notifications emails = current_user.confirmed_email_addresses.map do |email_address| - UserMailer.with(user: current_user, email_address: email_address).personal_key_regenerated. - deliver_now_or_later + UserMailer.with(user: current_user, email_address: email_address).personal_key_regenerated + .deliver_now_or_later end - telephony_responses = MfaContext.new(current_user). - phone_configurations.map do |phone_configuration| + telephony_responses = MfaContext.new(current_user) + .phone_configurations.map do |phone_configuration| phone = phone_configuration.phone Telephony.send_personal_key_regeneration_notice( to: phone, diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 746657959a4..1d61388a6dd 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -85,8 +85,8 @@ def fetch_test_verification_data return unless IdentityConfig.store.socure_docv_verification_data_test_mode docv_transaction_token_override = params.permit(:docv_token)[:docv_token] - return unless IdentityConfig.store.socure_docv_verification_data_test_mode_tokens. - include?(docv_transaction_token_override) + return unless IdentityConfig.store.socure_docv_verification_data_test_mode_tokens + .include?(docv_transaction_token_override) SocureDocvResultsJob.perform_now( document_capture_session_uuid:, @@ -106,10 +106,12 @@ def track_document_request_event(document_request:, document_response:, timer:) document_type: document_request_body[:documentType], docv_transaction_token: response_hash.dig(:data, :docvTransactionToken), } - analytics_hash = log_extras.merge(analytics_arguments). - merge(document_request_body).except( + analytics_hash = log_extras + .merge(analytics_arguments) + .merge(document_request_body).except( :documentType, # requested document type - ).merge(response_body: document_response.to_h) + ) + .merge(response_body: document_response.to_h) analytics.idv_socure_document_request_submitted(**analytics_hash) end diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index fc71a949363..0166442e024 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -16,8 +16,8 @@ def threatmetrix_session_id_present_or_not_required?(idv_session:) def shared_update return if idv_session.verify_info_step_document_capture_session_uuid analytics.idv_doc_auth_verify_submitted(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('verify', :update, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('verify', :update, true) ssn_rate_limiter.increment! diff --git a/app/controllers/concerns/recommend_webauthn_platform_concern.rb b/app/controllers/concerns/recommend_webauthn_platform_concern.rb index c3affcab8e2..2cb9a5fb6d1 100644 --- a/app/controllers/concerns/recommend_webauthn_platform_concern.rb +++ b/app/controllers/concerns/recommend_webauthn_platform_concern.rb @@ -32,8 +32,9 @@ def user_set_up_or_authenticated_with_phone? phone_configuration.mfa_enabled? && phone_configuration.delivery_preference == 'sms' end else - auth_methods_session.auth_events.pluck(:auth_method). - include?(TwoFactorAuthenticatable::AuthMethod::SMS) + auth_methods_session.auth_events + .pluck(:auth_method) + .include?(TwoFactorAuthenticatable::AuthMethod::SMS) end end end diff --git a/app/controllers/concerns/saml_idp_auth_concern.rb b/app/controllers/concerns/saml_idp_auth_concern.rb index f31c2f6c992..7e19ba70df3 100644 --- a/app/controllers/concerns/saml_idp_auth_concern.rb +++ b/app/controllers/concerns/saml_idp_auth_concern.rb @@ -50,6 +50,11 @@ def validate_service_provider_and_authn_context return if result.success? capture_analytics + track_integration_errors( + event: :saml_auth_request, + errors: result.errors.values.flatten, + ) + render 'saml_idp/auth/error', status: :bad_request end @@ -131,9 +136,9 @@ def response_authn_context end def link_identity_from_session_data - IdentityLinker. - new(current_user, saml_request_service_provider). - link_identity( + IdentityLinker + .new(current_user, saml_request_service_provider) + .link_identity( ial: resolved_authn_context_int_ial, rails_session_id: session.id, email_address_id: email_address_id, @@ -248,4 +253,14 @@ def request_url url.query = Rack::Utils.build_query(query_params).presence url.to_s end + + def track_integration_errors(event:, errors: nil) + analytics.sp_integration_errors_present( + error_details: errors || saml_request.errors.uniq, + error_types: [:saml_request_errors], + event:, + integration_exists: saml_request_service_provider.present?, + request_issuer: saml_request&.issuer, + ) + end end diff --git a/app/controllers/concerns/saml_idp_logout_concern.rb b/app/controllers/concerns/saml_idp_logout_concern.rb index ef3fb9f7d2e..343f00e4934 100644 --- a/app/controllers/concerns/saml_idp_logout_concern.rb +++ b/app/controllers/concerns/saml_idp_logout_concern.rb @@ -25,8 +25,9 @@ def handle_valid_sp_logout_request def handle_valid_sp_remote_logout_request(user_id:, issuer:) # Remotely delete the user's current session - session_id = ServiceProviderIdentity. - where(user_id: user_id, service_provider: issuer).pick(:rails_session_id) + session_id = ServiceProviderIdentity + .where(user_id: user_id, service_provider: issuer) + .pick(:rails_session_id) if session_id OutOfBandSessionAccessor.new(session_id).destroy diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb index d950e090f40..d7070325060 100644 --- a/app/controllers/events_controller.rb +++ b/app/controllers/events_controller.rb @@ -29,9 +29,9 @@ def device_and_events device = Device.where(user_id: user_id).find(device_id) return if !device - @events = Event.where(user_id: user_id, device_id: device.id).order(created_at: :desc). - limit(EVENTS_PAGE_SIZE). - map(&:decorate) + @events = Event.where(user_id: user_id, device_id: device.id).order(created_at: :desc) + .limit(EVENTS_PAGE_SIZE) + .map(&:decorate) @device = device.decorate end diff --git a/app/controllers/idv/by_mail/enter_code_controller.rb b/app/controllers/idv/by_mail/enter_code_controller.rb index 88fe02b3782..76f0654177b 100644 --- a/app/controllers/idv/by_mail/enter_code_controller.rb +++ b/app/controllers/idv/by_mail/enter_code_controller.rb @@ -38,8 +38,8 @@ def index end def pii - Pii::Cacher.new(current_user, user_session). - fetch(current_user.gpo_verification_pending_profile.id) + Pii::Cacher.new(current_user, user_session) + .fetch(current_user.gpo_verification_pending_profile.id) end def create @@ -155,11 +155,11 @@ def user_did_not_receive_letter? def last_date_letter_was_sent return @last_date_letter_was_sent if defined?(@last_date_letter_was_sent) - @last_date_letter_was_sent = current_user. - gpo_verification_pending_profile&. - gpo_confirmation_codes&. - pluck(:updated_at)&. - max + @last_date_letter_was_sent = current_user + .gpo_verification_pending_profile + &.gpo_confirmation_codes + &.pluck(:updated_at) + &.max end end end diff --git a/app/controllers/idv/by_mail/request_letter_controller.rb b/app/controllers/idv/by_mail/request_letter_controller.rb index e78689f9488..77197dbb477 100644 --- a/app/controllers/idv/by_mail/request_letter_controller.rb +++ b/app/controllers/idv/by_mail/request_letter_controller.rb @@ -15,8 +15,8 @@ class RequestLetterController < ApplicationController def index @applicant = idv_session.applicant - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:usps_address, :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:usps_address, :view, true) analytics.idv_request_letter_visited end @@ -43,8 +43,8 @@ def self.step_info private def update_tracking - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:usps_letter_sent, :update, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:usps_letter_sent, :update, true) log_letter_requested_analytics(resend: false) create_user_event(:gpo_mail_sent, current_user) diff --git a/app/controllers/idv/by_mail/resend_letter_controller.rb b/app/controllers/idv/by_mail/resend_letter_controller.rb index 10f81cb71b1..9e583cc46af 100644 --- a/app/controllers/idv/by_mail/resend_letter_controller.rb +++ b/app/controllers/idv/by_mail/resend_letter_controller.rb @@ -70,8 +70,8 @@ def confirmation_maker_perform end def pii - Pii::Cacher.new(current_user, user_session). - fetch(current_user.gpo_verification_pending_profile.id) + Pii::Cacher.new(current_user, user_session) + .fetch(current_user.gpo_verification_pending_profile.id) end def send_reminder diff --git a/app/controllers/idv/cancellations_controller.rb b/app/controllers/idv/cancellations_controller.rb index 5622fb6c3f1..a2f138fa606 100644 --- a/app/controllers/idv/cancellations_controller.rb +++ b/app/controllers/idv/cancellations_controller.rb @@ -115,8 +115,8 @@ def session_go_back_path def cancel_establishing_in_person_enrollments return if !IdentityConfig.store.in_person_proofing_enabled - UspsInPersonProofing::EnrollmentHelper. - cancel_stale_establishing_enrollments_for_user(current_user) + UspsInPersonProofing::EnrollmentHelper + .cancel_stale_establishing_enrollments_for_user(current_user) end end end diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb index 1b8cf732cb4..d2e50e17a87 100644 --- a/app/controllers/idv/document_capture_controller.rb +++ b/app/controllers/idv/document_capture_controller.rb @@ -18,8 +18,8 @@ class DocumentCaptureController < ApplicationController def show analytics.idv_doc_auth_document_capture_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('document_capture', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('document_capture', :view, true) render :show, locals: extra_view_variables end @@ -33,8 +33,8 @@ def update result = handle_stored_result analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments)) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('document_capture', :update, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('document_capture', :update, true) if result.success? redirect_to idv_ssn_url diff --git a/app/controllers/idv/enter_password_controller.rb b/app/controllers/idv/enter_password_controller.rb index c91ab6044a3..af6da96312f 100644 --- a/app/controllers/idv/enter_password_controller.rb +++ b/app/controllers/idv/enter_password_controller.rb @@ -18,8 +18,8 @@ class EnterPasswordController < ApplicationController with: :handle_request_enroll_exception def new - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:encrypt, :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:encrypt, :view, true) analytics.idv_enter_password_visited( address_verification_method: idv_session.address_verification_mechanism, **ab_test_analytics_buckets, @@ -56,8 +56,8 @@ def create proofing_workflow_time_in_seconds: idv_session.proofing_workflow_time_in_seconds, **ab_test_analytics_buckets, ) - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:verified, :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:verified, :view, true) analytics.idv_final( success: true, fraud_review_pending: idv_session.profile.fraud_review_pending?, diff --git a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb index e92a7a7fd84..72b14dd7a0c 100644 --- a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb +++ b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb @@ -11,8 +11,8 @@ class CaptureCompleteController < ApplicationController def show analytics.idv_doc_auth_capture_complete_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]). - call('capture_complete', :view, true) + Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]) + .call('capture_complete', :view, true) render :show end diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb index 5893501d39b..7190c4ee291 100644 --- a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb @@ -17,8 +17,8 @@ class DocumentCaptureController < ApplicationController def show analytics.idv_doc_auth_document_capture_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]). - call('document_capture', :view, true) + Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]) + .call('document_capture', :view, true) render :show, locals: extra_view_variables end @@ -32,8 +32,8 @@ def update analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments)) - Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]). - call('document_capture', :update, true) + Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]) + .call('document_capture', :update, true) # rate limiting redirect is in ImageUploadResponsePresenter if result.success? diff --git a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb index 163c4d438d8..e6334e73e4a 100644 --- a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb @@ -17,8 +17,8 @@ class DocumentCaptureController < ApplicationController before_action :fetch_test_verification_data, only: [:update] def show - Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]). - call('hybrid_mobile_socure_document_capture', :view, true) + Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]) + .call('hybrid_mobile_socure_document_capture', :view, true) if document_capture_session.socure_docv_capture_app_url.present? @url = document_capture_session.socure_docv_capture_app_url diff --git a/app/controllers/idv/in_person/address_controller.rb b/app/controllers/idv/in_person/address_controller.rb index eed9d0527db..a8afa17e58b 100644 --- a/app/controllers/idv/in_person/address_controller.rb +++ b/app/controllers/idv/in_person/address_controller.rb @@ -94,8 +94,8 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'address', analytics_id: 'In Person Proofing', - }.merge(ab_test_analytics_buckets). - merge(extra_analytics_properties) + }.merge(ab_test_analytics_buckets) + .merge(extra_analytics_properties) end def redirect_to_next_page diff --git a/app/controllers/idv/in_person/ssn_controller.rb b/app/controllers/idv/in_person/ssn_controller.rb index 2630d35cd61..d1ca08e83de 100644 --- a/app/controllers/idv/in_person/ssn_controller.rb +++ b/app/controllers/idv/in_person/ssn_controller.rb @@ -30,8 +30,8 @@ def show end analytics.idv_doc_auth_ssn_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('ssn', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('ssn', :view, true) render 'idv/shared/ssn', locals: threatmetrix_view_variables(ssn_presenter.updating_ssn?) end @@ -92,8 +92,8 @@ def analytics_arguments step: 'ssn', analytics_id: 'In Person Proofing', previous_ssn_edit_distance: previous_ssn_edit_distance, - }.merge(ab_test_analytics_buckets). - merge(**extra_analytics_properties) + }.merge(ab_test_analytics_buckets) + .merge(**extra_analytics_properties) end def confirm_in_person_address_step_complete diff --git a/app/controllers/idv/in_person/state_id_controller.rb b/app/controllers/idv/in_person/state_id_controller.rb index 8ea1678d6dc..638aa26a08f 100644 --- a/app/controllers/idv/in_person/state_id_controller.rb +++ b/app/controllers/idv/in_person/state_id_controller.rb @@ -104,8 +104,8 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'state_id', analytics_id: 'In Person Proofing', - }.merge(ab_test_analytics_buckets). - merge(extra_analytics_properties) + }.merge(ab_test_analytics_buckets) + .merge(extra_analytics_properties) end def clear_residential_address(pii_from_user) diff --git a/app/controllers/idv/in_person/verify_info_controller.rb b/app/controllers/idv/in_person/verify_info_controller.rb index 999aa3addb2..6fa73bb5999 100644 --- a/app/controllers/idv/in_person/verify_info_controller.rb +++ b/app/controllers/idv/in_person/verify_info_controller.rb @@ -18,8 +18,8 @@ def show @ssn = idv_session.ssn @pii = pii - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('verify', :view, true) # specify in_person? + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('verify', :view, true) # specify in_person? process_async_state(load_async_state) end @@ -84,8 +84,8 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'verify', analytics_id: 'In Person Proofing', - }.merge(ab_test_analytics_buckets). - merge(**extra_analytics_properties) + }.merge(ab_test_analytics_buckets) + .merge(**extra_analytics_properties) end def confirm_ssn_step_complete diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb index 93a8137bc86..9070b461809 100644 --- a/app/controllers/idv/link_sent_controller.rb +++ b/app/controllers/idv/link_sent_controller.rb @@ -13,8 +13,8 @@ class LinkSentController < ApplicationController def show analytics.idv_doc_auth_link_sent_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('link_sent', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('link_sent', :view, true) render :show, locals: extra_view_variables end diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb index 8599d8291b8..31933e2955e 100644 --- a/app/controllers/idv/personal_key_controller.rb +++ b/app/controllers/idv/personal_key_controller.rb @@ -129,10 +129,13 @@ def redirect_to_retrieve_pii end def step_indicator_step - return :secure_account if idv_session.verify_by_mail? - return :go_to_the_post_office if in_person_proofing? - - StepIndicatorComponent::ALL_STEPS_COMPLETE + if gpo_address_verification? + :secure_account + elsif in_person_proofing? + :go_to_the_post_office + else + :re_enter_password + end end helper_method :step_indicator_step end diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb index 5665976b566..f5c7d0dd074 100644 --- a/app/controllers/idv/phone_controller.rb +++ b/app/controllers/idv/phone_controller.rb @@ -30,8 +30,8 @@ def new return if confirm_not_rate_limited_for_phone_address_verification if async_state.none? - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:verify_phone, :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:verify_phone, :view, true) analytics.idv_phone_of_record_visited( **ab_test_analytics_buckets, @@ -52,8 +52,8 @@ def create clear_future_steps! idv_session.invalidate_phone_step! result = idv_form.submit(step_params) - Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer). - call(:verify_phone, :update, result.success?) + Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer) + .call(:verify_phone, :update, result.success?) analytics.idv_phone_confirmation_form_submitted(**result, **ab_test_analytics_buckets) if result.success? diff --git a/app/controllers/idv/sessions_controller.rb b/app/controllers/idv/sessions_controller.rb index 50bdc27ac86..8537a9c181b 100644 --- a/app/controllers/idv/sessions_controller.rb +++ b/app/controllers/idv/sessions_controller.rb @@ -53,8 +53,8 @@ def cancel_verification_attempt_if_pending_profile def cancel_in_person_enrollment_if_exists return if !IdentityConfig.store.in_person_proofing_enabled current_user.pending_in_person_enrollment&.update(status: :cancelled) - UspsInPersonProofing::EnrollmentHelper. - cancel_stale_establishing_enrollments_for_user(current_user) + UspsInPersonProofing::EnrollmentHelper + .cancel_stale_establishing_enrollments_for_user(current_user) end def clear_session diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb index ed4c8f94820..80cd61ce7ed 100644 --- a/app/controllers/idv/socure/document_capture_controller.rb +++ b/app/controllers/idv/socure/document_capture_controller.rb @@ -27,8 +27,8 @@ class DocumentCaptureController < ApplicationController def show idv_session.socure_docv_wait_polling_started_at = nil - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('socure_document_capture', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('socure_document_capture', :view, true) if document_capture_session.socure_docv_capture_app_url.present? @url = document_capture_session.socure_docv_capture_app_url @@ -78,8 +78,8 @@ def update # TODO: new analytics event? analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments)) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('socure_document_capture', :update, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('socure_document_capture', :update, true) if result.success? redirect_to idv_ssn_url diff --git a/app/controllers/idv/ssn_controller.rb b/app/controllers/idv/ssn_controller.rb index 1cd1e59ad15..eb20938b909 100644 --- a/app/controllers/idv/ssn_controller.rb +++ b/app/controllers/idv/ssn_controller.rb @@ -28,8 +28,8 @@ def show end analytics.idv_doc_auth_ssn_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('ssn', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('ssn', :view, true) render 'idv/shared/ssn', locals: threatmetrix_view_variables(ssn_presenter.updating_ssn?) end diff --git a/app/controllers/idv/verify_info_controller.rb b/app/controllers/idv/verify_info_controller.rb index 283fd647efc..d6e6c5d9a84 100644 --- a/app/controllers/idv/verify_info_controller.rb +++ b/app/controllers/idv/verify_info_controller.rb @@ -17,8 +17,8 @@ def show @ssn = idv_session.ssn @pii = pii - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('verify', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('verify', :view, true) @had_barcode_read_failure = idv_session.had_barcode_read_failure process_async_state(load_async_state) diff --git a/app/controllers/idv/welcome_controller.rb b/app/controllers/idv/welcome_controller.rb index 1008336ded2..47bc048a266 100644 --- a/app/controllers/idv/welcome_controller.rb +++ b/app/controllers/idv/welcome_controller.rb @@ -12,8 +12,8 @@ def show idv_session.proofing_started_at ||= Time.zone.now.iso8601 analytics.idv_doc_auth_welcome_visited(**analytics_arguments) - Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]). - call('welcome', :view, true) + Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]) + .call('welcome', :view, true) @presenter = Idv::WelcomePresenter.new(decorated_sp_session) end @@ -62,8 +62,8 @@ def create_document_capture_session def cancel_previous_in_person_enrollments return unless IdentityConfig.store.in_person_proofing_enabled - UspsInPersonProofing::EnrollmentHelper. - cancel_stale_establishing_enrollments_for_user(current_user) + UspsInPersonProofing::EnrollmentHelper + .cancel_stale_establishing_enrollments_for_user(current_user) end end end diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb index f2d4f45a8b8..d015161a030 100644 --- a/app/controllers/openid_connect/authorization_controller.rb +++ b/app/controllers/openid_connect/authorization_controller.rb @@ -56,7 +56,7 @@ def pending_profile_policy end def check_sp_active - return if @authorize_form.service_provider&.active? + return if service_provider&.active? redirect_to sp_inactive_error_url end @@ -100,7 +100,7 @@ def email_address_id def ial_context IalContext.new( ial: resolved_authn_context_int_ial, - service_provider: @authorize_form.service_provider, + service_provider:, user: current_user, ) end @@ -121,7 +121,6 @@ def handle_successful_handoff redirect_user( @authorize_form.success_redirect_uri, - @authorize_form.service_provider.issuer, current_user.uuid, ) @@ -153,13 +152,13 @@ def build_authorize_form_from_params def secure_headers_override return if form_action_csp_disabled_and_not_server_side_redirect?( - issuer: @authorize_form.service_provider.issuer, + issuer: issuer, user_uuid: current_user&.uuid, ) csp_uris = SecureHeadersAllowList.csp_with_sp_redirect_uris( @authorize_form.redirect_uri, - @authorize_form.service_provider.redirect_uris, + service_provider.redirect_uris, ) override_form_action_csp(csp_uris) end @@ -172,7 +171,7 @@ def pre_validate_authorize_form result = @authorize_form.submit analytics.openid_connect_request_authorization( - **result.to_h.except(:redirect_uri, :code_digest).merge( + **result.to_h.except(:redirect_uri, :code_digest, :integration_errors).merge( user_fully_authenticated: user_fully_authenticated?, referer: request.referer, vtr_param: params[:vtr], @@ -180,19 +179,26 @@ def pre_validate_authorize_form ), ) return if result.success? + + if result.extra[:integration_errors].present? + analytics.sp_integration_errors_present( + **result.to_h[:integration_errors], + ) + end + redirect_uri = result.extra[:redirect_uri] if redirect_uri.nil? render :error else - redirect_user(redirect_uri, @authorize_form.service_provider.issuer, current_user&.uuid) + redirect_user(redirect_uri, current_user&.uuid) end end def sign_out_if_prompt_param_is_login_and_user_is_signed_in if @authorize_form.prompt != 'login' set_issuer_forced_reauthentication( - issuer: @authorize_form.service_provider.issuer, + issuer:, is_forced_reauthentication: false, ) end @@ -204,7 +210,7 @@ def sign_out_if_prompt_param_is_login_and_user_is_signed_in unless sp_session[:request_url] == request.original_url sign_out set_issuer_forced_reauthentication( - issuer: @authorize_form.service_provider.issuer, + issuer:, is_forced_reauthentication: true, ) end @@ -236,8 +242,8 @@ def track_events track_billing_events end - def redirect_user(redirect_uri, issuer, user_uuid) - case oidc_redirect_method(issuer: issuer, user_uuid: user_uuid) + def redirect_user(redirect_uri, user_uuid) + case oidc_redirect_method(issuer:, user_uuid: user_uuid) when 'client_side' @oidc_redirect_uri = redirect_uri render( @@ -258,6 +264,14 @@ def redirect_user(redirect_uri, issuer, user_uuid) end end + def service_provider + @authorize_form.service_provider + end + + def issuer + service_provider&.issuer + end + def sp_handoff_bouncer @sp_handoff_bouncer ||= SpHandoffBouncer.new(sp_session) end @@ -265,8 +279,8 @@ def sp_handoff_bouncer def unknown_authn_contexts return nil if params[:vtr].present? || params[:acr_values].blank? - (params[:acr_values].split - Saml::Idp::Constants::VALID_AUTHN_CONTEXTS). - join(' ').presence + (params[:acr_values].split - Saml::Idp::Constants::VALID_AUTHN_CONTEXTS) + .join(' ').presence end end end diff --git a/app/controllers/openid_connect/certs_controller.rb b/app/controllers/openid_connect/certs_controller.rb index f0640b723be..f06cd531d68 100644 --- a/app/controllers/openid_connect/certs_controller.rb +++ b/app/controllers/openid_connect/certs_controller.rb @@ -6,10 +6,12 @@ class CertsController < ApplicationController prepend_before_action :skip_session_expiration skip_before_action :disable_caching + JSON = OpenidConnectCertsPresenter.new.certs.freeze + def index expires_in 1.week, public: true - render json: OpenidConnectCertsPresenter.new.certs + render json: JSON end end end diff --git a/app/controllers/openid_connect/logout_controller.rb b/app/controllers/openid_connect/logout_controller.rb index ada39ed341e..70cf271f512 100644 --- a/app/controllers/openid_connect/logout_controller.rb +++ b/app/controllers/openid_connect/logout_controller.rb @@ -26,6 +26,8 @@ def show if result.success? && redirect_uri handle_successful_logout_request(result, redirect_uri) else + track_integration_errors(result:, event: :oidc_logout_requested) + render :error end end @@ -48,6 +50,8 @@ def delete if result.success? && redirect_uri handle_logout(result, redirect_uri) else + track_integration_errors(result:, event: :oidc_logout_submitted) + render :error end end @@ -141,11 +145,21 @@ def handle_logout(result, redirect_uri) # Convert FormResponse into loggable analytics event # @param [FormResponse] result def to_event(result) - result.to_h.except(:redirect_uri) + result.to_h.except(:redirect_uri, :integration_errors) end def logout_params params.permit(:client_id, :id_token_hint, :post_logout_redirect_uri, :state) end + + def track_integration_errors(result:, event:) + if result.extra[:integration_errors].present? + analytics.sp_integration_errors_present( + **result + .to_h[:integration_errors] + .merge(event:), + ) + end + end end end diff --git a/app/controllers/openid_connect/token_controller.rb b/app/controllers/openid_connect/token_controller.rb index de48ebb649d..8771aa8d3d7 100644 --- a/app/controllers/openid_connect/token_controller.rb +++ b/app/controllers/openid_connect/token_controller.rb @@ -15,7 +15,13 @@ def create analytics_attributes = result.to_h analytics_attributes[:expires_in] = response[:expires_in] - analytics.openid_connect_token(**analytics_attributes) + analytics.openid_connect_token(**analytics_attributes.except(:integration_errors)) + + if !result.success? && analytics_attributes[:integration_errors].present? + analytics.sp_integration_errors_present( + **analytics_attributes[:integration_errors], + ) + end render json: response, status: (result.success? ? :ok : :bad_request) diff --git a/app/controllers/openid_connect/user_info_controller.rb b/app/controllers/openid_connect/user_info_controller.rb index a1df4ba00f3..818e79d8511 100644 --- a/app/controllers/openid_connect/user_info_controller.rb +++ b/app/controllers/openid_connect/user_info_controller.rb @@ -18,11 +18,13 @@ def show def authenticate_identity_via_bearer_token verifier = AccessTokenVerifier.new(request.env['HTTP_AUTHORIZATION']) response, identity = verifier.submit - analytics.openid_connect_bearer_token(**response) + attributes = response.to_h + analytics.openid_connect_bearer_token(**attributes.except(:integration_errors)) if response.success? @current_identity = identity else + analytics.sp_integration_errors_present(**attributes[:integration_errors]) render json: { error: verifier.errors[:access_token].join(' ') }, status: :unauthorized end diff --git a/app/controllers/robots_controller.rb b/app/controllers/robots_controller.rb index b86f0145064..0c4ad37bd0a 100644 --- a/app/controllers/robots_controller.rb +++ b/app/controllers/robots_controller.rb @@ -18,9 +18,9 @@ def index private def allowed_paths - I18n.available_locales. - map { |locale| locale == I18n.default_locale ? nil : locale }. - flat_map do |locale| + I18n.available_locales + .map { |locale| locale == I18n.default_locale ? nil : locale } + .flat_map do |locale| ALLOWED_ROUTES.map { |route| route_for(route, only_path: true, locale:) } end end diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb index 55083feb324..5c7ab57cbe5 100644 --- a/app/controllers/saml_idp_controller.rb +++ b/app/controllers/saml_idp_controller.rb @@ -61,7 +61,11 @@ def logout track_logout_event - return head(:bad_request) unless valid_saml_request? + unless valid_saml_request? + track_integration_errors(event: :saml_logout_request) + + return head(:bad_request) + end handle_valid_sp_logout_request end @@ -75,11 +79,21 @@ def remotelogout track_remote_logout_event(issuer) - return head(:bad_request) unless valid_saml_request? + unless valid_saml_request? + track_integration_errors(event: :saml_remote_logout_request) + + return head(:bad_request) + end user_id = find_user_from_session_index - return head(:bad_request) unless user_id.present? + unless user_id.present? + track_integration_errors( + event: :saml_remote_logout_request, + errors: [:no_user_found_from_session_index], + ) + return head(:bad_request) + end handle_valid_sp_remote_logout_request(user_id: user_id, issuer: issuer) end diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb index 76fb9b252d4..9eb9aec9edb 100644 --- a/app/controllers/sign_up/completions_controller.rb +++ b/app/controllers/sign_up/completions_controller.rb @@ -22,8 +22,8 @@ def update update_verified_attributes send_in_person_completion_survey if user_session[:selected_email_id_for_linked_identity].nil? - user_session[:selected_email_id_for_linked_identity] = EmailContext.new(current_user). - last_sign_in_email_address.id + user_session[:selected_email_id_for_linked_identity] = EmailContext.new(current_user) + .last_sign_in_email_address.id end if decider.go_back_to_mobile_app? sign_user_out_and_instruct_to_go_back_to_mobile_app diff --git a/app/controllers/two_factor_authentication/otp_verification_controller.rb b/app/controllers/two_factor_authentication/otp_verification_controller.rb index 4c11f1908c4..73f5572b3c7 100644 --- a/app/controllers/two_factor_authentication/otp_verification_controller.rb +++ b/app/controllers/two_factor_authentication/otp_verification_controller.rb @@ -249,8 +249,8 @@ def phone_confirmed def send_phone_added_email _event, disavowal_token = create_user_event_with_disavowal(:phone_added, current_user) current_user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: current_user, email_address: email_address). - phone_added(disavowal_token: disavowal_token).deliver_now_or_later + UserMailer.with(user: current_user, email_address: email_address) + .phone_added(disavowal_token: disavowal_token).deliver_now_or_later end end diff --git a/app/controllers/two_factor_authentication/sms_opt_in_controller.rb b/app/controllers/two_factor_authentication/sms_opt_in_controller.rb index 339ff519730..99383004414 100644 --- a/app/controllers/two_factor_authentication/sms_opt_in_controller.rb +++ b/app/controllers/two_factor_authentication/sms_opt_in_controller.rb @@ -74,8 +74,8 @@ def cancel_url end def has_other_auth_methods? - two_factor_configurations. - any? { |config| config.mfa_enabled? && config != @phone_configuration } + two_factor_configurations + .any? { |config| config.mfa_enabled? && config != @phone_configuration } end def new_user? diff --git a/app/controllers/two_factor_authentication/webauthn_verification_controller.rb b/app/controllers/two_factor_authentication/webauthn_verification_controller.rb index f546783cbe4..3f0e7de2ee2 100644 --- a/app/controllers/two_factor_authentication/webauthn_verification_controller.rb +++ b/app/controllers/two_factor_authentication/webauthn_verification_controller.rb @@ -84,9 +84,9 @@ def save_challenge_in_session end def credentials - webauthn_configurations. - select { |configuration| configuration.platform_authenticator? == platform_authenticator? }. - map do |configuration| + webauthn_configurations + .select { |configuration| configuration.platform_authenticator? == platform_authenticator? } + .map do |configuration| { id: configuration.credential_id, transports: configuration.transports } end end @@ -102,8 +102,8 @@ def analytics_properties context: context, multi_factor_auth_method: auth_method, webauthn_configuration_id: form&.webauthn_configuration&.id, - multi_factor_auth_method_created_at: form&.webauthn_configuration&. - created_at&.strftime('%s%L'), + multi_factor_auth_method_created_at: form&.webauthn_configuration + &.created_at&.strftime('%s%L'), } end diff --git a/app/controllers/users/delete_controller.rb b/app/controllers/users/delete_controller.rb index c76d65b904a..5c901b2dd90 100644 --- a/app/controllers/users/delete_controller.rb +++ b/app/controllers/users/delete_controller.rb @@ -56,8 +56,8 @@ def send_push_notifications # rubocop:disable IdentityIdp/MailLaterLinter def notify_user_via_email_of_deletion current_user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: current_user, email_address: email_address). - account_delete_submitted.deliver_now + UserMailer.with(user: current_user, email_address: email_address) + .account_delete_submitted.deliver_now end end # rubocop:enable IdentityIdp/MailLaterLinter diff --git a/app/controllers/users/email_confirmations_controller.rb b/app/controllers/users/email_confirmations_controller.rb index e0f0c989fb4..a5f26574d83 100644 --- a/app/controllers/users/email_confirmations_controller.rb +++ b/app/controllers/users/email_confirmations_controller.rb @@ -55,8 +55,8 @@ def process_successful_confirmation(email_address) def confirm_and_notify(email_address) email_address.update!(confirmed_at: Time.zone.now) email_address.user.confirmed_email_addresses.each do |confirmed_email_address| - UserMailer.with(user: email_address.user, email_address: confirmed_email_address). - email_added.deliver_now_or_later + UserMailer.with(user: email_address.user, email_address: confirmed_email_address) + .email_added.deliver_now_or_later end notify_subscribers(email_address) end diff --git a/app/controllers/users/emails_controller.rb b/app/controllers/users/emails_controller.rb index 0a229b41e13..240e1b90283 100644 --- a/app/controllers/users/emails_controller.rb +++ b/app/controllers/users/emails_controller.rb @@ -139,8 +139,8 @@ def send_delete_email_notification # when run asynchronously @current_confirmed_emails.each do |confirmed_email| # rubocop:disable IdentityIdp/MailLaterLinter - UserMailer.with(user: current_user, email_address: confirmed_email). - email_deleted.deliver_now + UserMailer.with(user: current_user, email_address: confirmed_email) + .email_deleted.deliver_now # rubocop:enable IdentityIdp/MailLaterLinter end end diff --git a/app/controllers/users/reset_passwords_controller.rb b/app/controllers/users/reset_passwords_controller.rb index e609bd5b0df..863f1dba0b9 100644 --- a/app/controllers/users/reset_passwords_controller.rb +++ b/app/controllers/users/reset_passwords_controller.rb @@ -157,8 +157,8 @@ def create_reset_event_and_send_notification end def user_params - params.require(:reset_password_form). - permit(:password, :password_confirmation, :reset_password_token) + params.require(:reset_password_form) + .permit(:password, :password_confirmation, :reset_password_token) end def assert_reset_token_passed diff --git a/app/forms/add_user_email_form.rb b/app/forms/add_user_email_form.rb index b7fe652b9d8..5aa782412c3 100644 --- a/app/forms/add_user_email_form.rb +++ b/app/forms/add_user_email_form.rb @@ -52,8 +52,8 @@ def email_address_record(email) def process_successful_submission @success = true email_address.save! - SendAddEmailConfirmation.new(user). - call(email_address:, in_select_email_flow: in_select_email_flow?, request_id:) + SendAddEmailConfirmation.new(user) + .call(email_address:, in_select_email_flow: in_select_email_flow?, request_id:) end def extra_analytics_attributes diff --git a/app/forms/backup_code_verification_form.rb b/app/forms/backup_code_verification_form.rb index 6c95e530f32..479ec1bfe4b 100644 --- a/app/forms/backup_code_verification_form.rb +++ b/app/forms/backup_code_verification_form.rb @@ -53,8 +53,8 @@ def valid_backup_code? def valid_backup_code_config_created_at return @valid_backup_code_config_created_at if defined?(@valid_backup_code_config_created_at) - @valid_backup_code_config_created_at = BackupCodeGenerator.new(user). - if_valid_consume_code_return_config_created_at(backup_code) + @valid_backup_code_config_created_at = BackupCodeGenerator.new(user) + .if_valid_consume_code_return_config_created_at(backup_code) end def rate_limiter diff --git a/app/forms/gpo_verify_form.rb b/app/forms/gpo_verify_form.rb index e267595f7c8..150ae095719 100644 --- a/app/forms/gpo_verify_form.rb +++ b/app/forms/gpo_verify_form.rb @@ -76,8 +76,9 @@ def schedule_in_person_enrollment_and_deactivate_profile(is_enhanced_ipp) def which_letter return if !valid_otp? - pending_profile.gpo_confirmation_codes.sort_by(&:code_sent_at). - index(gpo_confirmation_code) + 1 + pending_profile.gpo_confirmation_codes + .sort_by(&:code_sent_at) + .index(gpo_confirmation_code) + 1 end def letter_count diff --git a/app/forms/idv/api_image_upload_form.rb b/app/forms/idv/api_image_upload_form.rb index 3372422bfc3..a0765d4e07f 100644 --- a/app/forms/idv/api_image_upload_form.rb +++ b/app/forms/idv/api_image_upload_form.rb @@ -371,9 +371,9 @@ def update_analytics(client_response:, vendor_request_time_in_ms:) vendor_request_time_in_ms: vendor_request_time_in_ms, zip_code: zip_code, issue_year: issue_year, - ).except(:classification_info). - merge(acuant_sdk_upgrade_ab_test_data). - merge(processed_selfie_attempts_data), + ).except(:classification_info) + .merge(acuant_sdk_upgrade_ab_test_data) + .merge(processed_selfie_attempts_data), ) end @@ -403,31 +403,31 @@ def acuant_sdk_autocaptured_id? end def image_metadata - @image_metadata ||= params. - permit(:front_image_metadata, :back_image_metadata, :selfie_image_metadata).to_h. - transform_values do |str| + @image_metadata ||= params + .permit(:front_image_metadata, :back_image_metadata, :selfie_image_metadata).to_h + .transform_values do |str| JSON.parse(str) rescue JSON::ParserError nil - end. - compact. - transform_keys { |key| key.gsub(/_image_metadata$/, '') }. - deep_symbolize_keys + end + .compact + .transform_keys { |key| key.gsub(/_image_metadata$/, '') } + .deep_symbolize_keys end def add_costs(response) - Db::AddDocumentVerificationAndSelfieCosts. - new(user_id: user_id, - service_provider: service_provider, - liveness_checking_enabled: liveness_checking_required). - call(response) + Db::AddDocumentVerificationAndSelfieCosts + .new(user_id: user_id, + service_provider: service_provider, + liveness_checking_enabled: liveness_checking_required) + .call(response) end def update_funnel(client_response) steps = %i[front_image back_image] steps.each do |step| - Funnel::DocAuth::RegisterStep.new(user_id, service_provider&.issuer). - call(step.to_s, :update, client_response.success?) + Funnel::DocAuth::RegisterStep.new(user_id, service_provider&.issuer) + .call(step.to_s, :update, client_response.success?) end end diff --git a/app/forms/idv/phone_form.rb b/app/forms/idv/phone_form.rb index 0b8839e8a28..3a94aade953 100644 --- a/app/forms/idv/phone_form.rb +++ b/app/forms/idv/phone_form.rb @@ -33,9 +33,9 @@ def initialize( @hybrid_handoff_phone_number = hybrid_handoff_phone_number @international_code, @phone = determine_initial_values( - **previous_params. - symbolize_keys. - slice(:international_code, :phone), + **previous_params + .symbolize_keys + .slice(:international_code, :phone), ) end diff --git a/app/forms/openid_connect_authorize_form.rb b/app/forms/openid_connect_authorize_form.rb index d272a10fa52..c3bbca2b17c 100644 --- a/app/forms/openid_connect_authorize_form.rb +++ b/app/forms/openid_connect_authorize_form.rb @@ -284,6 +284,7 @@ def extra_analytics_attributes code_digest: code ? Digest::SHA256.hexdigest(code) : nil, code_challenge_present: code_challenge.present?, service_provider_pkce: service_provider&.pkce, + integration_errors:, } end @@ -350,6 +351,18 @@ def ialmax_requested? Saml::Idp::Constants::AUTHN_CONTEXT_CLASSREF_TO_IAL[ial_values.sort.max] == 0 end + def integration_errors + return nil if @success || client_id.blank? + + { + error_details: errors.full_messages, + error_types: errors.attribute_names, + event: :oidc_request_authorization, + integration_exists: service_provider.present?, + request_issuer: client_id, + } + end + def facial_match_ial_requested? ial_values.any? { |ial| Saml::Idp::Constants::FACIAL_MATCH_IAL_CONTEXTS.include? ial } end diff --git a/app/forms/openid_connect_logout_form.rb b/app/forms/openid_connect_logout_form.rb index 582906342a2..68dc9c30ac5 100644 --- a/app/forms/openid_connect_logout_form.rb +++ b/app/forms/openid_connect_logout_form.rb @@ -79,29 +79,35 @@ def reject_id_token_hint? end def load_identity - identity_from_client_id = current_user&. - identities&. - find_by(service_provider: client_id) + identity_from_client_id = current_user + &.identities + &.find_by(service_provider: client_id) if reject_id_token_hint? identity_from_client_id else + identity_from_token_hint(id_token_hint) || identity_from_client_id + end + end + + def identity_from_token_hint(id_token_hint) + return nil if id_token_hint.blank? + payload, _headers = nil + + begin payload, _headers = JWT.decode( - id_token_hint, AppArtifacts.store.oidc_public_key, true, + id_token_hint, Rails.application.config.oidc_public_key_queue, true, algorithm: 'RS256', leeway: Float::INFINITY ).map(&:with_indifferent_access) - - identity_from_payload(payload) || identity_from_client_id + rescue JWT::DecodeError end - rescue JWT::DecodeError - nil - end - def identity_from_payload(payload) - uuid = payload[:sub] - sp = payload[:aud] - AgencyIdentityLinker.sp_identity_from_uuid_and_sp(uuid, sp) + if payload + uuid = payload[:sub] + sp = payload[:aud] + AgencyIdentityLinker.sp_identity_from_uuid_and_sp(uuid, sp) + end end def id_token_hint_or_client_id_present @@ -114,6 +120,16 @@ def id_token_hint_or_client_id_present ) end + def integration_errors + return nil if valid? + { + error_details: errors.full_messages, + error_types: errors.attribute_names, + integration_exists: service_provider.present?, + request_issuer: client_id || service_provider&.issuer, + } + end + def valid_client_id return unless client_id.present? && id_token_hint.blank? return if service_provider.present? @@ -144,6 +160,7 @@ def extra_analytics_attributes redirect_uri: redirect_uri, sp_initiated: true, oidc: true, + integration_errors:, } end diff --git a/app/forms/openid_connect_token_form.rb b/app/forms/openid_connect_token_form.rb index 3ae404bc13b..02fc37d7648 100644 --- a/app/forms/openid_connect_token_form.rb +++ b/app/forms/openid_connect_token_form.rb @@ -73,8 +73,9 @@ def url_options def find_identity_with_code return if code.blank? || code.include?("\x00") - @identity = ServiceProviderIdentity.where(session_uuid: code). - order(updated_at: :desc).first + @identity = ServiceProviderIdentity + .where(session_uuid: code) + .order(updated_at: :desc).first end def pkce? @@ -204,6 +205,19 @@ def extra_analytics_attributes code_verifier_present: code_verifier.present?, service_provider_pkce: service_provider&.pkce, ial: identity&.ial, + integration_errors:, + } + end + + def integration_errors + return nil if valid? || client_id.blank? + + { + error_details: errors.full_messages, + error_types: errors.attribute_names, + event: :oidc_token_request, + integration_exists: service_provider.present?, + request_issuer: client_id, } end diff --git a/app/forms/phone_recaptcha_form.rb b/app/forms/phone_recaptcha_form.rb index 58c7206b8ab..61ef0bc8945 100644 --- a/app/forms/phone_recaptcha_form.rb +++ b/app/forms/phone_recaptcha_form.rb @@ -35,9 +35,9 @@ def form end def score_threshold_country_override - parsed_phone.valid_countries. - map { |country| self.class.country_score_overrides[country.to_sym] }. - compact. - min + parsed_phone.valid_countries + .map { |country| self.class.country_score_overrides[country.to_sym] } + .compact + .min end end diff --git a/app/forms/register_user_email_form.rb b/app/forms/register_user_email_form.rb index 07afaf21bc2..947949e2147 100644 --- a/app/forms/register_user_email_form.rb +++ b/app/forms/register_user_email_form.rb @@ -169,8 +169,8 @@ def send_sign_up_confirmed_email limiter_type: :reg_confirmed_email, ) else - UserMailer.with(user: existing_user, email_address: email_address_record). - signup_with_your_email(request_id: request_id).deliver_now_or_later + UserMailer.with(user: existing_user, email_address: email_address_record) + .signup_with_your_email(request_id: request_id).deliver_now_or_later end end @@ -204,7 +204,7 @@ def email_request_id(request_id) def blocked_email_address return @blocked_email_address if defined?(@blocked_email_address) - @blocked_email_address = SuspendedEmail.find_with_email_digest(digested_base_email)&. - email_address + @blocked_email_address = SuspendedEmail.find_with_email_digest(digested_base_email) + &.email_address end end diff --git a/app/forms/webauthn_setup_form.rb b/app/forms/webauthn_setup_form.rb index 9c593c9aaaf..727e6f60c39 100644 --- a/app/forms/webauthn_setup_form.rb +++ b/app/forms/webauthn_setup_form.rb @@ -82,10 +82,10 @@ def consume_parameters(params) def name_is_unique return unless WebauthnConfiguration.exists?(user_id: @user.id, name: @name) if @platform_authenticator - num_existing_devices = WebauthnConfiguration. - where(user_id: @user.id). - where('name LIKE ?', "#{@name}%"). - count + num_existing_devices = WebauthnConfiguration + .where(user_id: @user.id) + .where('name LIKE ?', "#{@name}%") + .count @name = "#{@name} (#{num_existing_devices})" else name_error = if platform_authenticator? diff --git a/app/javascript/packages/device/index.js b/app/javascript/packages/device/index.js index 2fe070f0b9e..fd68d08512b 100644 --- a/app/javascript/packages/device/index.js +++ b/app/javascript/packages/device/index.js @@ -7,7 +7,7 @@ * @return {boolean} */ export function isIPad() { - const { userAgent, maxTouchPoints } = window.navigator; + const { userAgent, maxTouchPoints } = navigator; return /ipad/i.test(userAgent) || (/macintosh/i.test(userAgent) && maxTouchPoints === 5); } @@ -18,7 +18,7 @@ export function isIPad() { * @return {boolean} */ export function isLikelyMobile() { - return isIPad() || /iphone|android/i.test(window.navigator.userAgent); + return isIPad() || /iphone|android/i.test(navigator.userAgent); } /** diff --git a/app/jobs/data_warehouse/daily_sensitive_column_job.rb b/app/jobs/data_warehouse/daily_sensitive_column_job.rb index 068676e3581..e483e3bb35a 100644 --- a/app/jobs/data_warehouse/daily_sensitive_column_job.rb +++ b/app/jobs/data_warehouse/daily_sensitive_column_job.rb @@ -17,9 +17,9 @@ def fetch_columns insensitive_hash = [] tables.each do |table| - true_sensitives, false_sensitives = ActiveRecord::Base.connection.columns(table). - reject { |col| col.name == 'id' }. - partition do |column| + true_sensitives, false_sensitives = ActiveRecord::Base.connection.columns(table) + .reject { |col| col.name == 'id' } + .partition do |column| column.comment&.match?(/sensitive=true/i) end insensitive_hash.concat(generate_column_data(false_sensitives, table)) diff --git a/app/jobs/get_usps_proofing_results_job.rb b/app/jobs/get_usps_proofing_results_job.rb index e529c76b334..78ad7a08c5b 100644 --- a/app/jobs/get_usps_proofing_results_job.rb +++ b/app/jobs/get_usps_proofing_results_job.rb @@ -62,8 +62,8 @@ def perform(_now) attr_accessor :enrollment_outcomes DEFAULT_EMAIL_DELAY_IN_HOURS = 1 - REQUEST_DELAY_IN_SECONDS = (IdentityConfig.store. - get_usps_proofing_results_job_request_delay_milliseconds / MILLISECONDS_PER_SECOND).freeze + REQUEST_DELAY_IN_SECONDS = (IdentityConfig.store + .get_usps_proofing_results_job_request_delay_milliseconds / MILLISECONDS_PER_SECOND).freeze def proofer @proofer ||= UspsInPersonProofing::EnrollmentHelper.usps_proofer @@ -291,8 +291,8 @@ def handle_unsupported_id_type(enrollment, response) def handle_incomplete_status_update(enrollment, response_message) enrollment_outcomes[:enrollments_in_progress] += 1 - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_enrollment_incomplete( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_enrollment_incomplete( **enrollment_analytics_attributes(enrollment, complete: false), response_message: response_message, job_name: self.class.name, @@ -328,16 +328,16 @@ def handle_expired_status_update(enrollment, response, response_message) end rescue StandardError => err NewRelic::Agent.notice_error(err) - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_deadline_passed_email_exception( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_deadline_passed_email_exception( enrollment_id: enrollment.id, exception_class: err.class.to_s, exception_message: err.message, job_name: self.class.name, ) else - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_deadline_passed_email_initiated( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_deadline_passed_email_initiated( **email_analytics_attributes(enrollment), enrollment_id: enrollment.id, job_name: self.class.name, @@ -384,8 +384,8 @@ def handle_invalid_applicant_unique_id(enrollment, response, response_message) def handle_fraud_review_pending(enrollment) enrollment.profile.deactivate_for_fraud_review - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_user_sent_to_fraud_review( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_user_sent_to_fraud_review( **enrollment_analytics_attributes(enrollment, complete: true), ) end @@ -394,8 +394,8 @@ def handle_unexpected_response(enrollment, response_message, reason:, cancel: tr if cancel cancel_enrollment(enrollment) end - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_unexpected_response( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_unexpected_response( **enrollment_analytics_attributes(enrollment, complete: cancel), response_message: response_message, reason: reason, @@ -488,8 +488,8 @@ def handle_passed_with_fraud_review_pending(enrollment, response) # send email send_please_call_email(enrollment:, visited_location_name: response['proofingPostOffice']) - analytics(user: enrollment.user). - idv_in_person_usps_proofing_results_job_please_call_email_initiated( + analytics(user: enrollment.user) + .idv_in_person_usps_proofing_results_job_please_call_email_initiated( **email_analytics_attributes(enrollment), job_name: self.class.name, ) @@ -576,9 +576,11 @@ def send_verified_email(enrollment:, visited_location_name:) def send_deadline_passed_email(enrollment:, visited_location_name:) # rubocop:disable IdentityIdp/MailLaterLinter enrollment.user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: enrollment.user, email_address: email_address). - in_person_deadline_passed(enrollment: enrollment, - visited_location_name: visited_location_name).deliver_later + UserMailer + .with(user: enrollment.user, email_address: email_address) + .in_person_deadline_passed(enrollment: enrollment, + visited_location_name: visited_location_name) + .deliver_later # rubocop:enable IdentityIdp/MailLaterLinter end end diff --git a/app/jobs/gpo_expiration_job.rb b/app/jobs/gpo_expiration_job.rb index 201a1c69c1e..073e900480d 100644 --- a/app/jobs/gpo_expiration_job.rb +++ b/app/jobs/gpo_expiration_job.rb @@ -30,11 +30,11 @@ def perform( end def gpo_profiles_that_should_be_expired(as_of:, min_profile_age: nil) - Profile. - and(are_pending_gpo_verification). - and(user_cant_request_more_letters(as_of: as_of)). - and(most_recent_code_has_expired(as_of: as_of)). - and(are_old_enough(as_of: as_of, min_profile_age: min_profile_age)) + Profile + .and(are_pending_gpo_verification) + .and(user_cant_request_more_letters(as_of: as_of)) + .and(most_recent_code_has_expired(as_of: as_of)) + .and(are_old_enough(as_of: as_of, min_profile_age: min_profile_age)) end private @@ -84,10 +84,10 @@ def most_recent_code_has_expired(as_of:) max_code_sent_at = as_of - IdentityConfig.store.usps_confirmation_max_days.days Profile.where( - id: GpoConfirmationCode. - select(:profile_id). - group(:profile_id). - having('max(code_sent_at) < ?', max_code_sent_at), + id: GpoConfirmationCode + .select(:profile_id) + .group(:profile_id) + .having('max(code_sent_at) < ?', max_code_sent_at), ) end diff --git a/app/jobs/gpo_reminder_job.rb b/app/jobs/gpo_reminder_job.rb index a30b2099237..44767dbf831 100644 --- a/app/jobs/gpo_reminder_job.rb +++ b/app/jobs/gpo_reminder_job.rb @@ -6,7 +6,7 @@ class GpoReminderJob < ApplicationJob # Send email reminders to people with USPS proofing letters whose # letters were sent a while ago, and haven't yet entered their code def perform(cutoff_time_for_sending_reminders) - GpoReminderSender.new. - send_emails(cutoff_time_for_sending_reminders) + GpoReminderSender.new + .send_emails(cutoff_time_for_sending_reminders) end end diff --git a/app/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline.rb b/app/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline.rb index fb2f8a0d060..da2dfe8d330 100644 --- a/app/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline.rb +++ b/app/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline.rb @@ -67,8 +67,8 @@ def process_message(sqs_message) error_extra[:ses_mail_source] = ses_message.dig(:mail, :source) # https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.1 - error_extra[:ses_rfc_origination_date] = ses_message. - dig(:mail, :commonHeaders, :date)&.then do |date| + error_extra[:ses_rfc_origination_date] = ses_message + .dig(:mail, :commonHeaders, :date)&.then do |date| DateTime.parse(date).to_s end # https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.4 @@ -119,11 +119,11 @@ def process_message(sqs_message) error_extra[:enrollment_code] = enrollment_code # Look up existing enrollment - id, user_id, ready_for_status_check = InPersonEnrollment. - where(enrollment_code:, status: :pending). - order(created_at: :desc). - limit(1). - pick( + id, user_id, ready_for_status_check = InPersonEnrollment + .where(enrollment_code:, status: :pending) + .order(created_at: :desc) + .limit(1) + .pick( :id, :user_id, :ready_for_status_check ) diff --git a/app/jobs/in_person/send_proofing_notification_job.rb b/app/jobs/in_person/send_proofing_notification_job.rb index b5db32eadcf..ea8b4d47aa9 100644 --- a/app/jobs/in_person/send_proofing_notification_job.rb +++ b/app/jobs/in_person/send_proofing_notification_job.rb @@ -15,16 +15,16 @@ def perform(enrollment_id) ) if enrollment.nil? || !enrollment.eligible_for_notification? - analytics(user: enrollment&.user || AnonymousUser.new). - idv_in_person_send_proofing_notification_job_skipped( + analytics(user: enrollment&.user || AnonymousUser.new) + .idv_in_person_send_proofing_notification_job_skipped( enrollment_code: enrollment&.enrollment_code, enrollment_id: enrollment_id, ) return end - analytics(user: enrollment.user). - idv_in_person_send_proofing_notification_job_started( + analytics(user: enrollment.user) + .idv_in_person_send_proofing_notification_job_started( enrollment_code: enrollment.enrollment_code, enrollment_id: enrollment.id, ) @@ -42,8 +42,8 @@ def perform(enrollment_id) log_job_completed(enrollment: enrollment) rescue StandardError => err - analytics(user: enrollment&.user || AnonymousUser.new). - idv_in_person_send_proofing_notification_job_exception( + analytics(user: enrollment&.user || AnonymousUser.new) + .idv_in_person_send_proofing_notification_job_exception( enrollment_code: enrollment&.enrollment_code, enrollment_id: enrollment_id, exception_class: err.class.to_s, @@ -58,15 +58,15 @@ def formatter end def log_job_completed(enrollment:) - analytics(user: enrollment.user). - idv_in_person_send_proofing_notification_job_completed( + analytics(user: enrollment.user) + .idv_in_person_send_proofing_notification_job_completed( enrollment_code: enrollment.enrollment_code, enrollment_id: enrollment.id, ) end def handle_telephony_response(enrollment:, phone:, telephony_response:) - analytics(user: enrollment.user). - idv_in_person_send_proofing_notification_attempted( + analytics(user: enrollment.user) + .idv_in_person_send_proofing_notification_attempted( success: telephony_response.success?, enrollment_code: enrollment.enrollment_code, enrollment_id: enrollment.id, diff --git a/app/jobs/reports/combined_invoice_supplement_report_v2.rb b/app/jobs/reports/combined_invoice_supplement_report_v2.rb index 6de8bb3fa4b..254f165bdcd 100644 --- a/app/jobs/reports/combined_invoice_supplement_report_v2.rb +++ b/app/jobs/reports/combined_invoice_supplement_report_v2.rb @@ -75,11 +75,11 @@ def combine_by_iaa_month( [result[:key], result[:year_month]] end - by_issuer_iaa_issuer_year_months = by_issuer_results. - group_by { |r| r[:iaa] }. - transform_values do |iaa| - iaa.group_by { |r| r[:issuer] }. - transform_values { |issuer| issuer.group_by { |r| r[:year_month] } } + by_issuer_iaa_issuer_year_months = by_issuer_results + .group_by { |r| r[:iaa] } + .transform_values do |iaa| + iaa.group_by { |r| r[:issuer] } + .transform_values { |issuer| issuer.group_by { |r| r[:year_month] } } end # rubocop:disable Metrics/BlockLength diff --git a/app/jobs/reports/daily_auths_report.rb b/app/jobs/reports/daily_auths_report.rb index b8ab5c6f334..f311e14d43c 100644 --- a/app/jobs/reports/daily_auths_report.rb +++ b/app/jobs/reports/daily_auths_report.rb @@ -15,8 +15,8 @@ def perform(report_date) [ bucket_name, # default reporting bucket IdentityConfig.store.s3_public_reports_enabled && public_bucket_name, - ].select(&:present?). - each do |bucket_name| + ].select(&:present?) + .each do |bucket_name| upload_file_to_s3_bucket( path: path, body: body, diff --git a/app/jobs/reports/daily_dropoffs_report.rb b/app/jobs/reports/daily_dropoffs_report.rb index 01807089f73..230c1864fb0 100644 --- a/app/jobs/reports/daily_dropoffs_report.rb +++ b/app/jobs/reports/daily_dropoffs_report.rb @@ -32,8 +32,8 @@ def perform(report_date) [ bucket_name, # default reporting bucket IdentityConfig.store.s3_public_reports_enabled && public_bucket_name, - ].select(&:present?). - each do |bucket_name| + ].select(&:present?) + .each do |bucket_name| upload_file_to_s3_bucket( path: path, body: body, diff --git a/app/jobs/reports/daily_registrations_report.rb b/app/jobs/reports/daily_registrations_report.rb index 9ed3fd62ac6..0298527c730 100644 --- a/app/jobs/reports/daily_registrations_report.rb +++ b/app/jobs/reports/daily_registrations_report.rb @@ -17,8 +17,8 @@ def perform(report_date) [ bucket_name, # default reporting bucket IdentityConfig.store.s3_public_reports_enabled && public_bucket_name, - ].select(&:present?). - each do |bucket_name| + ].select(&:present?) + .each do |bucket_name| upload_file_to_s3_bucket( path: path, body: body, @@ -33,9 +33,9 @@ def finish end def report_body - results = [*total_users, *fully_registered_users, *deleted_users]. - group_by { |row| row['date'] }. - map do |date, rows| + results = [*total_users, *fully_registered_users, *deleted_users] + .group_by { |row| row['date'] } + .map do |date, rows| { date: date, total_users: rows.map { |r| r['total_users'] }.compact.first || 0, diff --git a/app/jobs/reports/duplicate_ssn_report.rb b/app/jobs/reports/duplicate_ssn_report.rb index bbb1da3be1b..c7272c56bbc 100644 --- a/app/jobs/reports/duplicate_ssn_report.rb +++ b/app/jobs/reports/duplicate_ssn_report.rb @@ -28,10 +28,10 @@ def finish def report_body todays_profiles = transaction_with_timeout do # note, this will table scan until we add an index, for a once-a-day job it may be ok - Profile. - select(:id, :ssn_signature). - where(active: true, activated_at: start..finish). - to_a + Profile + .select(:id, :ssn_signature) + .where(active: true, activated_at: start..finish) + .to_a end todays_profile_ids = todays_profiles.map(&:id).to_set @@ -39,21 +39,21 @@ def report_body ssn_signatures = todays_profiles.map(&:ssn_signature).uniq profiles_connected_by_ssn = ssn_signatures.each_slice(1000).flat_map do |ssn_signature_slice| - Profile. - includes(:user). - where(ssn_signature: ssn_signature_slice). - to_a + Profile + .includes(:user) + .where(ssn_signature: ssn_signature_slice) + .to_a end profiles_connected_by_ssn.sort_by!(&:id).reverse! - count_by_ssn = profiles_connected_by_ssn. - group_by(&:ssn_signature). - transform_values(&:count) - count_by_ssn_active = profiles_connected_by_ssn. - select(&:active?). - group_by(&:ssn_signature). - transform_values(&:count) + count_by_ssn = profiles_connected_by_ssn + .group_by(&:ssn_signature) + .transform_values(&:count) + count_by_ssn_active = profiles_connected_by_ssn + .select(&:active?) + .group_by(&:ssn_signature) + .transform_values(&:count) CSV.generate do |csv| csv << %w[ diff --git a/app/models/backup_code_configuration.rb b/app/models/backup_code_configuration.rb index 4a744e885d2..f0f40a1a995 100644 --- a/app/models/backup_code_configuration.rb +++ b/app/models/backup_code_configuration.rb @@ -41,11 +41,11 @@ def find_with_code(code:, user_id:) end def salted_fingerprints(code:, user_id:) - user_salt_costs = select(:code_salt, :code_cost). - distinct. - where(user_id: user_id). - where.not(code_salt: nil).where.not(code_cost: nil). - pluck(:code_salt, :code_cost) + user_salt_costs = select(:code_salt, :code_cost) + .distinct + .where(user_id: user_id) + .where.not(code_salt: nil).where.not(code_cost: nil) + .pluck(:code_salt, :code_cost) user_salt_costs.map do |salt, cost| scrypt_password_digest(password: code, salt: salt, cost: cost) diff --git a/app/models/gpo_confirmation.rb b/app/models/gpo_confirmation.rb index 6d69cbca090..93805fdecda 100644 --- a/app/models/gpo_confirmation.rb +++ b/app/models/gpo_confirmation.rb @@ -20,12 +20,12 @@ class GpoConfirmation < ApplicationRecord def entry=(entry_hash) @entry = nil self[:entry] = encryptor.encrypt( - entry_hash. - dup. - tap do |h| + entry_hash + .dup + .tap do |h| h[:zipcode] = self.class.normalize_zipcode(h[:zipcode]) if h[:zipcode].present? - end. - to_json, + end + .to_json, ) end diff --git a/app/models/in_person_enrollment.rb b/app/models/in_person_enrollment.rb index 2b719acf9ea..395a7598f92 100644 --- a/app/models/in_person_enrollment.rb +++ b/app/models/in_person_enrollment.rb @@ -52,19 +52,19 @@ def needs_late_email_reminder(early_benchmark, late_benchmark) # Find enrollments that need a status check via the USPS API def needs_usps_status_check(check_interval) - where(status: :pending). - and( - where(last_batch_claimed_at: check_interval). - or(where(last_batch_claimed_at: nil)), + where(status: :pending) + .and( + where(last_batch_claimed_at: check_interval) + .or(where(last_batch_claimed_at: nil)), ) end def needs_usps_status_check_batch(batch_at) - where(status: :pending). - and( + where(status: :pending) + .and( where(last_batch_claimed_at: batch_at), - ). - order(status_check_attempted_at: :asc) + ) + .order(status_check_attempted_at: :asc) end # Find enrollments that are ready for a status check via the USPS API @@ -85,11 +85,11 @@ def generate_unique_id private def pending_and_established_between(early_benchmark, late_benchmark) - where(status: :pending). - and( + where(status: :pending) + .and( where(enrollment_established_at: late_benchmark...(early_benchmark.end_of_day)), - ). - order(enrollment_established_at: :asc) + ) + .order(enrollment_established_at: :asc) end end # end class methods diff --git a/app/models/phone_configuration.rb b/app/models/phone_configuration.rb index 7320b24b951..97766c6b3de 100644 --- a/app/models/phone_configuration.rb +++ b/app/models/phone_configuration.rb @@ -22,13 +22,13 @@ def selection_presenters options = [] if capabilities.supports_sms? - options << TwoFactorAuthentication::SignInPhoneSelectionPresenter. - new(user:, configuration: self, delivery_method: :sms) + options << TwoFactorAuthentication::SignInPhoneSelectionPresenter + .new(user:, configuration: self, delivery_method: :sms) end if capabilities.supports_voice? - options << TwoFactorAuthentication::SignInPhoneSelectionPresenter. - new(user:, configuration: self, delivery_method: :voice) + options << TwoFactorAuthentication::SignInPhoneSelectionPresenter + .new(user:, configuration: self, delivery_method: :voice) end options diff --git a/app/models/service_provider.rb b/app/models/service_provider.rb index 8146db65b21..ff1d631d755 100644 --- a/app/models/service_provider.rb +++ b/app/models/service_provider.rb @@ -35,9 +35,9 @@ class ServiceProvider < ApplicationRecord scope( :with_push_notification_urls, -> { - where.not(push_notification_url: nil). - where.not(push_notification_url: ''). - where(active: true) + where.not(push_notification_url: nil) + .where.not(push_notification_url: '') + .where(active: true) }, ) diff --git a/app/models/user.rb b/app/models/user.rb index 88c89cc9daf..c75b7fc2ef2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -257,19 +257,19 @@ def default_phone_configuration # @return [Boolean] Whether the user should receive a survey for completing in-person proofing def should_receive_in_person_completion_survey?(issuer) Idv::InPersonConfig.enabled_for_issuer?(issuer) && - in_person_enrollments. - where(issuer: issuer, status: :passed).order(created_at: :desc). - pick(:follow_up_survey_sent) == false + in_person_enrollments + .where(issuer: issuer, status: :passed).order(created_at: :desc) + .pick(:follow_up_survey_sent) == false end ## # Record that the in-person proofing survey was sent # @param [String] issuer def mark_in_person_completion_survey_sent(issuer) - enrollment_id, follow_up_survey_sent = in_person_enrollments. - where(issuer: issuer, status: :passed). - order(created_at: :desc). - pick(:id, :follow_up_survey_sent) + enrollment_id, follow_up_survey_sent = in_person_enrollments + .where(issuer: issuer, status: :passed) + .order(created_at: :desc) + .pick(:id, :follow_up_survey_sent) if follow_up_survey_sent == false # Enrollment record is present and survey was not previously sent @@ -407,8 +407,8 @@ def no_longer_locked_out? end def recent_events - events = Event.where(user_id: id).order('created_at DESC').limit(MAX_RECENT_EVENTS). - map(&:decorate) + events = Event.where(user_id: id).order('created_at DESC').limit(MAX_RECENT_EVENTS) + .map(&:decorate) (events + identity_events).sort_by(&:happened_at).reverse end @@ -417,8 +417,8 @@ def identity_events end def recent_devices - @recent_devices ||= devices.order(last_used_at: :desc).limit(MAX_RECENT_DEVICES). - map(&:decorate) + @recent_devices ||= devices.order(last_used_at: :desc).limit(MAX_RECENT_DEVICES) + .map(&:decorate) end def has_devices? @@ -441,12 +441,15 @@ def authenticated_device?(cookie_uuid:) # # @param [ActiveSupport::TimeWithZone] since Time window to query user's events def sign_in_count(since:) - events.where(event_type: :sign_in_before_2fa).where(created_at: since..).count + events + .where(event_type: :sign_in_before_2fa).where(created_at: since..) + .count end def second_last_signed_in_at - events.where(event_type: 'sign_in_after_2fa'). - order(created_at: :desc).limit(2).pluck(:created_at).second + events + .where(event_type: 'sign_in_after_2fa') + .order(created_at: :desc).limit(2).pluck(:created_at).second end def connected_apps @@ -508,8 +511,8 @@ def send_email_to_all_addresses(user_mailer_template) UserMailer.with( user: self, email_address: email_address, - ).send(user_mailer_template). - deliver_now_or_later + ).send(user_mailer_template) + .deliver_now_or_later end end diff --git a/app/models/webauthn_configuration.rb b/app/models/webauthn_configuration.rb index cf57bac4d54..5973745835f 100644 --- a/app/models/webauthn_configuration.rb +++ b/app/models/webauthn_configuration.rb @@ -31,8 +31,8 @@ def mfa_enabled? def selection_presenters if platform_authenticator? - [TwoFactorAuthentication::SignInWebauthnPlatformSelectionPresenter. - new(user:, configuration: self)] + [TwoFactorAuthentication::SignInWebauthnPlatformSelectionPresenter + .new(user:, configuration: self)] else [TwoFactorAuthentication::SignInWebauthnSelectionPresenter.new(user:, configuration: self)] end diff --git a/app/policies/idv/gpo_verify_by_mail_policy.rb b/app/policies/idv/gpo_verify_by_mail_policy.rb index 31748e409d2..703f7f8c1f8 100644 --- a/app/policies/idv/gpo_verify_by_mail_policy.rb +++ b/app/policies/idv/gpo_verify_by_mail_policy.rb @@ -29,8 +29,8 @@ def rate_limited? def profile_too_old? return false if !user.pending_profile - min_creation_date = IdentityConfig.store. - gpo_max_profile_age_to_send_letter_in_days.days.ago + min_creation_date = IdentityConfig.store + .gpo_max_profile_age_to_send_letter_in_days.days.ago user.pending_profile.created_at < min_creation_date end diff --git a/app/presenters/completions_presenter.rb b/app/presenters/completions_presenter.rb index 55f8cadb77a..2311d7276d1 100644 --- a/app/presenters/completions_presenter.rb +++ b/app/presenters/completions_presenter.rb @@ -105,10 +105,6 @@ def pii end end - def multiple_emails? - current_user.confirmed_email_addresses.many? - end - private def first_time_signing_in? diff --git a/app/presenters/idv/by_mail/letter_enqueued_presenter.rb b/app/presenters/idv/by_mail/letter_enqueued_presenter.rb index fc1592e56cc..d0706951117 100644 --- a/app/presenters/idv/by_mail/letter_enqueued_presenter.rb +++ b/app/presenters/idv/by_mail/letter_enqueued_presenter.rb @@ -57,8 +57,8 @@ def pii_from_session_applicant end def pii_from_gpo_pending_profile - Pii::Cacher.new(current_user, user_session). - fetch(current_user&.gpo_verification_pending_profile&.id) + Pii::Cacher.new(current_user, user_session) + .fetch(current_user&.gpo_verification_pending_profile&.id) end end end diff --git a/app/presenters/openid_connect_certs_presenter.rb b/app/presenters/openid_connect_certs_presenter.rb index 245bbcbffb9..c90ec2fbc55 100644 --- a/app/presenters/openid_connect_certs_presenter.rb +++ b/app/presenters/openid_connect_certs_presenter.rb @@ -1,20 +1,16 @@ # frozen_string_literal: true class OpenidConnectCertsPresenter + KEYS = Rails.application.config.oidc_public_key_queue.map do |key| + { + alg: 'RS256', + use: 'sig', + }.merge(JWT::JWK.new(key).export) + end.freeze + def certs { - keys: keys, + keys: KEYS, } end - - private - - def keys - [AppArtifacts.store.oidc_public_key].map do |key| - { - alg: 'RS256', - use: 'sig', - }.merge(JWT::JWK.new(key).export) - end - end end diff --git a/app/presenters/two_factor_auth_code/generic_delivery_presenter.rb b/app/presenters/two_factor_auth_code/generic_delivery_presenter.rb index 60217a50c28..5bd7a3c8acb 100644 --- a/app/presenters/two_factor_auth_code/generic_delivery_presenter.rb +++ b/app/presenters/two_factor_auth_code/generic_delivery_presenter.rb @@ -31,8 +31,8 @@ def troubleshooting_options end def choose_another_method_troubleshooting_option - BlockLinkComponent.new(url: login_two_factor_options_path). - with_content(t('two_factor_authentication.login_options_link_text')) + BlockLinkComponent.new(url: login_two_factor_options_path) + .with_content(t('two_factor_authentication.login_options_link_text')) end def learn_more_about_authentication_options_troubleshooting_option diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb index 1dc080b59e4..10853275358 100644 --- a/app/presenters/two_factor_options_presenter.rb +++ b/app/presenters/two_factor_options_presenter.rb @@ -52,9 +52,9 @@ def all_options_sorted user_agent:, desktop_ft_ab_test:, ) - end. - partition(&:recommended?). - flatten + end + .partition(&:recommended?) + .flatten end def icon diff --git a/app/services/access_token_verifier.rb b/app/services/access_token_verifier.rb index 49372e308b2..bf122c1b316 100644 --- a/app/services/access_token_verifier.rb +++ b/app/services/access_token_verifier.rb @@ -21,6 +21,7 @@ def submit extra: { client_id: @identity&.service_provider, ial: @identity&.ial, + integration_errors:, }, ) @@ -69,4 +70,14 @@ def extract_access_token(header) access_token end + + def integration_errors + { + error_details: errors.full_messages, + error_types: errors.attribute_names, + event: :oidc_bearer_token_auth, + integration_exists: @identity&.service_provider.present?, + request_issuer: @identity&.service_provider, + } + end end diff --git a/app/services/account_reset/cancel.rb b/app/services/account_reset/cancel.rb index 7e8d0f5649f..66e6e650f6a 100644 --- a/app/services/account_reset/cancel.rb +++ b/app/services/account_reset/cancel.rb @@ -27,8 +27,8 @@ def call def notify_user_via_email_of_account_reset_cancellation user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address).account_reset_cancel. - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address).account_reset_cancel + .deliver_now_or_later end end diff --git a/app/services/account_reset/create_request.rb b/app/services/account_reset/create_request.rb index f1a22b61e8f..33d6ec9689d 100644 --- a/app/services/account_reset/create_request.rb +++ b/app/services/account_reset/create_request.rb @@ -40,8 +40,8 @@ def create_request def notify_user_by_email(request) user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address).account_reset_request(request). - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address).account_reset_request(request) + .deliver_now_or_later end end diff --git a/app/services/account_reset/delete_account.rb b/app/services/account_reset/delete_account.rb index ee0403c490c..55fee8c5182 100644 --- a/app/services/account_reset/delete_account.rb +++ b/app/services/account_reset/delete_account.rb @@ -60,8 +60,8 @@ def send_push_notifications # rubocop:disable IdentityIdp/MailLaterLinter def notify_user_via_email_of_deletion user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address). - account_reset_complete.deliver_now + UserMailer.with(user: user, email_address: email_address) + .account_reset_complete.deliver_now end end # rubocop:enable IdentityIdp/MailLaterLinter diff --git a/app/services/account_reset/grant_requests_and_send_emails.rb b/app/services/account_reset/grant_requests_and_send_emails.rb index 74687d5404d..ad148f93276 100644 --- a/app/services/account_reset/grant_requests_and_send_emails.rb +++ b/app/services/account_reset/grant_requests_and_send_emails.rb @@ -45,8 +45,8 @@ def grant_request_and_send_email(arr) arr = arr.reload user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address). - account_reset_granted(arr).deliver_now_or_later + UserMailer.with(user: user, email_address: email_address) + .account_reset_granted(arr).deliver_now_or_later end true end diff --git a/app/services/account_reset/pending_request_for_user.rb b/app/services/account_reset/pending_request_for_user.rb index 0760767918a..52919c5f69c 100644 --- a/app/services/account_reset/pending_request_for_user.rb +++ b/app/services/account_reset/pending_request_for_user.rb @@ -45,8 +45,8 @@ def notify_user! def notify_user_via_email_of_account_reset_cancellation user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address).account_reset_cancel. - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address).account_reset_cancel + .deliver_now_or_later end end diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb index 8e867239b69..6cdd25ce73f 100644 --- a/app/services/analytics_events.rb +++ b/app/services/analytics_events.rb @@ -1236,7 +1236,7 @@ def idv_consent_checkbox_toggled(checked:, **extra) # @param [String] step Current IdV step # @param [String] analytics_id Current IdV flow identifier # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing def idv_doc_auth_agreement_submitted( @@ -1268,7 +1268,7 @@ def idv_doc_auth_agreement_submitted( # @param [String] step Current IdV step # @param [String] analytics_id Current IdV flow identifier # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing def idv_doc_auth_agreement_visited( @@ -1321,7 +1321,7 @@ def idv_doc_auth_capture_complete_visited( # @param [Boolean] selfie_check_required Whether facial match check is required # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades def idv_doc_auth_document_capture_polling_wait_visited( flow_path:, step:, @@ -1358,10 +1358,10 @@ def idv_doc_auth_document_capture_polling_wait_visited( # @param [Boolean] selfie_check_required Whether facial match check is required # @param ["hybrid","standard"] flow_path Document capture user flow # @param [Boolean] redo_document_capture Whether user is redoing document capture after barcode - # warning + # warning # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] stored_result_present Whether a stored result was present # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing def idv_doc_auth_document_capture_submitted( @@ -1401,12 +1401,12 @@ def idv_doc_auth_document_capture_submitted( # @param [String] step Current IdV step # @param [String] analytics_id Current IdV flow identifier # @param [Boolean] redo_document_capture Whether user is redoing document capture after barcode - # warning + # warning # @param [Boolean] liveness_checking_required Whether facial match check is required # @param [Boolean] selfie_check_required Whether facial match check is required # @param ["hybrid","standard"] flow_path Document capture user flow # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing def idv_doc_auth_document_capture_visited( @@ -1546,12 +1546,12 @@ def idv_doc_auth_how_to_verify_visited( # @param [String] step Current IdV step # @param [String] analytics_id Current IdV flow identifier # @param [Boolean] redo_document_capture Whether user is redoing document capture after barcode - # warning + # warning # @param [Boolean] selfie_check_required Whether facial match check is required # @param ["document_capture","send_link"] destination Where user is sent after submission # @param ["hybrid","standard"] flow_path Document capture user flow # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [Hash] telephony_response Response from Telephony gem # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing @@ -1593,10 +1593,10 @@ def idv_doc_auth_hybrid_handoff_submitted( # @param [String] step Current IdV step # @param [String] analytics_id Current IdV flow identifier # @param [Boolean] redo_document_capture Whether user is redoing document capture after barcode - # warning + # warning # @param [Boolean] selfie_check_required Whether facial match check is required # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @param [Boolean] skip_hybrid_handoff Whether skipped hybrid handoff A/B test is active # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing def idv_doc_auth_hybrid_handoff_visited( @@ -1802,7 +1802,7 @@ def idv_doc_auth_ssn_visited( # @param [Hash] errors Errors resulting from form validation # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # @param [Integer] submit_attempts Times that user has tried submitting (previously called - # "attempts") + # "attempts") # @param [Integer] remaining_submit_attempts (previously called "remaining_attempts") # @param [String] user_id # @param ["hybrid","standard"] flow_path Document capture user flow @@ -1811,7 +1811,7 @@ def idv_doc_auth_ssn_visited( # @param [String] back_image_fingerprint Fingerprint of back image data # @param [String] selfie_image_fingerprint Fingerprint of selfie image data # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # The document capture image uploaded was locally validated during the IDV process def idv_doc_auth_submitted_image_upload_form( success:, @@ -1855,7 +1855,7 @@ def idv_doc_auth_submitted_image_upload_form( # @param [String] state_id_type # @param [Boolean] async # @param [Integer] submit_attempts Times that user has tried submitting (previously called - # "attempts") + # "attempts") # @param [Integer] remaining_submit_attempts (previously called "remaining_attempts") # @param [Hash] client_image_metrics # @param ["hybrid","standard"] flow_path Document capture user flow @@ -1890,10 +1890,10 @@ def idv_doc_auth_submitted_image_upload_form( # @param [String] birth_year Birth year from document # @param [Integer] issue_year Year document was issued # @param [Hash] failed_image_fingerprints Hash of document field with an array of failed image - # fingerprints for that field. + # fingerprints for that field. # @param [Integer] selfie_attempts number of selfie attempts the user currently has processed # @param [String] acuant_sdk_upgrade_ab_test_bucket A/B test bucket for Acuant document capture - # SDK upgrades + # SDK upgrades # @option extra [String] 'DocumentName' # @option extra [String] 'DocAuthResult' # @option extra [String] 'DocIssuerCode' @@ -3310,6 +3310,11 @@ def idv_in_person_usps_proofing_enrollment_code_email_received( # @param [Integer] enrollments_failed number of enrollments which failed identity proofing # @param [Integer] enrollments_in_progress number of enrollments which did not have any change # @param [Integer] enrollments_passed number of enrollments which passed identity proofing + # @param [Integer] enrollments_network_error + # @param [Integer] enrollments_cancelled + # @param [Float] percent_enrollments_errored + # @param [Float] percent_enrollments_network_error + # @param [String] job_name def idv_in_person_usps_proofing_results_job_completed( duration_seconds:, enrollments_checked:, @@ -3318,17 +3323,27 @@ def idv_in_person_usps_proofing_results_job_completed( enrollments_failed:, enrollments_in_progress:, enrollments_passed:, + enrollments_network_error:, + enrollments_cancelled:, + percent_enrollments_errored:, + percent_enrollments_network_error:, + job_name:, **extra ) track_event( 'GetUspsProofingResultsJob: Job completed', - duration_seconds: duration_seconds, - enrollments_checked: enrollments_checked, - enrollments_errored: enrollments_errored, - enrollments_expired: enrollments_expired, - enrollments_failed: enrollments_failed, - enrollments_in_progress: enrollments_in_progress, - enrollments_passed: enrollments_passed, + duration_seconds:, + enrollments_checked:, + enrollments_errored:, + enrollments_expired:, + enrollments_failed:, + enrollments_in_progress:, + enrollments_passed:, + enrollments_network_error:, + enrollments_cancelled:, + percent_enrollments_errored:, + percent_enrollments_network_error:, + job_name:, **extra, ) end @@ -3353,27 +3368,57 @@ def idv_in_person_usps_proofing_results_job_deadline_passed_email_exception( end # Tracks deadline email initiated during GetUspsProofingResultsJob + # @param [String] enrollment_code # @param [String] enrollment_id + # @param [Time] timestamp + # @param [String] service_provider + # @param [Integer] wait_until + # @param [String] job_name def idv_in_person_usps_proofing_results_job_deadline_passed_email_initiated( + enrollment_code:, enrollment_id:, + timestamp:, + service_provider:, + wait_until:, + job_name:, **extra ) track_event( 'GetUspsProofingResultsJob: deadline passed email initiated', - enrollment_id: enrollment_id, + enrollment_code:, + enrollment_id:, + timestamp:, + service_provider:, + wait_until:, + job_name:, **extra, ) end # Tracks emails that are initiated during GetUspsProofingResultsJob # @param [String] email_type success, failed or failed fraud + # @param [String] enrollment_code + # @param [Time] timestamp + # @param [String] service_provider + # @param [Integer] wait_until + # @param [String] job_name def idv_in_person_usps_proofing_results_job_email_initiated( email_type:, + enrollment_code:, + timestamp:, + service_provider:, + wait_until:, + job_name:, **extra ) track_event( 'GetUspsProofingResultsJob: Success or failure email initiated', - email_type: email_type, + email_type:, + enrollment_code:, + timestamp:, + service_provider:, + wait_until:, + job_name:, **extra, ) end @@ -3404,11 +3449,31 @@ def idv_in_person_usps_proofing_results_job_enrollment_incomplete( # @param [String] enrollment_code # @param [String] enrollment_id # @param [Float] minutes_since_established + # @param [Float] minutes_since_last_status_check + # @param [Float] minutes_since_last_status_check_completed + # @param [Float] minutes_since_last_status_update + # @param [Float] minutes_to_completion + # @param [Boolean] fraud_suspected + # @param [String] primary_id_type + # @param [String] secondary_id_type + # @param [String] failure_reason + # @param [String] transaction_end_date_time + # @param [String] transaction_start_date_time + # @param [String] status + # @param [String] assurance_level + # @param [String] proofing_post_office + # @param [String] proofing_city + # @param [String] proofing_state + # @param [String] scan_count + # @param [String] response_message # @param [Boolean] passed did this enrollment pass or fail? # @param [String] reason why did this enrollment pass or fail? # @param [String] tmx_status the tmx_status of the enrollment profile profile # @param [Integer] profile_age_in_seconds How many seconds have passed since profile created - # @param [Boolean] fraud_suspected + # @param [Boolean] response_present + # @param [String] job_name + # @param [Boolean] enhanced_ipp + # @param [String] issuer def idv_in_person_usps_proofing_results_job_enrollment_updated( enrollment_code:, enrollment_id:, @@ -3417,19 +3482,59 @@ def idv_in_person_usps_proofing_results_job_enrollment_updated( reason:, tmx_status:, profile_age_in_seconds:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + response_present:, + job_name:, + enhanced_ipp:, + issuer:, fraud_suspected: nil, + primary_id_type: nil, + secondary_id_type: nil, + failure_reason: nil, + transaction_end_date_time: nil, + transaction_start_date_time: nil, + status: nil, + assurance_level: nil, + proofing_post_office: nil, + proofing_city: nil, + proofing_state: nil, + scan_count: nil, + response_message: nil, **extra ) track_event( 'GetUspsProofingResultsJob: Enrollment status updated', - enrollment_code: enrollment_code, - enrollment_id: enrollment_id, - minutes_since_established: minutes_since_established, - passed: passed, - reason: reason, - tmx_status: tmx_status, - profile_age_in_seconds: profile_age_in_seconds, - fraud_suspected: fraud_suspected, + enrollment_code:, + enrollment_id:, + minutes_since_established:, + passed:, + reason:, + tmx_status:, + profile_age_in_seconds:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + fraud_suspected:, + primary_id_type:, + secondary_id_type:, + failure_reason:, + transaction_end_date_time:, + transaction_start_date_time:, + status:, + assurance_level:, + proofing_post_office:, + proofing_city:, + proofing_state:, + scan_count:, + response_present:, + response_message:, + job_name:, + enhanced_ipp:, + issuer:, **extra, ) end @@ -3442,6 +3547,7 @@ def idv_in_person_usps_proofing_results_job_enrollment_updated( # @param [String] enrollment_code # @param [Float] minutes_since_established # @param [Float] minutes_since_last_status_check + # @param [Float] minutes_since_last_status_check_completed # @param [Float] minutes_since_last_status_update # @param [Float] minutes_to_completion # @param [Boolean] fraud_suspected @@ -3456,8 +3562,11 @@ def idv_in_person_usps_proofing_results_job_enrollment_updated( # @param [String] proofing_city # @param [String] proofing_state # @param [String] scan_count + # @param [Boolean] response_present # @param [String] response_message # @param [Integer] response_status_code + # @param [String] job_name + # @param [String] issuer def idv_in_person_usps_proofing_results_job_exception( reason:, enrollment_id:, @@ -3466,6 +3575,7 @@ def idv_in_person_usps_proofing_results_job_exception( exception_message: nil, enrollment_code: nil, minutes_since_last_status_check: nil, + minutes_since_last_status_check_completed: nil, minutes_since_last_status_update: nil, minutes_to_completion: nil, fraud_suspected: nil, @@ -3480,45 +3590,67 @@ def idv_in_person_usps_proofing_results_job_exception( proofing_city: nil, proofing_state: nil, scan_count: nil, + response_present: nil, response_message: nil, response_status_code: nil, + job_name: nil, + issuer: nil, **extra ) track_event( 'GetUspsProofingResultsJob: Exception raised', - reason: reason, - enrollment_id: enrollment_id, - exception_class: exception_class, - exception_message: exception_message, - enrollment_code: enrollment_code, - minutes_since_established: minutes_since_established, - minutes_since_last_status_check: minutes_since_last_status_check, - minutes_since_last_status_update: minutes_since_last_status_update, - minutes_to_completion: minutes_to_completion, - fraud_suspected: fraud_suspected, - primary_id_type: primary_id_type, - secondary_id_type: secondary_id_type, - failure_reason: failure_reason, - transaction_end_date_time: transaction_end_date_time, - transaction_start_date_time: transaction_start_date_time, - status: status, - assurance_level: assurance_level, - proofing_post_office: proofing_post_office, - proofing_city: proofing_city, - proofing_state: proofing_state, - scan_count: scan_count, - response_message: response_message, - response_status_code: response_status_code, + reason:, + enrollment_id:, + exception_class:, + exception_message:, + enrollment_code:, + minutes_since_established:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + fraud_suspected:, + primary_id_type:, + secondary_id_type:, + failure_reason:, + transaction_end_date_time:, + transaction_start_date_time:, + status:, + assurance_level:, + proofing_post_office:, + proofing_city:, + proofing_state:, + scan_count:, + response_present:, + response_message:, + response_status_code:, + job_name:, + issuer:, **extra, ) end # Tracks please call emails that are initiated during GetUspsProofingResultsJob + # @param [String] enrollment_code + # @param [String] job_name + # @param [String] service_provider + # @param [Time] timestamp + # @param [Integer] wait_until def idv_in_person_usps_proofing_results_job_please_call_email_initiated( + enrollment_code:, + job_name:, + service_provider:, + timestamp:, + wait_until:, **extra ) track_event( :idv_in_person_usps_proofing_results_job_please_call_email_initiated, + enrollment_code:, + job_name:, + service_provider:, + timestamp:, + wait_until:, **extra, ) end @@ -3546,36 +3678,75 @@ def idv_in_person_usps_proofing_results_job_started( # @param [String] enrollment_code # @param [String] enrollment_id # @param [Float] minutes_since_established + # @param [Float] minutes_since_last_status_check + # @param [Float] minutes_since_last_status_check_completed + # @param [Float] minutes_since_last_status_update + # @param [Float] minutes_to_completion + # @param [String] issuer + # @param [String] job_name # @param [String] response_message # @param [String] reason why was this error unexpected? def idv_in_person_usps_proofing_results_job_unexpected_response( enrollment_code:, enrollment_id:, minutes_since_established:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + issuer:, + job_name:, response_message:, reason:, **extra ) track_event( 'GetUspsProofingResultsJob: Unexpected response received', - enrollment_code: enrollment_code, - enrollment_id: enrollment_id, - minutes_since_established: minutes_since_established, - response_message: response_message, - reason: reason, + enrollment_code:, + enrollment_id:, + minutes_since_established:, + response_message:, + reason:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + issuer:, + job_name:, **extra, ) end # A user has been moved to fraud review after completing proofing at the USPS + # @param [String] enrollment_code # @param [String] enrollment_id + # @param [Float] minutes_since_established + # @param [Float] minutes_since_last_status_check + # @param [Float] minutes_since_last_status_check_completed + # @param [Float] minutes_since_last_status_update + # @param [Float] minutes_to_completion + # @param [String] issuer def idv_in_person_usps_proofing_results_job_user_sent_to_fraud_review( + enrollment_code:, enrollment_id:, + minutes_since_established:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + issuer:, **extra ) track_event( :idv_in_person_usps_proofing_results_job_user_sent_to_fraud_review, - enrollment_id: enrollment_id, + enrollment_code:, + enrollment_id:, + minutes_since_established:, + minutes_since_last_status_check:, + minutes_since_last_status_check_completed:, + minutes_since_last_status_update:, + minutes_to_completion:, + issuer:, **extra, ) end @@ -4215,7 +4386,7 @@ def idv_phone_confirmation_otp_visit( # @param [Hash] vendor Vendor response payload # @param [Boolean] new_phone_added Whether phone number was added to account in submission # @param [Boolean] hybrid_handoff_phone_used Whether phone is the same as what was used for hybrid - # document capture + # document capture # @param [String] area_code Area code of phone number # @param [String] country_code Abbreviated 2-letter country code associated with phone number # @param [String] phone_fingerprint HMAC fingerprint of the phone number formatted as E.164 @@ -4864,7 +5035,7 @@ def idv_socure_shadow_mode_proofing_result_missing(**extra) # @param [String] state_id_type type of state issued ID # @param [Boolean] async whether or not this worker is running asynchronously # @param [Integer] submit_attempts Times that user has tried submitting (previously called - # "attempts") + # "attempts") # @param [Integer] remaining_submit_attempts (previously called "remaining_attempts") # @param ["hybrid","standard"] flow_path Document capture user flow # @param [Float] vendor_request_time_in_ms Time it took to upload images & get a response. @@ -5471,8 +5642,8 @@ def multi_factor_auth_enter_totp_visit(context:, **extra) # @param ["authentication", "reauthentication", "confirmation"] context User session context # @param ["webauthn","webauthn_platform"] multi_factor_auth_method which webauthn method was used, - # webauthn means a roaming authenticator like a yubikey, webauthn_platform means a platform - # authenticator like face or touch ID + # webauthn means a roaming authenticator like a yubikey, webauthn_platform means a platform + # authenticator like face or touch ID # @param [Integer, nil] webauthn_configuration_id webauthn database ID # @param [String] multi_factor_auth_method_created_at When the authentication method was created # User visited the page to authenticate with webauthn (yubikey, face ID or touch ID) @@ -5596,7 +5767,7 @@ def multi_factor_auth_phone_setup( # @param [Integer] attempts number of MFA setup attempts # @param [String, nil] aaguid AAGUID value of WebAuthn device # @param [String[], nil] unknown_transports Array of unrecognized WebAuthn transports, intended to - # be used in case of future specification changes. + # be used in case of future specification changes. # @param [:authentication, :account_creation, nil] webauthn_platform_recommended A/B test for # recommended Face or Touch Unlock setup, if applicable. def multi_factor_auth_setup( @@ -5979,7 +6150,7 @@ def otp_phone_validation_failed(error:, message:, context:, country:, **extra) # @param [Boolean] active_profile_present Whether active profile existed at time of change # @param [Boolean] pending_profile_present Whether pending profile existed at time of change # @param [Boolean] required_password_change Whether password change was forced due to compromised - # password + # password # The user updated their password def password_changed( success:, @@ -6035,9 +6206,9 @@ def password_max_attempts # @param [Boolean] success Whether form validation was successful # @param [Hash] errors Errors resulting from form validation # @param [Boolean, nil] confirmed if the account the reset is being requested for has a - # confirmed email + # confirmed email # @param [Boolean, nil] active_profile if the account the reset is being requested for has an - # active proofed profile + # active proofed profile # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # The user entered an email address to request a password reset def password_reset_email( @@ -6062,11 +6233,11 @@ def password_reset_email( # @param [Boolean] success Whether form validation was successful # @param [Hash] errors Errors resulting from form validation # @param [Boolean] profile_deactivated if the active profile for the account was deactivated - # (the user will need to use their personal key to reactivate their profile) + # (the user will need to use their personal key to reactivate their profile) # @param [Boolean] pending_profile_invalidated Whether a pending profile was invalidated as a - # result of the password reset + # result of the password reset # @param [String] pending_profile_pending_reasons Comma-separated list of the pending states - # associated with the associated profile. + # associated with the associated profile. # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # The user changed the password for their account via the password reset flow def password_reset_password( @@ -6126,7 +6297,7 @@ def pending_account_reset_visited # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # @param [Integer] emails Number of email addresses the notification was sent to # @param [Array] sms_message_ids AWS Pinpoint SMS message IDs for each phone number that - # was notified + # was notified # Alert user if a personal key was used to sign in def personal_key_alert_about_sign_in( success:, @@ -6386,7 +6557,7 @@ def profile_personal_key_create # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # @param [Integer] emails Number of email addresses the notification was sent to # @param [Array] sms_message_ids AWS Pinpoint SMS message IDs for each phone number that - # was notified + # was notified # User has chosen to receive a new personal key, contains stats about notifications that # were sent to phone numbers and email addresses for the user def profile_personal_key_create_notifications( @@ -6680,14 +6851,14 @@ def rules_of_use_visit # @param [Boolean] finish_profile # @param [String] requested_ial # @param [Boolean] request_signed - # @param [String] matching_cert_serial - # matches the request certificate in a successful, signed request + # @param [String] matching_cert_serial matches the request certificate in a successful, signed + # request # @param [Boolean] certs_different Whether the matching cert changes when SHA256 validations - # are turned on in the saml_idp gem + # are turned on in the saml_idp gem # @param [Hash] cert_error_details Details for errors that occurred because of an invalid - # signature + # signature # @param [String] sha256_matching_cert serial of the cert that matches when sha256 validations - # are turned on + # are turned on # @param [String] unknown_authn_contexts space separated list of unknown contexts def saml_auth( success:, @@ -6915,6 +7086,32 @@ def sp_inactive_visit track_event('SP inactive visited') end + # @param [Array] error_details Full messages of the errors + # @param [Hash] error_types Types of errors that are surfaced + # @param [Symbol] event What part of the workflow the error occured in + # @param [Boolean] integration_exists Whether the requesting issuer maps to an SP + # @param [String] request_issuer The issuer in the request + # Monitoring service-provider specific integration errors + def sp_integration_errors_present( + error_details:, + error_types:, + event:, + integration_exists:, + request_issuer: nil, + **extra + ) + types = error_types.index_with { |_type| true } + track_event( + :sp_integration_errors_present, + error_details:, + error_types: types, + event:, + integration_exists:, + request_issuer:, + **extra, + ) + end + # Tracks when a user is redirected back to the service provider # @param [Integer] ial # @param [Integer] billed_ial @@ -6968,7 +7165,7 @@ def sp_revoke_consent_visited(issuer:, **extra) # @param [Hash] error_details Details for errors that occurred in unsuccessful submission # @param [Integer] selected_email_id Selected email address record ID # @param [String, nil] needs_completion_screen_reason Reason for the consent screen being shown, - # if user is changing email in consent flow + # if user is changing email in consent flow def sp_select_email_submitted( success:, selected_email_id:, @@ -6988,7 +7185,7 @@ def sp_select_email_submitted( # User visited form to change email shared with service provider # @param [String, nil] needs_completion_screen_reason Reason for the consent screen being shown, - # if user is changing email in consent flow + # if user is changing email in consent flow def sp_select_email_visited(needs_completion_screen_reason: nil, **extra) track_event(:sp_select_email_visited, needs_completion_screen_reason:, **extra) end @@ -7148,7 +7345,7 @@ def user_registration_2fa_setup_visit( # @param [String] service_provider_name The friendly name of the service provider # @param ['account-page','agency-page'] page_occurence Where the user concluded registration # @param ['new_sp','new_attributes','reverified_after_consent'] needs_completion_screen_reason The - # reason for the consent screen being shown + # reason for the consent screen being shown # @param [Boolean] in_account_creation_flow Whether user is going through account creation # @param [Array] sp_session_requested_attributes Attributes requested by the service provider # @param [String, nil] in_person_proofing_status In person proofing status @@ -7196,7 +7393,7 @@ def user_registration_cancellation(request_came_from:, **extra) # @param [String] service_provider_name The friendly name of the service provider # @param ['account-page','agency-page'] page_occurence Where the user concluded registration # @param ['new_sp','new_attributes','reverified_after_consent'] needs_completion_screen_reason The - # reason for the consent screen being shown + # reason for the consent screen being shown # @param [Array] sp_session_requested_attributes Attributes requested by the service provider # @param [Boolean] in_account_creation_flow Whether user is going through account creation flow # @param [String, nil] disposable_email_domain Disposable email domain used for registration diff --git a/app/services/auth_methods_session.rb b/app/services/auth_methods_session.rb index 7f1db175d35..8ce5b0f75d5 100644 --- a/app/services/auth_methods_session.rb +++ b/app/services/auth_methods_session.rb @@ -11,9 +11,9 @@ def initialize(user_session:) def authenticate!(auth_method) user_session[TwoFactorAuthenticatable::NEED_AUTHENTICATION] = false - user_session[:auth_events] = auth_events. - push({ auth_method:, at: Time.zone.now }). - last(MAX_AUTH_EVENTS) + user_session[:auth_events] = auth_events + .push({ auth_method:, at: Time.zone.now }) + .last(MAX_AUTH_EVENTS) end def auth_events diff --git a/app/services/calendar_service.rb b/app/services/calendar_service.rb index 9bc036aef86..38c26d8a28b 100644 --- a/app/services/calendar_service.rb +++ b/app/services/calendar_service.rb @@ -72,10 +72,10 @@ def holidays end def observed_holidays - holidays. - concat([next_new_years]). - map(&method(:observed)). - select { |oh| oh.year == year } + holidays + .concat([next_new_years]) + .map(&method(:observed)) + .select { |oh| oh.year == year } end # January 1st @@ -85,23 +85,23 @@ def new_years # 3rd Monday of January def mlk - Date.new(year, 1, 1). - step(Date.new(year, 2, 1)). - select(&:monday?)[2] + Date.new(year, 1, 1) + .step(Date.new(year, 2, 1)) + .select(&:monday?)[2] end # 3rd Monday of February def washington - Date.new(year, 2, 1). - step(Date.new(year, 3, 1)). - select(&:monday?)[2] + Date.new(year, 2, 1) + .step(Date.new(year, 3, 1)) + .select(&:monday?)[2] end # Last Monday of May def memorial - Date.new(year, 6, 1). - step(Date.new(year, 5, 1), -1). - find(&:monday?) + Date.new(year, 6, 1) + .step(Date.new(year, 5, 1), -1) + .find(&:monday?) end # June 19th @@ -116,16 +116,16 @@ def independence # First Monday of September def labor - Date.new(year, 9, 1). - step(Date.new(year, 10, 1)). - find(&:monday?) + Date.new(year, 9, 1) + .step(Date.new(year, 10, 1)) + .find(&:monday?) end # Second Monday of October def columbus - Date.new(year, 10, 1). - step(Date.new(year, 11, 1)). - select(&:monday?).second + Date.new(year, 10, 1) + .step(Date.new(year, 11, 1)) + .select(&:monday?).second end # November 11th @@ -135,9 +135,9 @@ def veterans # 4th Thursday of November def thanksgiving - Date.new(year, 11, 1). - step(Date.new(year, 12, 1)). - select(&:thursday?)[3] + Date.new(year, 11, 1) + .step(Date.new(year, 12, 1)) + .select(&:thursday?)[3] end # December 25th diff --git a/app/services/create_new_device_alert.rb b/app/services/create_new_device_alert.rb index cdbb443ba63..3881f8a7f96 100644 --- a/app/services/create_new_device_alert.rb +++ b/app/services/create_new_device_alert.rb @@ -31,8 +31,8 @@ def sql_query_for_users_with_new_device end def expire_sign_in_notification_timeframe_and_send_alert(user) - disavowal_event, disavowal_token = UserEventCreator.new(current_user: user). - create_out_of_band_user_event_with_disavowal(:sign_in_notification_timeframe_expired) + disavowal_event, disavowal_token = UserEventCreator.new(current_user: user) + .create_out_of_band_user_event_with_disavowal(:sign_in_notification_timeframe_expired) UserAlerts::AlertUserAboutNewDevice.send_alert(user:, disavowal_event:, disavowal_token:) end diff --git a/app/services/doc_auth/mock/result_response.rb b/app/services/doc_auth/mock/result_response.rb index 36391ed1200..59c1fcb8e6f 100644 --- a/app/services/doc_auth/mock/result_response.rb +++ b/app/services/doc_auth/mock/result_response.rb @@ -156,9 +156,9 @@ def doc_auth_result_from_uploaded_file end def portrait_match_results - parsed_data_from_uploaded_file.dig('portrait_match_results')&. - transform_keys! { |key| key.to_s.camelize }&. - deep_symbolize_keys + parsed_data_from_uploaded_file.dig('portrait_match_results') + &.transform_keys! { |key| key.to_s.camelize } + &.deep_symbolize_keys end def classification_info diff --git a/app/services/doc_auth/processed_alert_to_log_alert_formatter.rb b/app/services/doc_auth/processed_alert_to_log_alert_formatter.rb index 817487661f7..f622d0eb096 100644 --- a/app/services/doc_auth/processed_alert_to_log_alert_formatter.rb +++ b/app/services/doc_auth/processed_alert_to_log_alert_formatter.rb @@ -7,10 +7,10 @@ def log_alerts(alerts) alerts.each do |_key, key_alerts| key_alerts.each do |alert| - alert_name_key = alert[:name]. - downcase. - parameterize(separator: '_'). - to_sym + alert_name_key = alert[:name] + .downcase + .parameterize(separator: '_') + .to_sym side = alert[:side] || 'no_side' diff --git a/app/services/doc_auth/socure/requests/docv_result_request.rb b/app/services/doc_auth/socure/requests/docv_result_request.rb index 8a3662343a6..5be48264e33 100644 --- a/app/services/doc_auth/socure/requests/docv_result_request.rb +++ b/app/services/doc_auth/socure/requests/docv_result_request.rb @@ -68,8 +68,8 @@ def metric_name def docv_transaction_token if IdentityConfig.store.socure_docv_verification_data_test_mode && - IdentityConfig.store.socure_docv_verification_data_test_mode_tokens. - include?(@docv_transaction_token_override) + IdentityConfig.store.socure_docv_verification_data_test_mode_tokens + .include?(@docv_transaction_token_override) return @docv_transaction_token_override end diff --git a/app/services/email_normalizer.rb b/app/services/email_normalizer.rb index ba66230c1ff..e5fc49bc937 100644 --- a/app/services/email_normalizer.rb +++ b/app/services/email_normalizer.rb @@ -37,8 +37,8 @@ def google_mx_record? def mx_records(domain) Resolv::DNS.open do |dns| - dns.getresources(domain, Resolv::DNS::Resource::IN::MX). - map { |r| r.exchange.to_s } + dns.getresources(domain, Resolv::DNS::Resource::IN::MX) + .map { |r| r.exchange.to_s } end end end diff --git a/app/services/flow/flow_state_machine.rb b/app/services/flow/flow_state_machine.rb index a8d35f496e3..0eab05f6c43 100644 --- a/app/services/flow/flow_state_machine.rb +++ b/app/services/flow/flow_state_machine.rb @@ -183,8 +183,8 @@ def analytics_properties flow_path: flow.flow_path, step: current_step, analytics_id: @analytics_id, - }.merge(flow.extra_analytics_properties). - merge(**opt_in_analytics_properties) + }.merge(flow.extra_analytics_properties) + .merge(**opt_in_analytics_properties) end def current_step_name diff --git a/app/services/frontend_logger.rb b/app/services/frontend_logger.rb index b64384e8819..58e7af3ae85 100644 --- a/app/services/frontend_logger.rb +++ b/app/services/frontend_logger.rb @@ -43,9 +43,9 @@ def hash_from_kwargs(hash, callable) # @param [Proc,Method] callable # @return [Array] the names of the kwargs for the callable (both optional and required) def kwargs(callable) - callable. - parameters. - map { |type, name| name if [:key, :keyreq].include?(type) }. - compact + callable + .parameters + .map { |type, name| name if [:key, :keyreq].include?(type) } + .compact end end diff --git a/app/services/gpo_reminder_sender.rb b/app/services/gpo_reminder_sender.rb index 47d49472918..8058ee01ef7 100644 --- a/app/services/gpo_reminder_sender.rb +++ b/app/services/gpo_reminder_sender.rb @@ -32,10 +32,10 @@ def profiles_due_for_reminder(for_letters_sent_before) profile_eligible_range = (IdentityConfig.store.usps_confirmation_max_days + - IdentityConfig.store.gpo_max_profile_age_to_send_letter_in_days). - days.ago..for_letters_sent_before - Profile.joins(:gpo_confirmation_codes). - where( + IdentityConfig.store.gpo_max_profile_age_to_send_letter_in_days) + .days.ago..for_letters_sent_before + Profile.joins(:gpo_confirmation_codes) + .where( gpo_verification_pending_at: profile_eligible_range, gpo_confirmation_codes: { reminder_sent_at: nil }, deactivation_reason: nil, diff --git a/app/services/iaa_reporting_helper.rb b/app/services/iaa_reporting_helper.rb index 2422c1d71df..ce96744ac2f 100644 --- a/app/services/iaa_reporting_helper.rb +++ b/app/services/iaa_reporting_helper.rb @@ -27,9 +27,9 @@ def key # @return [Array] def iaas - Agreements::IaaGtc. - includes(iaa_orders: { integration_usages: :integration }). - flat_map do |gtc| + Agreements::IaaGtc + .includes(iaa_orders: { integration_usages: :integration }) + .flat_map do |gtc| gtc.iaa_orders.flat_map do |iaa_order| issuers = iaa_order.integration_usages.map { |usage| usage.integration.issuer } @@ -47,9 +47,9 @@ def iaas end def partner_accounts - Agreements::PartnerAccount. - includes(integrations: { service_provider: {}, integration_usages: :iaa_order }). - flat_map do |partner_account| + Agreements::PartnerAccount + .includes(integrations: { service_provider: {}, integration_usages: :iaa_order }) + .flat_map do |partner_account| issuers = partner_account.integrations.map do |integration| integration.service_provider.issuer end diff --git a/app/services/id_token_builder.rb b/app/services/id_token_builder.rb index 4222a1fd590..0df1aef172c 100644 --- a/app/services/id_token_builder.rb +++ b/app/services/id_token_builder.rb @@ -16,9 +16,9 @@ def initialize(identity:, code:, custom_expiration: nil, now: Time.zone.now) def id_token JWT.encode( jwt_payload, - AppArtifacts.store.oidc_private_key, + AppArtifacts.store.oidc_primary_private_key, 'RS256', - kid: JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid, + kid: JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid, ) end @@ -31,10 +31,10 @@ def ttl attr_reader :code def jwt_payload - OpenidConnectUserInfoPresenter.new(identity, session_accessor: session_accessor). - user_info. - merge(id_token_claims). - merge(timestamp_claims) + OpenidConnectUserInfoPresenter.new(identity, session_accessor: session_accessor) + .user_info + .merge(id_token_claims) + .merge(timestamp_claims) end def id_token_claims diff --git a/app/services/idv/analytics_events_enhancer.rb b/app/services/idv/analytics_events_enhancer.rb index 2b713d57d8d..41c8c2994e9 100644 --- a/app/services/idv/analytics_events_enhancer.rb +++ b/app/services/idv/analytics_events_enhancer.rb @@ -160,11 +160,11 @@ def self.extra_args_for_method(method_name) private def analytics_attributes(method_name) - AnalyticsEventsEnhancer.extra_args_for_method(method_name). - index_with do |arg_name| + AnalyticsEventsEnhancer.extra_args_for_method(method_name) + .index_with do |arg_name| send(arg_name.to_s).presence - end. - compact + end + .compact end def active_profile_idv_level @@ -178,9 +178,9 @@ def pending_profile_idv_level def profile_history return if !user&.respond_to?(:profiles) - (user&.profiles || []). - sort_by { |profile| profile.created_at }. - map { |profile| ProfileLogging.new(profile) } + (user&.profiles || []) + .sort_by { |profile| profile.created_at } + .map { |profile| ProfileLogging.new(profile) } end def proofing_components diff --git a/app/services/idv/in_person/completion_survey_sender.rb b/app/services/idv/in_person/completion_survey_sender.rb index a295d6d27b0..cfff32ca610 100644 --- a/app/services/idv/in_person/completion_survey_sender.rb +++ b/app/services/idv/in_person/completion_survey_sender.rb @@ -10,8 +10,8 @@ def self.send_completion_survey(user, issuer) return unless user.should_receive_in_person_completion_survey?(issuer) user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address).in_person_completion_survey. - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address).in_person_completion_survey + .deliver_now_or_later end user.mark_in_person_completion_survey_sent(issuer) diff --git a/app/services/pii/attributes.rb b/app/services/pii/attributes.rb index 47c7dc3a9aa..7ab24e3f1bf 100644 --- a/app/services/pii/attributes.rb +++ b/app/services/pii/attributes.rb @@ -23,9 +23,9 @@ module Pii ) do def self.new_from_hash(hash) attrs = new - hash.with_indifferent_access. - slice(*members). - each { |key, val| attrs[key] = val.is_a?(String) ? val.squish : val } + hash.with_indifferent_access + .slice(*members) + .each { |key, val| attrs[key] = val.is_a?(String) ? val.squish : val } attrs end diff --git a/app/services/proofing/aamva/proofer.rb b/app/services/proofing/aamva/proofer.rb index fd7493632bc..d5481d63cb6 100644 --- a/app/services/proofing/aamva/proofer.rb +++ b/app/services/proofing/aamva/proofer.rb @@ -98,19 +98,19 @@ def parse_verification_errors(verification_response) end def requested_attributes(verification_response) - attributes = verification_response. - verification_results.filter { |_, verified| !verified.nil? }. - keys. - to_set + attributes = verification_response + .verification_results.filter { |_, verified| !verified.nil? } + .keys + .to_set normalize_address_attributes(attributes) end def verified_attributes(verification_response) - attributes = verification_response. - verification_results.filter { |_, verified| verified }. - keys. - to_set + attributes = verification_response + .verification_results.filter { |_, verified| verified } + .keys + .to_set normalize_address_attributes(attributes) end diff --git a/app/services/proofing/resolution/plugins/aamva_plugin.rb b/app/services/proofing/resolution/plugins/aamva_plugin.rb index 376e8b7e9a3..16ed6bc9190 100644 --- a/app/services/proofing/resolution/plugins/aamva_plugin.rb +++ b/app/services/proofing/resolution/plugins/aamva_plugin.rb @@ -108,8 +108,8 @@ def user_can_pass_after_state_id_check?( # For failed IV results, this method validates that the user is eligible to pass if the # failed attributes are covered by the same attributes in a successful AAMVA response # aka the Get-to-Yes w/ AAMVA feature. - if !state_id_address_resolution_result. - failed_result_can_pass_with_additional_verification? + if !state_id_address_resolution_result + .failed_result_can_pass_with_additional_verification? return false end @@ -125,8 +125,8 @@ def user_can_pass_after_state_id_check?( # Make a copy of pii with the user's state ID address overwriting the address keys # Need to first remove the address keys to avoid key/value collision def with_state_id_address(pii) - pii.except(*SECONDARY_ID_ADDRESS_MAP.values). - transform_keys(SECONDARY_ID_ADDRESS_MAP) + pii.except(*SECONDARY_ID_ADDRESS_MAP.values) + .transform_keys(SECONDARY_ID_ADDRESS_MAP) end end end diff --git a/app/services/proofing/resolution/plugins/state_id_address_plugin.rb b/app/services/proofing/resolution/plugins/state_id_address_plugin.rb index 59768fbf28d..b7210e8b05e 100644 --- a/app/services/proofing/resolution/plugins/state_id_address_plugin.rb +++ b/app/services/proofing/resolution/plugins/state_id_address_plugin.rb @@ -66,8 +66,8 @@ def same_address_as_id?(applicant_pii) # Make a copy of pii with the user's state ID address overwriting the address keys # Need to first remove the address keys to avoid key/value collision def with_state_id_address(pii) - pii.except(*SECONDARY_ID_ADDRESS_MAP.values). - transform_keys(SECONDARY_ID_ADDRESS_MAP) + pii.except(*SECONDARY_ID_ADDRESS_MAP.values) + .transform_keys(SECONDARY_ID_ADDRESS_MAP) end end end diff --git a/app/services/proofing/resolution/result_adjudicator.rb b/app/services/proofing/resolution/result_adjudicator.rb index 908327ac585..020e404ad61 100644 --- a/app/services/proofing/resolution/result_adjudicator.rb +++ b/app/services/proofing/resolution/result_adjudicator.rb @@ -61,10 +61,10 @@ def should_proof_state_id? private def errors - resolution_result.errors. - merge(residential_resolution_result.errors). - merge(state_id_result.errors). - merge(device_profiling_result.errors || {}) + resolution_result.errors + .merge(residential_resolution_result.errors) + .merge(state_id_result.errors) + .merge(device_profiling_result.errors || {}) end def exception diff --git a/app/services/proofing/socure/id_plus/response.rb b/app/services/proofing/socure/id_plus/response.rb index 085e21c58dd..bf4f1bc1b2c 100644 --- a/app/services/proofing/socure/id_plus/response.rb +++ b/app/services/proofing/socure/id_plus/response.rb @@ -11,8 +11,8 @@ def initialize(http_response) # @return [Hash] def kyc_field_validations - @kyc_field_validations ||= kyc('fieldValidations'). - each_with_object({}) do |(field, valid), obj| + @kyc_field_validations ||= kyc('fieldValidations') + .each_with_object({}) do |(field, valid), obj| obj[field.to_sym] = valid.round == 1 end.freeze end diff --git a/app/services/push_notification/http_push.rb b/app/services/push_notification/http_push.rb index f89d3b700bd..48f24872c8f 100644 --- a/app/services/push_notification/http_push.rb +++ b/app/services/push_notification/http_push.rb @@ -21,10 +21,10 @@ def initialize(event, now: Time.zone.now) def deliver return unless IdentityConfig.store.push_notifications_enabled - event.user. - service_providers. - merge(ServiceProviderIdentity.not_deleted). - with_push_notification_urls.each do |service_provider| + event.user + .service_providers + .merge(ServiceProviderIdentity.not_deleted) + .with_push_notification_urls.each do |service_provider| deliver_one(service_provider) end end @@ -62,10 +62,10 @@ def jwt(service_provider) JWT.encode( payload, - AppArtifacts.store.oidc_private_key, + AppArtifacts.store.oidc_primary_private_key, 'RS256', typ: 'secevent+jwt', - kid: JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid, + kid: JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid, ) end diff --git a/app/services/random_phrase.rb b/app/services/random_phrase.rb index 1c445ec4897..3c3d5ac91a0 100644 --- a/app/services/random_phrase.rb +++ b/app/services/random_phrase.rb @@ -17,9 +17,9 @@ def to_s end def self.format(str, separator: ' ') - normalize(str). - chars.each_slice(WORD_LENGTH).map(&:join).join(separator). - upcase + normalize(str) + .chars.each_slice(WORD_LENGTH).map(&:join).join(separator) + .upcase end def self.normalize(str, num_words: nil) diff --git a/app/services/rate_limiter.rb b/app/services/rate_limiter.rb index f4b18ac4fcc..9554f9e54b5 100644 --- a/app/services/rate_limiter.rb +++ b/app/services/rate_limiter.rb @@ -265,8 +265,8 @@ def self.load_rate_limit_config }, short_term_phone_otp: { max_attempts: IdentityConfig.store.short_term_phone_otp_max_attempts, - attempt_window: IdentityConfig.store. - short_term_phone_otp_max_attempt_window_in_seconds.seconds.in_minutes.to_f, + attempt_window: IdentityConfig.store + .short_term_phone_otp_max_attempt_window_in_seconds.seconds.in_minutes.to_f, }, sign_in_user_id_per_ip: { max_attempts: IdentityConfig.store.sign_in_user_id_per_ip_max_attempts, diff --git a/app/services/reporting/account_deletion_rate_report.rb b/app/services/reporting/account_deletion_rate_report.rb index ed87253b8b6..e8ceab285ae 100644 --- a/app/services/reporting/account_deletion_rate_report.rb +++ b/app/services/reporting/account_deletion_rate_report.rb @@ -29,10 +29,10 @@ def account_deletion_emailable_report def deleted_user_count @deleted_user_count ||= Reports::BaseReport.transaction_with_timeout do - DeletedUser. - where(deleted_at: start_date..end_date). - where('user_created_at < ?', end_date). - count + DeletedUser + .where(deleted_at: start_date..end_date) + .where('user_created_at < ?', end_date) + .count end end diff --git a/app/services/reporting/account_reuse_report.rb b/app/services/reporting/account_reuse_report.rb index 44425eb15fd..644c71320a6 100644 --- a/app/services/reporting/account_reuse_report.rb +++ b/app/services/reporting/account_reuse_report.rb @@ -192,8 +192,9 @@ def update_from_results(results:, total_registered:, total_proofed:) results.each do |details_section| # Only condense the rows if there is more than one row in the 10+ range if details_section.count { |details| details.num_entities >= 10 } > 1 - details_section.select { |details| details.num_entities >= 10 }. - reduce do |condensed_row, captured_row| + details_section + .select { |details| details.num_entities >= 10 } + .reduce do |condensed_row, captured_row| # Delete any rows after the first captured_row (which becomes the condensed_row) details_section.delete(captured_row) if captured_row != condensed_row condensed_row.update_details( diff --git a/app/services/reporting/active_users_count_report.rb b/app/services/reporting/active_users_count_report.rb index 7ba3fd9f871..3819354c466 100644 --- a/app/services/reporting/active_users_count_report.rb +++ b/app/services/reporting/active_users_count_report.rb @@ -112,8 +112,8 @@ def monthly_active_users_apg def fiscal_year_active_users_per_quarter_cumulative @fiscal_year_active_users_per_quarter_cumulative ||= begin data_by_quarter = {} - cumulative_quarter_ranges. - map do |quarter_range| + cumulative_quarter_ranges + .map do |quarter_range| data_by_quarter[quarter_range] ||= Reports::BaseReport.transaction_with_timeout do ReportRow.from_hash_time_range( time_range: quarter_range, @@ -131,8 +131,8 @@ def fiscal_year_active_users_per_quarter_cumulative def apg_fiscal_year_active_users_per_quarter_cumulative @apg_fiscal_year_active_users_per_quarter_cumulative ||= begin data_by_quarter = {} - cumulative_quarter_ranges. - map do |quarter_range| + cumulative_quarter_ranges + .map do |quarter_range| data_by_quarter[quarter_range] ||= Reports::BaseReport.transaction_with_timeout do ReportRow.from_hash_time_range( time_range: quarter_range, diff --git a/app/services/reporting/agency_and_sp_report.rb b/app/services/reporting/agency_and_sp_report.rb index d58744e3a31..a61f28099c2 100644 --- a/app/services/reporting/agency_and_sp_report.rb +++ b/app/services/reporting/agency_and_sp_report.rb @@ -48,30 +48,30 @@ def agency_and_sp_emailable_report end def active_agencies - @active_agencies ||= Agency.joins(:partner_accounts). - where(partner_accounts: { + @active_agencies ||= Agency.joins(:partner_accounts) + .where(partner_accounts: { partner_account_status: Agreements::PartnerAccountStatus.find_by(name: 'active'), became_partner: ..report_date, - }). - distinct + }) + .distinct end def service_providers @service_providers ||= Reports::BaseReport.transaction_with_timeout do - issuers = ServiceProviderIdentity. - where('created_at <= ?', report_date). - distinct. - pluck(:service_provider) + issuers = ServiceProviderIdentity + .where('created_at <= ?', report_date) + .distinct + .pluck(:service_provider) ServiceProvider.where(issuer: issuers).active.external end end def facial_match_issuers @facial_match_issuers ||= Reports::BaseReport.transaction_with_timeout do - Profile.active.facial_match_opt_in. - where('verified_at <= ?', report_date.end_of_day). - distinct. - pluck(:initiating_service_provider_issuer) + Profile.active.facial_match_opt_in + .where('verified_at <= ?', report_date.end_of_day) + .distinct + .pluck(:initiating_service_provider_issuer) end end end diff --git a/app/services/reset_user_password.rb b/app/services/reset_user_password.rb index d9cd79ee3a4..60ce8bf7c14 100644 --- a/app/services/reset_user_password.rb +++ b/app/services/reset_user_password.rb @@ -29,14 +29,14 @@ def forget_all_browsers end def log_event - UserEventCreator.new(current_user: user). - create_out_of_band_user_event(:password_invalidated) + UserEventCreator.new(current_user: user) + .create_out_of_band_user_event(:password_invalidated) end def notify_user user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address).please_reset_password. - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address).please_reset_password + .deliver_now_or_later end end end diff --git a/app/services/send_add_email_confirmation.rb b/app/services/send_add_email_confirmation.rb index 3fb0641b627..ec51a76c182 100644 --- a/app/services/send_add_email_confirmation.rb +++ b/app/services/send_add_email_confirmation.rb @@ -37,9 +37,9 @@ def update_email_address_record def already_confirmed_by_another_user? EmailAddress.where( email_fingerprint: Pii::Fingerprinter.fingerprint(email_address.email), - ).where.not(confirmed_at: nil). - where.not(user_id: email_address.user_id). - first + ).where.not(confirmed_at: nil) + .where.not(user_id: email_address.user_id) + .first end def send_email @@ -54,8 +54,8 @@ def send_email_associated_with_another_account_email UserMailer.with( user: user, email_address: email_address, - ).add_email_associated_with_another_account. - deliver_now_or_later + ).add_email_associated_with_another_account + .deliver_now_or_later end def send_confirmation_email diff --git a/app/services/sp_return_url_resolver.rb b/app/services/sp_return_url_resolver.rb index 0e2f2e3bfd8..ad397eb3035 100644 --- a/app/services/sp_return_url_resolver.rb +++ b/app/services/sp_return_url_resolver.rb @@ -25,7 +25,9 @@ def homepage_url end def post_idv_follow_up_url - service_provider.post_idv_follow_up_url || homepage_url + url = service_provider.post_idv_follow_up_url || homepage_url + return if url.blank? + format(url.to_s, locale: I18n.locale.to_s) end private diff --git a/app/services/user_alerts/alert_user_about_account_rejected.rb b/app/services/user_alerts/alert_user_about_account_rejected.rb index 3a664229755..74210e91bbf 100644 --- a/app/services/user_alerts/alert_user_about_account_rejected.rb +++ b/app/services/user_alerts/alert_user_about_account_rejected.rb @@ -4,9 +4,9 @@ module UserAlerts class AlertUserAboutAccountRejected def self.call(user) user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address). - account_rejected. - deliver_now_or_later + UserMailer.with(user: user, email_address: email_address) + .account_rejected + .deliver_now_or_later end end end diff --git a/app/services/user_alerts/alert_user_about_password_change.rb b/app/services/user_alerts/alert_user_about_password_change.rb index ae2045b429d..97e82a49f6a 100644 --- a/app/services/user_alerts/alert_user_about_password_change.rb +++ b/app/services/user_alerts/alert_user_about_password_change.rb @@ -4,8 +4,8 @@ module UserAlerts class AlertUserAboutPasswordChange def self.call(user, disavowal_token) user.confirmed_email_addresses.each do |email_address| - UserMailer.with(user: user, email_address: email_address). - password_changed(disavowal_token: disavowal_token).deliver_now_or_later + UserMailer.with(user: user, email_address: email_address) + .password_changed(disavowal_token: disavowal_token).deliver_now_or_later end end end diff --git a/app/services/usps_in_person_proofing/enrollment_helper.rb b/app/services/usps_in_person_proofing/enrollment_helper.rb index c6599c3f2e0..374838c8965 100644 --- a/app/services/usps_in_person_proofing/enrollment_helper.rb +++ b/app/services/usps_in_person_proofing/enrollment_helper.rb @@ -20,8 +20,8 @@ def schedule_in_person_enrollment(user:, pii:, is_enhanced_ipp:, opt_in: nil) # Send state ID address to USPS pii = pii.to_h if !enrollment.current_address_matches_id? - pii = pii.except(*SECONDARY_ID_ADDRESS_MAP.values). - transform_keys(SECONDARY_ID_ADDRESS_MAP) + pii = pii.except(*SECONDARY_ID_ADDRESS_MAP.values) + .transform_keys(SECONDARY_ID_ADDRESS_MAP) end enrollment_code = create_usps_enrollment(enrollment, pii, is_enhanced_ipp) @@ -85,10 +85,10 @@ def create_usps_enrollment(enrollment, pii, is_enhanced_ipp) end def cancel_stale_establishing_enrollments_for_user(user) - user. - in_person_enrollments. - where(status: :establishing). - find_each(&:cancelled!) + user + .in_person_enrollments + .where(status: :establishing) + .find_each(&:cancelled!) end def usps_proofer @@ -120,15 +120,15 @@ def localized_hours(hours) if hours == 'Closed' I18n.t('in_person_proofing.body.barcode.retail_hours_closed') elsif hours.include?(' - ') # Hyphen - hours. - split(' - '). # Hyphen - map { |time| Time.zone.parse(time).strftime(I18n.t('time.formats.event_time')) }. - join(' – ') # Endash + hours + .split(' - ') # Hyphen + .map { |time| Time.zone.parse(time).strftime(I18n.t('time.formats.event_time')) } + .join(' – ') # Endash elsif hours.include?(' – ') # Endash - hours. - split(' – '). # Endash - map { |time| Time.zone.parse(time).strftime(I18n.t('time.formats.event_time')) }. - join(' – ') # Endash + hours + .split(' – ') # Endash + .map { |time| Time.zone.parse(time).strftime(I18n.t('time.formats.event_time')) } + .join(' – ') # Endash else hours end diff --git a/app/services/uuid_reporter.rb b/app/services/uuid_reporter.rb index a8348eaee36..e9d17649fec 100644 --- a/app/services/uuid_reporter.rb +++ b/app/services/uuid_reporter.rb @@ -64,11 +64,11 @@ def all_issuers_belong_to_an_sp? end def all_issuers_belong_to_same_agency? - agency_count = Agency. - joins(:service_providers). - where(service_providers: { issuer: issuers }). - distinct. - count + agency_count = Agency + .joins(:service_providers) + .where(service_providers: { issuer: issuers }) + .distinct + .count return if agency_count == 1 @@ -82,9 +82,9 @@ def validate_output end def find_agency - Agency. - joins(:service_providers). - find_by(service_providers: { issuer: issuers.first }) + Agency + .joins(:service_providers) + .find_by(service_providers: { issuer: issuers.first }) end def collect_user_ids @@ -102,12 +102,12 @@ def collect_identities(agency, emails_to_user_ids) # Note that we use two separate queries since the inner joins don't take # advantage of the composite indexes and are highly non-performant. actual_user_ids = emails_to_user_ids.values.select(&:present?) - user_ids_with_identities = ServiceProviderIdentity. - where(user_id: actual_user_ids, service_provider: issuers). - pluck(:user_id) - agency_identities = AgencyIdentity. - select(:uuid, :user_id). - where(user_id: user_ids_with_identities, agency_id: agency.id) + user_ids_with_identities = ServiceProviderIdentity + .where(user_id: actual_user_ids, service_provider: issuers) + .pluck(:user_id) + agency_identities = AgencyIdentity + .select(:uuid, :user_id) + .where(user_id: user_ids_with_identities, agency_id: agency.id) uuid_hash = agency_identities.map { |record| [record.user_id, record.uuid] }.to_h emails_to_user_ids.transform_values { |user_id| uuid_hash[user_id] } diff --git a/app/views/sign_up/completions/show.html.erb b/app/views/sign_up/completions/show.html.erb index b40f9ce2a3c..15dfc999cb9 100644 --- a/app/views/sign_up/completions/show.html.erb +++ b/app/views/sign_up/completions/show.html.erb @@ -46,11 +46,7 @@
<%= attribute_value.to_s %>

- <% if @presenter.multiple_emails? %> - <%= link_to t('help_text.requested_attributes.change_email_link'), sign_up_select_email_path %> - <% else %> - <%= link_to t('account.index.email_add'), add_email_path(in_select_email_flow: true) %> - <% end %> + <%= link_to t('help_text.requested_attributes.change_email_link'), sign_up_select_email_path %>

<% else %> diff --git a/app/views/users/service_provider_inactive/index.html.erb b/app/views/users/service_provider_inactive/index.html.erb index b6a7e49e83b..1d39be207d8 100644 --- a/app/views/users/service_provider_inactive/index.html.erb +++ b/app/views/users/service_provider_inactive/index.html.erb @@ -11,6 +11,6 @@ <%= t('service_providers.errors.inactive.instructions2') %>

- <% c.with_action_button(url: root_path). - with_content(t('service_providers.errors.inactive.button_text', app_name: APP_NAME)) %> + <% c.with_action_button(url: root_path) + .with_content(t('service_providers.errors.inactive.button_text', app_name: APP_NAME)) %> <% end %> diff --git a/config/artifacts.example/local/oidc_secondary.key b/config/artifacts.example/local/oidc_secondary.key new file mode 100644 index 00000000000..518378f7ca4 --- /dev/null +++ b/config/artifacts.example/local/oidc_secondary.key @@ -0,0 +1,30 @@ +This is a public example key used for testing and local development. +Even though it appears to be a private key, it is not secret and is intended to be public. + +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1a4Vx1KKS9ByDlNgX+Z7hiojyA9U5f8iu4wNesiOdtWmHG9O +d7QsIpPV2A/yf7Y0X2nEWAABdHtAmrvmmJbP1aofmhaxAmYQXYJSloACZFA5qVdT +cV2jKA3+ZCCgZDj6bXWhERFQRIBbKIc7VWtxM/M5lhpnTEsy55XIN0iXoq1cM539 +GtKp5XfGTQ1Pv9ovCJ1//WH1vBnhXwd62kExk+Snp/9X+eLBoguQcNofphQOsLIu +b7t9YuqI9xbQZDCfy280R3jV6K9g/ZlIoKfE18q9MI5n4U7L8W0/DopImyYCJltM +zcJtcvSUVCapOK+bnwnnaDvke67lA1kyReZnmwIDAQABAoIBAQC1xR9VrctjbvB3 +a0nCishtew9xMkmgVYdwT1VwK4e1Y02pRq5TeftJdsUkxXweVBr9R3X0/hw+wFJW +zpz9FN27/rpfVApD5hrp0OD8kex29R/4BAdBmsweWLkc5/xJBYdS8guP/1Bu1Vm2 +gkNhCMMF1FQacl+JMTcedfYZwTDs+kjX4i5ccY9xXdHQSYikCSZOcrcqD5949FZd +3SjIMrYaY8Mf6WFsWXMzsXNef7eVoeK7MLPbe9+jsdyrswk/3qMrUSmYG+hVSkCp +lO0S3ZD+INbOHQe0x3v88rNMJVe6VrwFMauDDXs3s7TVelqDjsyA8uAKCUR+amVj +9/6e7d4RAoGBAP8RZlOVTkfKxgZPjoYEOVq9kMRCbF+4S/6ZGflpNBEQAPyegooh +5GP7k/QzqA+D9wHIl7ATslW3i3CNOnhIX77TuRanErtQ6KMSKoX4I+FBJyZWpFml +FF9t5xkRrUHLk3dP925y/ZguuQHWOsO4jZOn0lSYGYSCYTwoR+X4jX7PAoGBANZ1 ++DECFAA6R+/0/neHuzHOFukrIJicekBm0mkIq333DjXAZBDZsqNG6lbfpNCe5Z/J +zv0BCL7m50ypmRh6jp8lqndm8A/ONy4XkB9QrYd+ftTIZGm3bvFdjgbqNUGplfwQ +yFF/mcvY/2y48M9Uwr+SDPJZNzhGAxQQ/3zjwh11AoGAXziNrNJmYOLQPnbgzCMz +ji6KptntP2a76BYb3kJqD5yb4bMDJLI2YyT+PQIz0WcAhYfvKOqRfvKAecofc9wA +8mp0BILmuUshLg+QFGdobaU3Clb6EAVSr7WFupQgzBlFuhr+UhtXlMKMiqUBVyPE +psTV/oKxtAhAaIbZIH9Dw30CgYEAwgMG/I78uRgAbDwe2NOZrXzbjSTO4EDu98QN +JagKPHJ8EHR0EipfSQamiODZoUGeSeevsYJ1/v200c28CkEVNTRF+q7NDf9oO/Jl +F29NDP6KjsSa0mh3nTMdgXPvqe9ZGCe2kMP2xksRB7JnZ6kuZVAjFjtPkUEFF+oo +tzr0KOECgYEA7jLXEmtJZtdaHRzgEb2DxwNiHzfUg7mrBn3tbfB5V3yDdRtMzXRk +ASMMc7n+wh553Ms9A8X/75yX/Lt2+viA0q8L/ideZl7b1Of5I4E4c92WGQ0P6x6E +9JV6vfZzsKjmOBux52vvxjCUHLaBEL6y8e4mteMgvQJbY8aimU19dgU= +-----END RSA PRIVATE KEY----- diff --git a/config/artifacts.example/local/oidc_secondary.pub b/config/artifacts.example/local/oidc_secondary.pub new file mode 100644 index 00000000000..f950dab5d4b --- /dev/null +++ b/config/artifacts.example/local/oidc_secondary.pub @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1a4Vx1KKS9ByDlNgX+Z7 +hiojyA9U5f8iu4wNesiOdtWmHG9Od7QsIpPV2A/yf7Y0X2nEWAABdHtAmrvmmJbP +1aofmhaxAmYQXYJSloACZFA5qVdTcV2jKA3+ZCCgZDj6bXWhERFQRIBbKIc7VWtx +M/M5lhpnTEsy55XIN0iXoq1cM539GtKp5XfGTQ1Pv9ovCJ1//WH1vBnhXwd62kEx +k+Snp/9X+eLBoguQcNofphQOsLIub7t9YuqI9xbQZDCfy280R3jV6K9g/ZlIoKfE +18q9MI5n4U7L8W0/DopImyYCJltMzcJtcvSUVCapOK+bnwnnaDvke67lA1kyReZn +mwIDAQAB +-----END PUBLIC KEY----- diff --git a/config/initializers/app_artifacts.rb b/config/initializers/app_artifacts.rb index 2f82b258b3a..0f7fe61374a 100644 --- a/config/initializers/app_artifacts.rb +++ b/config/initializers/app_artifacts.rb @@ -10,12 +10,52 @@ store.add_artifact(:saml_2024_cert, '/%s/saml2024.crt') store.add_artifact(:saml_2024_key, '/%s/saml2024.key.enc') - store.add_artifact(:oidc_private_key, '/%s/oidc.key') { |k| OpenSSL::PKey::RSA.new(k) } - store.add_artifact(:oidc_public_key, '/%s/oidc.pub') { |k| OpenSSL::PKey::RSA.new(k) } + store.add_artifact(:oidc_primary_private_key, '/%s/oidc.key') do |k| + OpenSSL::PKey::RSA.new(k) + end + store.add_artifact(:oidc_primary_public_key, '/%s/oidc.pub') do |k| + OpenSSL::PKey::RSA.new(k) + end + store.add_artifact( + :oidc_secondary_private_key, '/%s/oidc_secondary.key', + allow_missing: true + ) do |k| + OpenSSL::PKey::RSA.new(k) + end + store.add_artifact( + :oidc_secondary_public_key, '/%s/oidc_secondary.pub', + allow_missing: true + ) do |k| + OpenSSL::PKey::RSA.new(k) + end end -valid = OpenidConnectKeyValidation.valid?( - public_key: AppArtifacts.store.oidc_public_key, - private_key: AppArtifacts.store.oidc_private_key, +primary_valid = OpenidConnectKeyValidation.valid?( + public_key: AppArtifacts.store.oidc_primary_public_key, + private_key: AppArtifacts.store.oidc_primary_private_key, ) -raise 'OIDC Public/Private Keys do not match' if !valid +raise 'OIDC Primary Public/Private Keys do not match' if !primary_valid + +secondary_valid = + (AppArtifacts.store.oidc_secondary_private_key.nil? && + AppArtifacts.store.oidc_secondary_public_key.nil?) || + OpenidConnectKeyValidation.valid?( + public_key: AppArtifacts.store.oidc_secondary_public_key, + private_key: AppArtifacts.store.oidc_secondary_private_key, + ) +raise 'OIDC Secondary Public/Private Keys are invalid' if !secondary_valid + +Rails.application.configure do + config.oidc_public_key = AppArtifacts.store.oidc_primary_public_key + config.oidc_private_key = AppArtifacts.store.oidc_primary_private_key + + config.oidc_public_key_queue = [ + AppArtifacts.store.oidc_primary_public_key, + AppArtifacts.store.oidc_secondary_public_key, + ].compact.freeze + + config.oidc_private_key_queue = [ + AppArtifacts.store.oidc_primary_private_key, + AppArtifacts.store.oidc_secondary_private_key, + ].compact.freeze +end diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 683412da5f8..9c625df443d 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -34,8 +34,8 @@ Warden::Manager.after_authentication do |user, auth, options| if auth.env['action_dispatch.cookies'] expected_cookie_value = "#{user.class}-#{user.id}" - actual_cookie_value = auth.env['action_dispatch.cookies']. - signed[TwoFactorAuthenticatable::REMEMBER_2FA_COOKIE] + actual_cookie_value = auth.env['action_dispatch.cookies'] + .signed[TwoFactorAuthenticatable::REMEMBER_2FA_COOKIE] bypass_by_cookie = actual_cookie_value == expected_cookie_value end diff --git a/config/locales/en.yml b/config/locales/en.yml index cde8b2451ec..89b9f965ec0 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -590,7 +590,7 @@ doc_auth.headers.underage: Age requirement not met doc_auth.headers.unreadable_id: We could not read your ID doc_auth.headings.address: Update your mailing address doc_auth.headings.back: Back of your driver’s license or state ID -doc_auth.headings.capture_complete: We verified your ID +doc_auth.headings.capture_complete: We verified your identity document doc_auth.headings.capture_scan_warning_html: We couldn’t read the barcode on your ID. If the information below is incorrect, please %{link_html} of your state‑issued ID. doc_auth.headings.capture_scan_warning_link: upload new photos doc_auth.headings.document_capture: Add photos of your driver’s license or state ID card diff --git a/config/locales/es.yml b/config/locales/es.yml index 432d79dfa10..e790124af69 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -601,7 +601,7 @@ doc_auth.headers.underage: No se cumplió con el requisito de edad doc_auth.headers.unreadable_id: No pudimos leer su identificación doc_auth.headings.address: Actualice su dirección postal doc_auth.headings.back: Reverso de su licencia de conducir o identificación estatal -doc_auth.headings.capture_complete: Verificamos su identificación +doc_auth.headings.capture_complete: Verificamos su documento de identidad doc_auth.headings.capture_scan_warning_html: No pudimos leer el código de barras en su identificación. Si la información que aparece a continuación es incorrecta, %{link_html} de su identificación emitida por el estado. doc_auth.headings.capture_scan_warning_link: cargue nuevas fotos doc_auth.headings.document_capture: Añade fotos de tu licencia de conducir o credencial de identificación oficial @@ -1978,7 +1978,7 @@ user_mailer.reset_password_instructions.footer: Este vínculo vence en %{expires user_mailer.reset_password_instructions.gpo_letter_description: Si restablece su contraseña, el código de verificación que recibió en su carta ya no funcionará y tendrá que volver a verificar su identidad. user_mailer.reset_password_instructions.gpo_letter_header: Su carta está en camino user_mailer.reset_password_instructions.header: Para terminar de restablecer su contraseña, haga clic en el enlace de abajo o copie y pegue el enlace completo en su navegador. -user_mailer.reset_password_instructions.in_person_warning_description_html: If you reset your password now, your barcode will not work at the Post Office. You’ll have to restart the identity verification process from the beginning. +user_mailer.reset_password_instructions.in_person_warning_description_html: Si restablece su contraseña ahora, su código de barras no funcionará en la oficina de correos. Tendrá que volver a iniciar el proceso de verificación de identidad desde el principio. user_mailer.reset_password_instructions.link_text: Restablezca su contraseña user_mailer.reset_password_instructions.subject: Restablezca su contraseña user_mailer.signup_with_your_email.help_html: Si usted no solicitó una cuenta nueva o sospecha que hubo un error, visite la %{help_link_html} de %{app_name_html} o %{contact_link_html}. diff --git a/config/locales/fr.yml b/config/locales/fr.yml index c744644e554..6775afb05c9 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -1966,7 +1966,7 @@ user_mailer.reset_password_instructions.footer: Ce lien expire dans %{expires} h user_mailer.reset_password_instructions.gpo_letter_description: Si vous réinitialisez votre mot de passe, le code de vérification contenu dans votre lettre ne fonctionnera plus et vous devrez reconfirmer votre identité. user_mailer.reset_password_instructions.gpo_letter_header: Votre lettre est en route user_mailer.reset_password_instructions.header: Pour terminer la réinitialisation de votre mot de passe, veuillez cliquer sur le lien ci-dessous ou copier et coller le lien complet dans votre navigateur. -user_mailer.reset_password_instructions.in_person_warning_description_html: If you reset your password now, your barcode will not work at the Post Office. You’ll have to restart the identity verification process from the beginning. +user_mailer.reset_password_instructions.in_person_warning_description_html: Si vous réinitialisez maintenant votre mot de passe, votre code-barres ne fonctionnera pas au bureau de poste. Vous devrez recommencer la procédure de vérification d’identité depuis le début. user_mailer.reset_password_instructions.link_text: Réinitialiser votre mot de passe user_mailer.reset_password_instructions.subject: Réinitialiser votre mot de passe user_mailer.signup_with_your_email.help_html: Si vous n’avez pas demandé un nouveau compte ou soupçonnez qu’une erreur s’est produite, veuillez visiter le %{help_link_html} de %{app_name_html} ou %{contact_link_html}. diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 38951fa9ead..aaebc735fad 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -601,7 +601,7 @@ doc_auth.headers.underage: 不符合年龄规定 doc_auth.headers.unreadable_id: 我们无法读取你的身份证件 doc_auth.headings.address: 更新你的邮政地址 doc_auth.headings.back: 驾照或州政府颁发身份证件的背面。 -doc_auth.headings.capture_complete: 我们验证了你的身份证件 +doc_auth.headings.capture_complete: 我们验证了你的身份文件 doc_auth.headings.capture_scan_warning_html: 我们读取不到你身份证件上的条形码。如果以下信息不正确,请将州政府颁发的身份证件%{link_html}。 doc_auth.headings.capture_scan_warning_link: 上传新照片 doc_auth.headings.document_capture: 添加你身份证件的照片 @@ -1979,7 +1979,7 @@ user_mailer.reset_password_instructions.footer: 这一链接 %{expires} 小时 user_mailer.reset_password_instructions.gpo_letter_description: 如果你重设密码,信件中的一次性代码就会失效,你需要再次验证身份。 user_mailer.reset_password_instructions.gpo_letter_header: 你的信件已寄出。 user_mailer.reset_password_instructions.header: 要完成重设密码,请点击下面的链接或把整个链接复制并黏贴进浏览器。 -user_mailer.reset_password_instructions.in_person_warning_description_html: If you reset your password now, your barcode will not work at the Post Office. You’ll have to restart the identity verification process from the beginning. +user_mailer.reset_password_instructions.in_person_warning_description_html: 如果你现在重设密码,你的条形码在邮局将无法使用。你会不得不从头开始身份验证流程。 user_mailer.reset_password_instructions.link_text: 重设你的密码 user_mailer.reset_password_instructions.subject: 重设你的密码 user_mailer.signup_with_your_email.help_html: 如果你没有要求一封新电邮或怀疑有错, 请访问 %{app_name_html}的 %{help_link_html} 或者 %{contact_link_html}。 diff --git a/dockerfiles/idp_ci.Dockerfile b/dockerfiles/idp_ci.Dockerfile index d09f0814808..4c7a8edc18e 100644 --- a/dockerfiles/idp_ci.Dockerfile +++ b/dockerfiles/idp_ci.Dockerfile @@ -1,6 +1,6 @@ -FROM public.ecr.aws/docker/library/ruby:3.3.4-bullseye +FROM public.ecr.aws/docker/library/ruby:3.3.6-bullseye -ENV NODE_MAJOR 20 +ENV NODE_MAJOR 22 RUN mkdir -p /etc/apt/keyrings RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg diff --git a/dockerfiles/idp_deploy.Dockerfile b/dockerfiles/idp_deploy.Dockerfile index 9b525d3433c..fd0a900d5e5 100644 --- a/dockerfiles/idp_deploy.Dockerfile +++ b/dockerfiles/idp_deploy.Dockerfile @@ -6,7 +6,7 @@ # avoid having build-essential and the large-files token be in the # main image. ######################################################################### -FROM ruby:3.3.4-slim as builder +FROM public.ecr.aws/docker/library/ruby:3.3.6-slim as builder # Set environment variables ENV RAILS_ROOT /app @@ -16,7 +16,7 @@ ENV RAILS_LOG_TO_STDOUT true ENV RAILS_LOG_LEVEL debug ENV BUNDLE_PATH /app/vendor/bundle ENV YARN_VERSION 1.22.5 -ENV NODE_VERSION 20.10.0 +ENV NODE_VERSION 22.11.0 ENV BUNDLER_VERSION 2.5.6 # Install dependencies @@ -140,7 +140,7 @@ RUN openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1825 \ ######################################################################### # This is the main image. ######################################################################### -FROM ruby:3.3.4-slim as main +FROM public.ecr.aws/docker/library/ruby:3.3.6-slim as main # Set environment variables ENV RAILS_ROOT /app diff --git a/dockerfiles/idp_review_app.Dockerfile b/dockerfiles/idp_review_app.Dockerfile index f868dd044c7..95187310cd7 100644 --- a/dockerfiles/idp_review_app.Dockerfile +++ b/dockerfiles/idp_review_app.Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:3.3.4-slim +FROM ruby:3.3.6-slim # Set environment variables ENV RAILS_ROOT /app @@ -10,7 +10,7 @@ ENV LOGIN_CONFIG_FILE $RAILS_ROOT/tmp/application.yml ENV RAILS_LOG_LEVEL debug ENV BUNDLE_PATH /usr/local/bundle ENV YARN_VERSION 1.22.5 -ENV NODE_VERSION 20.10.0 +ENV NODE_VERSION 22.11.0 ENV BUNDLER_VERSION 2.5.6 ENV POSTGRES_SSLMODE prefer ENV POSTGRES_NAME idp diff --git a/docs/local-development.md b/docs/local-development.md index de3579432ea..dafdbf7daa0 100644 --- a/docs/local-development.md +++ b/docs/local-development.md @@ -24,7 +24,7 @@ If not using macOS: - Ruby. Choose the version [in the `.ruby-version` file](../.ruby-version) - [PostgreSQL](http://www.postgresql.org/download/) - [Redis 7+](http://redis.io/) - - [Node.js v20](https://nodejs.org) + - [Node.js v22](https://nodejs.org) - [Yarn](https://yarnpkg.com/en/) - [chromedriver](https://formulae.brew.sh/cask/chromedriver) diff --git a/lib/action_account.rb b/lib/action_account.rb index f9fc88b0ba7..74b920e3c9d 100644 --- a/lib/action_account.rb +++ b/lib/action_account.rb @@ -283,8 +283,8 @@ def run(args:, config:) success = true if profile.active? - UserEventCreator.new(current_user: user). - create_out_of_band_user_event(:account_verified) + UserEventCreator.new(current_user: user) + .create_out_of_band_user_event(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call(profile: profile) log_texts << log_text[:profile_activated] diff --git a/lib/analytics_events_documenter.rb b/lib/analytics_events_documenter.rb index 09ccf8bcf77..60161c85626 100644 --- a/lib/analytics_events_documenter.rb +++ b/lib/analytics_events_documenter.rb @@ -185,8 +185,8 @@ def analytics_methods database.select do |_k, object| # this check will fail if the namespace is nested more than once - method_object_name_parts = [object.namespace&.parent&.name, object.namespace&.name]. - select { |part| part.present? && part != :root } + method_object_name_parts = [object.namespace&.parent&.name, object.namespace&.name] + .select { |part| part.present? && part != :root } object.type == :method && method_object_name_parts == class_name_parts end.values diff --git a/lib/app_artifacts.rb b/lib/app_artifacts.rb index 31f2ebb82c7..379f7af6b8f 100644 --- a/lib/app_artifacts.rb +++ b/lib/app_artifacts.rb @@ -27,10 +27,11 @@ def build # @param [Symbol] name # @param [String] path - def add_artifact(name, path) + # @param [Boolean] allow_missing + def add_artifact(name, path, allow_missing: false) value = read_artifact(path) - raise MissingArtifactError.new("missing artifact: #{path}") if value.nil? - value = yield(value) if block_given? + raise MissingArtifactError.new("missing artifact: #{path}") if value.nil? && !allow_missing + value = yield(value) if block_given? && value @artifacts[name] = value nil end diff --git a/lib/data_pull.rb b/lib/data_pull.rb index 35603fe46a1..1a2749dfda6 100644 --- a/lib/data_pull.rb +++ b/lib/data_pull.rb @@ -99,10 +99,10 @@ def run(args:, config:) table = [] table << %w[partner_uuid source internal_uuid deleted] - identities = ServiceProviderIdentity. - includes(:user, :deleted_user, :agency). - where(uuid: partner_uuids). - order(:uuid) + identities = ServiceProviderIdentity + .includes(:user, :deleted_user, :agency) + .where(uuid: partner_uuids) + .order(:uuid) identities.each do |identity| table << [ @@ -283,9 +283,9 @@ def run(args:, config:) table = [] table << %w[login_uuid agency issuer external_uuid] - User.includes(:agency_identities, identities: { service_provider_record: :agency }). - where(uuid: login_uuids). - then do |scope| + User.includes(:agency_identities, identities: { service_provider_record: :agency }) + .where(uuid: login_uuids) + .then do |scope| if config.requesting_issuers.present? scope.where(service_provider_record: { issuer: config.requesting_issuers }) else diff --git a/lib/makefile_help_parser.rb b/lib/makefile_help_parser.rb index 2664f300ba3..023e37c4f5f 100644 --- a/lib/makefile_help_parser.rb +++ b/lib/makefile_help_parser.rb @@ -101,9 +101,9 @@ def build_expanded_targets expanded_makefile.split("\n\n").map do |stanza| m = stanza.match(/^# .* \(from [`']#{makefile_path}', line (?\d+)\):$/) [stanza, m && m[:lineno].to_i] - end. - select { |_stanza, lineno| lineno }. - each do |stanza, lineno| + end + .select { |_stanza, lineno| lineno } + .each do |stanza, lineno| target = stanza.split("\n").first.split(':').first targets[lineno] << target diff --git a/lib/pinpoint_supported_countries.rb b/lib/pinpoint_supported_countries.rb index d712048d64b..35201f1267e 100644 --- a/lib/pinpoint_supported_countries.rb +++ b/lib/pinpoint_supported_countries.rb @@ -54,10 +54,10 @@ def merge(other) def run country_dialing_codes = load_country_dialing_codes - duplicate_iso = country_dialing_codes. - group_by(&:iso_code). - select { |_iso, arr| arr.size > 1 }. - keys + duplicate_iso = country_dialing_codes + .group_by(&:iso_code) + .select { |_iso, arr| arr.size > 1 } + .keys raise "error countries with duplicate iso codes: #{duplicate_iso}" if duplicate_iso.size > 0 @@ -71,10 +71,10 @@ def run # @return [Array] def sms_support - TableConverter.new(download(PINPOINT_SMS_URL)). - convert. - select { |sms_config| sms_config['ISO code'] }. # skip section rows - map do |sms_config| + TableConverter.new(download(PINPOINT_SMS_URL)) + .convert + .select { |sms_config| sms_config['ISO code'] } # skip section rows + .map do |sms_config| iso_code = sms_config['ISO code'] supports_sms = case trim_spaces(sms_config['Supports Sender IDs']) when 'Registration required1' diff --git a/lib/pwned_password_downloader.rb b/lib/pwned_password_downloader.rb index 21699aed998..f1ae977d447 100755 --- a/lib/pwned_password_downloader.rb +++ b/lib/pwned_password_downloader.rb @@ -96,12 +96,12 @@ def already_downloaded?(prefix) # @return [String] def download_one(prefix:, net_http: Net::HTTP::Persistent.new, keep: keep_threshold) - net_http. - request(URI.join(RANGE_API_ROOT, prefix)). - body. - each_line(chomp: true). - select { |line| line[OCCURRENCE_OFFSET..].to_i >= keep }. - reduce('') { |result, line| result + "#{prefix}#{line}\n" } + net_http + .request(URI.join(RANGE_API_ROOT, prefix)) + .body + .each_line(chomp: true) + .select { |line| line[OCCURRENCE_OFFSET..].to_i >= keep } + .reduce('') { |result, line| result + "#{prefix}#{line}\n" } end def write_one(prefix:, content:) diff --git a/lib/query_tracker.rb b/lib/query_tracker.rb index 9f89059a03a..45ea433c12a 100644 --- a/lib/query_tracker.rb +++ b/lib/query_tracker.rb @@ -11,8 +11,8 @@ class QueryTracker def self.track queries = Hash.new { |h, k| h[k] = [] } - subscriber = ActiveSupport::Notifications. - subscribe('sql.active_record') do |_name, _start, _finish, _id, payload| + subscriber = ActiveSupport::Notifications + .subscribe('sql.active_record') do |_name, _start, _finish, _id, payload| sql = payload[:sql] action = sql.split(' ').first.downcase.to_sym diff --git a/lib/reporting/fraud_metrics_lg99_report.rb b/lib/reporting/fraud_metrics_lg99_report.rb index 6dc7f0e6419..759a47858b0 100644 --- a/lib/reporting/fraud_metrics_lg99_report.rb +++ b/lib/reporting/fraud_metrics_lg99_report.rb @@ -191,9 +191,9 @@ def user_days_to_suspension_avg end def user_days_proofed_to_suspension_avg - user_data = User.where(uuid: data[Events::SUSPENDED_USERS]).includes(:profiles). - merge(Profile.active). - pluck( + user_data = User.where(uuid: data[Events::SUSPENDED_USERS]).includes(:profiles) + .merge(Profile.active) + .pluck( :activated_at, :suspended_at, ) diff --git a/lib/reporting/protocols_report.rb b/lib/reporting/protocols_report.rb index 560d7da79d7..f6a939a74ba 100644 --- a/lib/reporting/protocols_report.rb +++ b/lib/reporting/protocols_report.rb @@ -221,20 +221,20 @@ def protocol_data ) { saml: { - request_count: results. - select { |slice| slice['protocol'] == SAML_AUTH_EVENT }. - map { |slice| slice['request_count'].to_i }. - sum, + request_count: results + .select { |slice| slice['protocol'] == SAML_AUTH_EVENT } + .map { |slice| slice['request_count'].to_i } + .sum, issuer_count: by_uniq_issuers( - results. - select { |slice| slice['protocol'] == SAML_AUTH_EVENT }, + results + .select { |slice| slice['protocol'] == SAML_AUTH_EVENT }, ).count, }, oidc: { - request_count: results. - select { |slice| slice['protocol'] == OIDC_AUTH_EVENT }. - map { |slice| slice['request_count'].to_i }. - sum, + request_count: results + .select { |slice| slice['protocol'] == OIDC_AUTH_EVENT } + .map { |slice| slice['request_count'].to_i } + .sum, issuer_count: by_uniq_issuers( results.select { |slice| slice['protocol'] == OIDC_AUTH_EVENT }, ).count, @@ -254,10 +254,10 @@ def saml_signature_data unsigned: by_uniq_issuers( results.select { |slice| slice['unsigned_count'].to_i > 0 }, ), - invalid_signature: results. - select { |slice| slice['invalid_signature_count'].to_i > 0 }. - map { |slice| slice['issuer'] }. - uniq, + invalid_signature: results + .select { |slice| slice['invalid_signature_count'].to_i > 0 } + .map { |slice| slice['issuer'] } + .uniq, } end end diff --git a/lib/tasks/remove_verified_at_for_non_verified.rake b/lib/tasks/remove_verified_at_for_non_verified.rake index 86bd7ce770e..55cfb1ba3d7 100644 --- a/lib/tasks/remove_verified_at_for_non_verified.rake +++ b/lib/tasks/remove_verified_at_for_non_verified.rake @@ -17,8 +17,8 @@ namespace :profiles do update_profiles = ENV['UPDATE_PROFILES'] == 'true' - profiles = Profile.where('verified_at IS NOT NULL'). - where('fraud_review_pending_at IS NOT NULL OR fraud_rejection_at IS NOT NULL OR + profiles = Profile.where('verified_at IS NOT NULL') + .where('fraud_review_pending_at IS NOT NULL OR fraud_rejection_at IS NOT NULL OR gpo_verification_pending_at IS NOT NULL') profiles.each do |profile| diff --git a/package.json b/package.json index a76a4584f11..9467e2175b3 100644 --- a/package.json +++ b/package.json @@ -2,8 +2,9 @@ "name": "@18f/identity-idp", "version": "0.0.1", "private": true, + "type": "commonjs", "engines": { - "node": ">=20" + "node": ">=22" }, "workspaces": [ "app/javascript/packages/*" @@ -57,7 +58,7 @@ "@types/dirty-chai": "^2.0.2", "@types/grecaptcha": "^3.0.4", "@types/mocha": "^10.0.0", - "@types/node": "^20.2.5", + "@types/node": "^22.10.1", "@types/react": "^17.0.39", "@types/react-dom": "^17.0.11", "@types/sinon": "^10.0.13", diff --git a/scripts/changelog_check.rb b/scripts/changelog_check.rb index 8c113382faa..385f7f4862a 100755 --- a/scripts/changelog_check.rb +++ b/scripts/changelog_check.rb @@ -48,10 +48,10 @@ def revert_commit?(commit) end def build_changelog_from_commit(commit) - [*commit.commit_messages, commit.title]. - lazy. - map { |message| build_changelog(message, find_revert: revert_commit?(commit)) }. - find(&:itself) + [*commit.commit_messages, commit.title] + .lazy + .map { |message| build_changelog(message, find_revert: revert_commit?(commit)) } + .find(&:itself) end def get_git_log(base_branch, source_branch) @@ -107,16 +107,16 @@ def generate_invalid_changes(git_log) end def closest_change_category(change) - CATEGORIES. - map do |category| + CATEGORIES + .map do |category| CategoryDistance.new( category, DidYouMean::Levenshtein.distance(change[:category], category), ) - end. - filter { |category_distance| category_distance.distance <= MAX_CATEGORY_DISTANCE }. - max { |category_distance| category_distance.distance }&. - category + end + .filter { |category_distance| category_distance.distance <= MAX_CATEGORY_DISTANCE } + .max { |category_distance| category_distance.distance } + &.category end # Get the last valid changelog line for every Pull Request and tie it to the commit subject. @@ -167,14 +167,14 @@ def generate_changelog(git_log) # Entries with the same category and change are grouped into one changelog line so that we can # support multi-PR changes. def format_changelog(changelog_entries) - changelog_entries = changelog_entries. - sort_by(&:subcategory). - group_by { |entry| [entry.category, entry.change] } + changelog_entries = changelog_entries + .sort_by(&:subcategory) + .group_by { |entry| [entry.category, entry.change] } changelog = +'' CATEGORIES.each do |category| - category_changes = changelog_entries. - filter { |(changelog_category, _change), _changes| changelog_category == category } + category_changes = changelog_entries + .filter { |(changelog_category, _change), _changes| changelog_category == category } next if category_changes.empty? changelog.concat("## #{category}\n") diff --git a/spec/bin/oncall/email-deliveries_spec.rb b/spec/bin/oncall/email-deliveries_spec.rb index 3892c4de863..6112dc9d649 100644 --- a/spec/bin/oncall/email-deliveries_spec.rb +++ b/spec/bin/oncall/email-deliveries_spec.rb @@ -46,13 +46,13 @@ subject(:run) { instance.run(out: stdout) } before do - allow(instance).to receive(:cloudwatch_client). - with('prod_/srv/idp/shared/log/events.log'). - and_return(instance_double('Reporting::CloudwatchClient', fetch: events_log)) + allow(instance).to receive(:cloudwatch_client) + .with('prod_/srv/idp/shared/log/events.log') + .and_return(instance_double('Reporting::CloudwatchClient', fetch: events_log)) - allow(instance).to receive(:cloudwatch_client). - with('/aws/lambda/SESAllEvents_Lambda'). - and_return(instance_double('Reporting::CloudwatchClient', fetch: email_events)) + allow(instance).to receive(:cloudwatch_client) + .with('/aws/lambda/SESAllEvents_Lambda') + .and_return(instance_double('Reporting::CloudwatchClient', fetch: email_events)) end # rubocop:disable Layout/LineLength diff --git a/spec/bin/query-cloudwatch_spec.rb b/spec/bin/query-cloudwatch_spec.rb index c17ac2e9d57..09ea8ba5ba8 100644 --- a/spec/bin/query-cloudwatch_spec.rb +++ b/spec/bin/query-cloudwatch_spec.rb @@ -333,8 +333,8 @@ def build_stdin_with_query(query) end before do - allow_any_instance_of(QueryCloudwatch::SqliteOutput).to receive(:db). - and_return(db) + allow_any_instance_of(QueryCloudwatch::SqliteOutput).to receive(:db) + .and_return(db) allow_any_instance_of(QueryCloudwatch::SqliteOutput).to receive(:close_database) end diff --git a/spec/components/captcha_submit_button_component_spec.rb b/spec/components/captcha_submit_button_component_spec.rb index ec8a2a055a0..4689cabdfc2 100644 --- a/spec/components/captcha_submit_button_component_spec.rb +++ b/spec/components/captcha_submit_button_component_spec.rb @@ -83,8 +83,8 @@ let(:recaptcha_mock_validator) { nil } before do - allow(IdentityConfig.store).to receive(:recaptcha_mock_validator). - and_return(recaptcha_mock_validator) + allow(IdentityConfig.store).to receive(:recaptcha_mock_validator) + .and_return(recaptcha_mock_validator) end context 'with mock validator disabled' do diff --git a/spec/components/icon_component_spec.rb b/spec/components/icon_component_spec.rb index 745b9ca47a6..5bd22697c1c 100644 --- a/spec/components/icon_component_spec.rb +++ b/spec/components/icon_component_spec.rb @@ -17,10 +17,10 @@ inline_style = rendered.at_css('style').text.strip expect(icon).to be_present - expect(inline_style).to match(%r{##{id}\s{.+?}}). - and(include('-webkit-mask-image:')). - and(include('mask-image:')). - and(match(%r{url\([^)]+/print-\w+\.svg\)})) + expect(inline_style).to match(%r{##{id}\s{.+?}}) + .and(include('-webkit-mask-image:')) + .and(include('mask-image:')) + .and(match(%r{url\([^)]+/print-\w+\.svg\)})) end context 'with invalid icon' do diff --git a/spec/components/password_confirmation_component_spec.rb b/spec/components/password_confirmation_component_spec.rb index f88d773359a..5c9ffc227f1 100644 --- a/spec/components/password_confirmation_component_spec.rb +++ b/spec/components/password_confirmation_component_spec.rb @@ -41,9 +41,9 @@ let(:options) { super().merge(forbidden_passwords:) } it 'forwards forbidden passwords to rendered password strength component' do - expect(PasswordStrengthComponent).to receive(:new). - with(hash_including(forbidden_passwords:)). - and_call_original + expect(PasswordStrengthComponent).to receive(:new) + .with(hash_including(forbidden_passwords:)) + .and_call_original rendered end diff --git a/spec/components/previews/tooltip_component_preview.rb b/spec/components/previews/tooltip_component_preview.rb index 8ebf488239b..5dfd3cdcb34 100644 --- a/spec/components/previews/tooltip_component_preview.rb +++ b/spec/components/previews/tooltip_component_preview.rb @@ -3,9 +3,9 @@ class TooltipComponentPreview < BaseComponentPreview # @display body_class padding-10 def default render( - TooltipComponent. - new(tooltip_text: 'Finish verifying your identity.'). - with_content(content_tag(:span, 'Unverified')), + TooltipComponent + .new(tooltip_text: 'Finish verifying your identity.') + .with_content(content_tag(:span, 'Unverified')), ) end # @!endgroup diff --git a/spec/components/step_indicator_component_spec.rb b/spec/components/step_indicator_component_spec.rb index 34dbd9e3947..bde0dd203d3 100644 --- a/spec/components/step_indicator_component_spec.rb +++ b/spec/components/step_indicator_component_spec.rb @@ -115,29 +115,6 @@ ) end end - - context 'all steps complete' do - let(:current_step) { StepIndicatorComponent::ALL_STEPS_COMPLETE } - - it 'renders current step' do - expect(rendered).not_to have_css('.step-indicator__step--current') - end - - it 'renders all steps completed' do - expect(rendered).to have_css( - '.step-indicator__step--complete', - text: t('step_indicator.flows.example.one'), - ) - expect(rendered).to have_css( - '.step-indicator__step--complete', - text: t('step_indicator.flows.example.two'), - ) - expect(rendered).to have_css( - '.step-indicator__step--complete', - text: t('step_indicator.flows.example.three'), - ) - end - end end describe 'locale_scope' do diff --git a/spec/config/initializers/ab_tests_spec.rb b/spec/config/initializers/ab_tests_spec.rb index fc2c57eb656..2865e06cec3 100644 --- a/spec/config/initializers/ab_tests_spec.rb +++ b/spec/config/initializers/ab_tests_spec.rb @@ -119,21 +119,21 @@ let(:enable_ab_test) do -> { - allow(IdentityConfig.store).to receive(:doc_auth_vendor_default). - and_return('vendor_a') - allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_socure_percent). - and_return(50) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent). - and_return(30) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_default) + .and_return('vendor_a') + allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_socure_percent) + .and_return(50) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent) + .and_return(30) } end let(:disable_ab_test) do -> { - allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) + .and_return(false) } end @@ -145,18 +145,18 @@ let(:disable_ab_test) do -> { - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(false) } end let(:enable_ab_test) do -> { - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(true) - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_percent). - and_return(50) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_percent) + .and_return(50) } end @@ -322,8 +322,8 @@ context 'when A/B test is disabled' do before do - allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested). - and_return(0) + allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested) + .and_return(0) reload_ab_tests end @@ -338,8 +338,8 @@ context 'when A/B test is enabled' do before do - allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested). - and_return(100) + allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested) + .and_return(100) reload_ab_tests end diff --git a/spec/config/initializers/ahoy_spec.rb b/spec/config/initializers/ahoy_spec.rb index cfa0fa82269..4eb8fa3f892 100644 --- a/spec/config/initializers/ahoy_spec.rb +++ b/spec/config/initializers/ahoy_spec.rb @@ -52,8 +52,8 @@ context 'FeatureManagement.use_dashboard_service_providers? is true' do it 'does not exclude the event' do - allow(FeatureManagement).to receive(:use_dashboard_service_providers?). - and_return(true) + allow(FeatureManagement).to receive(:use_dashboard_service_providers?) + .and_return(true) store = Ahoy::Store.new({}) expect(store.exclude?).to be_nil diff --git a/spec/config/initializers/job_configurations_spec.rb b/spec/config/initializers/job_configurations_spec.rb index b36d463d7cf..261daa8740b 100644 --- a/spec/config/initializers/job_configurations_spec.rb +++ b/spec/config/initializers/job_configurations_spec.rb @@ -26,8 +26,8 @@ now = Time.zone.now next_time = Fugit.parse(report[:cron]).next_time - expect(next_time.utc). - to be_within(2.hours + 1.minute).of(now.utc.end_of_week) + expect(next_time.utc) + .to be_within(2.hours + 1.minute).of(now.utc.end_of_week) expect(next_time.utc).to be > now.utc.end_of_week end end diff --git a/spec/config/initializers/secure_headers_spec.rb b/spec/config/initializers/secure_headers_spec.rb index 08230163e5e..10f3fdd0167 100644 --- a/spec/config/initializers/secure_headers_spec.rb +++ b/spec/config/initializers/secure_headers_spec.rb @@ -10,7 +10,7 @@ request = { 'HTTPS' => 'on' } _status, headers, _body = ssl_middleware.call(request) - expect(headers['strict-transport-security']). - to eq('max-age=31556952; includeSubDomains; preload') + expect(headers['strict-transport-security']) + .to eq('max-age=31556952; includeSubDomains; preload') end end diff --git a/spec/controllers/account_reset/cancel_controller_spec.rb b/spec/controllers/account_reset/cancel_controller_spec.rb index 26e44b7ffb6..e97a28913e3 100644 --- a/spec/controllers/account_reset/cancel_controller_spec.rb +++ b/spec/controllers/account_reset/cancel_controller_spec.rb @@ -65,8 +65,8 @@ post :create - expect(flash[:success]). - to eq t('two_factor_authentication.account_reset.successful_cancel', app_name: APP_NAME) + expect(flash[:success]) + .to eq t('two_factor_authentication.account_reset.successful_cancel', app_name: APP_NAME) expect(response).to redirect_to root_url end diff --git a/spec/controllers/account_reset/pending_controller_spec.rb b/spec/controllers/account_reset/pending_controller_spec.rb index 5bf5bed1b78..286a6c2b79e 100644 --- a/spec/controllers/account_reset/pending_controller_spec.rb +++ b/spec/controllers/account_reset/pending_controller_spec.rb @@ -34,8 +34,8 @@ true, accumulate_on: :hours, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end @@ -43,8 +43,8 @@ let(:user) { create(:user, :fraud_review_pending) } context 'fraud wait period not set' do before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(nil) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(nil) end it 'should have @account_reset_deletion_period to match regular wait period' do @@ -58,8 +58,8 @@ true, accumulate_on: :hours, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end @@ -74,8 +74,8 @@ true, accumulate_on: :days, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end end diff --git a/spec/controllers/account_reset/request_controller_spec.rb b/spec/controllers/account_reset/request_controller_spec.rb index a55fcb3ba4d..645f4c6bd4f 100644 --- a/spec/controllers/account_reset/request_controller_spec.rb +++ b/spec/controllers/account_reset/request_controller_spec.rb @@ -46,8 +46,8 @@ true, accumulate_on: :hours, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end @@ -56,8 +56,8 @@ context 'fraud wait period not set' do before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(nil) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(nil) end it 'should have @account_reset_deletion_period to match regular wait period' do @@ -71,8 +71,8 @@ true, accumulate_on: :hours, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end @@ -87,8 +87,8 @@ true, accumulate_on: :days, ) - expect(controller.view_assigns['account_reset_deletion_period_interval']). - to eq(time_in_hours) + expect(controller.view_assigns['account_reset_deletion_period_interval']) + .to eq(time_in_hours) end end end diff --git a/spec/controllers/accounts/connected_accounts/selected_email_controller_spec.rb b/spec/controllers/accounts/connected_accounts/selected_email_controller_spec.rb index 5bf6e380b58..63bb9d45175 100644 --- a/spec/controllers/accounts/connected_accounts/selected_email_controller_spec.rb +++ b/spec/controllers/accounts/connected_accounts/selected_email_controller_spec.rb @@ -52,8 +52,8 @@ context 'with selected email to share feature disabled' do before do - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(false) end it 'renders 404' do @@ -131,8 +131,8 @@ context 'with selected email to share feature disabled' do before do - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(false) end it 'renders 404' do diff --git a/spec/controllers/accounts/personal_keys_controller_spec.rb b/spec/controllers/accounts/personal_keys_controller_spec.rb index 070468d2da6..55d9b55ee1b 100644 --- a/spec/controllers/accounts/personal_keys_controller_spec.rb +++ b/spec/controllers/accounts/personal_keys_controller_spec.rb @@ -28,8 +28,8 @@ stub_analytics generator = instance_double(PersonalKeyGenerator) - allow(PersonalKeyGenerator).to receive(:new). - with(subject.current_user).and_return(generator) + allow(PersonalKeyGenerator).to receive(:new) + .with(subject.current_user).and_return(generator) expect(generator).to receive(:generate!) diff --git a/spec/controllers/api/internal/two_factor_authentication/auth_app_controller_spec.rb b/spec/controllers/api/internal/two_factor_authentication/auth_app_controller_spec.rb index 946b988a107..f9c1f5e87d5 100644 --- a/spec/controllers/api/internal/two_factor_authentication/auth_app_controller_spec.rb +++ b/spec/controllers/api/internal/two_factor_authentication/auth_app_controller_spec.rb @@ -125,8 +125,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) response end diff --git a/spec/controllers/api/internal/two_factor_authentication/piv_cac_controller_spec.rb b/spec/controllers/api/internal/two_factor_authentication/piv_cac_controller_spec.rb index 229855e3a4b..669e802e949 100644 --- a/spec/controllers/api/internal/two_factor_authentication/piv_cac_controller_spec.rb +++ b/spec/controllers/api/internal/two_factor_authentication/piv_cac_controller_spec.rb @@ -125,8 +125,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) response end diff --git a/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb b/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb index a8876ded6cd..30bc7cfb9e1 100644 --- a/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb +++ b/spec/controllers/api/internal/two_factor_authentication/webauthn_controller_spec.rb @@ -128,8 +128,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) response end diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index d3a0a0bff8f..f3bbbb5abf1 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -283,9 +283,9 @@ def index allow(controller).to receive(:analytics_user).and_return(user) allow(controller).to receive(:current_sp).and_return(sp) - expect(Analytics).to receive(:new). - with(user: user, request: request, sp: sp.issuer, session: match_array({}), - ahoy: controller.ahoy) + expect(Analytics).to receive(:new) + .with(user: user, request: request, sp: sp.issuer, session: match_array({}), + ahoy: controller.ahoy) controller.analytics end @@ -298,9 +298,9 @@ def index user = instance_double(AnonymousUser) allow(AnonymousUser).to receive(:new).and_return(user) - expect(Analytics).to receive(:new). - with(user: user, request: request, sp: nil, session: match_array({}), - ahoy: controller.ahoy) + expect(Analytics).to receive(:new) + .with(user: user, request: request, sp: nil, session: match_array({}), + ahoy: controller.ahoy) controller.analytics end @@ -549,8 +549,8 @@ def index end before do - allow(controller).to receive(:session). - and_return(sp: { request_url: sp_session_request_url }) + allow(controller).to receive(:session) + .and_return(sp: { request_url: sp_session_request_url }) end subject(:url_with_updated_params) do diff --git a/spec/controllers/concerns/account_reset_concern_spec.rb b/spec/controllers/concerns/account_reset_concern_spec.rb index f19a2c97ad1..d2152ad2314 100644 --- a/spec/controllers/concerns/account_reset_concern_spec.rb +++ b/spec/controllers/concerns/account_reset_concern_spec.rb @@ -26,8 +26,8 @@ def initialize(current_user:) true, accumulate_on: :hours, ) - expect(instance.account_reset_deletion_period_interval(user)). - to eq(time_in_hours) + expect(instance.account_reset_deletion_period_interval(user)) + .to eq(time_in_hours) end end @@ -41,14 +41,14 @@ def initialize(current_user:) true, accumulate_on: :days, ) - expect(instance.account_reset_deletion_period_interval(user)). - to eq(time_in_hours) + expect(instance.account_reset_deletion_period_interval(user)) + .to eq(time_in_hours) end context 'when account_reset_fraud_user_wait_period_days is nil' do before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(nil) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(nil) end it 'should return standard reset wait time' do @@ -59,8 +59,8 @@ def initialize(current_user:) true, accumulate_on: :hours, ) - expect(instance.account_reset_deletion_period_interval(user)). - to eq(time_in_hours) + expect(instance.account_reset_deletion_period_interval(user)) + .to eq(time_in_hours) end end end diff --git a/spec/controllers/concerns/billable_event_trackable_spec.rb b/spec/controllers/concerns/billable_event_trackable_spec.rb index a0cb5eadd82..40fa2d6d656 100644 --- a/spec/controllers/concerns/billable_event_trackable_spec.rb +++ b/spec/controllers/concerns/billable_event_trackable_spec.rb @@ -94,10 +94,10 @@ aggregate_failures do expect(sp_return_log.profile_id).to eq(active_profile.id) expect(sp_return_log.profile_verified_at).to eq(active_profile.verified_at) - expect(sp_return_log.profile_requested_issuer). - to eq(active_profile.initiating_service_provider_issuer) - expect(sp_return_log.profile_requested_service_provider). - to eq(active_profile.initiating_service_provider) + expect(sp_return_log.profile_requested_issuer) + .to eq(active_profile.initiating_service_provider_issuer) + expect(sp_return_log.profile_requested_service_provider) + .to eq(active_profile.initiating_service_provider) end end end diff --git a/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb b/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb index b56d7ffa9c9..f03198ab68e 100644 --- a/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb +++ b/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb @@ -38,15 +38,15 @@ def document_capture_session_uuid end it 'includes opted_in_to_in_person_proofing when enabled' do - allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled). - and_return(true) - expect(controller.ab_test_analytics_buckets). - to include({ opted_in_to_in_person_proofing: :opt_in_value }) + allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) + .and_return(true) + expect(controller.ab_test_analytics_buckets) + .to include({ opted_in_to_in_person_proofing: :opt_in_value }) end it 'does not include opted_in_to_in_person_proofing when disabled' do - expect(controller.ab_test_analytics_buckets). - not_to include({ opted_in_to_in_person_proofing: :opt_in_value }) + expect(controller.ab_test_analytics_buckets) + .not_to include({ opted_in_to_in_person_proofing: :opt_in_value }) end end end diff --git a/spec/controllers/concerns/idv/acuant_concern_spec.rb b/spec/controllers/concerns/idv/acuant_concern_spec.rb index 5a278fb552e..50b4f39138e 100644 --- a/spec/controllers/concerns/idv/acuant_concern_spec.rb +++ b/spec/controllers/concerns/idv/acuant_concern_spec.rb @@ -17,8 +17,8 @@ def index; end subject(:variables) { controller.acuant_sdk_upgrade_a_b_testing_variables } before do - allow(controller).to receive(:document_capture_session_uuid). - and_return(session_uuid) + allow(controller).to receive(:document_capture_session_uuid) + .and_return(session_uuid) # ACUANT_SDK is frozen, so we have to work with a copy of it ab_test = AbTests::ACUANT_SDK.dup @@ -33,9 +33,9 @@ def index; end let(:session_uuid) { SecureRandom.uuid } before do - allow(IdentityConfig.store). - to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(false) + allow(IdentityConfig.store) + .to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(false) end context 'and A/B test specifies the older acuant version' do @@ -53,9 +53,9 @@ def index; end context 'with acuant sdk upgrade A/B testing enabled' do before do - allow(IdentityConfig.store). - to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(true) + allow(IdentityConfig.store) + .to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(true) end context 'and A/B test specifies the newer acuant version' do diff --git a/spec/controllers/concerns/mfa_setup_concern_spec.rb b/spec/controllers/concerns/mfa_setup_concern_spec.rb index 099d311fafc..046184606b4 100644 --- a/spec/controllers/concerns/mfa_setup_concern_spec.rb +++ b/spec/controllers/concerns/mfa_setup_concern_spec.rb @@ -10,9 +10,9 @@ before do stub_sign_in(user) - allow(controller).to receive(:recommend_webauthn_platform_for_sms_user?). - with(:recommend_for_account_creation). - and_return(recommend_webauthn_platform_for_sms_user) + allow(controller).to receive(:recommend_webauthn_platform_for_sms_user?) + .with(:recommend_for_account_creation) + .and_return(recommend_webauthn_platform_for_sms_user) end describe '#next_setup_path' do diff --git a/spec/controllers/concerns/recommend_webauthn_platform_concern_spec.rb b/spec/controllers/concerns/recommend_webauthn_platform_concern_spec.rb index e9bd3b122d2..7b240292679 100644 --- a/spec/controllers/concerns/recommend_webauthn_platform_concern_spec.rb +++ b/spec/controllers/concerns/recommend_webauthn_platform_concern_spec.rb @@ -92,9 +92,9 @@ context 'user not included in ab test' do before do - expect(controller).to receive(:ab_test_bucket). - with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER). - and_return(nil) + expect(controller).to receive(:ab_test_bucket) + .with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER) + .and_return(nil) end it { is_expected.to eq(false) } @@ -102,9 +102,9 @@ context 'user included in ab test' do before do - expect(controller).to receive(:ab_test_bucket). - with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER). - and_return(bucket) + expect(controller).to receive(:ab_test_bucket) + .with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER) + .and_return(bucket) end it { is_expected.to eq(true) } @@ -153,9 +153,9 @@ context 'user not included in ab test' do before do - expect(controller).to receive(:ab_test_bucket). - with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER). - and_return(nil) + expect(controller).to receive(:ab_test_bucket) + .with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER) + .and_return(nil) end it { is_expected.to eq(false) } @@ -163,9 +163,9 @@ context 'user included in ab test' do before do - expect(controller).to receive(:ab_test_bucket). - with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER). - and_return(bucket) + expect(controller).to receive(:ab_test_bucket) + .with(:RECOMMEND_WEBAUTHN_PLATFORM_FOR_SMS_USER) + .and_return(bucket) end it { is_expected.to eq(true) } diff --git a/spec/controllers/concerns/second_mfa_reminder_concern_spec.rb b/spec/controllers/concerns/second_mfa_reminder_concern_spec.rb index c741927fc70..be5255b8ff1 100644 --- a/spec/controllers/concerns/second_mfa_reminder_concern_spec.rb +++ b/spec/controllers/concerns/second_mfa_reminder_concern_spec.rb @@ -53,8 +53,8 @@ def initialize(current_user:) let(:user) { build(:user, :with_phone, created_at: 11.days.ago) } before do - allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days). - and_return(10) + allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days) + .and_return(10) end it { expect(user_needs_second_mfa_reminder).to eq(true) } diff --git a/spec/controllers/concerns/threat_metrix_concern_spec.rb b/spec/controllers/concerns/threat_metrix_concern_spec.rb index 1bc6df97b58..9d540624520 100644 --- a/spec/controllers/concerns/threat_metrix_concern_spec.rb +++ b/spec/controllers/concerns/threat_metrix_concern_spec.rb @@ -15,8 +15,8 @@ def index; end let(:ff_enabled) { true } before do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(ff_enabled ? :enabled : :disabled) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(ff_enabled ? :enabled : :disabled) end context 'ff is set' do diff --git a/spec/controllers/concerns/two_factor_authenticatable_methods_spec.rb b/spec/controllers/concerns/two_factor_authenticatable_methods_spec.rb index 9fe0c767aac..6516f589081 100644 --- a/spec/controllers/concerns/two_factor_authenticatable_methods_spec.rb +++ b/spec/controllers/concerns/two_factor_authenticatable_methods_spec.rb @@ -158,8 +158,8 @@ end it 'sends the new device alert' do - expect(UserAlerts::AlertUserAboutNewDevice).to receive(:send_alert). - with(user:, disavowal_event: kind_of(Event), disavowal_token: kind_of(String)) + expect(UserAlerts::AlertUserAboutNewDevice).to receive(:send_alert) + .with(user:, disavowal_event: kind_of(Event), disavowal_token: kind_of(String)) result end diff --git a/spec/controllers/fake_s3_controller_spec.rb b/spec/controllers/fake_s3_controller_spec.rb index 09a0aeeaabd..e06c3595c51 100644 --- a/spec/controllers/fake_s3_controller_spec.rb +++ b/spec/controllers/fake_s3_controller_spec.rb @@ -36,8 +36,8 @@ end it 'stores the data in memory' do - expect { action }. - to(change { Test::FakeS3Controller.data[key] }.to(data)) + expect { action } + .to(change { Test::FakeS3Controller.data[key] }.to(data)) end end end diff --git a/spec/controllers/frontend_log_controller_spec.rb b/spec/controllers/frontend_log_controller_spec.rb index a891ce398b2..9caea00935c 100644 --- a/spec/controllers/frontend_log_controller_spec.rb +++ b/spec/controllers/frontend_log_controller_spec.rb @@ -3,8 +3,8 @@ RSpec.describe FrontendLogController do describe '.LEGACY_EVENT_MAP' do it 'has keys sorted alphabetically' do - expect(described_class::LEGACY_EVENT_MAP.keys). - to eq(described_class::LEGACY_EVENT_MAP.keys.sort_by(&:downcase)) + expect(described_class::LEGACY_EVENT_MAP.keys) + .to eq(described_class::LEGACY_EVENT_MAP.keys.sort_by(&:downcase)) end end @@ -104,8 +104,8 @@ end before do - allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) + .and_return(true) end it 'succeeds' do @@ -201,8 +201,8 @@ end it 'notices the error to NewRelic instead of analytics logger' do - allow_any_instance_of(FrontendErrorForm).to receive(:submit). - and_return(FormResponse.new(success: true)) + allow_any_instance_of(FrontendErrorForm).to receive(:submit) + .and_return(FormResponse.new(success: true)) expect(NewRelic::Agent).to receive(:notice_error).with( FrontendErrorLogger::FrontendError.new, custom_params: { diff --git a/spec/controllers/health/database_controller_spec.rb b/spec/controllers/health/database_controller_spec.rb index d1a526281c8..44545dd2c1c 100644 --- a/spec/controllers/health/database_controller_spec.rb +++ b/spec/controllers/health/database_controller_spec.rb @@ -23,8 +23,8 @@ context 'when the database is unhealthy' do before do - expect(DatabaseHealthChecker).to receive(:simple_query). - and_raise(RuntimeError.new('canceling statement due to statement timeout')) + expect(DatabaseHealthChecker).to receive(:simple_query) + .and_raise(RuntimeError.new('canceling statement due to statement timeout')) end it 'is a 500' do diff --git a/spec/controllers/health/health_controller_spec.rb b/spec/controllers/health/health_controller_spec.rb index 8363c12ae6f..9d0602af330 100644 --- a/spec/controllers/health/health_controller_spec.rb +++ b/spec/controllers/health/health_controller_spec.rb @@ -17,30 +17,30 @@ context 'when one resource is unhealthy' do it 'returns an unsuccessful JSON response' do - allow(DatabaseHealthChecker).to receive(:simple_query). - and_raise(RuntimeError.new('canceling statement due to statement timeout')) + allow(DatabaseHealthChecker).to receive(:simple_query) + .and_raise(RuntimeError.new('canceling statement due to statement timeout')) get :index json = JSON.parse(response.body, symbolize_names: true) expect(json[:healthy]).to eq(false) - expect(json[:statuses][:database][:result]). - to include('canceling statement due to statement timeout') + expect(json[:statuses][:database][:result]) + .to include('canceling statement due to statement timeout') expect(response.status).to eq(500) end end context 'all resources are unhealthy' do it 'returns an unsuccessful JSON response' do - allow(DatabaseHealthChecker).to receive(:simple_query). - and_raise(RuntimeError.new('canceling statement due to statement timeout')) + allow(DatabaseHealthChecker).to receive(:simple_query) + .and_raise(RuntimeError.new('canceling statement due to statement timeout')) get :index json = JSON.parse(response.body, symbolize_names: true) expect(json[:healthy]).to eq(false) - expect(json[:statuses][:database][:result]). - to include('canceling statement due to statement timeout') + expect(json[:statuses][:database][:result]) + .to include('canceling statement due to statement timeout') expect(response.status).to eq(500) end end diff --git a/spec/controllers/health/outbound_controller_spec.rb b/spec/controllers/health/outbound_controller_spec.rb index 4cb13347636..5288d75ac0a 100644 --- a/spec/controllers/health/outbound_controller_spec.rb +++ b/spec/controllers/health/outbound_controller_spec.rb @@ -10,8 +10,8 @@ context 'when the outbound connections are healthy' do before do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_return(status: 200) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_return(status: 200) end it 'is a 200' do diff --git a/spec/controllers/idv/account_verified_cta_visited_controller_spec.rb b/spec/controllers/idv/account_verified_cta_visited_controller_spec.rb index 8600a739930..8f7cdb0ec40 100644 --- a/spec/controllers/idv/account_verified_cta_visited_controller_spec.rb +++ b/spec/controllers/idv/account_verified_cta_visited_controller_spec.rb @@ -8,8 +8,8 @@ before do stub_analytics - allow(controller).to receive(:service_provider). - and_return(service_provider) + allow(controller).to receive(:service_provider) + .and_return(service_provider) end describe 'GET #show' do diff --git a/spec/controllers/idv/by_mail/enter_code_controller_spec.rb b/spec/controllers/idv/by_mail/enter_code_controller_spec.rb index 97473107412..5e0a8581413 100644 --- a/spec/controllers/idv/by_mail/enter_code_controller_spec.rb +++ b/spec/controllers/idv/by_mail/enter_code_controller_spec.rb @@ -15,8 +15,8 @@ allow(Pii::Cacher).to receive(:new).and_return(pii_cacher) allow(pii_cacher).to receive(:fetch).and_call_original allow(UserAlerts::AlertUserAboutAccountVerified).to receive(:call) - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(threatmetrix_enabled ? :enabled : :disabled) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(threatmetrix_enabled ? :enabled : :disabled) allow(IdentityConfig.store).to receive(:enable_usps_verification).and_return(gpo_enabled) end @@ -206,8 +206,8 @@ letter_count: 1, submit_attempts: 1, ) - event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where(disavowal_token_fingerprint: nil).count + event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0') + .where(disavowal_token_fingerprint: nil).count expect(event_count).to eq 1 expect(response).to redirect_to(idv_personal_key_url) end @@ -232,8 +232,8 @@ before do allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true) - allow(controller).to receive(:pii). - and_return(user.pending_profile.decrypt_pii(user.password).to_h) + allow(controller).to receive(:pii) + .and_return(user.pending_profile.decrypt_pii(user.password).to_h) end it 'redirects to personal key page' do @@ -280,8 +280,8 @@ letter_count: 1, submit_attempts: 1, ) - event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where(disavowal_token_fingerprint: nil).count + event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0') + .where(disavowal_token_fingerprint: nil).count expect(event_count).to eq 1 expect(response).to redirect_to(idv_personal_key_url) end @@ -386,8 +386,8 @@ let(:max_attempts) { 2 } before do - allow(IdentityConfig.store).to receive(:verify_gpo_key_max_attempts). - and_return(max_attempts) + allow(IdentityConfig.store).to receive(:verify_gpo_key_max_attempts) + .and_return(max_attempts) (max_attempts - 1).times do |_i| post(:create, params: { gpo_verify_form: { otp: bad_otp } }) end @@ -430,12 +430,12 @@ post(:create, params: { gpo_verify_form: { otp: good_otp } }) failed_gpo_submission_events = - @analytics.events['IdV: enter verify by mail code submitted']. - reject { |event_attributes| event_attributes[:errors].empty? } + @analytics.events['IdV: enter verify by mail code submitted'] + .reject { |event_attributes| event_attributes[:errors].empty? } successful_gpo_submission_events = - @analytics.events['IdV: enter verify by mail code submitted']. - select { |event_attributes| event_attributes[:errors].empty? } + @analytics.events['IdV: enter verify by mail code submitted'] + .select { |event_attributes| event_attributes[:errors].empty? } expect(failed_gpo_submission_events.count).to eq(max_attempts - 1) expect(successful_gpo_submission_events.count).to eq(1) diff --git a/spec/controllers/idv/by_mail/letter_enqueued_controller_spec.rb b/spec/controllers/idv/by_mail/letter_enqueued_controller_spec.rb index 041e38c1061..fe6c91c528d 100644 --- a/spec/controllers/idv/by_mail/letter_enqueued_controller_spec.rb +++ b/spec/controllers/idv/by_mail/letter_enqueued_controller_spec.rb @@ -5,8 +5,8 @@ let(:gpo_verification_pending_profile) { true } before do - allow(user).to receive(:gpo_verification_pending_profile?). - and_return(gpo_verification_pending_profile) + allow(user).to receive(:gpo_verification_pending_profile?) + .and_return(gpo_verification_pending_profile) stub_sign_in(user) end diff --git a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb index 81e58922453..6cb398c660d 100644 --- a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb +++ b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb @@ -51,16 +51,16 @@ it 'redirects if the user has sent too much mail' do allow(controller.gpo_verify_by_mail_policy).to receive(:rate_limited?).and_return(true) - allow(subject.idv_session).to receive(:address_mechanism_chosen?). - and_return(true) + allow(subject.idv_session).to receive(:address_mechanism_chosen?) + .and_return(true) get :index expect(response).to redirect_to idv_enter_password_path end it 'redirects if the user is not allowed to send mail' do - allow(controller.gpo_verify_by_mail_policy).to receive(:send_letter_available?). - and_return(false) + allow(controller.gpo_verify_by_mail_policy).to receive(:send_letter_available?) + .and_return(false) get :index diff --git a/spec/controllers/idv/by_mail/resend_letter_controller_spec.rb b/spec/controllers/idv/by_mail/resend_letter_controller_spec.rb index b26ce6b0d9e..4884ef2ab84 100644 --- a/spec/controllers/idv/by_mail/resend_letter_controller_spec.rb +++ b/spec/controllers/idv/by_mail/resend_letter_controller_spec.rb @@ -138,9 +138,9 @@ def expect_to_resend_letter_and_redirect(vtr: false) end gpo_confirmation_maker = instance_double(GpoConfirmationMaker) - allow(GpoConfirmationMaker).to receive(:new). - with(pii: pii, service_provider: service_provider, profile: user.pending_profile). - and_return(gpo_confirmation_maker) + allow(GpoConfirmationMaker).to receive(:new) + .with(pii: pii, service_provider: service_provider, profile: user.pending_profile) + .and_return(gpo_confirmation_maker) expect(gpo_confirmation_maker).to receive(:perform) expect { put :create }.to change { ActionMailer::Base.deliveries.count }.by(1) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index eb98f5c1f73..1bc9cc0f623 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -30,8 +30,8 @@ vot = sp_selfie_enabled ? 'Pb' : 'P1' resolved_authn_context = Vot::Parser.new(vector_of_trust: vot).parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context) subject.idv_session.flow_path = flow_path allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) @@ -54,8 +54,8 @@ it 'does not satisfy precondition' do expect(Idv::DocumentCaptureController.step_info.preconditions.is_a?(Proc)) - expect(subject).to receive(:render). - with(:show, locals: an_instance_of(Hash)).and_call_original + expect(subject).to receive(:render) + .with(:show, locals: an_instance_of(Hash)).and_call_original get :show expect(response).to render_template :show end @@ -65,8 +65,8 @@ let(:sp_selfie_enabled) { true } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(false) end it 'does satisfy precondition' do @@ -152,8 +152,8 @@ before do resolved_authn_context = Vot::Parser.new(vector_of_trust: vot).parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context) end it 'does not redirect to Socure controller' do @@ -181,8 +181,8 @@ let(:sp_selfie_enabled) { true } let(:desktop_selfie_enabled) { false } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(desktop_selfie_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(desktop_selfie_enabled) end describe 'when desktop selfie disabled' do let(:desktop_selfie_enabled) { false } @@ -383,8 +383,8 @@ context 'selfie checks' do before do - expect(controller).to receive(:selfie_requirement_met?). - and_return(performed_if_needed) + expect(controller).to receive(:selfie_requirement_met?) + .and_return(performed_if_needed) allow(result).to receive(:success?).and_return(true) allow(result).to receive(:errors).and_return(result[:errors]) allow(subject).to receive(:stored_result).and_return(result) diff --git a/spec/controllers/idv/enter_password_controller_spec.rb b/spec/controllers/idv/enter_password_controller_spec.rb index 5bbaab77b78..fcb3b8b8e70 100644 --- a/spec/controllers/idv/enter_password_controller_spec.rb +++ b/spec/controllers/idv/enter_password_controller_spec.rb @@ -325,8 +325,8 @@ def show before do resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pb').parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) end it 'creates Profile with applicant attributes' do @@ -345,8 +345,8 @@ def show before do resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) end it 'creates Profile with applicant attributes' do @@ -399,8 +399,8 @@ def show it 'creates an `account_verified` event once per confirmation' do put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } } - events_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where(disavowal_token_fingerprint: nil).count + events_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0') + .where(disavowal_token_fingerprint: nil).count expect(events_count).to eq 1 end @@ -746,8 +746,8 @@ def show mock = double expect(UspsInPersonProofing::Proofer).to receive(:new).and_return(mock) expect(mock).to receive(:request_enroll) do |applicant| - expect(applicant.address). - to eq(Idp::Constants::MOCK_IDV_APPLICANT[:address1]) + expect(applicant.address) + .to eq(Idp::Constants::MOCK_IDV_APPLICANT[:address1]) proofer.request_enroll(applicant) end @@ -789,14 +789,14 @@ def show context 'when user enters an address2 value' do it 'does not include address2' do subject.idv_session.applicant = - Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_PHONE. - merge(address2: '3b') + Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_PHONE + .merge(address2: '3b') proofer = UspsInPersonProofing::Proofer.new mock = double expect(UspsInPersonProofing::Proofer).to receive(:new).and_return(mock) expect(mock).to receive(:request_enroll) do |applicant| - expect(applicant.address). - to eq(Idp::Constants::MOCK_IDV_APPLICANT[:address1]) + expect(applicant.address) + .to eq(Idp::Constants::MOCK_IDV_APPLICANT[:address1]) proofer.request_enroll(applicant) end @@ -823,8 +823,8 @@ def show let(:proofing_device_profiling_state) { proofing_device_profiling_state } before do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(proofing_device_profiling_state) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(proofing_device_profiling_state) subject.idv_session.threatmetrix_review_status = review_status stub_request_token end @@ -979,8 +979,8 @@ def show ) end it 'passes the correct param to the enrollment helper method' do - expect(UspsInPersonProofing::EnrollmentHelper).to receive(:schedule_in_person_enrollment). - with( + expect(UspsInPersonProofing::EnrollmentHelper).to receive(:schedule_in_person_enrollment) + .with( user: user, pii: Pii::Attributes.new_from_hash(applicant), is_enhanced_ipp: is_enhanced_ipp, diff --git a/spec/controllers/idv/hybrid_handoff_controller_spec.rb b/spec/controllers/idv/hybrid_handoff_controller_spec.rb index bb3a377d53b..8b161f4d779 100644 --- a/spec/controllers/idv/hybrid_handoff_controller_spec.rb +++ b/spec/controllers/idv/hybrid_handoff_controller_spec.rb @@ -13,8 +13,8 @@ let(:sp_selfie_enabled) { false } before do - allow(controller).to receive(:current_sp). - and_return(service_provider) + allow(controller).to receive(:current_sp) + .and_return(service_provider) stub_sign_in(user) stub_up_to(:agreement, idv_session: subject.idv_session) stub_analytics @@ -24,8 +24,8 @@ Vot::Parser.new(vector_of_trust: 'Pb').parse : Vot::Parser.new(vector_of_trust: 'P1').parse - allow(subject).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(subject).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) { in_person_proofing } allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { @@ -204,8 +204,8 @@ context 'opt in selection is nil' do before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(false) subject.idv_session.skip_doc_auth_from_how_to_verify = nil end @@ -227,8 +227,8 @@ context 'opted in to ipp flow' do before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(false) subject.idv_session.skip_doc_auth_from_how_to_verify = true subject.idv_session.skip_hybrid_handoff = true end diff --git a/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb index 92cd64ad58f..debe664a09c 100644 --- a/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb @@ -24,8 +24,8 @@ session[:doc_capture_user_id] = user&.id session[:document_capture_session_uuid] = document_capture_session_uuid stub_analytics - allow(subject).to receive(:confirm_document_capture_session_complete). - and_return(true) + allow(subject).to receive(:confirm_document_capture_session_complete) + .and_return(true) end describe 'before_actions' do diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index d3123a4335e..d1a52c3b3df 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -227,8 +227,8 @@ context 'selfie checks' do before do - expect(controller).to receive(:selfie_requirement_met?). - and_return(performed_if_needed) + expect(controller).to receive(:selfie_requirement_met?) + .and_return(performed_if_needed) end context 'not performed' do diff --git a/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb index 15d1bb50191..0a45bb5af03 100644 --- a/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb @@ -73,12 +73,12 @@ acr_values: acr_values, ).result allow(controller).to receive(:session).and_return(session) - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled). - and_return(vendor_switching_enabled) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent). - and_return(lexis_nexis_percent) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) + .and_return(vendor_switching_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent) + .and_return(lexis_nexis_percent) get :show, params: { 'document-capture-session': session_uuid } end @@ -120,8 +120,8 @@ let(:lexis_nexis_percent) { 0 } before do - allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent). - and_return(lexis_nexis_percent) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_lexis_nexis_percent) + .and_return(lexis_nexis_percent) end it 'causes an 404 error' do diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 380e2a7853a..de12759de6f 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -21,23 +21,23 @@ let(:socure_docv_verification_data_test_mode) { false } before do - allow(IdentityConfig.store).to receive(:socure_docv_enabled). - and_return(socure_docv_enabled) - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_enabled) + .and_return(socure_docv_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled). - and_return(vendor_switching_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) + .and_return(vendor_switching_enabled) allow(subject).to receive(:stored_result).and_return(stored_result) session[:doc_capture_user_id] = user&.id session[:document_capture_session_uuid] = document_capture_session_uuid - allow(IdentityConfig.store). - to receive(:socure_docv_verification_data_test_mode). - and_return(socure_docv_verification_data_test_mode) + allow(IdentityConfig.store) + .to receive(:socure_docv_verification_data_test_mode) + .and_return(socure_docv_verification_data_test_mode) unless IdentityConfig.store.socure_docv_verification_data_test_mode expect(IdentityConfig.store).not_to receive(:socure_docv_verification_data_test_mode_tokens) @@ -102,8 +102,8 @@ vtr: nil, acr_values: acr_values, ).result - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context) end it 'redirects to the LN/mock controller' do @@ -136,8 +136,8 @@ end it 'creates a DocumentRequest' do - expect(request_class).to have_received(:new). - with( + expect(request_class).to have_received(:new) + .with( redirect_url: idv_hybrid_mobile_socure_document_capture_update_url, language: expected_language, ) @@ -158,8 +158,8 @@ let(:expected_language) { :en } it 'does the correct POST to Socure' do - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with( + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with( body: JSON.generate( { config: { @@ -180,8 +180,8 @@ let(:expected_language) { :zh } it 'does the correct POST to Socure' do - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with( + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with( body: JSON.generate( { config: { @@ -208,8 +208,8 @@ it 'puts the docvTransactionToken into the document capture session' do document_capture_session.reload - expect(document_capture_session.socure_docv_transaction_token). - to eq(docv_transaction_token) + expect(document_capture_session.socure_docv_transaction_token) + .to eq(docv_transaction_token) end end end @@ -259,8 +259,8 @@ } end before do - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) end it 'connection timeout still responds to user' do stub_request(:post, fake_socure_endpoint).to_raise(Faraday::ConnectionFailed) @@ -415,17 +415,17 @@ before do ActiveJob::Base.queue_adapter = :test - allow(IdentityConfig.store). - to receive(:socure_docv_verification_data_test_mode_tokens). - and_return([test_token]) + allow(IdentityConfig.store) + .to receive(:socure_docv_verification_data_test_mode_tokens) + .and_return([test_token]) stub_request( :post, "#{IdentityConfig.store.socure_idplus_base_url}/api/3.0/EmailAuthScore", - ). - with(body: { modules: ['documentverification'], docvTransactionToken: test_token }. - to_json). - to_return( + ) + .with(body: { modules: ['documentverification'], docvTransactionToken: test_token } + .to_json) + .to_return( headers: { 'Content-Type' => 'application/json', }, @@ -435,8 +435,8 @@ context 'when a token is provided from the allow list' do it 'performs SocureDocvResultsJob' do - expect { get(:update, params: { docv_token: test_token }) }. - not_to have_enqueued_job(SocureDocvResultsJob) # is synchronous + expect { get(:update, params: { docv_token: test_token }) } + .not_to have_enqueued_job(SocureDocvResultsJob) # is synchronous expect(document_capture_session.reload.load_result).not_to be_nil end @@ -444,8 +444,8 @@ context 'when a token is provided not on the allow list' do it 'performs SocureDocvResultsJob' do - expect { get(:update, params: { docv_token: 'rando-token' }) }. - not_to have_enqueued_job(SocureDocvResultsJob) + expect { get(:update, params: { docv_token: 'rando-token' }) } + .not_to have_enqueued_job(SocureDocvResultsJob) expect(document_capture_session.reload.load_result).to be_nil end diff --git a/spec/controllers/idv/image_uploads_controller_spec.rb b/spec/controllers/idv/image_uploads_controller_spec.rb index 26975325175..2dae6836aa9 100644 --- a/spec/controllers/idv/image_uploads_controller_spec.rb +++ b/spec/controllers/idv/image_uploads_controller_spec.rb @@ -36,8 +36,8 @@ before do Funnel::DocAuth::RegisterStep.new(user.id, '').call('welcome', :view, true) - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(false) end context 'when fields are missing' do @@ -290,13 +290,13 @@ before do resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pb').parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) end it 'returns a successful response and modifies the session' do - expect_any_instance_of(DocAuth::Mock::DocAuthMockClient). - to receive(:post_images).with( + expect_any_instance_of(DocAuth::Mock::DocAuthMockClient) + .to receive(:post_images).with( front_image: an_instance_of(String), back_image: an_instance_of(String), selfie_image: an_instance_of(String), @@ -317,8 +317,8 @@ end it 'returns a successful response and modifies the session' do - expect_any_instance_of(DocAuth::Mock::DocAuthMockClient). - to receive(:post_images).with( + expect_any_instance_of(DocAuth::Mock::DocAuthMockClient) + .to receive(:post_images).with( front_image: an_instance_of(String), back_image: an_instance_of(String), selfie_image: nil, @@ -1068,8 +1068,8 @@ end it 'sends a selfie' do - expect_any_instance_of(DocAuth::Mock::DocAuthMockClient). - to receive(:post_images).with( + expect_any_instance_of(DocAuth::Mock::DocAuthMockClient) + .to receive(:post_images).with( front_image: an_instance_of(String), back_image: an_instance_of(String), selfie_image: an_instance_of(String), diff --git a/spec/controllers/idv/in_person/address_controller_spec.rb b/spec/controllers/idv/in_person/address_controller_spec.rb index 638175330c0..afd32c3a37a 100644 --- a/spec/controllers/idv/in_person/address_controller_spec.rb +++ b/spec/controllers/idv/in_person/address_controller_spec.rb @@ -8,8 +8,8 @@ let(:pii_from_user) { Idp::Constants::MOCK_IPP_APPLICANT_SAME_ADDRESS_AS_ID_FALSE } before do - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(true) stub_sign_in(user) stub_up_to(:hybrid_handoff, idv_session: subject.idv_session) subject.user_session['idv/in_person'] = { @@ -176,8 +176,8 @@ it 'infers and sets the "same_address_as_id" in the flow session to false' do put :update, params: params - expect(subject.user_session['idv/in_person'][:pii_from_user][:same_address_as_id]). - to eq('false') + expect(subject.user_session['idv/in_person'][:pii_from_user][:same_address_as_id]) + .to eq('false') end end @@ -189,8 +189,8 @@ it 'leaves the "same_address_as_id" in the flow session as false' do put :update, params: params - expect(subject.user_session['idv/in_person'][:pii_from_user][:same_address_as_id]). - to eq('false') + expect(subject.user_session['idv/in_person'][:pii_from_user][:same_address_as_id]) + .to eq('false') end end end diff --git a/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb b/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb index f475e135858..cc14296fd92 100644 --- a/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb +++ b/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb @@ -7,10 +7,10 @@ before do stub_analytics - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx) end describe 'before_actions' do @@ -102,8 +102,8 @@ before do resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pb').parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) end it 'evaluates to In Person Proofing' do @@ -117,8 +117,8 @@ before do resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context_result) end it 'evaluates to Enhanced IPP' do diff --git a/spec/controllers/idv/in_person/ssn_controller_spec.rb b/spec/controllers/idv/in_person/ssn_controller_spec.rb index 4e363c1972c..d8ab3d9cd68 100644 --- a/spec/controllers/idv/in_person/ssn_controller_spec.rb +++ b/spec/controllers/idv/in_person/ssn_controller_spec.rb @@ -155,8 +155,8 @@ it 'updates idv_session.ssn' do subject.idv_session.ssn = '900-95-7890' - expect { put :update, params: params }.to change { subject.idv_session.ssn }. - from('900-95-7890').to(ssn) + expect { put :update, params: params }.to change { subject.idv_session.ssn } + .from('900-95-7890').to(ssn) expect(@analytics).to have_logged_event(analytics_name, analytics_args) end end diff --git a/spec/controllers/idv/in_person/state_id_controller_spec.rb b/spec/controllers/idv/in_person/state_id_controller_spec.rb index b24ab440209..6b448276214 100644 --- a/spec/controllers/idv/in_person/state_id_controller_spec.rb +++ b/spec/controllers/idv/in_person/state_id_controller_spec.rb @@ -8,8 +8,8 @@ let(:enrollment) { InPersonEnrollment.new } before do - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(true) stub_sign_in(user) stub_up_to(:hybrid_handoff, idv_session: subject.idv_session) allow(user).to receive(:establishing_in_person_enrollment).and_return(enrollment) diff --git a/spec/controllers/idv/in_person/usps_locations_controller_spec.rb b/spec/controllers/idv/in_person/usps_locations_controller_spec.rb index 489df56f68c..a4803ba15a1 100644 --- a/spec/controllers/idv/in_person/usps_locations_controller_spec.rb +++ b/spec/controllers/idv/in_person/usps_locations_controller_spec.rb @@ -32,8 +32,8 @@ before do stub_analytics stub_sign_in(user) if user - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) allow(controller).to receive(:current_sp).and_return(sp) end @@ -150,8 +150,8 @@ context 'no addresses found by usps' do before do - allow(proofer).to receive(:request_facilities).with(address, false). - and_return([]) + allow(proofer).to receive(:request_facilities).with(address, false) + .and_return([]) end it 'logs analytics with error when successful response is empty' do @@ -239,8 +239,8 @@ end before do - allow(proofer).to receive(:request_facilities).with(fake_address, false). - and_raise(exception) + allow(proofer).to receive(:request_facilities).with(fake_address, false) + .and_raise(exception) end it 'returns no locations' do diff --git a/spec/controllers/idv/in_person/verify_info_controller_spec.rb b/spec/controllers/idv/in_person/verify_info_controller_spec.rb index a05953e8b96..d4ddcb4696d 100644 --- a/spec/controllers/idv/in_person/verify_info_controller_spec.rb +++ b/spec/controllers/idv/in_person/verify_info_controller_spec.rb @@ -251,8 +251,8 @@ end it 'indicates to the IDV agent that an IPP enrollment is not in progress' do - expect_any_instance_of(Idv::Agent).to receive(:proof_resolution). - with( + expect_any_instance_of(Idv::Agent).to receive(:proof_resolution) + .with( kind_of(DocumentCaptureSession), trace_id: subject.send(:amzn_trace_id), threatmetrix_session_id: nil, @@ -294,8 +294,8 @@ end it 'passes the X-Amzn-Trace-Id to the proofer' do - expect_any_instance_of(Idv::Agent).to receive(:proof_resolution). - with( + expect_any_instance_of(Idv::Agent).to receive(:proof_resolution) + .with( kind_of(DocumentCaptureSession), trace_id: subject.send(:amzn_trace_id), threatmetrix_session_id: nil, @@ -327,8 +327,8 @@ before do allow(IdentityConfig.store).to receive(:proof_ssn_max_attempts).and_return(3) - allow(IdentityConfig.store).to receive(:proof_ssn_max_attempt_window_in_minutes). - and_return(10) + allow(IdentityConfig.store).to receive(:proof_ssn_max_attempt_window_in_minutes) + .and_return(10) end it 'rate limits them all' do diff --git a/spec/controllers/idv/in_person_controller_spec.rb b/spec/controllers/idv/in_person_controller_spec.rb index 9a6a3f73271..462a79c83eb 100644 --- a/spec/controllers/idv/in_person_controller_spec.rb +++ b/spec/controllers/idv/in_person_controller_spec.rb @@ -6,8 +6,8 @@ let(:user) { nil } before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) allow(controller).to receive(:current_sp).and_return(sp) stub_sign_in(user) if user end @@ -75,8 +75,8 @@ context 'with in person proofing enabled for service provider' do before do - ServiceProvider.find_by(issuer: sp.issuer). - update(in_person_proofing_enabled: true) + ServiceProvider.find_by(issuer: sp.issuer) + .update(in_person_proofing_enabled: true) end it 'redirects to the first step' do diff --git a/spec/controllers/idv/link_sent_controller_spec.rb b/spec/controllers/idv/link_sent_controller_spec.rb index fe7f3ede25d..e8feadcee66 100644 --- a/spec/controllers/idv/link_sent_controller_spec.rb +++ b/spec/controllers/idv/link_sent_controller_spec.rb @@ -191,8 +191,8 @@ context 'selfie checks' do before do - expect(controller).to receive(:selfie_requirement_met?). - and_return(performed_if_needed) + expect(controller).to receive(:selfie_requirement_met?) + .and_return(performed_if_needed) end context 'not performed' do diff --git a/spec/controllers/idv/otp_verification_controller_spec.rb b/spec/controllers/idv/otp_verification_controller_spec.rb index 0ec9a8cef26..64cd5dc6318 100644 --- a/spec/controllers/idv/otp_verification_controller_spec.rb +++ b/spec/controllers/idv/otp_verification_controller_spec.rb @@ -107,8 +107,8 @@ context 'the user is going through in person proofing' do before(:each) do create(:in_person_enrollment, :establishing, user: user) - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(true) end context 'the user uses sms otp' do @@ -120,8 +120,8 @@ end it 'saves the sms notification number to the enrollment' do - expect(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled). - and_return(true) + expect(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled) + .and_return(true) put :update, params: otp_code_param @@ -142,8 +142,8 @@ end it 'does not save the sms notification number to the enrollment' do - expect(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled). - and_return(true) + expect(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled) + .and_return(true) put :update, params: otp_code_param diff --git a/spec/controllers/idv/phone_controller_spec.rb b/spec/controllers/idv/phone_controller_spec.rb index 664a4dee1c9..f2a13f69406 100644 --- a/spec/controllers/idv/phone_controller_spec.rb +++ b/spec/controllers/idv/phone_controller_spec.rb @@ -379,8 +379,8 @@ context 'with full vendor outage' do before do - allow_any_instance_of(OutageStatus).to receive(:all_phone_vendor_outage?). - and_return(true) + allow_any_instance_of(OutageStatus).to receive(:all_phone_vendor_outage?) + .and_return(true) end it 'redirects to vendor outage page' do @@ -407,8 +407,8 @@ context 'with full vendor outage' do before do - allow_any_instance_of(OutageStatus).to receive(:all_phone_vendor_outage?). - and_return(true) + allow_any_instance_of(OutageStatus).to receive(:all_phone_vendor_outage?) + .and_return(true) end it 'redirects to vendor outage page' do diff --git a/spec/controllers/idv/please_call_controller_spec.rb b/spec/controllers/idv/please_call_controller_spec.rb index e02027664a4..42f11525296 100644 --- a/spec/controllers/idv/please_call_controller_spec.rb +++ b/spec/controllers/idv/please_call_controller_spec.rb @@ -10,10 +10,10 @@ before do stub_sign_in(user) - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx) end render_views @@ -62,10 +62,10 @@ let!(:enrollment) { create(:in_person_enrollment, :passed, user: user, profile: profile) } before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx) end it 'renders the show template' do @@ -116,10 +116,10 @@ let!(:enrollment) { create(:in_person_enrollment, :passed, user: user, profile: profile) } before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx) end it 'returns false from in_person_prevent_fraud_redirection' do diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 1e1f1eef25b..b28c722e9fc 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -30,14 +30,14 @@ let(:socure_docv_verification_data_test_mode) { false } before do - allow(IdentityConfig.store).to receive(:socure_docv_enabled). - and_return(socure_docv_enabled) - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_enabled) + .and_return(socure_docv_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) - allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled). - and_return(vendor_switching_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) + .and_return(vendor_switching_enabled) allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) allow(subject).to receive(:stored_result).and_return(stored_result) @@ -46,9 +46,9 @@ allow(subject).to receive(:user_session).and_return(user_session) subject.idv_session.document_capture_session_uuid = document_capture_session.uuid - allow(IdentityConfig.store). - to receive(:socure_docv_verification_data_test_mode). - and_return(socure_docv_verification_data_test_mode) + allow(IdentityConfig.store) + .to receive(:socure_docv_verification_data_test_mode) + .and_return(socure_docv_verification_data_test_mode) unless IdentityConfig.store.socure_docv_verification_data_test_mode expect(IdentityConfig.store).not_to receive(:socure_docv_verification_data_test_mode_tokens) @@ -114,8 +114,8 @@ vtr: nil, acr_values: acr_values, ).result - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context) + allow(controller).to receive(:resolved_authn_context_result) + .and_return(resolved_authn_context) end it 'redirects to the LN/mock controller' do @@ -148,8 +148,8 @@ end it 'creates a DocumentRequest' do - expect(request_class).to have_received(:new). - with( + expect(request_class).to have_received(:new) + .with( redirect_url: idv_socure_document_capture_update_url, language: expected_language, ) @@ -170,8 +170,8 @@ let(:expected_language) { :en } it 'does the correct POST to Socure' do - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with( + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with( body: JSON.generate( { config: { @@ -192,8 +192,8 @@ let(:expected_language) { :zh } it 'does the correct POST to Socure' do - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with( + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with( body: JSON.generate( { config: { @@ -220,8 +220,8 @@ it 'puts the docvTransactionToken into the document capture session' do document_capture_session.reload - expect(document_capture_session.socure_docv_transaction_token). - to eq(docv_transaction_token) + expect(document_capture_session.socure_docv_transaction_token) + .to eq(docv_transaction_token) end end end @@ -271,8 +271,8 @@ } end before do - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) end it 'connection timeout still responds to user' do stub_request(:post, fake_socure_endpoint).to_raise(Faraday::ConnectionFailed) @@ -397,17 +397,17 @@ before do ActiveJob::Base.queue_adapter = :test - allow(IdentityConfig.store). - to receive(:socure_docv_verification_data_test_mode_tokens). - and_return([test_token]) + allow(IdentityConfig.store) + .to receive(:socure_docv_verification_data_test_mode_tokens) + .and_return([test_token]) stub_request( :post, "#{IdentityConfig.store.socure_idplus_base_url}/api/3.0/EmailAuthScore", - ). - with(body: { modules: ['documentverification'], docvTransactionToken: test_token }. - to_json). - to_return( + ) + .with(body: { modules: ['documentverification'], docvTransactionToken: test_token } + .to_json) + .to_return( headers: { 'Content-Type' => 'application/json', }, @@ -417,8 +417,8 @@ context 'when a token is provided from the allow list' do it 'performs SocureDocvResultsJob' do - expect { get(:update, params: { docv_token: test_token }) }. - not_to have_enqueued_job(SocureDocvResultsJob) # is synchronous + expect { get(:update, params: { docv_token: test_token }) } + .not_to have_enqueued_job(SocureDocvResultsJob) # is synchronous expect(document_capture_session.reload.load_result).not_to be_nil end @@ -426,8 +426,8 @@ context 'when a token is provided not on the allow list' do it 'performs SocureDocvResultsJob' do - expect { get(:update, params: { docv_token: 'rando-token' }) }. - not_to have_enqueued_job(SocureDocvResultsJob) + expect { get(:update, params: { docv_token: 'rando-token' }) } + .not_to have_enqueued_job(SocureDocvResultsJob) expect(document_capture_session.reload.load_result).to be_nil end diff --git a/spec/controllers/idv/ssn_controller_spec.rb b/spec/controllers/idv/ssn_controller_spec.rb index c8a435b546f..4afbe54f828 100644 --- a/spec/controllers/idv/ssn_controller_spec.rb +++ b/spec/controllers/idv/ssn_controller_spec.rb @@ -128,8 +128,8 @@ end it 'overrides Content Security Policies for ThreatMetrix' do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:enabled) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(:enabled) get :show csp = response.request.content_security_policy @@ -164,8 +164,8 @@ end it 'updates idv_session.ssn' do - expect { put :update, params: params }.to change { subject.idv_session.ssn }. - from(nil).to(ssn) + expect { put :update, params: params }.to change { subject.idv_session.ssn } + .from(nil).to(ssn) expect(@analytics).to have_logged_event(analytics_name, analytics_args) end @@ -184,8 +184,8 @@ it 'updates idv_session.ssn' do subject.idv_session.ssn = '900-95-7890' - expect { put :update, params: params }.to change { subject.idv_session.ssn }. - from('900-95-7890').to(ssn) + expect { put :update, params: params }.to change { subject.idv_session.ssn } + .from('900-95-7890').to(ssn) expect(@analytics).to have_logged_event(analytics_name, analytics_args) end end diff --git a/spec/controllers/idv/verify_info_controller_spec.rb b/spec/controllers/idv/verify_info_controller_spec.rb index 7dacf98adb1..64aefeb0bdb 100644 --- a/spec/controllers/idv/verify_info_controller_spec.rb +++ b/spec/controllers/idv/verify_info_controller_spec.rb @@ -176,8 +176,9 @@ end before do - controller. - idv_session.verify_info_step_document_capture_session_uuid = document_capture_session.uuid + controller + .idv_session + .verify_info_step_document_capture_session_uuid = document_capture_session.uuid allow(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:enabled) end diff --git a/spec/controllers/idv/welcome_controller_spec.rb b/spec/controllers/idv/welcome_controller_spec.rb index 384fb1d76cc..94d523c8e49 100644 --- a/spec/controllers/idv/welcome_controller_spec.rb +++ b/spec/controllers/idv/welcome_controller_spec.rb @@ -130,8 +130,8 @@ end it 'creates a document capture session' do - expect { put :update }. - to change { subject.idv_session.document_capture_session_uuid }.from(nil) + expect { put :update } + .to change { subject.idv_session.document_capture_session_uuid }.from(nil) end context 'with previous establishing in-person enrollments' do diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb index 0590bca9983..90637ce9bd4 100644 --- a/spec/controllers/openid_connect/authorization_controller_spec.rb +++ b/spec/controllers/openid_connect/authorization_controller_spec.rb @@ -66,8 +66,8 @@ let(:vtr) { nil } it 'redirects back to the client app with a code if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -81,8 +81,8 @@ end it 'renders a client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -97,8 +97,8 @@ end it 'renders a JS client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -153,6 +153,10 @@ sign_in_flow:, acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', ) + + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) end end @@ -223,8 +227,8 @@ end it 'redirects to the redirect_uri immediately when pii is unlocked if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -236,8 +240,8 @@ end it 'renders a client-side redirect back to the client app immediately if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -250,8 +254,8 @@ end it 'renders a JS client-side redirect back to the client app immediately if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -264,10 +268,10 @@ end it 'redirects back to the client app immediately if UUID is overridden to server-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -279,10 +283,10 @@ end it 'renders a client-side redirect back to the client app immediately if UUID is overridden to client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -295,10 +299,10 @@ end it 'renders a JS client-side redirect back to the client app immediately if UUID is overridden to JS client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -311,12 +315,12 @@ end it 'respects UUID redirect config when issuer config is also set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side' }) - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -330,10 +334,10 @@ end it 'respects issuer redirect config if UUID config is not set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -407,8 +411,8 @@ let(:vtr) { ['Pb'].to_json } before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -448,8 +452,8 @@ let(:vtr) { ['Pb'].to_json } before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests).and_return(true) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -489,8 +493,8 @@ context 'verified non-facial match profile with pending facial match profile' do before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[birthdate family_name given_name verified_at], @@ -636,8 +640,8 @@ end it 'redirects to the redirect_uri immediately when pii is unlocked if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -649,8 +653,8 @@ end it 'renders client-side redirect to the client app immediately if PII is unlocked and it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -664,8 +668,8 @@ end it 'renders JS client-side redirect to the client app immediately if PII is unlocked and it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -738,8 +742,8 @@ context 'account is not already verified' do it 'redirects to the redirect_uri immediately without proofing if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -751,8 +755,8 @@ end it 'renders client-side redirect to the client app immediately if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -765,8 +769,8 @@ end it 'renders JS client-side redirect to the client app immediately if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -828,8 +832,8 @@ let(:user) { create(:profile, :verified, :password_reset).user } it 'redirects to the redirect_uri immediately without proofing if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -842,8 +846,8 @@ end it 'renders client-side redirect to the client app immediately if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -856,8 +860,8 @@ end it 'renders JS client-side redirect to the client app immediately if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -937,8 +941,8 @@ end it 'redirects back to the client app with a code if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -950,8 +954,8 @@ end it 'renders a client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action @@ -964,8 +968,8 @@ end it 'renders a JS client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action @@ -983,8 +987,8 @@ let(:vtr) { ['C1'].to_json } it 'redirects back to the client app with a code if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -998,8 +1002,8 @@ end it 'renders a client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -1014,8 +1018,8 @@ end it 'renders a JS client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!(verified_attributes: %w[given_name family_name birthdate]) action @@ -1145,8 +1149,8 @@ end it 'redirects to the redirect_uri immediately when pii is unlocked if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1158,8 +1162,8 @@ end it 'renders a client-side redirect back to the client app immediately if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1172,8 +1176,8 @@ end it 'renders a JS client-side redirect back to the client app immediately if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1186,10 +1190,10 @@ end it 'redirects back to the client app immediately if UUID is overridden to server-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1201,10 +1205,10 @@ end it 'renders a client-side redirect back to the client app immediately if UUID is overridden to client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1217,10 +1221,10 @@ end it 'renders a JS client-side redirect back to the client app immediately if UUID is overridden to JS client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1233,12 +1237,12 @@ end it 'respects UUID redirect config when issuer config is also set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side' }) - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -1252,10 +1256,10 @@ end it 'respects issuer redirect config if UUID config is not set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side_js' }) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -1329,8 +1333,8 @@ let(:vtr) { ['Pb'].to_json } before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1370,8 +1374,8 @@ let(:vtr) { ['Pb'].to_json } before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests).and_return(true) IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -1411,8 +1415,8 @@ context 'verified non-facial match profile with pending facial match profile' do before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[birthdate family_name given_name verified_at], @@ -1560,8 +1564,8 @@ end it 'redirects to the redirect_uri immediately when pii is unlocked if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1573,8 +1577,8 @@ end it 'renders client-side redirect to the client app immediately if PII is unlocked and it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -1588,8 +1592,8 @@ end it 'renders JS client-side redirect to the client app immediately if PII is unlocked and it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 3) user.identities.last.update!( @@ -1662,8 +1666,8 @@ context 'account is not already verified' do it 'redirects to the redirect_uri immediately without proofing if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( verified_attributes: %w[given_name family_name birthdate verified_at], @@ -1675,8 +1679,8 @@ end it 'renders client-side redirect to the client app immediately if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -1689,8 +1693,8 @@ end it 'renders JS client-side redirect to the client app immediately if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -1752,8 +1756,8 @@ let(:user) { create(:profile, :verified, :password_reset).user } it 'redirects to the redirect_uri immediately without proofing if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -1766,8 +1770,8 @@ end it 'renders client-side redirect to the client app immediately if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -1780,8 +1784,8 @@ end it 'renders JS client-side redirect to the client app immediately if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') IdentityLinker.new(user, service_provider).link_identity(ial: 1) user.identities.last.update!( @@ -1861,8 +1865,8 @@ end it 'redirects back to the client app with a code if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -1874,8 +1878,8 @@ end it 'renders a client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action @@ -1888,8 +1892,8 @@ end it 'renders a JS client-side redirect back to the client app with a code if it is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action @@ -1910,8 +1914,8 @@ before { params[:prompt] = '' } it 'redirects the user with an invalid request if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -1924,8 +1928,8 @@ end it 'renders client-side redirect with an invalid request if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -1939,8 +1943,8 @@ end it 'renders JS client-side redirect with an invalid request if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -1954,10 +1958,10 @@ end it 'redirects the user with an invalid request if UUID is in server-side redirect list' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -1970,10 +1974,10 @@ end it 'renders client-side redirect with an invalid request if UUID is overriden for client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) action expect(controller).to render_template('openid_connect/shared/redirect') @@ -1987,10 +1991,10 @@ end it 'renders JS client-side redirect with an invalid request if UUID is overriden for JS client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2020,12 +2024,45 @@ errors: hash_including(:prompt), error_details: hash_including(:prompt), user_fully_authenticated: true, - acr_values: 'http://idmanagement.gov/ns/assurance/ial/1', + acr_values: acr_values, code_challenge_present: false, scope: 'openid', ) expect(@analytics).to_not have_logged_event('SP redirect initiated') + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Prompt Please fill in this field.', + ), + error_types: { prompt: true }, + event: :oidc_request_authorization, + integration_exists: true, + request_issuer: client_id, + ) + end + + context 'when there are multiple issues with the request' do + let(:acr_values) { nil } + + it 'notes all the integration errors' do + stub_analytics + + action + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Acr values Please fill in this field.', + 'Prompt Please fill in this field.', + ), + error_types: { acr_values: true, prompt: true }, + event: :oidc_request_authorization, + integration_exists: true, + request_issuer: client_id, + ) + end end end @@ -2054,6 +2091,17 @@ scope: 'openid profile', unknown_authn_contexts: unknown_value, ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Acr values Please fill in this field.', + ), + error_types: { acr_values: true }, + event: :oidc_request_authorization, + integration_exists: true, + request_issuer: client_id, + ) end context 'when there is also a valid acr_value' do @@ -2095,8 +2143,8 @@ before { params[:prompt] = '' } it 'redirects the user with an invalid request if client-side redirect is disabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action @@ -2110,8 +2158,8 @@ end it 'renders client-side redirect with an invalid request if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -2125,8 +2173,8 @@ end it 'renders JS client-side redirect with an invalid request if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2140,10 +2188,10 @@ end it 'redirects the user with an invalid request if UUID is in server-side redirect list' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -2156,10 +2204,10 @@ end it 'renders client-side redirect with an invalid request if UUID is overriden for client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) action @@ -2174,10 +2222,10 @@ end it 'renders JS client-side redirect with an invalid request if UUID is overriden for JS client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2300,16 +2348,16 @@ let(:acr_values) { nil } it 'handles the error and does not blow up when server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) end it 'handles the error and does not blow up when client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -2317,8 +2365,8 @@ end it 'handles the error and does not blow up when client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2341,8 +2389,8 @@ end it 'redirects the user if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -2355,8 +2403,8 @@ end it 'renders a client-side redirect if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -2370,8 +2418,8 @@ end it 'renders a JS client-side redirect if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2431,16 +2479,16 @@ let(:vtr) { nil } it 'handles the error and does not blow up when server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) end it 'handles the error and does not blow up when client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -2448,8 +2496,8 @@ end it 'handles the error and does not blow up when client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -2470,8 +2518,8 @@ let(:vtr) { ['CaPb'].to_json } it 'redirects the user if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{params[:redirect_uri]}/) @@ -2484,8 +2532,8 @@ end it 'renders a client-side redirect if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -2499,8 +2547,8 @@ end it 'renders a JS client-side redirect if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') diff --git a/spec/controllers/openid_connect/logout_controller_spec.rb b/spec/controllers/openid_connect/logout_controller_spec.rb index fc2499422b1..3c2780cde83 100644 --- a/spec/controllers/openid_connect/logout_controller_spec.rb +++ b/spec/controllers/openid_connect/logout_controller_spec.rb @@ -66,16 +66,16 @@ end it 'redirects back to the client if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) end it 'renders client-side redirect if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -83,8 +83,8 @@ end it 'renders JS client-side redirect if client-side JS redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -92,20 +92,20 @@ end it 'redirects back to the client if UUID set to server-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) end it 'renders client-side redirect if UUID set to to client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) action expect(controller).to render_template('openid_connect/shared/redirect') @@ -113,10 +113,10 @@ end it 'renders JS client-side redirect if UUID set to JS client-side redirect' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -124,12 +124,12 @@ end it 'respects UUID redirect config when issuer config is also set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side' }) - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -137,10 +137,10 @@ end it 'respects issuer redirect config if UUID config is not set' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map). - and_return({ service_provider.issuer => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_issuer_override_map) + .and_return({ service_provider.issuer => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -176,6 +176,10 @@ oidc: true, ), ) + + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) end end @@ -215,6 +219,17 @@ oidc: true, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Redirect uri redirect_uri does not match registered redirect_uri', + ), + error_types: { redirect_uri: true }, + event: :oidc_logout_requested, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end end @@ -238,22 +253,32 @@ oidc: true, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Id token hint id_token_hint was not recognized', + ), + error_types: { id_token_hint: true }, + event: :oidc_logout_requested, + integration_exists: false, + ) end end end context 'user is not signed in' do it 'renders server-side redirect if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) end it 'redirects back to the client if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -261,8 +286,8 @@ end it 'redirects back to the client if JS client-side redirect is enabledj' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -317,6 +342,9 @@ oidc: true, ), ) + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) expect(response).to render_template(:confirm_logout) expect(response.body).to include service_provider.friendly_name end @@ -358,22 +386,33 @@ oidc: true, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Redirect uri redirect_uri does not match registered redirect_uri', + ), + error_types: { redirect_uri: true }, + event: :oidc_logout_requested, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end end end context 'user is not signed in' do it 'redirects back to the client if server-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) end it 'renders client-side redirect if client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -381,8 +420,8 @@ end it 'renders JS client-side redirect if JS client-side redirect is enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -444,6 +483,10 @@ oidc: true, ), ) + + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) end end @@ -483,6 +526,18 @@ oidc: true, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Id token hint This application is misconfigured and should not be sending ' \ + 'id_token_hint. Please send client_id instead.', + ), + error_types: { id_token_hint: true }, + event: :oidc_logout_requested, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end end @@ -522,6 +577,17 @@ oidc: true, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Redirect uri redirect_uri does not match registered redirect_uri', + ), + error_types: { redirect_uri: true }, + event: :oidc_logout_requested, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end end end @@ -529,8 +595,8 @@ context 'user is not signed in' do it 'redirects back to the client if server-side redirect is enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) @@ -538,8 +604,8 @@ it 'renders client-side redirect if client-side redirect is enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -548,8 +614,8 @@ it 'renders JS client-side redirect if JS client-side redirect is enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -565,8 +631,8 @@ context 'when accepting id_token_hint and client_id' do before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(false) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(false) end describe '#logout[GET]' do @@ -590,8 +656,8 @@ it 'destroys the session and redirects to client if server-side redirect is enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) @@ -599,8 +665,8 @@ it 'destroys session and renders client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -609,8 +675,8 @@ it 'destroys session and renders JS client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -619,10 +685,10 @@ it 'destroys the session and redirects to client if UUID set to server-side redirect' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'server_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'server_side' }) action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) @@ -630,10 +696,10 @@ it 'destroys session and renders client-side redirect if UUID is set to client-side' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side' }) action expect(controller).to render_template('openid_connect/shared/redirect') @@ -642,10 +708,10 @@ it 'destroy session and render JS client-side redirect if UUID set to JS client-side' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') - allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map). - and_return({ user.uuid => 'client_side_js' }) + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect_uuid_override_map) + .and_return({ user.uuid => 'client_side_js' }) action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -678,8 +744,8 @@ before { stub_sign_in(user) } it 'destroys the session and redirects if client-side redirect is disabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) @@ -687,8 +753,8 @@ it 'destroys the session and renders client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -697,8 +763,8 @@ it 'destroys the session and renders JS client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -720,8 +786,8 @@ context 'when rejecting id_token_hint' do before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(true) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(true) end describe '#logout[GET]' do @@ -730,21 +796,23 @@ describe '#delete' do context 'when sending client_id' do + let(:params) do + { + client_id: service_provider.issuer, + post_logout_redirect_uri: post_logout_redirect_uri, + state: state, + } + end subject(:action) do - delete :delete, - params: { - client_id: service_provider.issuer, - post_logout_redirect_uri: post_logout_redirect_uri, - state: state, - } + delete :delete, params: end context 'user is signed in' do before { stub_sign_in(user) } it 'destroys session and redirects to client if server-side redirect is enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') action expect(response).to redirect_to(/^#{post_logout_redirect_uri}/) @@ -752,8 +820,8 @@ it 'destroys the session and renders client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') action expect(controller).to render_template('openid_connect/shared/redirect') @@ -762,8 +830,8 @@ it 'destroys the session and renders JS client-side redirect if enabled' do expect(controller).to receive(:sign_out) - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') action expect(controller).to render_template('openid_connect/shared/redirect_js') @@ -795,6 +863,30 @@ sp_initiated: true, oidc: true, ) + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) + end + + context 'when client_id is missing' do + before do + params.delete(:client_id) + end + it 'tracks an integration error event' do + stub_analytics + + action + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Client client_id is missing', + ), + error_types: { client_id: true }, + event: :oidc_logout_submitted, + integration_exists: false, + ) + end end end diff --git a/spec/controllers/openid_connect/token_controller_spec.rb b/spec/controllers/openid_connect/token_controller_spec.rb index d8648d7a274..037299f9590 100644 --- a/spec/controllers/openid_connect/token_controller_spec.rb +++ b/spec/controllers/openid_connect/token_controller_spec.rb @@ -67,6 +67,8 @@ ial: 1, } ) + + expect(@analytics).to_not have_logged_event(:sp_integration_errors_present) end end @@ -99,6 +101,17 @@ ial: 1, } ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Grant type is not included in the list', + ), + error_types: { grant_type: true }, + event: :oidc_token_request, + integration_exists: true, + request_issuer: client_id, + ) end end @@ -106,12 +119,16 @@ let(:code) { { nested: 'code' } } it 'is a 400 and has an error response and no id_token' do + stub_analytics + action expect(response).to be_bad_request json = JSON.parse(response.body).with_indifferent_access expect(json[:error]).to be_present expect(json).to_not have_key(:id_token) + + expect(@analytics).to_not have_logged_event(:sp_integration_errors_present) end end end diff --git a/spec/controllers/openid_connect/user_info_controller_spec.rb b/spec/controllers/openid_connect/user_info_controller_spec.rb index ca18ae0f26d..d0eb23d054f 100644 --- a/spec/controllers/openid_connect/user_info_controller_spec.rb +++ b/spec/controllers/openid_connect/user_info_controller_spec.rb @@ -28,6 +28,16 @@ errors: hash_including(:access_token), error_details: hash_including(:access_token), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Access token No Authorization header provided', + ), + error_types: { access_token: true }, + event: :oidc_bearer_token_auth, + integration_exists: false, + ) end end @@ -37,8 +47,8 @@ it '401s' do action expect(response).to be_unauthorized - expect(json_response[:error]). - to eq(t('openid_connect.user_info.errors.malformed_authorization')) + expect(json_response[:error]) + .to eq(t('openid_connect.user_info.errors.malformed_authorization')) end it 'tracks analytics' do @@ -52,6 +62,16 @@ errors: hash_including(:access_token), error_details: hash_including(:access_token), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Access token Malformed Authorization header', + ), + error_types: { access_token: true }, + event: :oidc_bearer_token_auth, + integration_exists: false, + ) end end @@ -75,6 +95,17 @@ errors: hash_including(:access_token), error_details: hash_including(:access_token), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: array_including( + 'Access token Could not find authorization for the contents of the provided ' \ + 'access_token or it may have expired', + ), + error_types: { access_token: true }, + event: :oidc_bearer_token_auth, + integration_exists: false, + ) end end @@ -135,6 +166,10 @@ ial: identity.ial, errors: {}, ) + + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) end it 'only changes the paths visited in session' do diff --git a/spec/controllers/risc/security_events_controller_spec.rb b/spec/controllers/risc/security_events_controller_spec.rb index 246e06c5fdd..f7709d39413 100644 --- a/spec/controllers/risc/security_events_controller_spec.rb +++ b/spec/controllers/risc/security_events_controller_spec.rb @@ -38,8 +38,8 @@ let(:jwt) { JWT.encode(jwt_payload, rp_private_key, 'RS256', typ: 'secevent+jwt') } it 'creates a security event record' do - expect { action }. - to(change { SecurityEvent.count }.by(1)) + expect { action } + .to(change { SecurityEvent.count }.by(1)) expect(response.body).to be_empty expect(response.code.to_i).to eq(202) # Accepted @@ -65,8 +65,8 @@ before { jwt_payload[:aud] = 'http://bad.example' } it 'renders an error response and does not create a security event record' do - expect { action }. - to_not(change { SecurityEvent.count }) + expect { action } + .to_not(change { SecurityEvent.count }) expect(response).to be_bad_request diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb index 8b587bf2753..1e23ba2b050 100644 --- a/spec/controllers/saml_idp_controller_spec.rb +++ b/spec/controllers/saml_idp_controller_spec.rb @@ -46,6 +46,13 @@ 'Logout Initiated', hash_including(sp_initiated: true, oidc: false, saml_request_valid: false), ) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:issuer_missing_or_invald, :no_auth_or_logout_request, :invalid_signature], + error_types: { saml_request_errors: true }, + event: :saml_logout_request, + integration_exists: false, + ) end let(:service_provider) do @@ -112,12 +119,35 @@ expect(response).to be_ok end - it 'rejects requests from a wrong cert' do - delete :logout, params: UriService.params( - OneLogin::RubySaml::Logoutrequest.new.create(wrong_cert_settings), - ).merge(path_year: path_year) + context 'when the cert is not registered' do + it 'rejects requests from a wrong cert' do + delete :logout, params: UriService.params( + OneLogin::RubySaml::Logoutrequest.new.create(wrong_cert_settings), + ).merge(path_year: path_year) - expect(response).to be_bad_request + expect(response).to be_bad_request + end + + it 'tracks the request' do + stub_analytics + + delete :logout, params: UriService.params( + OneLogin::RubySaml::Logoutrequest.new.create(wrong_cert_settings), + ).merge(path_year: path_year) + + expect(@analytics).to have_logged_event( + 'Logout Initiated', + hash_including(sp_initiated: true, oidc: false, saml_request_valid: false), + ) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:invalid_signature], + error_types: { saml_request_errors: true }, + event: :saml_logout_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) + end end context 'cert element in SAML request is blank' do @@ -183,6 +213,13 @@ post :remotelogout, params: { SAMLRequest: 'foo', path_year: path_year } expect(@analytics).to have_logged_event('Remote Logout initiated', saml_request_valid: false) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:issuer_missing_or_invald, :no_auth_or_logout_request, :invalid_signature], + error_types: { saml_request_errors: true }, + event: :saml_remote_logout_request, + integration_exists: false, + ) end let(:agency) { create(:agency) } @@ -351,12 +388,21 @@ ), ).to eq(true) + stub_analytics post :remotelogout, params: payload.to_h.merge( Signature: Base64.encode64(signature), path_year: path_year, ) expect(response).to be_bad_request + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:no_user_found_from_session_index], + error_types: { saml_request_errors: true }, + event: :saml_remote_logout_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end it 'rejects requests from a correct cert but bad session index' do @@ -385,12 +431,21 @@ ), ).to eq(true) + stub_analytics post :remotelogout, params: payload.to_h.merge( Signature: Base64.encode64(signature), path_year: path_year, ) expect(response).to be_bad_request + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:no_user_found_from_session_index], + error_types: { saml_request_errors: true }, + event: :saml_remote_logout_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end it 'rejects requests from a correct cert but a non-associated user' do @@ -419,20 +474,38 @@ ), ).to eq(true) + stub_analytics post :remotelogout, params: payload.to_h.merge( Signature: Base64.encode64(signature), path_year: path_year, ) expect(response).to be_bad_request + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:no_user_found_from_session_index], + error_types: { saml_request_errors: true }, + event: :saml_remote_logout_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end it 'rejects requests from a wrong cert' do + stub_analytics post :remotelogout, params: UriService.params( OneLogin::RubySaml::Logoutrequest.new.create(wrong_cert_settings), ).merge(path_year: path_year) expect(response).to be_bad_request + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: [:invalid_signature], + error_types: { saml_request_errors: true }, + event: :saml_remote_logout_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end end @@ -465,35 +538,35 @@ it 'contains a signature method nodeset with SHA256 algorithm' do expect(xmldoc.signature_method_nodeset.length).to eq(1) - expect(xmldoc.signature_method_nodeset[0].attr('Algorithm')). - to eq('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') + expect(xmldoc.signature_method_nodeset[0].attr('Algorithm')) + .to eq('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') end it 'contains a digest method nodeset with SHA256 algorithm' do expect(xmldoc.digest_method_nodeset.length).to eq(1) - expect(xmldoc.digest_method_nodeset[0].attr('Algorithm')). - to eq('http://www.w3.org/2001/04/xmlenc#sha256') + expect(xmldoc.digest_method_nodeset[0].attr('Algorithm')) + .to eq('http://www.w3.org/2001/04/xmlenc#sha256') end it 'contains the organization name under AttributeAuthorityDescriptor' do - expect(xmldoc.attribute_authority_organization_name). - to eq org_name + expect(xmldoc.attribute_authority_organization_name) + .to eq org_name end it 'contains the org display name under AttributeAuthorityDescriptor' do - expect(xmldoc.attribute_authority_organization_display_name). - to eq org_name + expect(xmldoc.attribute_authority_organization_display_name) + .to eq org_name end it 'contains the organization name' do - expect(xmldoc.organization_name). - to eq org_name + expect(xmldoc.organization_name) + .to eq org_name end it 'contains the organization display name' do - expect(xmldoc.organization_display_name). - to eq org_name + expect(xmldoc.organization_display_name) + .to eq org_name end it 'disables caching' do @@ -1012,6 +1085,14 @@ def name_id_version(format_urn) unknown_authn_contexts: unknown_value, ), ) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: ['Unauthorized authentication context'], + error_types: { saml_request_errors: true }, + event: :saml_auth_request, + integration_exists: true, + request_issuer: saml_settings.issuer, + ) end context 'there is also a valid authn_context' do @@ -1030,6 +1111,9 @@ def name_id_version(format_urn) unknown_authn_contexts: unknown_value, ), ) + expect(@analytics).to_not have_logged_event( + :sp_integration_errors_present, + ) end context 'when it includes the ReqAttributes AuthnContext' do @@ -1065,8 +1149,8 @@ def name_id_version(format_urn) authn_context_class_ref = saml_response_authn_context(decoded_saml_response) expect(response.status).to eq(200) - expect(authn_context_class_ref). - to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) + expect(authn_context_class_ref) + .to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) end end @@ -1079,8 +1163,8 @@ def name_id_version(format_urn) authn_context_class_ref = saml_response_authn_context(decoded_saml_response) expect(response.status).to eq(200) - expect(authn_context_class_ref). - to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) + expect(authn_context_class_ref) + .to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) end it 'returns default AAL authn_context when IAL1 is requested' do @@ -1091,8 +1175,8 @@ def name_id_version(format_urn) authn_context_class_ref = saml_response_authn_context(decoded_saml_response) expect(response.status).to eq(200) - expect(authn_context_class_ref). - to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) + expect(authn_context_class_ref) + .to eq(Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF) end it 'returns AAL2 authn_context when AAL2 is requested' do @@ -1276,6 +1360,14 @@ def name_id_version(format_urn) finish_profile: false, ), ) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: ['Unauthorized Service Provider'], + error_types: { saml_request_errors: true }, + event: :saml_auth_request, + integration_exists: false, + request_issuer: 'invalid_provider', + ) end end @@ -1321,6 +1413,14 @@ def name_id_version(format_urn) finish_profile: false, ), ) + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: ['Unauthorized Service Provider', 'Unauthorized authentication context'], + error_types: { saml_request_errors: true }, + event: :saml_auth_request, + integration_exists: false, + request_issuer: 'invalid_provider', + ) end end @@ -1364,6 +1464,15 @@ def name_id_version(format_urn) error_details: { service_provider: { no_cert_registered: true } }, ), ) + + expect(@analytics).to have_logged_event( + :sp_integration_errors_present, + error_details: ['Your service provider does not have a certificate registered.'], + error_types: { saml_request_errors: true }, + event: :saml_auth_request, + integration_exists: true, + request_issuer: service_provider.issuer, + ) end context 'when service provider has block_encryption set to none' do @@ -1891,8 +2000,8 @@ def name_id_version(format_urn) generate_saml_response(user, auth_settings) expect(response.status).to eq(200) - expect(name_id.attributes['Format'].value). - to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) + expect(name_id.attributes['Format'].value) + .to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) expect(name_id.children.first.to_s).to eq(user.last_identity.uuid) expect(@analytics).to have_logged_event( 'SAML Auth', @@ -1912,8 +2021,8 @@ def name_id_version(format_urn) generate_saml_response(user, auth_settings) expect(response.status).to eq(200) - expect(name_id.attributes['Format'].value). - to eq(Saml::Idp::Constants::NAME_ID_FORMAT_EMAIL) + expect(name_id.attributes['Format'].value) + .to eq(Saml::Idp::Constants::NAME_ID_FORMAT_EMAIL) expect(name_id.children.first.to_s).to eq(user.email) expect(@analytics).to have_logged_event( 'SAML Auth', @@ -1961,8 +2070,8 @@ def name_id_version(format_urn) expect(response.status).to eq(200) - expect(name_id.attributes['Format'].value). - to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) + expect(name_id.attributes['Format'].value) + .to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) expect(name_id.children.first.to_s).to eq(user.id.to_s) end @@ -2038,8 +2147,8 @@ def name_id_version(format_urn) expect(response.status).to eq(200) - expect(name_id.attributes['Format'].value). - to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) + expect(name_id.attributes['Format'].value) + .to eq(Saml::Idp::Constants::NAME_ID_FORMAT_PERSISTENT) expect(name_id.children.first.to_s).to eq(user.id.to_s) end @@ -2336,8 +2445,8 @@ def name_id_version(format_urn) end it 'has a format attribute specifying the email format' do - expect(name_id.attributes['Format'].value). - to eq('urn:oasis:names:tc:SAML:2.0:nameid-format:persistent') + expect(name_id.attributes['Format'].value) + .to eq('urn:oasis:names:tc:SAML:2.0:nameid-format:persistent') end it 'has the UUID of the user making the AuthN Request' do @@ -2510,8 +2619,8 @@ def name_id_version(format_urn) allow(controller).to receive(:remember_device_expired_for_sp?).and_return(false) allow(controller).to receive(:identity_needs_verification?).and_return(true) allow(controller).to receive(:saml_request).and_return(FakeSamlRequest.new) - allow(controller).to receive(:saml_request_id). - and_return(SecureRandom.uuid) + allow(controller).to receive(:saml_request_id) + .and_return(SecureRandom.uuid) stub_requested_attributes get :auth, params: { path_year: path_year } @@ -2557,8 +2666,8 @@ def stub_requested_attributes service_provider.ial = 2 service_provider.save request_parser = instance_double(SamlRequestParser) - expect(SamlRequestParser).to receive(:new). - and_return(request_parser) + expect(SamlRequestParser).to receive(:new) + .and_return(request_parser) allow(request_parser).to receive(:requested_attributes).and_return([:email]) end diff --git a/spec/controllers/service_provider_controller_spec.rb b/spec/controllers/service_provider_controller_spec.rb index 742102d13f0..6cf220701d9 100644 --- a/spec/controllers/service_provider_controller_spec.rb +++ b/spec/controllers/service_provider_controller_spec.rb @@ -31,8 +31,8 @@ context 'feature on, correct token in headers' do context 'with no body' do before do - allow_any_instance_of(ServiceProviderUpdater).to receive(:dashboard_service_providers). - and_return(dashboard_service_providers) + allow_any_instance_of(ServiceProviderUpdater).to receive(:dashboard_service_providers) + .and_return(dashboard_service_providers) post :update end diff --git a/spec/controllers/sign_out_controller_spec.rb b/spec/controllers/sign_out_controller_spec.rb index f5e348c4ce1..80885fa4e7b 100644 --- a/spec/controllers/sign_out_controller_spec.rb +++ b/spec/controllers/sign_out_controller_spec.rb @@ -26,8 +26,8 @@ get :destroy - expect(@analytics). - to have_logged_event('Logout Initiated', hash_including(method: 'cancel link')) + expect(@analytics) + .to have_logged_event('Logout Initiated', hash_including(method: 'cancel link')) end end end diff --git a/spec/controllers/sign_up/cancellations_controller_spec.rb b/spec/controllers/sign_up/cancellations_controller_spec.rb index 25c02fcfd5e..a1396ce764c 100644 --- a/spec/controllers/sign_up/cancellations_controller_spec.rb +++ b/spec/controllers/sign_up/cancellations_controller_spec.rb @@ -100,8 +100,8 @@ delete :destroy - expect(response). - to redirect_to new_user_session_path(request_id: 'foo') + expect(response) + .to redirect_to new_user_session_path(request_id: 'foo') end it 'tracks the event in analytics when referer is nil' do diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb index 9691c61821c..051072162ba 100644 --- a/spec/controllers/sign_up/completions_controller_spec.rb +++ b/spec/controllers/sign_up/completions_controller_spec.rb @@ -347,8 +347,8 @@ last_consented_at: now, clear_deleted_at: true, ) - allow(Idv::InPerson::CompletionSurveySender).to receive(:send_completion_survey). - with(user, sp.issuer) + allow(Idv::InPerson::CompletionSurveySender).to receive(:send_completion_survey) + .with(user, sp.issuer) freeze_time do travel_to(now) patch :update @@ -370,8 +370,8 @@ last_consented_at: now, clear_deleted_at: true, ) - expect(Idv::InPerson::CompletionSurveySender).to receive(:send_completion_survey). - with(user, sp.issuer) + expect(Idv::InPerson::CompletionSurveySender).to receive(:send_completion_survey) + .with(user, sp.issuer) freeze_time do travel_to(now) patch :update diff --git a/spec/controllers/sign_up/email_confirmations_controller_spec.rb b/spec/controllers/sign_up/email_confirmations_controller_spec.rb index c34979b5665..2951e108504 100644 --- a/spec/controllers/sign_up/email_confirmations_controller_spec.rb +++ b/spec/controllers/sign_up/email_confirmations_controller_spec.rb @@ -189,13 +189,13 @@ user: build(:user, email: nil), ) - allow(subject).to receive(:process_successful_confirmation). - and_raise(ActiveRecord::RecordNotUnique) + allow(subject).to receive(:process_successful_confirmation) + .and_raise(ActiveRecord::RecordNotUnique) get :create, params: { confirmation_token: 'foo' } - expect(flash[:error]). - to eq t( + expect(flash[:error]) + .to eq t( 'devise.confirmations.already_confirmed', action: t('devise.confirmations.sign_in'), ) diff --git a/spec/controllers/sign_up/registrations_controller_spec.rb b/spec/controllers/sign_up/registrations_controller_spec.rb index c4611e90ffa..63c476aa2b8 100644 --- a/spec/controllers/sign_up/registrations_controller_spec.rb +++ b/spec/controllers/sign_up/registrations_controller_spec.rb @@ -22,8 +22,8 @@ it 'gracefully handles invalid formats' do @request.env['HTTP_ACCEPT'] = "nessus=bad_bad_value'" - expect { get :new }. - to raise_error(Mime::Type::InvalidMimeType) + expect { get :new } + .to raise_error(Mime::Type::InvalidMimeType) end it 'tracks visit event' do @@ -61,11 +61,11 @@ let(:tmx_session_id) { '1234' } before do - allow(FeatureManagement).to receive(:account_creation_device_profiling_collecting_enabled?). - and_return(true) + allow(FeatureManagement).to receive(:account_creation_device_profiling_collecting_enabled?) + .and_return(true) allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id).and_return('org1') - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) subject.session[:threatmetrix_session_id] = tmx_session_id end @@ -207,11 +207,11 @@ let(:tmx_session_id) { '1234' } before do - allow(FeatureManagement).to receive(:account_creation_device_profiling_collecting_enabled?). - and_return(true) + allow(FeatureManagement).to receive(:account_creation_device_profiling_collecting_enabled?) + .and_return(true) allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id).and_return('org1') - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) subject.session[:threatmetrix_session_id] = tmx_session_id end diff --git a/spec/controllers/sign_up/select_email_controller_spec.rb b/spec/controllers/sign_up/select_email_controller_spec.rb index 8c6f65575fb..e151c14ebd7 100644 --- a/spec/controllers/sign_up/select_email_controller_spec.rb +++ b/spec/controllers/sign_up/select_email_controller_spec.rb @@ -52,8 +52,8 @@ context 'with selected email to share feature disabled' do before do - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(false) end it 'renders 404' do @@ -139,8 +139,8 @@ context 'with selected email to share feature disabled' do before do - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(false) end it 'renders 404' do diff --git a/spec/controllers/socure_webhook_controller_spec.rb b/spec/controllers/socure_webhook_controller_spec.rb index a4f5ae0afce..409a18ccaf5 100644 --- a/spec/controllers/socure_webhook_controller_spec.rb +++ b/spec/controllers/socure_webhook_controller_spec.rb @@ -32,12 +32,12 @@ end before do - allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key). - and_return(socure_secret_key) - allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key_queue). - and_return(socure_secret_key_queue) - allow(IdentityConfig.store).to receive(:socure_docv_enabled). - and_return(socure_docv_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key) + .and_return(socure_secret_key) + allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key_queue) + .and_return(socure_secret_key_queue) + allow(IdentityConfig.store).to receive(:socure_docv_enabled) + .and_return(socure_docv_enabled) allow(SocureDocvResultsJob).to receive(:perform_later) stub_analytics @@ -152,8 +152,8 @@ post :create, params: webhook_body - expect(SocureDocvResultsJob).to have_received(:perform_later). - with(document_capture_session_uuid: dcs.uuid) + expect(SocureDocvResultsJob).to have_received(:perform_later) + .with(document_capture_session_uuid: dcs.uuid) end it 'does not reset socure_docv_capture_app_url value' do @@ -209,8 +209,8 @@ it 'resets socure_docv_capture_app_url to nil' do dcs = create(:document_capture_session, :socure) webhook_body[:event][:docvTransactionToken] = dcs.socure_docv_transaction_token - expect(dcs.socure_docv_capture_app_url). - not_to be_nil + expect(dcs.socure_docv_capture_app_url) + .not_to be_nil post :create, params: webhook_body dcs.reload expect(dcs.socure_docv_capture_app_url).to be_nil @@ -249,8 +249,8 @@ it 'resets socure_docv_capture_app_url to nil' do dcs = create(:document_capture_session, :socure) webhook_body[:event][:docvTransactionToken] = dcs.socure_docv_transaction_token - expect(dcs.socure_docv_capture_app_url). - not_to be_nil + expect(dcs.socure_docv_capture_app_url) + .not_to be_nil post :create, params: webhook_body dcs.reload expect(dcs.socure_docv_capture_app_url).to be_nil diff --git a/spec/controllers/test/device_profiling_controller_spec.rb b/spec/controllers/test/device_profiling_controller_spec.rb index 36055cca13b..4227ae88832 100644 --- a/spec/controllers/test/device_profiling_controller_spec.rb +++ b/spec/controllers/test/device_profiling_controller_spec.rb @@ -14,8 +14,8 @@ expect do get :index, params: { session_id: session_id } end.to( - change { Proofing::Mock::DeviceProfilingBackend.new.profiling_result(session_id) }. - from(nil).to('no_result'), + change { Proofing::Mock::DeviceProfilingBackend.new.profiling_result(session_id) } + .from(nil).to('no_result'), ) end end @@ -27,8 +27,8 @@ expect do post :create, params: { session_id: session_id, result: result } end.to( - change { Proofing::Mock::DeviceProfilingBackend.new.profiling_result(session_id) }. - from(nil).to(result), + change { Proofing::Mock::DeviceProfilingBackend.new.profiling_result(session_id) } + .from(nil).to(result), ) end end diff --git a/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb index 14e6da8293f..98234c169aa 100644 --- a/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb @@ -28,9 +28,9 @@ sign_in_before_2fa(user) stub_analytics - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::BACKUP_CODE). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::BACKUP_CODE) + .and_call_original post :create, params: payload @@ -165,8 +165,8 @@ stub_analytics - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) post :create, params: payload diff --git a/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb index 9fabd936c50..63a9104ab9e 100644 --- a/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb @@ -143,8 +143,8 @@ confirmation_for_add_phone: false, context: 'authentication', multi_factor_auth_method: 'sms', - multi_factor_auth_method_created_at: user.default_phone_configuration.created_at. - strftime('%s%L'), + multi_factor_auth_method_created_at: user.default_phone_configuration.created_at + .strftime('%s%L'), new_device: true, phone_configuration_id: user.default_phone_configuration.id, area_code: parsed_phone.area_code, @@ -214,8 +214,8 @@ stub_analytics - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::MfaLimitAccountLockedEvent.new(user: controller.current_user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::MfaLimitAccountLockedEvent.new(user: controller.current_user)) post :create, params: { code: '12345', otp_delivery_preference: 'sms' } @@ -226,8 +226,8 @@ confirmation_for_add_phone: false, context: 'authentication', multi_factor_auth_method: 'sms', - multi_factor_auth_method_created_at: user.default_phone_configuration.created_at. - strftime('%s%L'), + multi_factor_auth_method_created_at: user.default_phone_configuration.created_at + .strftime('%s%L'), new_device: true, phone_configuration_id: user.default_phone_configuration.id, area_code: parsed_phone.area_code, @@ -270,9 +270,9 @@ it 'tracks the valid authentication event' do stub_analytics - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::SMS). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::SMS) + .and_call_original freeze_time do post :create, params: { @@ -297,8 +297,8 @@ confirmation_for_add_phone: false, context: 'authentication', multi_factor_auth_method: 'sms', - multi_factor_auth_method_created_at: user.default_phone_configuration.created_at. - strftime('%s%L'), + multi_factor_auth_method_created_at: user.default_phone_configuration.created_at + .strftime('%s%L'), new_device: true, phone_configuration_id: user.default_phone_configuration.id, area_code: parsed_phone.area_code, @@ -345,8 +345,8 @@ confirmation_for_add_phone: false, context: 'reauthentication', multi_factor_auth_method: 'sms', - multi_factor_auth_method_created_at: user.default_phone_configuration.created_at. - strftime('%s%L'), + multi_factor_auth_method_created_at: user.default_phone_configuration.created_at + .strftime('%s%L'), new_device: true, phone_configuration_id: user.default_phone_configuration.id, area_code: parsed_phone.area_code, @@ -498,9 +498,9 @@ @mailer = instance_double(ActionMailer::MessageDelivery, deliver_now_or_later: true) controller.current_user.email_addresses.each do |email_address| - allow(UserMailer).to receive(:phone_added). - with(controller.current_user, email_address, disavowal_token: instance_of(String)). - and_return(@mailer) + allow(UserMailer).to receive(:phone_added) + .with(controller.current_user, email_address, disavowal_token: instance_of(String)) + .and_return(@mailer) end @previous_phone = MfaContext.new(controller.current_user).phone_configurations.first&.phone end @@ -513,8 +513,8 @@ phone_configuration = MfaContext.new(subject.current_user).phone_configurations.last phone_id = phone_configuration.id parsed_phone = Phonelib.parse(phone_configuration.phone) - phone_configuration_created_at = controller.current_user. - default_phone_configuration.created_at + phone_configuration_created_at = controller.current_user + .default_phone_configuration.created_at controller.user_session[:phone_id] = phone_id @@ -602,8 +602,8 @@ context: 'confirmation', multi_factor_auth_method: 'sms', phone_configuration_id: controller.current_user.default_phone_configuration.id, - multi_factor_auth_method_created_at: controller.current_user. - default_phone_configuration.created_at.strftime('%s%L'), + multi_factor_auth_method_created_at: controller.current_user + .default_phone_configuration.created_at.strftime('%s%L'), area_code: parsed_phone.area_code, country_code: parsed_phone.country, phone_fingerprint: Pii::Fingerprinter.fingerprint(parsed_phone.e164), @@ -644,8 +644,8 @@ context: 'confirmation', multi_factor_auth_method: 'sms', phone_configuration_id: controller.current_user.default_phone_configuration.id, - multi_factor_auth_method_created_at: controller.current_user. - default_phone_configuration.created_at.strftime('%s%L'), + multi_factor_auth_method_created_at: controller.current_user + .default_phone_configuration.created_at.strftime('%s%L'), area_code: parsed_phone.area_code, country_code: parsed_phone.country, phone_fingerprint: Pii::Fingerprinter.fingerprint(parsed_phone.e164), @@ -718,13 +718,13 @@ controller.user_session[:phone_recaptcha_assessment_id] = assessment_id - expect(RecaptchaAnnotator).to receive(:annotate). - with(**recaptcha_annotation). - and_return(recaptcha_annotation) + expect(RecaptchaAnnotator).to receive(:annotate) + .with(**recaptcha_annotation) + .and_return(recaptcha_annotation) - expect { response }. - to change { controller.user_session[:phone_recaptcha_assessment_id] }. - from(assessment_id).to(nil) + expect { response } + .to change { controller.user_session[:phone_recaptcha_assessment_id] } + .from(assessment_id).to(nil) expect(@analytics).to have_logged_event( 'Multi-Factor Authentication: Added phone', diff --git a/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb index 09af3ac9392..0683b23159e 100644 --- a/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb @@ -47,14 +47,14 @@ let(:payload) { { personal_key_form: personal_key } } it 'tracks the valid authentication event' do personal_key - multi_factor_auth_method_created_at = user.reload. - encrypted_recovery_code_digest_generated_at.strftime('%s%L') + multi_factor_auth_method_created_at = user.reload + .encrypted_recovery_code_digest_generated_at.strftime('%s%L') sign_in_before_2fa(user) stub_analytics - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::PERSONAL_KEY). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::PERSONAL_KEY) + .and_call_original freeze_time do post :create, params: payload @@ -92,8 +92,8 @@ before do personal_key sign_in_before_2fa(user) - allow(FeatureManagement). - to receive(:enable_additional_mfa_redirect_for_personal_key_mfa?).and_return(true) + allow(FeatureManagement) + .to receive(:enable_additional_mfa_redirect_for_personal_key_mfa?).and_return(true) end it 'should redirect to mfa selection page' do post :create, params: payload @@ -105,8 +105,8 @@ before do personal_key sign_in_before_2fa(user) - allow(FeatureManagement). - to receive(:enable_additional_mfa_redirect_for_personal_key_mfa?).and_return(false) + allow(FeatureManagement) + .to receive(:enable_additional_mfa_redirect_for_personal_key_mfa?).and_return(false) end it 'should redirect to account page' do post :create, params: payload @@ -201,12 +201,12 @@ user.second_factor_attempts_count = IdentityConfig.store.login_otp_confirmation_max_attempts - 1 user.save - personal_key_generated_at = controller.current_user. - encrypted_recovery_code_digest_generated_at + personal_key_generated_at = controller.current_user + .encrypted_recovery_code_digest_generated_at stub_analytics - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) post :create, params: payload diff --git a/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb index 70dab21a99a..07523165631 100644 --- a/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb @@ -112,9 +112,9 @@ stub_analytics cfg = controller.current_user.piv_cac_configurations.first - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::PIV_CAC). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::PIV_CAC) + .and_call_original get :show, params: { token: 'good-token' } @@ -260,8 +260,8 @@ stub_analytics - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) get :show, params: { token: 'bad-token' } diff --git a/spec/controllers/two_factor_authentication/sms_opt_in_controller_spec.rb b/spec/controllers/two_factor_authentication/sms_opt_in_controller_spec.rb index 3f95b22769b..92858dade4e 100644 --- a/spec/controllers/two_factor_authentication/sms_opt_in_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/sms_opt_in_controller_spec.rb @@ -14,8 +14,8 @@ before do stub_sign_in_before_2fa(user) stub_analytics - allow(controller).to receive(:decorated_sp_session). - and_return(instance_double('NullServiceProviderSession', sp_name: sp_name)) + allow(controller).to receive(:decorated_sp_session) + .and_return(instance_double('NullServiceProviderSession', sp_name: sp_name)) end it 'tracks a visit event' do @@ -55,8 +55,8 @@ it 'assigns an in-memory phone configuration' do expect { action }.to_not change { user.reload.phone_configurations.count } - expect(PhoneFormatter.format(assigns[:phone_configuration].phone)). - to eq(PhoneFormatter.format(phone)) + expect(PhoneFormatter.format(assigns[:phone_configuration].phone)) + .to eq(PhoneFormatter.format(phone)) end end diff --git a/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb index 56884e53e67..989a185b01e 100644 --- a/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb @@ -44,9 +44,9 @@ it 'tracks the valid authentication event' do cfg = controller.current_user.auth_app_configurations.first - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::TOTP). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::TOTP) + .and_call_original post :create, params: { code: generate_totp_code(@secret) } @@ -166,8 +166,8 @@ @secret = user.generate_totp_secret Db::AuthAppConfiguration.create(user, @secret, nil, 'foo') - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) post :create, params: { code: '12345' } @@ -215,13 +215,13 @@ describe 'when user submits an invalid form' do it 'fails with empty code' do - expect { post :create, params: { code: '' } }. - to raise_error(ActionController::ParameterMissing) + expect { post :create, params: { code: '' } } + .to raise_error(ActionController::ParameterMissing) end it 'fails with no code parameter' do - expect { post :create, params: { fake_code: 'abc123' } }. - to raise_error(ActionController::ParameterMissing) + expect { post :create, params: { fake_code: 'abc123' } } + .to raise_error(ActionController::ParameterMissing) end end diff --git a/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb index 6503d7a66e8..b31701e10a9 100644 --- a/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb @@ -133,9 +133,9 @@ end it 'tracks a valid submission' do - expect(controller).to receive(:handle_valid_verification_for_authentication_context). - with(auth_method: TwoFactorAuthenticatable::AuthMethod::WEBAUTHN). - and_call_original + expect(controller).to receive(:handle_valid_verification_for_authentication_context) + .with(auth_method: TwoFactorAuthenticatable::AuthMethod::WEBAUTHN) + .and_call_original freeze_time do patch :confirm, params: params @@ -216,8 +216,8 @@ success: true, enabled_mfa_methods_count: 1, webauthn_configuration_id: webauthn_configuration.id, - multi_factor_auth_method_created_at: webauthn_configuration.created_at. - strftime('%s%L'), + multi_factor_auth_method_created_at: webauthn_configuration.created_at + .strftime('%s%L'), new_device: true, attempts: 1, ) diff --git a/spec/controllers/users/backup_code_setup_controller_spec.rb b/spec/controllers/users/backup_code_setup_controller_spec.rb index e5c8f26596d..71b7286c975 100644 --- a/spec/controllers/users/backup_code_setup_controller_spec.rb +++ b/spec/controllers/users/backup_code_setup_controller_spec.rb @@ -29,8 +29,8 @@ allow(controller).to receive(:in_multi_mfa_selection_flow?).and_return(true) Funnel::Registration::AddMfa.call(user.id, 'phone', @analytics, threatmetrix_attrs) - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) response diff --git a/spec/controllers/users/edit_phone_controller_spec.rb b/spec/controllers/users/edit_phone_controller_spec.rb index b2e6695c91e..9b7c77b0a1e 100644 --- a/spec/controllers/users/edit_phone_controller_spec.rb +++ b/spec/controllers/users/edit_phone_controller_spec.rb @@ -63,8 +63,8 @@ stub_sign_in(user.reload) stub_analytics - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) delete :destroy, params: { id: phone_configuration.id } expect(@analytics).to have_logged_event( diff --git a/spec/controllers/users/email_confirmations_controller_spec.rb b/spec/controllers/users/email_confirmations_controller_spec.rb index 826b9374f01..96a5e0d4711 100644 --- a/spec/controllers/users/email_confirmations_controller_spec.rb +++ b/spec/controllers/users/email_confirmations_controller_spec.rb @@ -9,14 +9,14 @@ user = create(:user) new_email = Faker::Internet.email - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::EmailChangedEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::EmailChangedEvent.new( user: user, email: new_email, )).ordered - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::RecoveryInformationChangedEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::RecoveryInformationChangedEvent.new( user: user, )).ordered @@ -37,8 +37,8 @@ context 'when select email feature is disabled' do before do - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(false) end it 'should render proper flash member' do flash_message = t('devise.confirmations.confirmed') diff --git a/spec/controllers/users/email_language_controller_spec.rb b/spec/controllers/users/email_language_controller_spec.rb index 358b0f720c7..2ca91d1f109 100644 --- a/spec/controllers/users/email_language_controller_spec.rb +++ b/spec/controllers/users/email_language_controller_spec.rb @@ -43,8 +43,10 @@ let(:email_language) { 'es' } it 'updates the user email_language' do - expect { action }. - to(change { user.reload.email_language }.from(original_email_language).to(email_language)) + expect { action } + .to(change do + user.reload.email_language + end.from(original_email_language).to(email_language)) end it 'redirects to the account page with a success flash' do diff --git a/spec/controllers/users/emails_controller_spec.rb b/spec/controllers/users/emails_controller_spec.rb index ae29f8e71ea..3fc9869c113 100644 --- a/spec/controllers/users/emails_controller_spec.rb +++ b/spec/controllers/users/emails_controller_spec.rb @@ -28,8 +28,8 @@ let(:params) { { in_select_email_flow: true } } it 'assigns session value for email selection flow' do - expect { response }.to change { controller.session[:in_select_email_flow] }. - from(nil).to(true) + expect { response }.to change { controller.session[:in_select_email_flow] } + .from(nil).to(true) end it 'logs visit with selected email value' do @@ -92,8 +92,8 @@ describe '#verify' do context 'with malformed payload' do it 'does not blow up' do - expect { get :verify, params: { request_id: { foo: 'bar' } } }. - to_not raise_error + expect { get :verify, params: { request_id: { foo: 'bar' } } } + .to_not raise_error end end end diff --git a/spec/controllers/users/forget_all_browsers_controller_spec.rb b/spec/controllers/users/forget_all_browsers_controller_spec.rb index abb7a08fdfa..1248f920922 100644 --- a/spec/controllers/users/forget_all_browsers_controller_spec.rb +++ b/spec/controllers/users/forget_all_browsers_controller_spec.rb @@ -52,9 +52,9 @@ travel_to(now) subject end - end.to change { user.remember_device_revoked_at.to_i }. - from(original_device_revoked_at.to_i). - to(now.to_i) + end.to change { user.remember_device_revoked_at.to_i } + .from(original_device_revoked_at.to_i) + .to(now.to_i) end it 'logs an analytics event for forgetting' do diff --git a/spec/controllers/users/personal_keys_controller_spec.rb b/spec/controllers/users/personal_keys_controller_spec.rb index 3e6b0654008..afea7b1260e 100644 --- a/spec/controllers/users/personal_keys_controller_spec.rb +++ b/spec/controllers/users/personal_keys_controller_spec.rb @@ -45,8 +45,8 @@ stub_sign_in generator = instance_double(PersonalKeyGenerator) - allow(PersonalKeyGenerator).to receive(:new). - with(subject.current_user).and_return(generator) + allow(PersonalKeyGenerator).to receive(:new) + .with(subject.current_user).and_return(generator) expect(generator).to_not receive(:generate!) diff --git a/spec/controllers/users/phone_setup_controller_spec.rb b/spec/controllers/users/phone_setup_controller_spec.rb index a60983492ca..ef05e05f71d 100644 --- a/spec/controllers/users/phone_setup_controller_spec.rb +++ b/spec/controllers/users/phone_setup_controller_spec.rb @@ -95,8 +95,8 @@ context 'with recaptcha enabled' do before do allow(FeatureManagement).to receive(:phone_recaptcha_enabled?).and_return(true) - allow(IdentityConfig.store).to receive(:phone_recaptcha_country_score_overrides). - and_return({}) + allow(IdentityConfig.store).to receive(:phone_recaptcha_country_score_overrides) + .and_return({}) allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold).and_return(0.6) end diff --git a/spec/controllers/users/piv_cac_login_controller_spec.rb b/spec/controllers/users/piv_cac_login_controller_spec.rb index cbb044ee6df..019effa587c 100644 --- a/spec/controllers/users/piv_cac_login_controller_spec.rb +++ b/spec/controllers/users/piv_cac_login_controller_spec.rb @@ -129,8 +129,8 @@ it 'sets the session correctly' do response - expect(controller.user_session[TwoFactorAuthenticatable::NEED_AUTHENTICATION]). - to eq false + expect(controller.user_session[TwoFactorAuthenticatable::NEED_AUTHENTICATION]) + .to eq false expect(controller.auth_methods_session.auth_events).to match( [ { diff --git a/spec/controllers/users/reset_passwords_controller_spec.rb b/spec/controllers/users/reset_passwords_controller_spec.rb index 9f08e5edf0b..ceca9e9deee 100644 --- a/spec/controllers/users/reset_passwords_controller_spec.rb +++ b/spec/controllers/users/reset_passwords_controller_spec.rb @@ -133,8 +133,8 @@ expect(email_address).to receive(:email).twice forbidden = instance_double(ForbiddenPasswords) - allow(ForbiddenPasswords).to receive(:new). - with(email_address.email).and_return(forbidden) + allow(ForbiddenPasswords).to receive(:new) + .with(email_address.email).and_return(forbidden) expect(forbidden).to receive(:call) get :edit @@ -463,8 +463,8 @@ } end.to(change { ActionMailer::Base.deliveries.count }.by(1)) - expect(ActionMailer::Base.deliveries.last.subject). - to eq t('anonymous_mailer.password_reset_missing_user.subject') + expect(ActionMailer::Base.deliveries.last.subject) + .to eq t('anonymous_mailer.password_reset_missing_user.subject') expect(@analytics).to have_logged_event( 'Password Reset: Email Submitted', success: true, @@ -520,8 +520,8 @@ end it 'sends missing user email and tracks event' do - expect { put :create, params: params }. - to change { ActionMailer::Base.deliveries.count }.by(1) + expect { put :create, params: params } + .to change { ActionMailer::Base.deliveries.count }.by(1) expect(@analytics).to have_logged_event( 'Password Reset: Email Submitted', @@ -533,8 +533,8 @@ active_profile: false, ) - expect(ActionMailer::Base.deliveries.last.subject). - to eq t('anonymous_mailer.password_reset_missing_user.subject') + expect(ActionMailer::Base.deliveries.last.subject) + .to eq t('anonymous_mailer.password_reset_missing_user.subject') expect(response).to redirect_to forgot_password_path end end @@ -565,8 +565,8 @@ stub_analytics params = { password_reset_email_form: { email: 'foo' } } - expect { put :create, params: params }. - to change { ActionMailer::Base.deliveries.count }.by(0) + expect { put :create, params: params } + .to change { ActionMailer::Base.deliveries.count }.by(0) expect(@analytics).to have_logged_event( 'Password Reset: Email Submitted', @@ -609,9 +609,9 @@ def stub_user_mailer(user) mailer = instance_double(ActionMailer::MessageDelivery, deliver_now_or_later: true) user.email_addresses.each do |email_address| - allow(UserMailer).to receive(:password_changed). - with(user, email_address, disavowal_token: instance_of(String)). - and_return(mailer) + allow(UserMailer).to receive(:password_changed) + .with(user, email_address, disavowal_token: instance_of(String)) + .and_return(mailer) end end end diff --git a/spec/controllers/users/rules_of_use_controller_spec.rb b/spec/controllers/users/rules_of_use_controller_spec.rb index d9224127316..7dc096083b3 100644 --- a/spec/controllers/users/rules_of_use_controller_spec.rb +++ b/spec/controllers/users/rules_of_use_controller_spec.rb @@ -5,8 +5,8 @@ let(:accepted_terms_at) { nil } let(:user) { create(:user, :fully_registered, accepted_terms_at: accepted_terms_at) } before do - allow(IdentityConfig.store).to receive(:rules_of_use_updated_at). - and_return(rules_of_use_updated_at) + allow(IdentityConfig.store).to receive(:rules_of_use_updated_at) + .and_return(rules_of_use_updated_at) end describe 'before_actions' do it 'includes appropriate before_actions' do @@ -146,8 +146,8 @@ request_url: "http://test.com?#{URI.encode_www_form(params)}", } action - expect(response.request.content_security_policy.form_action). - to match_array(["'self'", 'https://example.com']) + expect(response.request.content_security_policy.form_action) + .to match_array(["'self'", 'https://example.com']) end it 'does not include service provider URIs in form-action CSP header when disabled' do @@ -169,8 +169,8 @@ request_url: "http://test.com?#{URI.encode_www_form(params)}", } action - expect(response.request.content_security_policy.form_action). - to match_array(["'self'"]) + expect(response.request.content_security_policy.form_action) + .to match_array(["'self'"]) end end diff --git a/spec/controllers/users/second_mfa_reminder_controller_spec.rb b/spec/controllers/users/second_mfa_reminder_controller_spec.rb index 6d5ed096253..c6da34e9154 100644 --- a/spec/controllers/users/second_mfa_reminder_controller_spec.rb +++ b/spec/controllers/users/second_mfa_reminder_controller_spec.rb @@ -53,8 +53,8 @@ it 'updates user to acknowledge dismissal of prompt' do freeze_time do - expect { response }.to change { user.reload.second_mfa_reminder_dismissed_at }. - from(nil).to(Time.zone.now) + expect { response }.to change { user.reload.second_mfa_reminder_dismissed_at } + .from(nil).to(Time.zone.now) end end @@ -83,8 +83,8 @@ it 'updates user to acknowledge dismissal of prompt' do freeze_time do - expect { response }.to change { user.reload.second_mfa_reminder_dismissed_at }. - from(nil).to(Time.zone.now) + expect { response }.to change { user.reload.second_mfa_reminder_dismissed_at } + .from(nil).to(Time.zone.now) end end diff --git a/spec/controllers/users/service_provider_revoke_controller_spec.rb b/spec/controllers/users/service_provider_revoke_controller_spec.rb index 393a0e0bd1a..df726759371 100644 --- a/spec/controllers/users/service_provider_revoke_controller_spec.rb +++ b/spec/controllers/users/service_provider_revoke_controller_spec.rb @@ -69,8 +69,8 @@ travel_to(now) subject end - end.to change { @identity.reload.deleted_at&.to_i }. - from(nil).to(now.to_i) + end.to change { @identity.reload.deleted_at&.to_i } + .from(nil).to(now.to_i) expect(response).to redirect_to(account_connected_accounts_path) end diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb index 9c614032c48..a033b885eef 100644 --- a/spec/controllers/users/sessions_controller_spec.rb +++ b/spec/controllers/users/sessions_controller_spec.rb @@ -331,14 +331,14 @@ allow(FeatureManagement).to receive(:sign_in_recaptcha_enabled?).and_return(true) allow(IdentityConfig.store).to receive(:recaptcha_mock_validator).and_return(true) allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold).and_return(0.2) - allow(controller).to receive(:ab_test_bucket).with(:RECAPTCHA_SIGN_IN, kind_of(Hash)). - and_return(:sign_in_recaptcha) + allow(controller).to receive(:ab_test_bucket).with(:RECAPTCHA_SIGN_IN, kind_of(Hash)) + .and_return(:sign_in_recaptcha) end context 'when configured to log failures only' do before do - allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only). - and_return(true) + allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only) + .and_return(true) end it 'redirects unsuccessful authentication for failed reCAPTCHA to failed page' do @@ -352,8 +352,8 @@ context 'when not configured to log failures only' do before do - allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only). - and_return(false) + allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only) + .and_return(false) end it 'tracks unsuccessful authentication for failed reCAPTCHA' do @@ -453,8 +453,8 @@ context 'user randomly chosen to be tested' do before do allow(SecureRandom).to receive(:random_number).and_return(5) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(2) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(2) end it 'updates user attribute password_compromised_checked_at' do @@ -473,8 +473,8 @@ context 'user not chosen to be tested' do before do allow(SecureRandom).to receive(:random_number).and_return(1) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(5) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(5) end it 'does not store anything in user_session' do @@ -498,8 +498,8 @@ context 'user randomly chosen to be tested' do before do allow(SecureRandom).to receive(:random_number).and_return(5) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(2) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(2) end it 'updates user attribute password_compromised_checked_at' do @@ -518,8 +518,8 @@ context 'user not chosen to be tested' do before do allow(SecureRandom).to receive(:random_number).and_return(1) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(5) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(5) end it 'does not store anything in user_session' do @@ -648,8 +648,8 @@ it 'does not allow signing in with empty email' do post :create, params: { user: { email: '', password: 'foo' } } - expect(flash[:alert]). - to eq t( + expect(flash[:alert]) + .to eq t( 'devise.failure.not_found_in_database_html', link_html: link_to( t('devise.failure.not_found_in_database_link_text'), @@ -662,8 +662,8 @@ user = create(:user) post :create, params: { user: { email: 'invalid@example.com', password: user.password } } - expect(flash[:alert]). - to eq t( + expect(flash[:alert]) + .to eq t( 'devise.failure.invalid_html', link_html: link_to( t('devise.failure.invalid_link_text'), @@ -675,8 +675,8 @@ it 'does not allow signing in with empty password' do post :create, params: { user: { email: 'test@example.com', password: '' } } - expect(flash[:alert]). - to eq t( + expect(flash[:alert]) + .to eq t( 'devise.failure.not_found_in_database_html', link_html: link_to( t('devise.failure.not_found_in_database_link_text'), @@ -689,8 +689,8 @@ user = create(:user) post :create, params: { user: { email: user.email, password: 'invalidpass' } } - expect(flash[:alert]). - to eq t( + expect(flash[:alert]) + .to eq t( 'devise.failure.invalid_html', link_html: link_to( t('devise.failure.invalid_link_text'), @@ -760,8 +760,8 @@ let(:user) { create(:user, :fully_registered, accepted_terms_at: accepted_terms_at) } before do - allow(IdentityConfig.store).to receive(:rules_of_use_updated_at). - and_return(rules_of_use_updated_at) + allow(IdentityConfig.store).to receive(:rules_of_use_updated_at) + .and_return(rules_of_use_updated_at) end it 'redirects to 2fa since there is no pending account reset rewquests' do @@ -776,8 +776,8 @@ let(:user) { create(:user, :fully_registered, accepted_terms_at: accepted_terms_at) } before do - allow(IdentityConfig.store).to receive(:rules_of_use_updated_at). - and_return(rules_of_use_updated_at) + allow(IdentityConfig.store).to receive(:rules_of_use_updated_at) + .and_return(rules_of_use_updated_at) end it 'redirects to rules of use url' do @@ -793,10 +793,10 @@ let(:user) { create(:user, :fully_registered, accepted_terms_at: accepted_terms_at) } before do - allow(IdentityConfig.store).to receive(:rules_of_use_horizon_years). - and_return(rules_of_use_horizon_years) - allow(IdentityConfig.store).to receive(:rules_of_use_updated_at). - and_return(rules_of_use_updated_at) + allow(IdentityConfig.store).to receive(:rules_of_use_horizon_years) + .and_return(rules_of_use_horizon_years) + allow(IdentityConfig.store).to receive(:rules_of_use_updated_at) + .and_return(rules_of_use_updated_at) end it 'redirects to the rules of user url' do diff --git a/spec/controllers/users/two_factor_authentication_controller_spec.rb b/spec/controllers/users/two_factor_authentication_controller_spec.rb index 2b4eeb055ce..2af71ae525d 100644 --- a/spec/controllers/users/two_factor_authentication_controller_spec.rb +++ b/spec/controllers/users/two_factor_authentication_controller_spec.rb @@ -230,8 +230,8 @@ def index expect(Telephony::Test::Message.messages.length).to eq(1) expect(Telephony::Test::Call.calls.length).to eq(0) - expect(response). - to redirect_to login_two_factor_path(**otp_preference_sms) + expect(response) + .to redirect_to login_two_factor_path(**otp_preference_sms) end context 'when no options are enabled and available for use' do @@ -362,10 +362,10 @@ def index it 'calls OtpRateLimiter#exceeded_otp_send_limit? and #increment' do otp_rate_limiter = instance_double(OtpRateLimiter) - allow(OtpRateLimiter).to receive(:new). - with(phone: MfaContext.new(@user).phone_configurations.first.phone, - user: @user, phone_confirmed: true). - and_return(otp_rate_limiter) + allow(OtpRateLimiter).to receive(:new) + .with(phone: MfaContext.new(@user).phone_configurations.first.phone, + user: @user, phone_confirmed: true) + .and_return(otp_rate_limiter) expect(otp_rate_limiter).to receive(:exceeded_otp_send_limit?).twice expect(otp_rate_limiter).to receive(:increment) @@ -376,8 +376,8 @@ def index it 'marks the user as locked out after too many attempts' do expect(@user.second_factor_locked_at).to be_nil - allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?). - and_return(true) + allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?) + .and_return(true) freeze_time do (IdentityConfig.store.otp_delivery_blocklist_maxretry + 1).times do @@ -415,9 +415,9 @@ def index assessment_id:, reason: RecaptchaAnnotator::AnnotationReasons::INITIATED_TWO_FACTOR, } - expect(RecaptchaAnnotator).to receive(:annotate).once. - with(**recaptcha_annotation). - and_return(recaptcha_annotation) + expect(RecaptchaAnnotator).to receive(:annotate).once + .with(**recaptcha_annotation) + .and_return(recaptcha_annotation) response @@ -621,8 +621,8 @@ def index sign_in_before_2fa(@user) subject.user_session[:context] = 'confirmation' allow(IdentityConfig.store).to receive(:short_term_phone_otp_max_attempts).and_return(2) - allow(IdentityConfig.store).to receive(:short_term_phone_otp_max_attempt_window_in_seconds). - and_return(5) + allow(IdentityConfig.store).to receive(:short_term_phone_otp_max_attempt_window_in_seconds) + .and_return(5) freeze_time do IdentityConfig.store.short_term_phone_otp_max_attempts.times do @@ -660,8 +660,8 @@ def index expect(@user.second_factor_locked_at).to be_nil - allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?). - and_return(true) + allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?) + .and_return(true) freeze_time do (IdentityConfig.store.otp_delivery_blocklist_maxretry + 1).times do diff --git a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb index 574627a8860..0c9c90e3eee 100644 --- a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb +++ b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb @@ -150,9 +150,9 @@ end it 'assigns platform_authenticator_available session value' do - expect { response }.to change { controller.user_session[:platform_authenticator_available] }. - from(nil). - to(false) + expect { response }.to change { controller.user_session[:platform_authenticator_available] } + .from(nil) + .to(false) end context 'when multi selection with phone first' do @@ -206,9 +206,9 @@ it 'assigns platform_authenticator_available session value' do expect do response - end.to change { controller.user_session[:platform_authenticator_available] }. - from(nil). - to(true) + end.to change { controller.user_session[:platform_authenticator_available] } + .from(nil) + .to(true) end end end diff --git a/spec/controllers/users/verify_password_controller_spec.rb b/spec/controllers/users/verify_password_controller_spec.rb index c03e1bee6d0..4453f125749 100644 --- a/spec/controllers/users/verify_password_controller_spec.rb +++ b/spec/controllers/users/verify_password_controller_spec.rb @@ -42,8 +42,8 @@ context 'with personal key flag set' do before do - allow(subject.reactivate_account_session).to receive(:validated_personal_key?). - and_return(key) + allow(subject.reactivate_account_session).to receive(:validated_personal_key?) + .and_return(key) end describe '#new' do diff --git a/spec/controllers/users/webauthn_controller_spec.rb b/spec/controllers/users/webauthn_controller_spec.rb index 642f4728f23..1fba45e8565 100644 --- a/spec/controllers/users/webauthn_controller_spec.rb +++ b/spec/controllers/users/webauthn_controller_spec.rb @@ -178,8 +178,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) response end diff --git a/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb b/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb index 13d2c027caf..34937d03ba1 100644 --- a/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb +++ b/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb @@ -58,15 +58,15 @@ it 'updates user record to mark as having dismissed recommendation' do freeze_time do - expect { response }.to change { user.webauthn_platform_recommended_dismissed_at }. - from(nil). - to(Time.zone.now) + expect { response }.to change { user.webauthn_platform_recommended_dismissed_at } + .from(nil) + .to(Time.zone.now) end end it 'does not assign recommended session value' do - expect { response }.not_to change { controller.user_session[:webauthn_platform_recommended] }. - from(nil) + expect { response }.not_to change { controller.user_session[:webauthn_platform_recommended] } + .from(nil) end it 'redirects user to after sign in path' do @@ -118,8 +118,8 @@ end it 'assigns recommended session value to recommendation flow' do - expect { response }.to change { controller.user_session[:webauthn_platform_recommended] }. - from(nil).to(:authentication) + expect { response }.to change { controller.user_session[:webauthn_platform_recommended] } + .from(nil).to(:authentication) end context 'user is creating account' do @@ -128,8 +128,8 @@ end it 'assigns recommended session value to recommendation flow' do - expect { response }.to change { controller.user_session[:webauthn_platform_recommended] }. - from(nil).to(:account_creation) + expect { response }.to change { controller.user_session[:webauthn_platform_recommended] } + .from(nil).to(:account_creation) end end end diff --git a/spec/controllers/vendor_outage_controller_spec.rb b/spec/controllers/vendor_outage_controller_spec.rb index 3ceb6600733..90ae84eefdf 100644 --- a/spec/controllers/vendor_outage_controller_spec.rb +++ b/spec/controllers/vendor_outage_controller_spec.rb @@ -23,8 +23,8 @@ context 'gpo letter available' do before do stub_sign_in - allow(controller.gpo_verify_by_mail_policy).to receive(:send_letter_available?). - and_return(true) + allow(controller.gpo_verify_by_mail_policy).to receive(:send_letter_available?) + .and_return(true) end it 'sets show_gpo_option as true' do diff --git a/spec/decorators/event_decorator_spec.rb b/spec/decorators/event_decorator_spec.rb index f3816c1ae62..a4e82f52107 100644 --- a/spec/decorators/event_decorator_spec.rb +++ b/spec/decorators/event_decorator_spec.rb @@ -26,8 +26,8 @@ let(:ip_address) { '0.0.0.0' } it 'is an approximate location' do - expect(decorator.last_sign_in_location_and_ip). - to eq('From 0.0.0.0 (IP address potentially located in United States)') + expect(decorator.last_sign_in_location_and_ip) + .to eq('From 0.0.0.0 (IP address potentially located in United States)') end end diff --git a/spec/decorators/service_provider_session_spec.rb b/spec/decorators/service_provider_session_spec.rb index ff48afdc6b7..11f20fef845 100644 --- a/spec/decorators/service_provider_session_spec.rb +++ b/spec/decorators/service_provider_session_spec.rb @@ -17,8 +17,8 @@ let(:sp_create_link) { '/sign_up/enter_email' } before do - allow(view_context).to receive(:sign_up_email_path). - and_return('/sign_up/enter_email') + allow(view_context).to receive(:sign_up_email_path) + .and_return('/sign_up/enter_email') end it 'has the same public API as NullServiceProviderSession' do @@ -38,8 +38,8 @@ describe '#sp_alert' do context 'sp has custom alert' do it 'uses the custom template' do - expect(subject.sp_alert('sign_in')). - to eq "custom sign in help text for #{sp.friendly_name}" + expect(subject.sp_alert('sign_in')) + .to eq "custom sign in help text for #{sp.friendly_name}" end end @@ -47,8 +47,8 @@ let(:sp) { build_stubbed(:service_provider_without_help_text) } it 'returns nil' do - expect(subject.sp_alert('sign_in')). - to be_nil + expect(subject.sp_alert('sign_in')) + .to be_nil end end @@ -56,8 +56,8 @@ let(:sp) { build(:service_provider, help_text: nil) } it 'returns nil' do - expect(subject.sp_alert('sign_in')). - to be_nil + expect(subject.sp_alert('sign_in')) + .to be_nil end end @@ -65,8 +65,8 @@ let(:sp) { build_stubbed(:service_provider, :with_blank_help_text) } it 'returns nil' do - expect(subject.sp_alert('sign_in')). - to be_nil + expect(subject.sp_alert('sign_in')) + .to be_nil end end end @@ -182,13 +182,13 @@ end before do - allow(view_context).to receive(:new_user_session_url). - and_return('https://www.example.com/') + allow(view_context).to receive(:new_user_session_url) + .and_return('https://www.example.com/') end it 'returns view_context.new_user_session_url' do - expect(decorator.cancel_link_url). - to eq 'https://www.example.com/' + expect(decorator.cancel_link_url) + .to eq 'https://www.example.com/' end end @@ -202,8 +202,8 @@ allow(IdentityConfig.store).to receive( :allowed_verified_within_providers, ) { [client_id] } - allow(session_decorator).to receive(:authorize_form). - and_return(OpenidConnectAuthorizeForm.new(verified_within:, client_id:)) + allow(session_decorator).to receive(:authorize_form) + .and_return(OpenidConnectAuthorizeForm.new(verified_within:, client_id:)) end subject(:requested_more_recent_verification?) do diff --git a/spec/factories/agencies.rb b/spec/factories/agencies.rb index 942462de530..aedd9cf2a42 100644 --- a/spec/factories/agencies.rb +++ b/spec/factories/agencies.rb @@ -16,11 +16,11 @@ ) end abbreviation do - name. - split(' '). - map { |w| w[0].upcase }. - select { |c| /\w/.match?(c) }. - join + id.to_s + name + .split(' ') + .map { |w| w[0].upcase } + .select { |c| /\w/.match?(c) } + .join + id.to_s end end end diff --git a/spec/features/account/backup_codes_spec.rb b/spec/features/account/backup_codes_spec.rb index 478645b6c66..4009440f9d2 100644 --- a/spec/features/account/backup_codes_spec.rb +++ b/spec/features/account/backup_codes_spec.rb @@ -68,9 +68,9 @@ expect(page).to have_current_path(backup_code_setup_path) expect(page).to have_content(t('forms.backup_code.title')) - generated_at = user.backup_code_configurations. - order(created_at: :asc).first.created_at. - in_time_zone('UTC') + generated_at = user.backup_code_configurations + .order(created_at: :asc).first.created_at + .in_time_zone('UTC') formatted_generated_at = l(generated_at, format: t('time.formats.event_timestamp')) expected_message = "#{t('account.index.backup_codes_exist')} #{formatted_generated_at}" diff --git a/spec/features/account_creation/threat_metrix_spec.rb b/spec/features/account_creation/threat_metrix_spec.rb index 0a17582b3d1..50a00208e1e 100644 --- a/spec/features/account_creation/threat_metrix_spec.rb +++ b/spec/features/account_creation/threat_metrix_spec.rb @@ -16,8 +16,8 @@ user = confirm_last_user set_password(user) fake_analytics = FakeAnalytics.new - expect_any_instance_of(AccountCreationThreatMetrixJob).to receive(:analytics).with(user). - and_return(fake_analytics) + expect_any_instance_of(AccountCreationThreatMetrixJob).to receive(:analytics).with(user) + .and_return(fake_analytics) select_2fa_option('backup_code') click_continue diff --git a/spec/features/account_reset/cancel_request_spec.rb b/spec/features/account_reset/cancel_request_spec.rb index 06fdcdae6db..7775df40263 100644 --- a/spec/features/account_reset/cancel_request_spec.rb +++ b/spec/features/account_reset/cancel_request_spec.rb @@ -7,13 +7,13 @@ signin(user.email, user.password) click_link t('two_factor_authentication.login_options_link_text') click_link t('two_factor_authentication.account_reset.link') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.recovery_options.try_method_again'), ) click_link t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.request.delete_account'), ) reset_email @@ -32,8 +32,8 @@ signin(user.email, user.password) - expect(page). - to have_current_path( + expect(page) + .to have_current_path( login_two_factor_path(otp_delivery_preference: 'sms'), ) end diff --git a/spec/features/account_reset/delete_account_spec.rb b/spec/features/account_reset/delete_account_spec.rb index 8d426766b23..d421151967f 100644 --- a/spec/features/account_reset/delete_account_spec.rb +++ b/spec/features/account_reset/delete_account_spec.rb @@ -22,26 +22,26 @@ signin(user_email, user.password) click_link t('two_factor_authentication.login_options_link_text') click_link t('two_factor_authentication.account_reset.link') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.recovery_options.try_method_again'), ) click_link t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.request.delete_account'), ) click_button t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_start'), ) - expect(page). - to have_content user_email - expect(page). - to have_content strip_tags( + expect(page) + .to have_content user_email + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_end'), ) expect(page).to have_content t('account_reset.confirm_request.security_note') @@ -90,28 +90,28 @@ click_link t('two_factor_authentication.login_options_link_text') click_link t('two_factor_authentication.account_reset.link') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.recovery_options.try_method_again'), ) click_link t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.request.delete_account'), ) click_button t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_start'), ) - expect(page). - to have_content user_email - expect(page). - to have_content strip_tags( + expect(page) + .to have_content user_email + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_end'), ) expect(page).to have_content t('account_reset.confirm_request.security_note') @@ -154,25 +154,25 @@ signin(user_email, user.password) click_link t('two_factor_authentication.login_options_link_text') click_link t('two_factor_authentication.account_reset.link') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.recovery_options.try_method_again'), ) click_link t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.request.delete_account'), ) click_button t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_start'), ) - expect(page). - to have_content user_email - expect(page). - to have_content strip_tags( + expect(page) + .to have_content user_email + expect(page) + .to have_content strip_tags( t('account_reset.confirm_request.instructions_end'), ) expect(page).to_not have_content t('account_reset.confirm_request.security_note') diff --git a/spec/features/account_reset/pending_request_spec.rb b/spec/features/account_reset/pending_request_spec.rb index 9f7a72b9bca..8b2ee1640fe 100644 --- a/spec/features/account_reset/pending_request_spec.rb +++ b/spec/features/account_reset/pending_request_spec.rb @@ -8,13 +8,13 @@ sign_in_user(user) click_link t('two_factor_authentication.login_options_link_text') click_link t('two_factor_authentication.account_reset.link') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.recovery_options.try_method_again'), ) click_link t('account_reset.request.yes_continue') - expect(page). - to have_content strip_tags( + expect(page) + .to have_content strip_tags( t('account_reset.request.delete_account'), ) click_button t('account_reset.request.yes_continue') diff --git a/spec/features/event_disavowal_spec.rb b/spec/features/event_disavowal_spec.rb index 0259a8ad3f7..fb4bdcf4329 100644 --- a/spec/features/event_disavowal_spec.rb +++ b/spec/features/event_disavowal_spec.rb @@ -194,8 +194,8 @@ end def submit_prefilled_otp_code(user, delivery_preference) - expect(current_path). - to eq login_two_factor_path(otp_delivery_preference: delivery_preference) + expect(current_path) + .to eq login_two_factor_path(otp_delivery_preference: delivery_preference) fill_in('code', with: user.reload.direct_otp) click_button t('forms.buttons.submit.default') end diff --git a/spec/features/ialmax/saml_sign_in_spec.rb b/spec/features/ialmax/saml_sign_in_spec.rb index cf6aa2a6545..abcfa30f48e 100644 --- a/spec/features/ialmax/saml_sign_in_spec.rb +++ b/spec/features/ialmax/saml_sign_in_spec.rb @@ -143,9 +143,9 @@ context 'with an ial1 SP' do before do - ServiceProvider. - find_by(issuer: 'saml_sp_ial2'). - update!(ial: 1) + ServiceProvider + .find_by(issuer: 'saml_sp_ial2') + .update!(ial: 1) end scenario 'returns an ial1 responses even with an ial2 user' do diff --git a/spec/features/idv/analytics_spec.rb b/spec/features/idv/analytics_spec.rb index ce49724a1b1..c74a2975ad8 100644 --- a/spec/features/idv/analytics_spec.rb +++ b/spec/features/idv/analytics_spec.rb @@ -777,15 +777,15 @@ end before do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(proofing_device_profiling) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(proofing_device_profiling) allow_any_instance_of(ApplicationController).to receive(:analytics) do |controller| fake_analytics.user = controller.analytics_user fake_analytics.session = controller.session fake_analytics end - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(false) end context 'Happy path' do @@ -1189,12 +1189,12 @@ allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true) allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled).and_return(false) allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).and_return(true) - allow_any_instance_of(Idv::InPerson::ReadyToVerifyPresenter). - to receive(:service_provider_homepage_url).and_return(return_sp_url) - allow_any_instance_of(Idv::InPerson::ReadyToVerifyPresenter). - to receive(:sp_name).and_return(sp_friendly_name) - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(true) + allow_any_instance_of(Idv::InPerson::ReadyToVerifyPresenter) + .to receive(:service_provider_homepage_url).and_return(return_sp_url) + allow_any_instance_of(Idv::InPerson::ReadyToVerifyPresenter) + .to receive(:sp_name).and_return(sp_friendly_name) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(true) start_idv_from_sp(:saml) sign_in_and_2fa_user(user) diff --git a/spec/features/idv/cancel_spec.rb b/spec/features/idv/cancel_spec.rb index 158eadf7835..08a51076df3 100644 --- a/spec/features/idv/cancel_spec.rb +++ b/spec/features/idv/cancel_spec.rb @@ -167,8 +167,8 @@ it 'shows the user a cancellation message with the option to cancel and reset idv', :js do sp_name = 'Test SP' - allow_any_instance_of(ServiceProviderSession).to receive(:sp_name). - and_return(sp_name) + allow_any_instance_of(ServiceProviderSession).to receive(:sp_name) + .and_return(sp_name) click_link t('links.cancel') diff --git a/spec/features/idv/doc_auth/agreement_spec.rb b/spec/features/idv/doc_auth/agreement_spec.rb index 36222de0fab..bec36d57840 100644 --- a/spec/features/idv/doc_auth/agreement_spec.rb +++ b/spec/features/idv/doc_auth/agreement_spec.rb @@ -6,8 +6,8 @@ let(:fake_analytics) { FakeAnalytics.new } before do - allow_any_instance_of(ApplicationController). - to receive(:analytics).and_return(fake_analytics) + allow_any_instance_of(ApplicationController) + .to receive(:analytics).and_return(fake_analytics) sign_in_and_2fa_user complete_doc_auth_steps_before_agreement_step diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb index 3d6c44d8632..4d7cabfa5ce 100644 --- a/spec/features/idv/doc_auth/document_capture_spec.rb +++ b/spec/features/idv/doc_auth/document_capture_spec.rb @@ -324,8 +324,8 @@ context 'on mobile platform', allow_browser_log: true do before do # mock mobile device as cameraCapable, this allows us to process - allow_any_instance_of(ActionController::Parameters). - to receive(:[]).and_wrap_original do |impl, param_name| + allow_any_instance_of(ActionController::Parameters) + .to receive(:[]).and_wrap_original do |impl, param_name| param_name.to_sym == :skip_hybrid_handoff ? '' : impl.call(param_name) end end @@ -338,10 +338,10 @@ complete_doc_auth_steps_before_document_capture_step expect(page).to have_current_path(idv_document_capture_url) - expect(max_capture_attempts_before_native_camera.to_i). - to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) - expect(max_submission_attempts_before_native_camera.to_i). - to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) + expect(max_capture_attempts_before_native_camera.to_i) + .to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) + expect(max_submission_attempts_before_native_camera.to_i) + .to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) expect_step_indicator_current_step(t('step_indicator.flows.idv.verify_id')) expect(page).to have_text(t('doc_auth.headings.document_capture')) attach_images @@ -569,8 +569,8 @@ let(:desktop_selfie_mode) { false } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(desktop_selfie_mode) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(desktop_selfie_mode) end describe 'when desktop selfie not allowed' do @@ -631,10 +631,10 @@ let(:sp_ipp_enabled) { true } before do - allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled). - and_return(in_person_doc_auth_button_enabled) - allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything). - and_return(sp_ipp_enabled) + allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled) + .and_return(in_person_doc_auth_button_enabled) + allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything) + .and_return(sp_ipp_enabled) end describe 'when ipp is selected' do @@ -768,8 +768,8 @@ def costing_for(cost_type) allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled).and_return( in_person_proofing_opt_in_enabled, ) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(false) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(false) visit_idp_from_sp_with_ial2( :oidc, **{ client_id: service_provider.issuer, diff --git a/spec/features/idv/doc_auth/how_to_verify_spec.rb b/spec/features/idv/doc_auth/how_to_verify_spec.rb index 24a5fb5778a..c4a5522add6 100644 --- a/spec/features/idv/doc_auth/how_to_verify_spec.rb +++ b/spec/features/idv/doc_auth/how_to_verify_spec.rb @@ -18,8 +18,8 @@ allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { in_person_proofing_opt_in_enabled } - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(service_provider_in_person_proofing_enabled) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(service_provider_in_person_proofing_enabled) visit_idp_from_sp_with_ial2( :oidc, **{ client_id: ipp_service_provider.issuer, facial_match_required: facial_match_required } diff --git a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb index 519ba225ac5..7621a89b627 100644 --- a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb +++ b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb @@ -44,9 +44,9 @@ end it 'proceeds to the next page with valid info', :js do - expect(Telephony).to receive(:send_doc_auth_link). - with(hash_including(to: '+1 415-555-0199')). - and_call_original + expect(Telephony).to receive(:send_doc_auth_link) + .with(hash_including(to: '+1 415-555-0199')) + .and_call_original expect_step_indicator_current_step(t('step_indicator.flows.idv.verify_id')) @@ -116,8 +116,8 @@ timeout = distance_of_time_in_words( RateLimiter.attempt_window_in_minutes(:idv_send_link).minutes, ) - allow(IdentityConfig.store).to receive(:idv_send_link_max_attempts). - and_return(idv_send_link_max_attempts) + allow(IdentityConfig.store).to receive(:idv_send_link_max_attempts) + .and_return(idv_send_link_max_attempts) freeze_time do idv_send_link_max_attempts.times do @@ -208,10 +208,10 @@ let(:in_person_doc_auth_button_enabled) { true } let(:sp_ipp_enabled) { true } before do - allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled). - and_return(in_person_doc_auth_button_enabled) - allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything). - and_return(sp_ipp_enabled) + allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled) + .and_return(in_person_doc_auth_button_enabled) + allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything) + .and_return(sp_ipp_enabled) complete_doc_auth_steps_before_hybrid_handoff_step end @@ -333,16 +333,16 @@ def verify_no_upload_photos_section_and_link(page) end allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(socure_docv_enabled) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(doc_auth_vendor) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(desktop_test_mode_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(desktop_test_mode_enabled) allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return( in_person_proofing_enabled, ) allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled).and_return( in_person_proofing_opt_in_enabled, ) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(sp_ipp_enabled) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(sp_ipp_enabled) visit_idp_from_sp_with_ial2( :oidc, **{ client_id: service_provider.issuer, diff --git a/spec/features/idv/doc_auth/link_sent_spec.rb b/spec/features/idv/doc_auth/link_sent_spec.rb index 82a5b0e76cc..a94311a8b6b 100644 --- a/spec/features/idv/doc_auth/link_sent_spec.rb +++ b/spec/features/idv/doc_auth/link_sent_spec.rb @@ -9,8 +9,8 @@ let(:phone_number) { '415-555-0199' } before do - allow(FeatureManagement). - to(receive(:doc_capture_polling_enabled?).and_return(false)) + allow(FeatureManagement) + .to(receive(:doc_capture_polling_enabled?).and_return(false)) user complete_doc_auth_steps_before_hybrid_handoff_step diff --git a/spec/features/idv/doc_auth/redo_document_capture_spec.rb b/spec/features/idv/doc_auth/redo_document_capture_spec.rb index 9460ea01896..083d17361a9 100644 --- a/spec/features/idv/doc_auth/redo_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/redo_document_capture_spec.rb @@ -324,8 +324,8 @@ context 'on mobile platform', allow_browser_log: true do before do # mock mobile device as cameraCapable, this allows us to process - allow_any_instance_of(ActionController::Parameters). - to receive(:[]).and_wrap_original do |impl, param_name| + allow_any_instance_of(ActionController::Parameters) + .to receive(:[]).and_wrap_original do |impl, param_name| param_name.to_sym == :skip_hybrid_handoff ? '' : impl.call(param_name) end end @@ -338,10 +338,10 @@ complete_doc_auth_steps_before_document_capture_step expect(page).to have_current_path(idv_document_capture_url) - expect(max_capture_attempts_before_native_camera.to_i). - to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) - expect(max_submission_attempts_before_native_camera.to_i). - to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) + expect(max_capture_attempts_before_native_camera.to_i) + .to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) + expect(max_submission_attempts_before_native_camera.to_i) + .to eq(ActiveSupport::Duration::SECONDS_PER_HOUR) expect_step_indicator_current_step(t('step_indicator.flows.idv.verify_id')) expect(page).to have_text(t('doc_auth.headings.document_capture')) attach_images @@ -567,8 +567,8 @@ let(:desktop_selfie_mode) { false } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(desktop_selfie_mode) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(desktop_selfie_mode) end describe 'when desktop selfie not allowed' do @@ -629,10 +629,10 @@ let(:sp_ipp_enabled) { true } before do - allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled). - and_return(in_person_doc_auth_button_enabled) - allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything). - and_return(sp_ipp_enabled) + allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled) + .and_return(in_person_doc_auth_button_enabled) + allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything) + .and_return(sp_ipp_enabled) end describe 'when ipp is selected' do @@ -766,8 +766,8 @@ def costing_for(cost_type) allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled).and_return( in_person_proofing_opt_in_enabled, ) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(false) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(false) visit_idp_from_sp_with_ial2( :oidc, **{ client_id: service_provider.issuer, diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index e78605c8546..490f97ecc3d 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -15,18 +15,18 @@ before(:each) do allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) - allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket). - and_return(Idp::Constants::Vendors::SOCURE) + allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket) + .and_return(Idp::Constants::Vendors::SOCURE) allow_any_instance_of(ServiceProviderSession).to receive(:sp_name).and_return('Test SP') - allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key). - and_return(socure_docv_webhook_secret_key) - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_docv_document_request_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key) + .and_return(socure_docv_webhook_secret_key) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_docv_document_request_endpoint) allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled).and_return(false) allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) @docv_transaction_token = stub_docv_document_request - allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode). - and_return(socure_docv_verification_data_test_mode) + allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode) + .and_return(socure_docv_verification_data_test_mode) end context 'happy path', allow_browser_log: true do @@ -95,14 +95,14 @@ context 'successfully erases capture app url when flow is complete' do it 'proceeds to the next page with valid info' do document_capture_session = DocumentCaptureSession.find_by(user_id: @user.id) - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_socure_document_capture_app_url) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_socure_document_capture_app_url) expect(page).to have_current_path(fake_socure_document_capture_app_url) visit idv_socure_document_capture_path expect(page).to have_current_path(idv_socure_document_capture_path) document_capture_session.reload - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_socure_document_capture_app_url) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_socure_document_capture_app_url) socure_docv_upload_documents( docv_transaction_token: @docv_transaction_token, ) @@ -112,14 +112,14 @@ it 'reuse capture app url when appropriate and creates new when not' do document_capture_session = DocumentCaptureSession.find_by(user_id: @user.id) - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_socure_document_capture_app_url) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_socure_document_capture_app_url) expect(page).to have_current_path(fake_socure_document_capture_app_url) visit idv_socure_document_capture_path expect(page).to have_current_path(idv_socure_document_capture_path) document_capture_session.reload - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_socure_document_capture_app_url) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_socure_document_capture_app_url) fake_capture_app2 = 'https://verify.fake-socure.test/capture2' document_capture_session.socure_docv_capture_app_url = fake_capture_app2 document_capture_session.save @@ -128,8 +128,8 @@ event_type: 'DOCUMENT_FRONT_UPLOADED', ) document_capture_session.reload - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_capture_app2) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_capture_app2) socure_docv_send_webhook( docv_transaction_token: @docv_transaction_token, event_type: 'SESSION_EXPIRED', @@ -139,8 +139,8 @@ visit idv_socure_document_capture_path expect(page).to have_current_path(idv_socure_document_capture_path) document_capture_session.reload - expect(document_capture_session.socure_docv_capture_app_url). - to eq(fake_socure_document_capture_app_url) + expect(document_capture_session.socure_docv_capture_app_url) + .to eq(fake_socure_document_capture_app_url) end end end @@ -148,8 +148,8 @@ context 'network connection errors' do context 'getting the capture path' do before do - allow_any_instance_of(Faraday::Connection).to receive(:post). - and_raise(Faraday::ConnectionFailed) + allow_any_instance_of(Faraday::Connection).to receive(:post) + .and_raise(Faraday::ConnectionFailed) end it 'shows the network error page', js: true do @@ -213,8 +213,8 @@ let(:test_token) { 'valid-test-token' } let(:socure_docv_verification_data_test_mode) { true } before do - allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode_tokens). - and_return([test_token]) + allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode_tokens) + .and_return([test_token]) DocAuth::Mock::DocAuthMockClient.reset! end @@ -376,16 +376,16 @@ def expect_rate_limited_header(expected_to_be_present) allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled).and_return( in_person_proofing_opt_in_enabled, ) - allow(IdentityConfig.store).to receive(:allowed_biometric_ial_providers). - and_return([service_provider.issuer]) + allow(IdentityConfig.store).to receive(:allowed_biometric_ial_providers) + .and_return([service_provider.issuer]) allow(IdentityConfig.store).to receive( :allowed_valid_authn_contexts_semantic_providers, ).and_return([service_provider.issuer]) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(false) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(false) allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) - allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket). - and_return(Idp::Constants::Vendors::SOCURE) + allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket) + .and_return(Idp::Constants::Vendors::SOCURE) visit_idp_from_sp_with_ial2( :oidc, **{ client_id: service_provider.issuer, diff --git a/spec/features/idv/doc_auth/test_credentials_spec.rb b/spec/features/idv/doc_auth/test_credentials_spec.rb index 849236666e8..f9b5d495e81 100644 --- a/spec/features/idv/doc_auth/test_credentials_spec.rb +++ b/spec/features/idv/doc_auth/test_credentials_spec.rb @@ -61,8 +61,8 @@ def triggers_error_test_credentials_missing(credential_file, alert_message) it 'rate limits the user if invalid credentials submitted for max allowed attempts', allow_browser_log: true do - allow(IdentityConfig.store).to receive(:doc_auth_check_failed_image_resubmission_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_check_failed_image_resubmission_enabled) + .and_return(false) max_attempts = IdentityConfig.store.doc_auth_max_attempts (max_attempts - 1).times do complete_document_capture_step_with_yml( diff --git a/spec/features/idv/doc_auth/verify_info_step_spec.rb b/spec/features/idv/doc_auth/verify_info_step_spec.rb index 86960660722..131b034ce74 100644 --- a/spec/features/idv/doc_auth/verify_info_step_spec.rb +++ b/spec/features/idv/doc_auth/verify_info_step_spec.rb @@ -122,8 +122,8 @@ context 'resolution rate limiting' do let(:max_resolution_attempts) { 3 } before do - allow(IdentityConfig.store).to receive(:idv_max_attempts). - and_return(max_resolution_attempts) + allow(IdentityConfig.store).to receive(:idv_max_attempts) + .and_return(max_resolution_attempts) fill_out_ssn_form_with_ssn_that_fails_resolution click_idv_continue @@ -183,11 +183,11 @@ let(:max_ssn_attempts) { 3 } before do - allow(IdentityConfig.store).to receive(:idv_max_attempts). - and_return(max_resolution_attempts) + allow(IdentityConfig.store).to receive(:idv_max_attempts) + .and_return(max_resolution_attempts) - allow(IdentityConfig.store).to receive(:proof_ssn_max_attempts). - and_return(max_ssn_attempts) + allow(IdentityConfig.store).to receive(:proof_ssn_max_attempts) + .and_return(max_ssn_attempts) fill_out_ssn_form_with_ssn_that_fails_resolution click_idv_continue @@ -283,8 +283,8 @@ it 'allows resubmitting form' do complete_ssn_step - allow(DocumentCaptureSession).to receive(:find_by). - and_return(nil) + allow(DocumentCaptureSession).to receive(:find_by) + .and_return(nil) complete_verify_step expect(fake_analytics).to have_logged_event('IdV: proofing resolution result missing') @@ -300,8 +300,8 @@ it 'allows resubmitting form' do complete_ssn_step - allow(DocumentCaptureSession).to receive(:find_by). - and_return(nil) + allow(DocumentCaptureSession).to receive(:find_by) + .and_return(nil) complete_verify_step expect(page).to have_content(t('idv.failure.timeout')) diff --git a/spec/features/idv/end_to_end_idv_spec.rb b/spec/features/idv/end_to_end_idv_spec.rb index 8c516ce67bd..eef9d8baadd 100644 --- a/spec/features/idv/end_to_end_idv_spec.rb +++ b/spec/features/idv/end_to_end_idv_spec.rb @@ -123,8 +123,8 @@ before do allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true) - ServiceProvider.find_by(issuer: service_provider_issuer(sp)). - update(in_person_proofing_enabled: true) + ServiceProvider.find_by(issuer: service_provider_issuer(sp)) + .update(in_person_proofing_enabled: true) end scenario 'In person proofing', allow_browser_log: true do @@ -135,6 +135,7 @@ complete_all_in_person_proofing_steps(user) test_restart_in_person_flow(user) complete_otp_verification_page(user) + expect(page).to have_current_path(idv_enter_password_path) test_go_back_in_person_flow @@ -187,8 +188,8 @@ def validate_agreement_page end def validate_hybrid_handoff_page - allow_any_instance_of(Idv::HybridHandoffController).to receive(:mobile_device?). - and_return(false) + allow_any_instance_of(Idv::HybridHandoffController).to receive(:mobile_device?) + .and_return(false) expect(page).to have_current_path(idv_hybrid_handoff_path) @@ -200,8 +201,8 @@ def validate_hybrid_handoff_page # defaults phone to user's 2fa phone number field = page.find_field(t('two_factor_authentication.phone_label')) - expect(same_phone?(field.value, Features::SessionHelper::IAL1_USER_PHONE)). - to be true + expect(same_phone?(field.value, Features::SessionHelper::IAL1_USER_PHONE)) + .to be true end def validate_document_capture_page @@ -365,10 +366,9 @@ def validate_personal_key_page text: t('step_indicator.flows.idv.verify_phone'), ) expect(page).to have_css( - '.step-indicator__step--complete', + '.step-indicator__step--current', text: t('step_indicator.flows.idv.re_enter_password'), ) - expect(page).not_to have_css('.step-indicator__step--current') expect(page).not_to have_content(t('step_indicator.flows.idv.verify_address')) # Refreshing shows same page (BUT with new personal key, we should warn the user) @@ -429,7 +429,7 @@ def test_go_back_from_agreement def test_go_back_from_hybrid_handoff go_back - expect(current_path).to eql(idv_agreement_path) + expect(page).to have_current_path(idv_agreement_path) expect(page).to have_checked_field( t('doc_auth.instructions.consent', app_name: APP_NAME), visible: :all, @@ -515,7 +515,9 @@ def test_go_back_from_request_letter def test_go_back_in_person_flow go_back + expect(page).to have_current_path(idv_otp_verification_path) go_back + expect(page).to have_current_path(idv_phone_path) go_back expect(page).to have_current_path(idv_in_person_verify_info_path) # can't go back further with in person controllers (yet) diff --git a/spec/features/idv/get_proofing_results_job_scenarios_spec.rb b/spec/features/idv/get_proofing_results_job_scenarios_spec.rb index f28bc7fe37c..610e08c0614 100644 --- a/spec/features/idv/get_proofing_results_job_scenarios_spec.rb +++ b/spec/features/idv/get_proofing_results_job_scenarios_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' require 'axe-rspec' -RSpec.feature 'GetUspsProofingResultsJob Scenarios', js: true, allowed_extra_analytics: [:*] do +RSpec.feature 'GetUspsProofingResultsJob Scenarios', js: true do include OidcAuthHelper include UspsIppHelper include ActiveJob::TestHelper diff --git a/spec/features/idv/hybrid_mobile/entry_spec.rb b/spec/features/idv/hybrid_mobile/entry_spec.rb index 4c43e0b5bfc..408c91908ca 100644 --- a/spec/features/idv/hybrid_mobile/entry_spec.rb +++ b/spec/features/idv/hybrid_mobile/entry_spec.rb @@ -43,8 +43,8 @@ context 'when socure is the doc auth vendor' do before do - allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket). - and_return(Idp::Constants::Vendors::SOCURE) + allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket) + .and_return(Idp::Constants::Vendors::SOCURE) stub_docv_document_request end diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 4560fa0d52e..f96d46d215c 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -15,18 +15,18 @@ before do allow(FeatureManagement).to receive(:doc_capture_polling_enabled?).and_return(true) allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) - allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket). - and_return(Idp::Constants::Vendors::SOCURE) + allow(DocAuthRouter).to receive(:doc_auth_vendor_for_bucket) + .and_return(Idp::Constants::Vendors::SOCURE) allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests).and_return(true) allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled).and_return(false) - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_docv_document_request_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_docv_document_request_endpoint) allow(Telephony).to receive(:send_doc_auth_link).and_wrap_original do |impl, config| @sms_link = config[:link] impl.call(**config) end.at_least(1).times - allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode). - and_return(socure_docv_verification_data_test_mode) + allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode) + .and_return(socure_docv_verification_data_test_mode) @docv_transaction_token = stub_docv_document_request stub_analytics end @@ -262,8 +262,8 @@ let(:test_token) { 'valid-test-token' } let(:socure_docv_verification_data_test_mode) { true } before do - allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode_tokens). - and_return([test_token]) + allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode_tokens) + .and_return([test_token]) DocAuth::Mock::DocAuthMockClient.reset! end @@ -420,8 +420,8 @@ context 'with a network error requesting the capture app url' do before do - allow_any_instance_of(Faraday::Connection).to receive(:post). - and_raise(Faraday::ConnectionFailed) + allow_any_instance_of(Faraday::Connection).to receive(:post) + .and_raise(Faraday::ConnectionFailed) end it 'shows the network error page on the phone and the link sent page on the desktop', diff --git a/spec/features/idv/in_person_spec.rb b/spec/features/idv/in_person_spec.rb index c5af6f91e50..d1ee9670f03 100644 --- a/spec/features/idv/in_person_spec.rb +++ b/spec/features/idv/in_person_spec.rb @@ -117,9 +117,9 @@ deadline = nil freeze_time do acknowledge_and_confirm_personal_key - deadline = (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + deadline = (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page @@ -211,8 +211,8 @@ let(:sp) { service_provider } it 'sends a survey when they share information with that partner', allow_browser_log: true do - expect(last_email.html_part.body). - to have_selector( + expect(last_email.html_part.body) + .to have_selector( "a[href='#{IdentityConfig.store.in_person_opt_in_available_completion_survey_url}']", ) end @@ -470,9 +470,9 @@ freeze_time do acknowledge_and_confirm_personal_key deadline = (Time.zone.now + - IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page diff --git a/spec/features/idv/in_person_threatmetrix_spec.rb b/spec/features/idv/in_person_threatmetrix_spec.rb index 6747cd4cbbc..af9cb2644c2 100644 --- a/spec/features/idv/in_person_threatmetrix_spec.rb +++ b/spec/features/idv/in_person_threatmetrix_spec.rb @@ -26,8 +26,8 @@ before do allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true) allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx).and_return(true) - ServiceProvider.find_by(issuer: service_provider_issuer(sp)). - update(in_person_proofing_enabled: true) + ServiceProvider.find_by(issuer: service_provider_issuer(sp)) + .update(in_person_proofing_enabled: true) end def deactivate_profile_update_enrollment(status:) @@ -141,9 +141,9 @@ def deactivate_profile_update_enrollment(status:) freeze_time do acknowledge_and_confirm_personal_key deadline = (Time.zone.now + - IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page diff --git a/spec/features/idv/outage_spec.rb b/spec/features/idv/outage_spec.rb index e7025c608f2..918382a504b 100644 --- a/spec/features/idv/outage_spec.rb +++ b/spec/features/idv/outage_spec.rb @@ -52,13 +52,13 @@ def sign_in_with_idv_required(user:, sms_or_totp: :sms) # Wire up various let()s to configuration keys vendors.each do |service| vendor_status_key = :"vendor_status_#{service}" - allow(IdentityConfig.store).to receive(vendor_status_key). - and_return(send(vendor_status_key)) + allow(IdentityConfig.store).to receive(vendor_status_key) + .and_return(send(vendor_status_key)) end config_flags.each do |key| - allow(IdentityConfig.store).to receive(key). - and_return(send(key)) + allow(IdentityConfig.store).to receive(key) + .and_return(send(key)) end end @@ -263,10 +263,10 @@ def sign_in_with_idv_required(user:, sms_or_totp: :sms) context 'during an IDV maintenance window', js: true do before do - allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_start). - and_return('2023-01-01T00:00:00Z') - allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_finish). - and_return('2023-01-01T23:59:59Z') + allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_start) + .and_return('2023-01-01T00:00:00Z') + allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_finish) + .and_return('2023-01-01T23:59:59Z') travel_to(Time.zone.parse('2023-01-01T12:00:00Z')) end diff --git a/spec/features/idv/pending_profile_password_reset_spec.rb b/spec/features/idv/pending_profile_password_reset_spec.rb index bc42be34212..fcbe3c719f1 100644 --- a/spec/features/idv/pending_profile_password_reset_spec.rb +++ b/spec/features/idv/pending_profile_password_reset_spec.rb @@ -5,8 +5,8 @@ let(:sp_name) { 'Test SP' } before do - allow_any_instance_of(ServiceProviderSession).to receive(:sp_name). - and_return(sp_name) + allow_any_instance_of(ServiceProviderSession).to receive(:sp_name) + .and_return(sp_name) end scenario 'while GPO pending requires the user to reproof' do diff --git a/spec/features/idv/phone_otp_rate_limiting_spec.rb b/spec/features/idv/phone_otp_rate_limiting_spec.rb index c5d3c14ba72..35d9426b8ef 100644 --- a/spec/features/idv/phone_otp_rate_limiting_spec.rb +++ b/spec/features/idv/phone_otp_rate_limiting_spec.rb @@ -28,8 +28,8 @@ let(:max_attempts) { 2 } before do - allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts). - and_return(max_attempts) + allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts) + .and_return(max_attempts) end it 'rate limits otp attempts at the otp verification step' do @@ -42,8 +42,8 @@ end expect(page).to have_content t('titles.account_locked') - expect(page). - to have_content t('two_factor_authentication.max_otp_login_attempts_reached') + expect(page) + .to have_content t('two_factor_authentication.max_otp_login_attempts_reached') expect_rate_limit_circumvention_to_be_disallowed(user) expect_rate_limit_to_expire(user) diff --git a/spec/features/idv/proofing_components_spec.rb b/spec/features/idv/proofing_components_spec.rb index 19975e08a5d..70268b77ed1 100644 --- a/spec/features/idv/proofing_components_spec.rb +++ b/spec/features/idv/proofing_components_spec.rb @@ -10,8 +10,8 @@ let(:user) { User.find_with_email(email) } before do - allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled). - and_return(ruby_workers_idv_enabled) + allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled) + .and_return(ruby_workers_idv_enabled) visit_idp_from_sp_with_ial2(:oidc) register_user(email) diff --git a/spec/features/idv/steps/enter_code_step_spec.rb b/spec/features/idv/steps/enter_code_step_spec.rb index a7b0a6a423a..379558fc413 100644 --- a/spec/features/idv/steps/enter_code_step_spec.rb +++ b/spec/features/idv/steps/enter_code_step_spec.rb @@ -28,8 +28,8 @@ let(:fraud_review_pending) { false } before do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(threatmetrix_enabled ? :enabled : :disabled) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(threatmetrix_enabled ? :enabled : :disabled) end it_behaves_like 'verification code entry' diff --git a/spec/features/idv/steps/enter_password_step_spec.rb b/spec/features/idv/steps/enter_password_step_spec.rb index 314af4c9ac5..c76b9a93691 100644 --- a/spec/features/idv/steps/enter_password_step_spec.rb +++ b/spec/features/idv/steps/enter_password_step_spec.rb @@ -42,11 +42,11 @@ gpo_confirmation_entry = GpoConfirmation.last.entry if sp == :saml - expect(gpo_confirmation_entry[:issuer]). - to eq(sp1_issuer) + expect(gpo_confirmation_entry[:issuer]) + .to eq(sp1_issuer) else - expect(gpo_confirmation_entry[:issuer]). - to eq('urn:gov:gsa:openidconnect:sp:server') + expect(gpo_confirmation_entry[:issuer]) + .to eq('urn:gov:gsa:openidconnect:sp:server') end end end @@ -69,8 +69,8 @@ def sends_letter_creates_unverified_profile_sends_email email_count_before_continue = ActionMailer::Base.deliveries.count - expect { click_continue }. - to change { GpoConfirmation.count }.by(1) + expect { click_continue } + .to change { GpoConfirmation.count }.by(1) expect_delivered_email_count(email_count_before_continue + 1) expect(last_email.subject).to eq(t('user_mailer.verify_by_mail_letter_requested.subject')) diff --git a/spec/features/idv/steps/in_person/address_spec.rb b/spec/features/idv/steps/in_person/address_spec.rb index 42d5cbabb04..1fdd88b757b 100644 --- a/spec/features/idv/steps/in_person/address_spec.rb +++ b/spec/features/idv/steps/in_person/address_spec.rb @@ -82,8 +82,8 @@ context 'transliterable Validation' do before do - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(true) end it 'shows validation errors', diff --git a/spec/features/idv/steps/in_person/state_id_spec.rb b/spec/features/idv/steps/in_person/state_id_spec.rb index 7572eba495b..25a883e38fa 100644 --- a/spec/features/idv/steps/in_person/state_id_spec.rb +++ b/spec/features/idv/steps/in_person/state_id_spec.rb @@ -311,8 +311,8 @@ context 'transliterable validation' do before do - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(true) end it 'shows validation errors', diff --git a/spec/features/idv/steps/in_person/verify_info_spec.rb b/spec/features/idv/steps/in_person/verify_info_spec.rb index 29cf6a5eb1b..03d74790679 100644 --- a/spec/features/idv/steps/in_person/verify_info_spec.rb +++ b/spec/features/idv/steps/in_person/verify_info_spec.rb @@ -12,8 +12,8 @@ before do allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true) allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) - allow(user).to receive(:enrollment). - and_return(enrollment) + allow(user).to receive(:enrollment) + .and_return(enrollment) end context 'when visiting verify info for the first time' do diff --git a/spec/features/idv/steps/in_person_opt_in_ipp_spec.rb b/spec/features/idv/steps/in_person_opt_in_ipp_spec.rb index c9068552a2d..5eb11e2e7d3 100644 --- a/spec/features/idv/steps/in_person_opt_in_ipp_spec.rb +++ b/spec/features/idv/steps/in_person_opt_in_ipp_spec.rb @@ -21,8 +21,8 @@ before do allow(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:enabled) allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id).and_return(org) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(true) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(true) end it 'allows the user to continue down the happy path selecting to opt in', @@ -102,9 +102,9 @@ freeze_time do acknowledge_and_confirm_personal_key deadline = (Time.zone.now + - IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page @@ -244,9 +244,9 @@ freeze_time do acknowledge_and_confirm_personal_key deadline = - (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page @@ -294,8 +294,8 @@ before do allow(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:enabled) allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id).and_return(org) - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(false) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(false) end it 'skips how to verify and goes to hybrid_handoff' do @@ -410,9 +410,9 @@ freeze_time do acknowledge_and_confirm_personal_key deadline = - (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days). - in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE). - strftime(t('time.formats.event_date')) + (Time.zone.now + IdentityConfig.store.in_person_enrollment_validity_in_days.days) + .in_time_zone(Idv::InPerson::ReadyToVerifyPresenter::USPS_SERVER_TIMEZONE) + .strftime(t('time.formats.event_date')) end # ready to verify page @@ -462,8 +462,8 @@ before do allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) { false } allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { true } - allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled). - and_return(true) + allow_any_instance_of(ServiceProvider).to receive(:in_person_proofing_enabled) + .and_return(true) end it 'skips how to verify and continues along the normal path' do diff --git a/spec/features/idv/steps/resend_letter_step_spec.rb b/spec/features/idv/steps/resend_letter_step_spec.rb index 1d4a4fe1337..fb3eb7f16c1 100644 --- a/spec/features/idv/steps/resend_letter_step_spec.rb +++ b/spec/features/idv/steps/resend_letter_step_spec.rb @@ -9,12 +9,12 @@ let(:max_days_before_resend_disabled) { 30 } before do - allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours). - and_return(minimum_wait_for_letter) - allow(IdentityConfig.store).to receive(:gpo_max_profile_age_to_send_letter_in_days). - and_return(max_days_before_resend_disabled) - allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days). - and_return(days_passed + 1) + allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours) + .and_return(minimum_wait_for_letter) + allow(IdentityConfig.store).to receive(:gpo_max_profile_age_to_send_letter_in_days) + .and_return(max_days_before_resend_disabled) + allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days) + .and_return(days_passed + 1) end let(:user) { user_with_2fa } @@ -71,8 +71,8 @@ click_on t('idv.messages.gpo.resend') # And then actually ask for a resend - expect { click_on t('idv.gpo.request_another_letter.button') }. - to change { GpoConfirmation.count }.from(1).to(2) + expect { click_on t('idv.gpo.request_another_letter.button') } + .to change { GpoConfirmation.count }.from(1).to(2) expect_user_to_be_unverified(user) expect(page).to have_content(t('idv.messages.gpo.another_letter_on_the_way')) expect(page).to have_content(t('idv.titles.come_back_later')) diff --git a/spec/features/openid_connect/authorization_confirmation_spec.rb b/spec/features/openid_connect/authorization_confirmation_spec.rb index d7da4869098..f95566dcaa4 100644 --- a/spec/features/openid_connect/authorization_confirmation_spec.rb +++ b/spec/features/openid_connect/authorization_confirmation_spec.rb @@ -56,8 +56,8 @@ def create_user_and_remember_device context 'with client-side javascript redirect' do before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side_js') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side_js') end it_behaves_like 'signin email after signing in again' diff --git a/spec/features/openid_connect/openid_connect_spec.rb b/spec/features/openid_connect/openid_connect_spec.rb index 35ee5556c11..7afa1895245 100644 --- a/spec/features/openid_connect/openid_connect_spec.rb +++ b/spec/features/openid_connect/openid_connect_spec.rb @@ -125,8 +125,8 @@ end it 'auto-allows with a second authorization and redirect_uris in CSP headers if enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled) + .and_return(true) client_id = 'urn:gov:gsa:openidconnect:sp:server' service_provider = build(:service_provider, issuer: client_id) user = user_with_2fa @@ -137,8 +137,8 @@ visit_idp_from_ial1_oidc_sp(client_id: client_id, prompt: 'select_account') sign_in_user(user) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\' http://localhost:7654 https://example.com')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\' http://localhost:7654 https://example.com')) fill_in_code_with_last_phone_otp click_submit_default @@ -148,8 +148,8 @@ end it 'auto-allows with a second authorization and blank CSP headers if not enabled' do - allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled) + .and_return(false) client_id = 'urn:gov:gsa:openidconnect:sp:server' service_provider = build(:service_provider, issuer: client_id) user = user_with_2fa @@ -160,8 +160,8 @@ visit_idp_from_ial1_oidc_sp(client_id: client_id, prompt: 'select_account') sign_in_user(user) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\'')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\'')) fill_in_code_with_last_phone_otp click_submit_default @@ -171,8 +171,8 @@ end it 'auto-allows and includes redirect_uris in CSP headers if enabled after an incorrect OTP' do - allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled) + .and_return(true) client_id = 'urn:gov:gsa:openidconnect:sp:server' service_provider = build(:service_provider, issuer: client_id) @@ -184,15 +184,15 @@ visit_idp_from_ial1_oidc_sp(client_id: client_id, prompt: 'select_account') sign_in_user(user) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\' http://localhost:7654 https://example.com')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\' http://localhost:7654 https://example.com')) fill_in :code, with: 'wrong otp' click_submit_default expect(page).to have_content(t('two_factor_authentication.invalid_otp')) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\' http://localhost:7654 https://example.com')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\' http://localhost:7654 https://example.com')) fill_in_code_with_last_phone_otp click_submit_default @@ -202,8 +202,8 @@ end it 'auto-allows and blank CSP headers if disabled after an incorrect OTP' do - allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:openid_connect_content_security_form_action_enabled) + .and_return(true) client_id = 'urn:gov:gsa:openidconnect:sp:server' service_provider = build(:service_provider, issuer: client_id) @@ -215,15 +215,15 @@ visit_idp_from_ial1_oidc_sp(client_id: client_id, prompt: 'select_account') sign_in_user(user) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\'')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\'')) fill_in :code, with: 'wrong otp' click_submit_default expect(page).to have_content(t('two_factor_authentication.invalid_otp')) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\'')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\'')) fill_in_code_with_last_phone_otp click_submit_default @@ -307,8 +307,8 @@ context 'when accepting id_token_hint in logout' do before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(false) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(false) end context 'when sending id_token_hint' do @@ -357,8 +357,8 @@ post_logout_redirect_uri: 'gov.gsa.openidconnect.test://result/signout', state: state, ) - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\' gov.gsa.openidconnect.test:')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\' gov.gsa.openidconnect.test:')) expect(page).to have_content( t( 'openid_connect.logout.heading_with_sp', @@ -423,8 +423,8 @@ context 'when rejecting id_token_hint in logout' do before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(true) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(true) end it 'logout destroys the session when confirming logout' do @@ -571,8 +571,8 @@ it 'errors if verified_within param is too recent', driver: :mobile_rack_test do client_id = 'urn:gov:gsa:openidconnect:test' - allow(IdentityConfig.store).to receive(:allowed_verified_within_providers). - and_return([client_id]) + allow(IdentityConfig.store).to receive(:allowed_verified_within_providers) + .and_return([client_id]) state = SecureRandom.hex nonce = SecureRandom.hex code_verifier = SecureRandom.hex @@ -597,14 +597,14 @@ redirect_params = UriService.params(oidc_redirect_url) expect(redirect_params[:error]).to eq('invalid_request') - expect(redirect_params[:error_description]). - to include('Verified within value must be at least 30 days or older') + expect(redirect_params[:error_description]) + .to include('Verified within value must be at least 30 days or older') end it 'sends the user through idv again via verified_within param', :js do client_id = 'urn:gov:gsa:openidconnect:sp:server' - allow(IdentityConfig.store).to receive(:allowed_verified_within_providers). - and_return([client_id]) + allow(IdentityConfig.store).to receive(:allowed_verified_within_providers) + .and_return([client_id]) user = user_with_2fa _profile = create( @@ -1047,8 +1047,8 @@ click_agree_and_continue expect(current_url).to eq new_user_session_url - expect(page). - to have_content t('instructions.go_back_to_mobile_app', friendly_name: 'Example iOS App') + expect(page) + .to have_content t('instructions.go_back_to_mobile_app', friendly_name: 'Example iOS App') end end end diff --git a/spec/features/openid_connect/redirect_uri_validation_spec.rb b/spec/features/openid_connect/redirect_uri_validation_spec.rb index 9815881d9d1..693bc943522 100644 --- a/spec/features/openid_connect/redirect_uri_validation_spec.rb +++ b/spec/features/openid_connect/redirect_uri_validation_spec.rb @@ -9,8 +9,8 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') end end @@ -20,8 +20,8 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') end end @@ -33,8 +33,8 @@ expect(current_host).to eq 'www.example.com' expect(current_path).to eq '/errors/service_provider_inactive' - expect(page). - to have_content t( + expect(page) + .to have_content t( 'service_providers.errors.inactive.heading', sp_name: 'Example iOS App (inactive)', app_name: APP_NAME, @@ -48,8 +48,8 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.bad_client_id') + expect(page) + .to have_content t('openid_connect.authorization.errors.bad_client_id') end end @@ -90,22 +90,22 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.bad_client_id') + expect(page) + .to have_content t('openid_connect.authorization.errors.bad_client_id') visit_idp_from_sp_with_ial1_with_invalid_redirect_uri current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') visit_idp_from_sp_with_ial1_with_disallowed_redirect_uri current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') end end @@ -122,22 +122,22 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.bad_client_id') + expect(page) + .to have_content t('openid_connect.authorization.errors.bad_client_id') visit_idp_from_sp_with_ial1_with_invalid_redirect_uri current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_invalid') visit_idp_from_sp_with_ial1_with_disallowed_redirect_uri current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') end end @@ -166,8 +166,8 @@ current_host = URI.parse(page.current_url).host expect(current_host).to eq 'www.example.com' - expect(page). - to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') + expect(page) + .to have_content t('openid_connect.authorization.errors.redirect_uri_no_match') visit new_user_session_path fill_in_credentials_and_submit(user.email, user.password) diff --git a/spec/features/openid_connect/vtr_spec.rb b/spec/features/openid_connect/vtr_spec.rb index 95b8281afbb..24cefe11000 100644 --- a/spec/features/openid_connect/vtr_spec.rb +++ b/spec/features/openid_connect/vtr_spec.rb @@ -6,8 +6,8 @@ include WebAuthnHelper before do - allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests). - and_return(true) + allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests) + .and_return(true) end scenario 'sign in with VTR request for authentication' do diff --git a/spec/features/phone/default_phone_selection_spec.rb b/spec/features/phone/default_phone_selection_spec.rb index 40340bda191..23dd10e4e47 100644 --- a/spec/features/phone/default_phone_selection_spec.rb +++ b/spec/features/phone/default_phone_selection_spec.rb @@ -129,8 +129,8 @@ end def submit_prefilled_otp_code(user, delivery_preference) - expect(current_path). - to eq login_two_factor_path(otp_delivery_preference: delivery_preference) + expect(current_path) + .to eq login_two_factor_path(otp_delivery_preference: delivery_preference) fill_in('code', with: user.reload.direct_otp) click_button t('forms.buttons.submit.default') end diff --git a/spec/features/remember_device/sp_expiration_spec.rb b/spec/features/remember_device/sp_expiration_spec.rb index 99af39df96f..d09effa271b 100644 --- a/spec/features/remember_device/sp_expiration_spec.rb +++ b/spec/features/remember_device/sp_expiration_spec.rb @@ -110,8 +110,9 @@ def visit_sp(protocol, aal) before do allow(IdentityConfig.store).to receive(:otp_delivery_blocklist_maxretry).and_return(1000) - allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days). - and_return([aal1_remember_device_expiration, aal2_remember_device_expiration].max.in_days + 2) + allow(IdentityConfig.store).to receive(:second_mfa_reminder_account_age_in_days) + .and_return([aal1_remember_device_expiration, + aal2_remember_device_expiration].max.in_days + 2) ServiceProvider.find_by(issuer: OidcAuthHelper::OIDC_IAL1_ISSUER).update!( default_aal: aal, diff --git a/spec/features/remember_device/webauthn_spec.rb b/spec/features/remember_device/webauthn_spec.rb index 70d2ad62b85..c826fca2bec 100644 --- a/spec/features/remember_device/webauthn_spec.rb +++ b/spec/features/remember_device/webauthn_spec.rb @@ -98,9 +98,9 @@ def remember_device_and_sign_out_user context 'sign up' do before do - allow(IdentityConfig.store). - to receive(:show_unsupported_passkey_platform_authentication_setup). - and_return(true) + allow(IdentityConfig.store) + .to receive(:show_unsupported_passkey_platform_authentication_setup) + .and_return(true) end def click_2fa_option(option) @@ -127,8 +127,8 @@ def remember_device_and_sign_out_user click_continue - expect(page). - to have_content t('headings.add_info.phone') + expect(page) + .to have_content t('headings.add_info.phone') expect(current_path).to eq phone_setup_path diff --git a/spec/features/saml/redirect_uri_validation_spec.rb b/spec/features/saml/redirect_uri_validation_spec.rb index 1677f6c0eac..a2e0cc06e80 100644 --- a/spec/features/saml/redirect_uri_validation_spec.rb +++ b/spec/features/saml/redirect_uri_validation_spec.rb @@ -13,9 +13,9 @@ state: '123abc', ) sp = ServiceProvider.find_by(issuer: 'http://localhost:3000') - expect(page). - to have_link t('links.back_to_sp', sp: sp.friendly_name), - href: return_to_sp_cancel_path(step: :authentication) + expect(page) + .to have_link t('links.back_to_sp', sp: sp.friendly_name), + href: return_to_sp_cancel_path(step: :authentication) fill_in_credentials_and_submit(user.email, user.password) fill_in_code_with_last_phone_otp diff --git a/spec/features/saml/saml_logout_spec.rb b/spec/features/saml/saml_logout_spec.rb index 3e1400f1e90..da14da53c42 100644 --- a/spec/features/saml/saml_logout_spec.rb +++ b/spec/features/saml/saml_logout_spec.rb @@ -191,8 +191,8 @@ click_agree_and_continue click_button(t('forms.buttons.submit.default')) - identity = ServiceProviderIdentity. - find_by(user_id: user.id, service_provider: saml_settings.issuer) + identity = ServiceProviderIdentity + .find_by(user_id: user.id, service_provider: saml_settings.issuer) expect(OutOfBandSessionAccessor.new(identity.rails_session_id).exists?).to eq true # simulate a remote request diff --git a/spec/features/saml/saml_spec.rb b/spec/features/saml/saml_spec.rb index d0bee87d559..d8e5ab221ff 100644 --- a/spec/features/saml/saml_spec.rb +++ b/spec/features/saml/saml_spec.rb @@ -14,9 +14,9 @@ end it 'returns the user to the acs url after authentication' do - expect(page). - to have_link t('links.back_to_sp', sp: sp.friendly_name), - href: return_to_sp_cancel_path(step: :authentication) + expect(page) + .to have_link t('links.back_to_sp', sp: sp.friendly_name), + href: return_to_sp_cancel_path(step: :authentication) sign_in_via_branded_page(user) click_submit_default @@ -145,19 +145,19 @@ it 'contains a signature method nodeset with SHA256 algorithm' do expect(xmldoc.signature_method_nodeset.length).to eq(1) - expect(xmldoc.signature_method_nodeset[0].attr('Algorithm')). - to eq('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') + expect(xmldoc.signature_method_nodeset[0].attr('Algorithm')) + .to eq('http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') end it 'contains a digest method nodeset with SHA256 algorithm' do expect(xmldoc.digest_method_nodeset.length).to eq(1) - expect(xmldoc.digest_method_nodeset[0].attr('Algorithm')). - to eq('http://www.w3.org/2001/04/xmlenc#sha256') + expect(xmldoc.digest_method_nodeset[0].attr('Algorithm')) + .to eq('http://www.w3.org/2001/04/xmlenc#sha256') end it 'redirects to /test/saml/decode_assertion after submitting the form' do - expect(page.current_url). - to eq(saml_settings.assertion_consumer_service_url) + expect(page.current_url) + .to eq(saml_settings.assertion_consumer_service_url) end it 'stores SP identifier in Identity model' do @@ -203,8 +203,8 @@ it 'updates the service providers in the database' do page.driver.header 'X-LOGIN-DASHBOARD-TOKEN', '123ABC' - expect { page.driver.post '/api/service_provider' }. - to(change { ServiceProvider.active.sort_by(&:id) }) + expect { page.driver.post '/api/service_provider' } + .to(change { ServiceProvider.active.sort_by(&:id) }) expect(page.status_code).to eq 200 end diff --git a/spec/features/sign_in/remember_device_default_spec.rb b/spec/features/sign_in/remember_device_default_spec.rb index 6679e98eca3..2da2fec5b22 100644 --- a/spec/features/sign_in/remember_device_default_spec.rb +++ b/spec/features/sign_in/remember_device_default_spec.rb @@ -8,8 +8,8 @@ user = create(:user, :fully_registered) sign_in_user(user) - expect(page). - to have_checked_field t('forms.messages.remember_device') + expect(page) + .to have_checked_field t('forms.messages.remember_device') end end context 'when signing in from an SP when the SP is AAL2' do diff --git a/spec/features/sign_in/setup_piv_cac_after_sign_in_spec.rb b/spec/features/sign_in/setup_piv_cac_after_sign_in_spec.rb index 146b5441230..ee2d82a983d 100644 --- a/spec/features/sign_in/setup_piv_cac_after_sign_in_spec.rb +++ b/spec/features/sign_in/setup_piv_cac_after_sign_in_spec.rb @@ -53,8 +53,8 @@ http://localhost:7654 https://example.com STR - expect(page.response_headers['Content-Security-Policy']). - to(include(expected_form_action)) + expect(page.response_headers['Content-Security-Policy']) + .to(include(expected_form_action)) end scenario 'user opts to add piv/cac card and has to reauthenticate on remembered device' do diff --git a/spec/features/sign_in/two_factor_options_spec.rb b/spec/features/sign_in/two_factor_options_spec.rb index 3650b4c9ea2..08e88a5bcfd 100644 --- a/spec/features/sign_in/two_factor_options_spec.rb +++ b/spec/features/sign_in/two_factor_options_spec.rb @@ -17,16 +17,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') end end @@ -37,16 +37,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') end end @@ -57,16 +57,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') end end @@ -80,16 +80,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') end end @@ -103,16 +103,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') end end @@ -123,16 +123,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to have_content t('two_factor_authentication.login_options.personal_key') - expect(page). - to have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to have_content t('two_factor_authentication.login_options.personal_key') + expect(page) + .to have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -143,16 +143,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to have_content t('two_factor_authentication.login_options.personal_key') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to have_content t('two_factor_authentication.login_options.personal_key') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -163,16 +163,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -183,16 +183,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -203,16 +203,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_content t('two_factor_authentication.login_options.sms') - expect(page). - to_not have_content t('two_factor_authentication.login_options.voice') - expect(page). - to have_content t('two_factor_authentication.login_options.personal_key') - expect(page). - to have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to have_content t('two_factor_authentication.login_options.personal_key') + expect(page) + .to have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -223,16 +223,16 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to have_content t('two_factor_authentication.login_options.piv_cac') end end @@ -245,22 +245,22 @@ click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') - expect(page). - to have_content t('two_factor_authentication.login_options.voice') - expect(page). - to_not have_content t('two_factor_authentication.login_options.backup_code') - expect(page). - to_not have_content t('two_factor_authentication.login_options.auth_app') - expect(page). - to_not have_content t('two_factor_authentication.login_options.piv_cac') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.voice') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.backup_code') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.auth_app') + expect(page) + .to_not have_content t('two_factor_authentication.login_options.piv_cac') # Passing "visible: false" since the option would be hidden if JavaScript is disabled. Rather # than use ChromeDriver, the purpose of this spec is to ensure that it is rendered as a single # option by the server, so we're not as concerned about whether it's visible. - expect(page). - to have_selector('#two_factor_options_form_selection_webauthn', count: 1, visible: false) + expect(page) + .to have_selector('#two_factor_options_form_selection_webauthn', count: 1, visible: false) end end @@ -276,16 +276,16 @@ click_link t('two_factor_authentication.login_options_link_text') expect(page).to have_selector("#two_factor_options_form_selection_sms_#{first_id}", count: 1) - expect(page). - to have_selector("#two_factor_options_form_selection_sms_#{second_id}", count: 1) + expect(page) + .to have_selector("#two_factor_options_form_selection_sms_#{second_id}", count: 1) expect(page).to_not have_content('+1 202-555-1212') expect(page).to_not have_content('+1 202-555-1213') expect(page).to have_content('(***) ***-1212') expect(page).to have_content('(***) ***-1213') - expect(page). - to have_selector("#two_factor_options_form_selection_voice_#{first_id}", count: 1) - expect(page). - to have_selector("#two_factor_options_form_selection_voice_#{second_id}", count: 1) + expect(page) + .to have_selector("#two_factor_options_form_selection_voice_#{first_id}", count: 1) + expect(page) + .to have_selector("#two_factor_options_form_selection_voice_#{second_id}", count: 1) expect(page).to have_selector('#two_factor_options_form_selection_personal_key', count: 0) expect(page).to have_selector('#two_factor_options_form_selection_backup_code', count: 0) expect(page).to have_selector('#two_factor_options_form_selection_auth_app', count: 0) diff --git a/spec/features/sp_cost_tracking_spec.rb b/spec/features/sp_cost_tracking_spec.rb index 9526068ac37..feb8f84eac2 100644 --- a/spec/features/sp_cost_tracking_spec.rb +++ b/spec/features/sp_cost_tracking_spec.rb @@ -13,8 +13,8 @@ let(:password) { Features::SessionHelper::VALID_PASSWORD } before do - allow(IdentityConfig.store).to receive(:allowed_verified_within_providers). - and_return([issuer]) + allow(IdentityConfig.store).to receive(:allowed_verified_within_providers) + .and_return([issuer]) end it 'logs the correct costs for an ial2 user creation from sp with oidc', js: true do diff --git a/spec/features/two_factor_authentication/change_factor_spec.rb b/spec/features/two_factor_authentication/change_factor_spec.rb index 1d49e668fcd..f6905accfbf 100644 --- a/spec/features/two_factor_authentication/change_factor_spec.rb +++ b/spec/features/two_factor_authentication/change_factor_spec.rb @@ -48,8 +48,8 @@ }, ).once - expect(current_path). - to eq login_two_factor_path(otp_delivery_preference: 'sms') + expect(current_path) + .to eq login_two_factor_path(otp_delivery_preference: 'sms') end end diff --git a/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb b/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb index 054231a779a..aa751bc08b8 100644 --- a/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb +++ b/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb @@ -21,8 +21,8 @@ click_continue - expect(page). - to have_content t('headings.add_info.phone') + expect(page) + .to have_content t('headings.add_info.phone') expect(page).to have_current_path phone_setup_path @@ -53,8 +53,8 @@ click_continue - expect(page). - to have_content t('headings.add_info.phone') + expect(page) + .to have_content t('headings.add_info.phone') expect(page).to have_current_path phone_setup_path @@ -126,8 +126,8 @@ click_continue - expect(page). - to have_content t('headings.add_info.phone') + expect(page) + .to have_content t('headings.add_info.phone') click_continue @@ -191,9 +191,9 @@ context 'with platform authenticator as the first mfa' do it 'does not allow the user to skip selecting second mfa' do - allow(IdentityConfig.store). - to receive(:show_unsupported_passkey_platform_authentication_setup). - and_return(true) + allow(IdentityConfig.store) + .to receive(:show_unsupported_passkey_platform_authentication_setup) + .and_return(true) mock_webauthn_setup_challenge user = sign_up_and_set_password user.password = Features::SessionHelper::VALID_PASSWORD @@ -265,9 +265,9 @@ describe 'adding a phone as a second mfa' do it 'at setup, phone as second MFA show a cancel link that returns to mfa setup' do - allow(IdentityConfig.store). - to receive(:show_unsupported_passkey_platform_authentication_setup). - and_return(true) + allow(IdentityConfig.store) + .to receive(:show_unsupported_passkey_platform_authentication_setup) + .and_return(true) sign_up_and_set_password mock_webauthn_setup_challenge @@ -294,21 +294,21 @@ context 'User with phishing resistant service provider' do it 'should show phishing option first then all mfa options for second mfa' do - allow(IdentityConfig.store). - to receive(:show_unsupported_passkey_platform_authentication_setup). - and_return(true) + allow(IdentityConfig.store) + .to receive(:show_unsupported_passkey_platform_authentication_setup) + .and_return(true) visit_idp_from_ial1_oidc_sp_requesting_phishing_resistant(prompt: 'select_account') sign_up_and_set_password mock_webauthn_setup_challenge - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.webauthn')) - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.piv_cac')) - expect(page). - to_not have_content(t('two_factor_authentication.two_factor_choice_options.auth_app')) - expect(page). - to_not have_content(t('two_factor_authentication.two_factor_choice_options.phone')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.webauthn')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.piv_cac')) + expect(page) + .to_not have_content(t('two_factor_authentication.two_factor_choice_options.auth_app')) + expect(page) + .to_not have_content(t('two_factor_authentication.two_factor_choice_options.phone')) select_2fa_option('webauthn_platform', visible: :all) click_continue @@ -316,14 +316,14 @@ mock_press_button_on_hardware_key_on_setup click_link t('mfa.add') - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.webauthn')) - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.piv_cac')) - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.auth_app')) - expect(page). - to have_content(t('two_factor_authentication.two_factor_choice_options.phone')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.webauthn')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.piv_cac')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.auth_app')) + expect(page) + .to have_content(t('two_factor_authentication.two_factor_choice_options.phone')) end end diff --git a/spec/features/two_factor_authentication/sign_in_spec.rb b/spec/features/two_factor_authentication/sign_in_spec.rb index 437b5b54985..932eb1380d3 100644 --- a/spec/features/two_factor_authentication/sign_in_spec.rb +++ b/spec/features/two_factor_authentication/sign_in_spec.rb @@ -13,8 +13,8 @@ click_continue - expect(page). - to have_content t('headings.add_info.phone') + expect(page) + .to have_content t('headings.add_info.phone') send_one_time_code_without_entering_phone_number @@ -66,12 +66,12 @@ before do PhoneNumberOptOut.create_or_find_with_phone(phone_configuration.phone) opt_out_manager = instance_double('Telephony::Pinpoint::OptOutManager') - allow(opt_out_manager). - to receive(:opt_in_phone_number). - with(phone_configuration.formatted_phone). - and_return(FormResponse.new(success: true)) - allow_any_instance_of(TwoFactorAuthentication::SmsOptInController). - to receive(:opt_out_manager).and_return(opt_out_manager) + allow(opt_out_manager) + .to receive(:opt_in_phone_number) + .with(phone_configuration.formatted_phone) + .and_return(FormResponse.new(success: true)) + allow_any_instance_of(TwoFactorAuthentication::SmsOptInController) + .to receive(:opt_out_manager).and_return(opt_out_manager) end scenario 'renders the sms opt-out error screen when signing in' do @@ -286,8 +286,8 @@ def submit_2fa_setup_form_with_valid_phone sign_in_before_2fa(user) expect(current_path).to eq login_two_factor_path(otp_delivery_preference: 'sms') - expect(page). - to have_content t('two_factor_authentication.header_text') + expect(page) + .to have_content t('two_factor_authentication.header_text') attempt_to_bypass_2fa @@ -429,8 +429,8 @@ def attempt_to_bypass_2fa it 'does not change their OTP delivery preference' do allow(OtpRateLimiter).to receive(:new).and_return(otp_rate_limiter) - allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?). - and_return(false) + allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?) + .and_return(false) sign_in_user(user) @@ -575,8 +575,8 @@ def attempt_to_bypass_2fa let(:max_attempts) { 2 } let(:user) { create(:user, :fully_registered) } before do - allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts). - and_return(max_attempts) + allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts) + .and_return(max_attempts) end def wrong_phone_otp diff --git a/spec/features/users/password_recovery_via_recovery_code_spec.rb b/spec/features/users/password_recovery_via_recovery_code_spec.rb index 9af1df8b475..d22c78b04bf 100644 --- a/spec/features/users/password_recovery_via_recovery_code_spec.rb +++ b/spec/features/users/password_recovery_via_recovery_code_spec.rb @@ -69,8 +69,8 @@ reset_password_and_sign_back_in(user, new_password) click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_selector("label[for='two_factor_options_form_selection_personal_key']") + expect(page) + .to_not have_selector("label[for='two_factor_options_form_selection_personal_key']") end context 'account recovery alternative paths' do diff --git a/spec/features/users/piv_cac_management_spec.rb b/spec/features/users/piv_cac_management_spec.rb index 15bc6a225d8..8397f36686f 100644 --- a/spec/features/users/piv_cac_management_spec.rb +++ b/spec/features/users/piv_cac_management_spec.rb @@ -15,8 +15,8 @@ visit account_two_factor_authentication_path click_link t('account.index.piv_cac_add'), href: setup_piv_cac_url - expect(page.response_headers['Content-Security-Policy'].split(';').map(&:strip)). - to(include("form-action https://*.pivcac.test.example.com 'self'")) + expect(page.response_headers['Content-Security-Policy'].split(';').map(&:strip)) + .to(include("form-action https://*.pivcac.test.example.com 'self'")) fill_in t('instructions.mfa.piv_cac.step_1'), with: 'Card' click_on t('forms.piv_cac_setup.submit') diff --git a/spec/features/users/regenerate_personal_key_spec.rb b/spec/features/users/regenerate_personal_key_spec.rb index 822f7f1a452..e9087371979 100644 --- a/spec/features/users/regenerate_personal_key_spec.rb +++ b/spec/features/users/regenerate_personal_key_spec.rb @@ -13,8 +13,8 @@ sign_in_and_2fa_user(user) old_digest = user.encrypted_recovery_code_digest - expect(Telephony).to receive(:send_personal_key_regeneration_notice). - with(to: user.phone_configurations.first.phone, country_code: 'US') + expect(Telephony).to receive(:send_personal_key_regeneration_notice) + .with(to: user.phone_configurations.first.phone, country_code: 'US') visit account_two_factor_authentication_path click_on(t('account.links.regenerate_personal_key'), match: :prefer_exact) diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb index 297a23f5efe..41a2f2d91a9 100644 --- a/spec/features/users/sign_in_spec.rb +++ b/spec/features/users/sign_in_spec.rb @@ -29,8 +29,8 @@ signin('test@example.com', 'Please123!') link_url = new_user_password_url - expect(page). - to have_link t('devise.failure.not_found_in_database_link_text', href: link_url) + expect(page) + .to have_link t('devise.failure.not_found_in_database_link_text', href: link_url) end scenario 'user is suspended, gets show please call page after 2fa' do @@ -189,8 +189,8 @@ before :each do allow(IdentityConfig.store).to receive(:session_check_frequency).and_return(1) allow(IdentityConfig.store).to receive(:session_check_delay).and_return(0) - allow(IdentityConfig.store).to receive(:session_timeout_warning_seconds). - and_return(Devise.timeout_in) + allow(IdentityConfig.store).to receive(:session_timeout_warning_seconds) + .and_return(Devise.timeout_in) sign_in_and_2fa_user visit forget_all_browsers_path @@ -239,8 +239,8 @@ it 'displays the session timeout warning with partially signed in copy' do allow(IdentityConfig.store).to receive(:session_check_frequency).and_return(1) allow(IdentityConfig.store).to receive(:session_check_delay).and_return(0) - allow(IdentityConfig.store).to receive(:session_timeout_warning_seconds). - and_return(Devise.timeout_in) + allow(IdentityConfig.store).to receive(:session_timeout_warning_seconds) + .and_return(Devise.timeout_in) user = create(:user, :fully_registered) sign_in_user(user) @@ -410,8 +410,8 @@ rotate_attribute_encryption_key_with_invalid_queue - expect { signin(email, password) }. - to raise_error Encryption::EncryptionError, 'unable to decrypt attribute with any key' + expect { signin(email, password) } + .to raise_error Encryption::EncryptionError, 'unable to decrypt attribute with any key' user = user.reload expect(user.confirmed_email_addresses.first.encrypted_email).to eq encrypted_email @@ -449,8 +449,8 @@ link_url = new_user_password_url - expect(page). - to have_link t('devise.failure.invalid_link_text', href: link_url) + expect(page) + .to have_link t('devise.failure.invalid_link_text', href: link_url) expect(current_path).to eq root_path end end @@ -495,8 +495,8 @@ it 'redirects to sign in page with flash message' do user = create(:user, :fully_registered) visit new_user_session_path(request_id: '123') - allow_any_instance_of(Users::SessionsController). - to receive(:create).and_raise(ActionController::InvalidAuthenticityToken) + allow_any_instance_of(Users::SessionsController) + .to receive(:create).and_raise(ActionController::InvalidAuthenticityToken) fill_in_credentials_and_submit(user.email, user.password) @@ -518,8 +518,8 @@ expect(Telephony::Test::Call.calls.length).to eq(0) expect(Telephony::Test::Message.messages.length).to eq(1) - expect(page). - to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) + expect(page) + .to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) expect(page).to have_content t( 'two_factor_authentication.otp_delivery_preference.voice_unsupported', location: 'Australia', @@ -536,8 +536,8 @@ expect(Telephony::Test::Call.calls.length).to eq(0) expect(Telephony::Test::Message.messages.length).to eq(0) - expect(page). - to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) + expect(page) + .to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) expect(page).to have_content t( 'two_factor_authentication.otp_delivery_preference.voice_unsupported', location: 'Algeria', @@ -561,8 +561,8 @@ expect(Telephony::Test::Call.calls.length).to eq(0) expect(Telephony::Test::Message.messages.length).to eq(1) - expect(page). - to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) + expect(page) + .to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) expect(page).to have_content t( 'two_factor_authentication.otp_delivery_preference.voice_unsupported', location: unsupported_country_name, @@ -584,8 +584,8 @@ expect(Telephony::Test::Call.calls.length).to eq(0) expect(Telephony::Test::Message.messages.length).to eq(1) - expect(page). - to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) + expect(page) + .to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) expect(page).to have_content t( 'two_factor_authentication.otp_delivery_preference.voice_unsupported', location: unsupported_country_name, @@ -607,8 +607,8 @@ expect(Telephony::Test::Call.calls.length).to eq(0) expect(Telephony::Test::Message.messages.length).to eq(1) - expect(page). - to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) + expect(page) + .to have_current_path(login_two_factor_path(otp_delivery_preference: 'sms')) expect(page).to have_content t( 'two_factor_authentication.otp_delivery_preference.voice_unsupported', location: unsupported_country_name, @@ -885,8 +885,8 @@ before do allow(FeatureManagement).to receive(:sign_in_recaptcha_enabled?).and_return(true) allow(IdentityConfig.store).to receive(:recaptcha_mock_validator).and_return(true) - allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only). - and_return(sign_in_recaptcha_log_failures_only) + allow(IdentityConfig.store).to receive(:sign_in_recaptcha_log_failures_only) + .and_return(sign_in_recaptcha_log_failures_only) allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold).and_return(0.2) allow(IdentityConfig.store).to receive(:sign_in_recaptcha_percent_tested).and_return(100) reload_ab_tests @@ -919,8 +919,8 @@ context 'user is chosen to check if password compromised' do before do allow(SecureRandom).to receive(:random_number).and_return(5) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(2) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(2) end it 'should bring user to manage password page with warning' do visit_idp_from_sp_with_ial1(:oidc) @@ -953,8 +953,8 @@ context 'user is not chosen to check if password compromised' do before do allow(SecureRandom).to receive(:random_number).and_return(2) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(5) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(5) end it 'should continue without issue' do visit new_user_session_path @@ -972,8 +972,8 @@ context 'user is chosen to check if password compromised' do before do allow(SecureRandom).to receive(:random_number).and_return(5) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(2) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(2) end it 'should bring user to account page and set password compromised attr' do visit new_user_session_path @@ -990,8 +990,8 @@ context 'user is not chosen to check if password compromised' do before do allow(SecureRandom).to receive(:random_number).and_return(2) - allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold). - and_return(5) + allow(IdentityConfig.store).to receive(:compromised_password_randomizer_threshold) + .and_return(5) end it 'should continue without issue and does not set password compromised attr' do visit new_user_session_path diff --git a/spec/features/users/sign_up_spec.rb b/spec/features/users/sign_up_spec.rb index 7dad8caa392..5667891a4fc 100644 --- a/spec/features/users/sign_up_spec.rb +++ b/spec/features/users/sign_up_spec.rb @@ -252,8 +252,8 @@ def clipboard_text expect(page).to have_current_path(root_path) action = t('devise.confirmations.sign_in') - expect(page). - to have_content t('devise.confirmations.already_confirmed', action: action) + expect(page) + .to have_content t('devise.confirmations.already_confirmed', action: action) end end @@ -263,8 +263,8 @@ def clipboard_text expect(page).to have_current_path(sign_up_register_path) - expect(page). - to have_content t('errors.messages.confirmation_invalid_token') + expect(page) + .to have_content t('errors.messages.confirmation_invalid_token') end end @@ -322,8 +322,8 @@ def clipboard_text sign_in_user(user) visit authenticator_setup_path - expect(page). - to have_current_path login_two_factor_path(otp_delivery_preference: 'sms') + expect(page) + .to have_current_path login_two_factor_path(otp_delivery_preference: 'sms') end it 'prompts to sign in when accessing authenticator_setup_path before signing in' do diff --git a/spec/features/users/totp_management_spec.rb b/spec/features/users/totp_management_spec.rb index aabca5c1c97..8eb78e84398 100644 --- a/spec/features/users/totp_management_spec.rb +++ b/spec/features/users/totp_management_spec.rb @@ -187,8 +187,8 @@ expect(page).to have_current_path(account_two_factor_authentication_path) expect(user.auth_app_configurations.count).to eq(2) - expect(page). - to_not have_link(t('account.index.auth_app_add'), href: authenticator_setup_url) + expect(page) + .to_not have_link(t('account.index.auth_app_add'), href: authenticator_setup_url) end end end diff --git a/spec/features/users/user_edit_spec.rb b/spec/features/users/user_edit_spec.rb index f59179ed579..e84d3a8aaf0 100644 --- a/spec/features/users/user_edit_spec.rb +++ b/spec/features/users/user_edit_spec.rb @@ -16,8 +16,8 @@ click_button 'Update' expect(page).to have_css '.usa-alert', text: 'Please review the problems below:' - expect(page). - to have_content t( + expect(page) + .to have_content t( 'errors.attributes.password.too_short.other', count: Devise.password_length.first, ) diff --git a/spec/features/users/user_profile_spec.rb b/spec/features/users/user_profile_spec.rb index 32399dede83..5340eead14e 100644 --- a/spec/features/users/user_profile_spec.rb +++ b/spec/features/users/user_profile_spec.rb @@ -237,8 +237,8 @@ expect(page).to have_button(t('account.re_verify.footer')) expect(page).to_not have_content(parsed_date) click_button t('account.re_verify.footer') - expect(page). - to have_content t('two_factor_authentication.login_options.sms') + expect(page) + .to have_content t('two_factor_authentication.login_options.sms') click_button t('forms.buttons.continue') fill_in_code_with_last_phone_otp click_submit_default diff --git a/spec/features/visitors/email_confirmation_spec.rb b/spec/features/visitors/email_confirmation_spec.rb index 299234123c6..5cc1857ea22 100644 --- a/spec/features/visitors/email_confirmation_spec.rb +++ b/spec/features/visitors/email_confirmation_spec.rb @@ -46,14 +46,14 @@ it 'sends the user the confirmation email again' do email = 'test@example.com' - expect { sign_up_with(email) }. - to change { ActionMailer::Base.deliveries.count }.by(1) + expect { sign_up_with(email) } + .to change { ActionMailer::Base.deliveries.count }.by(1) expect(last_email.html_part.body).to have_content( t('user_mailer.email_confirmation_instructions.subject'), ) - expect { sign_up_with(email) }. - to change { ActionMailer::Base.deliveries.count }.by(1) + expect { sign_up_with(email) } + .to change { ActionMailer::Base.deliveries.count }.by(1) expect(last_email.html_part.body).to have_content( t('user_mailer.email_confirmation_instructions.subject'), ) @@ -64,8 +64,8 @@ it 'sends the confirmation email again' do sign_up_with('test@example.com') - expect { click_on t('notices.signed_up_but_unconfirmed.resend_confirmation_email') }. - to change { ActionMailer::Base.deliveries.count }.by(1) + expect { click_on t('notices.signed_up_but_unconfirmed.resend_confirmation_email') } + .to change { ActionMailer::Base.deliveries.count }.by(1) expect(last_email.html_part.body).to have_content( t('user_mailer.email_confirmation_instructions.subject'), diff --git a/spec/features/visitors/password_recovery_spec.rb b/spec/features/visitors/password_recovery_spec.rb index dfc4c00878a..8f223c34bd7 100644 --- a/spec/features/visitors/password_recovery_spec.rb +++ b/spec/features/visitors/password_recovery_spec.rb @@ -14,8 +14,8 @@ click_link t('links.passwords.forgot') fill_in t('account.index.email'), with: user.email - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryActivatedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryActivatedEvent.new(user: user)) click_button t('forms.buttons.continue') @@ -222,8 +222,8 @@ fill_in t('components.password_confirmation.confirm_label'), with: '1234' click_button t('forms.passwords.edit.buttons.submit') - expect(page). - to have_content t( + expect(page) + .to have_content t( 'errors.attributes.password.too_short.other', count: Devise.password_length.first ) end diff --git a/spec/features/visitors/sign_up_with_email_spec.rb b/spec/features/visitors/sign_up_with_email_spec.rb index 409b324821f..7633a1aecc6 100644 --- a/spec/features/visitors/sign_up_with_email_spec.rb +++ b/spec/features/visitors/sign_up_with_email_spec.rb @@ -43,8 +43,8 @@ scenario 'sends email saying someone tried to sign up with their email address' do user = create(:user) - expect { sign_up_with(user.email) }. - to change { ActionMailer::Base.deliveries.count }.by(1) + expect { sign_up_with(user.email) } + .to change { ActionMailer::Base.deliveries.count }.by(1) expect(last_email.html_part.body).to have_content( t('user_mailer.signup_with_your_email.intro_html', app_name_html: APP_NAME), @@ -72,8 +72,8 @@ sign_up_with(email) starting_count = unread_emails_for(email).size - remaining_attempts = IdentityConfig.store. - reg_unconfirmed_email_max_attempts - 1 - starting_count + remaining_attempts = IdentityConfig.store + .reg_unconfirmed_email_max_attempts - 1 - starting_count 1.upto(remaining_attempts) do |i| sign_up_with(email) diff --git a/spec/features/webauthn/hidden_spec.rb b/spec/features/webauthn/hidden_spec.rb index 0c0ea800316..9af74c27f11 100644 --- a/spec/features/webauthn/hidden_spec.rb +++ b/spec/features/webauthn/hidden_spec.rb @@ -62,8 +62,8 @@ context 'when in ab test for desktop setup' do before do - allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested). - and_return(100) + allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested) + .and_return(100) reload_ab_tests end @@ -77,8 +77,8 @@ context 'when A/B test is disabled' do before do - allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested). - and_return(0) + allow(IdentityConfig.store).to receive(:desktop_ft_unlock_setup_option_percent_tested) + .and_return(0) reload_ab_tests end diff --git a/spec/forms/backup_code_verification_form_spec.rb b/spec/forms/backup_code_verification_form_spec.rb index fca3a992ce3..b23a295bd2b 100644 --- a/spec/forms/backup_code_verification_form_spec.rb +++ b/spec/forms/backup_code_verification_form_spec.rb @@ -27,10 +27,10 @@ end it 'marks code as used' do - expect { subject }. - to change { backup_code_config.reload.used_at }. - from(nil). - to kind_of(Time) + expect { subject } + .to change { backup_code_config.reload.used_at } + .from(nil) + .to kind_of(Time) end end diff --git a/spec/forms/delete_user_email_form_spec.rb b/spec/forms/delete_user_email_form_spec.rb index 8bc089fa4b6..2cd97c40545 100644 --- a/spec/forms/delete_user_email_form_spec.rb +++ b/spec/forms/delete_user_email_form_spec.rb @@ -43,18 +43,18 @@ end it 'notifies subscribers that the identifier was recycled and the email changed' do - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::IdentifierRecycledEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::IdentifierRecycledEvent.new( user: user, email: email_address.email, )).ordered - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::EmailChangedEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::EmailChangedEvent.new( user: user, email: email_address.email, )).ordered - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::RecoveryInformationChangedEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::RecoveryInformationChangedEvent.new( user: user, )).ordered diff --git a/spec/forms/edit_phone_form_spec.rb b/spec/forms/edit_phone_form_spec.rb index fec67501fde..944fa79d7c0 100644 --- a/spec/forms/edit_phone_form_spec.rb +++ b/spec/forms/edit_phone_form_spec.rb @@ -25,8 +25,8 @@ result = subject.submit(params) expect(result.success?).to eq(false) - expect(result.errors[:delivery_preference].first). - to eq 'is not included in the list' + expect(result.errors[:delivery_preference].first) + .to eq 'is not included in the list' end end @@ -62,8 +62,8 @@ result = subject.submit(params) expect(result.success?).to eq(false) - expect(result.errors[:delivery_preference].first). - to eq 'is not included in the list' + expect(result.errors[:delivery_preference].first) + .to eq 'is not included in the list' end end diff --git a/spec/forms/gpo_verify_form_spec.rb b/spec/forms/gpo_verify_form_spec.rb index 6c50506aaa2..d8ade881b3f 100644 --- a/spec/forms/gpo_verify_form_spec.rb +++ b/spec/forms/gpo_verify_form_spec.rb @@ -97,10 +97,10 @@ let(:minimum_wait_before_another_usps_letter_in_hours) { 0 } before do - allow(IdentityConfig.store).to receive(:usps_confirmation_max_days). - and_return(expiration_days) - allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours). - and_return(minimum_wait_before_another_usps_letter_in_hours) + allow(IdentityConfig.store).to receive(:usps_confirmation_max_days) + .and_return(expiration_days) + allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours) + .and_return(minimum_wait_before_another_usps_letter_in_hours) end it 'is invalid' do @@ -332,8 +332,8 @@ ) end it 'sends the correct information for scheduling an in person enrollment' do - expect(UspsInPersonProofing::EnrollmentHelper).to receive(:schedule_in_person_enrollment). - with(user: anything, pii: anything, is_enhanced_ipp: is_enhanced_ipp) + expect(UspsInPersonProofing::EnrollmentHelper).to receive(:schedule_in_person_enrollment) + .with(user: anything, pii: anything, is_enhanced_ipp: is_enhanced_ipp) subject.submit(is_enhanced_ipp) end diff --git a/spec/forms/idv/api_image_upload_form_spec.rb b/spec/forms/idv/api_image_upload_form_spec.rb index 422527d7b89..8c74bbb742c 100644 --- a/spec/forms/idv/api_image_upload_form_spec.rb +++ b/spec/forms/idv/api_image_upload_form_spec.rb @@ -110,8 +110,8 @@ { width: 40, height: 40, mimeType: 'image/png', source: 'acuant' } end before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). - and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(false) end context 'id images are uploaded' do @@ -330,10 +330,10 @@ context 'when acuant a/b test is enabled' do before do - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_percent). - and_return(50) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:idv_acuant_sdk_upgrade_a_b_testing_percent) + .and_return(50) end it 'returns the expected response' do @@ -541,8 +541,8 @@ expect(capture_result.failed_selfie_image_fingerprints.length).to eq(1) response = form.submit expect(response.errors).to have_key(:selfie) - expect(response.errors). - to have_value([I18n.t('doc_auth.errors.doc.resubmit_failed_image')]) + expect(response.errors) + .to have_value([I18n.t('doc_auth.errors.doc.resubmit_failed_image')]) end end end @@ -617,8 +617,8 @@ response = form.submit expect(response.errors).to have_key(:front) expect(response.errors).to have_key(:back) - expect(response.errors). - to have_value([I18n.t('doc_auth.errors.doc.resubmit_failed_image')]) + expect(response.errors) + .to have_value([I18n.t('doc_auth.errors.doc.resubmit_failed_image')]) expect(fake_analytics).to have_logged_event( 'IdV: failed doc image resubmitted', submit_attempts: 1, @@ -645,10 +645,10 @@ let(:images_cropped) { false } before do - expect_any_instance_of(DocAuth::Mock::DocAuthMockClient). - to receive(:post_images). - with(hash_including(image_source: image_source, images_cropped: images_cropped)). - and_call_original + expect_any_instance_of(DocAuth::Mock::DocAuthMockClient) + .to receive(:post_images) + .with(hash_including(image_source: image_source, images_cropped: images_cropped)) + .and_call_original end context 'manual uploads' do diff --git a/spec/forms/idv/doc_pii_form_spec.rb b/spec/forms/idv/doc_pii_form_spec.rb index 41aa4c5581c..f4ceee1be8a 100644 --- a/spec/forms/idv/doc_pii_form_spec.rb +++ b/spec/forms/idv/doc_pii_form_spec.rb @@ -210,8 +210,8 @@ expect(result).to be_kind_of(FormResponse) expect(result.success?).to eq(false) - expect(result.errors.keys). - to contain_exactly( + expect(result.errors.keys) + .to contain_exactly( :name, :dob, :zipcode, diff --git a/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb b/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb index 53b719da32d..23466747747 100644 --- a/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb +++ b/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb @@ -17,8 +17,8 @@ let(:max_attempts) { 2 } before do - allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts). - and_return(max_attempts) + allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts) + .and_return(max_attempts) end describe '#submit' do diff --git a/spec/forms/idv/phone_form_spec.rb b/spec/forms/idv/phone_form_spec.rb index 46d89945415..2a2e925e7dd 100644 --- a/spec/forms/idv/phone_form_spec.rb +++ b/spec/forms/idv/phone_form_spec.rb @@ -247,8 +247,8 @@ let(:result) { subject.submit(params) } before do - allow(subject).to receive(:unsupported_delivery_methods). - and_return(unsupported_delivery_methods) + allow(subject).to receive(:unsupported_delivery_methods) + .and_return(unsupported_delivery_methods) end context 'with one unsupported delivery method' do diff --git a/spec/forms/idv/ssn_format_form_spec.rb b/spec/forms/idv/ssn_format_form_spec.rb index da76c8c2686..64de7f33b9f 100644 --- a/spec/forms/idv/ssn_format_form_spec.rb +++ b/spec/forms/idv/ssn_format_form_spec.rb @@ -41,8 +41,8 @@ context 'when the form has invalid attributes' do it 'raises an error' do - expect { subject.submit(ssn: '111111111', foo: 1) }. - to raise_error(ArgumentError, 'foo is an invalid ssn attribute') + expect { subject.submit(ssn: '111111111', foo: 1) } + .to raise_error(ArgumentError, 'foo is an invalid ssn attribute') end end end diff --git a/spec/forms/idv/state_id_form_spec.rb b/spec/forms/idv/state_id_form_spec.rb index 86e28bbdea2..66e97ce16cc 100644 --- a/spec/forms/idv/state_id_form_spec.rb +++ b/spec/forms/idv/state_id_form_spec.rb @@ -35,7 +35,7 @@ identity_doc_address_state: Faker::Address.state_abbr, same_address_as_id: same_address_as_id, state_id_jurisdiction: 'AL', - state_id_number: Faker::IDNumber.valid, + state_id_number: Faker::IdNumber.valid, } end let(:dob_min_age_name_error_params) do @@ -50,7 +50,7 @@ identity_doc_address_state: Faker::Address.state_abbr, same_address_as_id: same_address_as_id, state_id_jurisdiction: 'AL', - state_id_number: Faker::IDNumber.valid, + state_id_number: Faker::IdNumber.valid, } end let(:invalid_char) { '1' } @@ -66,7 +66,7 @@ identity_doc_address_state: Faker::Address.state_abbr, same_address_as_id: same_address_as_id, state_id_jurisdiction: 'AL', - state_id_number: Faker::IDNumber.valid, + state_id_number: Faker::IdNumber.valid, } end let(:pii) { nil } diff --git a/spec/forms/new_phone_form_spec.rb b/spec/forms/new_phone_form_spec.rb index e6aa25f0c3a..02da25ab5c4 100644 --- a/spec/forms/new_phone_form_spec.rb +++ b/spec/forms/new_phone_form_spec.rb @@ -116,8 +116,8 @@ result = subject.submit(params) expect(result.success?).to eq(false) - expect(result.errors[:otp_delivery_preference].first). - to eq 'is not included in the list' + expect(result.errors[:otp_delivery_preference].first) + .to eq 'is not included in the list' end end @@ -134,8 +134,8 @@ result = subject.submit(params) expect(result.success?).to eq(false) - expect(result.errors[:otp_delivery_preference].first). - to eq 'is not included in the list' + expect(result.errors[:otp_delivery_preference].first) + .to eq 'is not included in the list' end end @@ -213,8 +213,8 @@ before do allow(IdentityConfig.store).to receive(:phone_service_check).and_return(true) - expect(Telephony).to receive(:phone_info).with(phone). - and_raise(Aws::Pinpoint::Errors::BadRequestException.new(nil, nil)) + expect(Telephony).to receive(:phone_info).with(phone) + .and_raise(Aws::Pinpoint::Errors::BadRequestException.new(nil, nil)) end it 'is invalid and does not raise' do @@ -258,8 +258,8 @@ context 'when AWS rate limits info type checks' do before do - expect(Telephony).to receive(:phone_info). - and_raise(Aws::Pinpoint::Errors::TooManyRequestsException.new(nil, 'error message')) + expect(Telephony).to receive(:phone_info) + .and_raise(Aws::Pinpoint::Errors::TooManyRequestsException.new(nil, 'error message')) end it 'logs a warning and fails open' do @@ -298,8 +298,8 @@ context 'blocklisted carrier numbers' do before do - allow(IdentityConfig.store).to receive(:phone_carrier_registration_blocklist_array). - and_return(['Blocked Phone Carrier']) + allow(IdentityConfig.store).to receive(:phone_carrier_registration_blocklist_array) + .and_return(['Blocked Phone Carrier']) end context 'when phone number carrier is in blocklist' do @@ -350,8 +350,8 @@ before do allow(IdentityConfig.store).to receive(:recaptcha_mock_validator).and_return(true) - allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold). - and_return(score_threshold) + allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold) + .and_return(score_threshold) end it 'assigns recaptcha_assessment_id value' do @@ -391,8 +391,8 @@ before do allow(FeatureManagement).to receive(:phone_recaptcha_enabled?).and_return(true) - allow(recaptcha_form).to receive(:submit).with(recaptcha_token). - and_return([recaptcha_form_response, recaptcha_assessment_id]) + allow(recaptcha_form).to receive(:submit).with(recaptcha_token) + .and_return([recaptcha_form_response, recaptcha_assessment_id]) allow(recaptcha_form).to receive(:errors).and_return(errors) allow(form).to receive(:recaptcha_form).and_return(recaptcha_form) end @@ -406,10 +406,10 @@ end it 'assigns recaptcha_assessment_id value' do - expect { result }. - to change { form.recaptcha_assessment_id }. - from(nil). - to(recaptcha_assessment_id) + expect { result } + .to change { form.recaptcha_assessment_id } + .from(nil) + .to(recaptcha_assessment_id) end context 'with recaptcha enterprise' do diff --git a/spec/forms/openid_connect_authorize_form_spec.rb b/spec/forms/openid_connect_authorize_form_spec.rb index fe1598234dc..ccdfa5f3b7f 100644 --- a/spec/forms/openid_connect_authorize_form_spec.rb +++ b/spec/forms/openid_connect_authorize_form_spec.rb @@ -54,6 +54,7 @@ code_digest: nil, code_challenge_present: false, service_provider_pkce: nil, + integration_errors: nil, ) end end @@ -79,6 +80,13 @@ code_digest: nil, code_challenge_present: false, service_provider_pkce: nil, + integration_errors: { + error_details: ['Response type is not included in the list'], + error_types: [:response_type], + event: :oidc_request_authorization, + integration_exists: true, + request_issuer: client_id, + }, ) end end @@ -88,8 +96,8 @@ let(:redirect_uri) { 'https://wrongurl.com' } it 'has errors and does not redirect to the bad redirect_uri' do - expect(result.errors[:redirect_uri]). - to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) + expect(result.errors[:redirect_uri]) + .to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) expect(result.extra[:redirect_uri]).to be_nil end @@ -107,8 +115,8 @@ it 'is invalid' do expect(form.vtr).to be_nil expect(form.valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_valid_acr_values')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_valid_acr_values')) expect(form.errors[:vtr]).to be_empty end end @@ -150,8 +158,8 @@ it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:vtr]). - to include(t('openid_connect.authorization.errors.no_valid_vtr')) + expect(form.errors[:vtr]) + .to include(t('openid_connect.authorization.errors.no_valid_vtr')) end end @@ -160,8 +168,8 @@ let(:vtr) { nil } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_valid_acr_values')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_valid_acr_values')) end end @@ -171,8 +179,8 @@ it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_auth')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_auth')) end end @@ -182,8 +190,8 @@ let(:client_id) { 'urn:gov:gsa:openidconnect:test:loa1' } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_auth')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_auth')) end end @@ -193,8 +201,8 @@ it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_valid_acr_values')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_valid_acr_values')) end context 'with a known IAL value' do @@ -218,8 +226,8 @@ context 'with a service provider not in the allow list' do it 'has errors' do expect(valid?).to eq false - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_auth')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_auth')) end end @@ -249,8 +257,8 @@ it 'fails with a not authorized error' do expect(form).not_to be_valid - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.no_auth')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.no_auth')) end end @@ -282,8 +290,8 @@ let(:vtr) { nil } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:acr_values]). - to include(t('openid_connect.authorization.errors.missing_ial')) + expect(form.errors[:acr_values]) + .to include(t('openid_connect.authorization.errors.missing_ial')) end end @@ -291,8 +299,8 @@ let(:client_id) { 'not_a_real_client_id' } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:client_id]). - to include(t('openid_connect.authorization.errors.bad_client_id')) + expect(form.errors[:client_id]) + .to include(t('openid_connect.authorization.errors.bad_client_id')) end end @@ -346,8 +354,8 @@ let(:scope) { 'foo bar baz' } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:scope]). - to include(t('openid_connect.authorization.errors.no_valid_scope')) + expect(form.errors[:scope]) + .to include(t('openid_connect.authorization.errors.no_valid_scope')) end end @@ -357,8 +365,8 @@ it 'has errors' do allow(IdentityConfig.store).to receive(:unauthorized_scope_enabled).and_return(true) expect(valid?).to eq(false) - expect(form.errors[:scope]). - to include(t('openid_connect.authorization.errors.unauthorized_scope')) + expect(form.errors[:scope]) + .to include(t('openid_connect.authorization.errors.unauthorized_scope')) end end @@ -388,8 +396,8 @@ it 'has errors' do allow(IdentityConfig.store).to receive(:unauthorized_scope_enabled).and_return(true) expect(valid?).to eq(false) - expect(form.errors[:scope]). - to include(t('openid_connect.authorization.errors.unauthorized_scope')) + expect(form.errors[:scope]) + .to include(t('openid_connect.authorization.errors.unauthorized_scope')) end end @@ -403,8 +411,8 @@ let(:redirect_uri) { ':aaaa' } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:redirect_uri]). - to include(t('openid_connect.authorization.errors.redirect_uri_invalid')) + expect(form.errors[:redirect_uri]) + .to include(t('openid_connect.authorization.errors.redirect_uri_invalid')) end end @@ -412,8 +420,8 @@ let(:redirect_uri) { 'http://localhost:3000/test' } it 'has errors' do expect(valid?).to eq(false) - expect(form.errors[:redirect_uri]). - to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) + expect(form.errors[:redirect_uri]) + .to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) end end @@ -621,8 +629,8 @@ context 'the issuer is allowed to use verified_within' do before do - allow(IdentityConfig.store).to receive(:allowed_verified_within_providers). - and_return([client_id]) + allow(IdentityConfig.store).to receive(:allowed_verified_within_providers) + .and_return([client_id]) end context 'without a verified_within' do @@ -639,8 +647,8 @@ it 'has errors' do expect(form.valid?).to eq(false) - expect(form.errors[:verified_within]). - to eq(['value must be at least 30 days or older']) + expect(form.errors[:verified_within]) + .to eq(['value must be at least 30 days or older']) end end @@ -665,8 +673,8 @@ context 'the issuer is not allowed to use verified_within' do before do - allow(IdentityConfig.store).to receive(:allowed_verified_within_providers). - and_return([]) + allow(IdentityConfig.store).to receive(:allowed_verified_within_providers) + .and_return([]) end context 'without a verified_within' do @@ -759,8 +767,8 @@ it 'returns a redirect URI with the code from the identity session_uuid' do identity = user.identities.where(service_provider: client_id).first - expect(form.success_redirect_uri). - to eq "#{redirect_uri}?code=#{identity.session_uuid}&state=#{state}" + expect(form.success_redirect_uri) + .to eq "#{redirect_uri}?code=#{identity.session_uuid}&state=#{state}" end it 'logs a hash of the code in the analytics params' do diff --git a/spec/forms/openid_connect_logout_form_spec.rb b/spec/forms/openid_connect_logout_form_spec.rb index aac5a1433eb..9d9a601ecdd 100644 --- a/spec/forms/openid_connect_logout_form_spec.rb +++ b/spec/forms/openid_connect_logout_form_spec.rb @@ -45,8 +45,8 @@ let(:current_user) { nil } before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(false) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(false) end describe '#submit' do @@ -144,20 +144,49 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:id_token_hint]). - to include(t('openid_connect.logout.errors.id_token_hint')) + expect(form.errors[:id_token_hint]) + .to include(t('openid_connect.logout.errors.id_token_hint')) + end + end + + context 'with a valid payload that was signed with the secondary OIDC key' do + let(:id_token_hint) do + JWT.encode( + { sub: identity.uuid, aud: identity.service_provider }, + AppArtifacts.store.oidc_secondary_private_key, 'RS256' + ) + end + + it 'is valid' do + expect(valid?).to eq(true) + end + end + + context 'with a payload that was signed with an invalid key' do + let(:id_token_hint) do + JWT.encode( + { sub: identity.uuid, aud: identity.service_provider }, + OpenSSL::PKey::RSA.new(2048), 'RS256' + ) + end + + it 'is invalid' do + expect(valid?).to eq(false) end end context 'with a payload that does not correspond to an identity' do let(:id_token_hint) do - JWT.encode({ sub: '123', aud: '456' }, AppArtifacts.store.oidc_private_key, 'RS256') + JWT.encode( + { sub: '123', aud: '456' }, + AppArtifacts.store.oidc_primary_private_key, 'RS256' + ) end it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:id_token_hint]). - to include(t('openid_connect.logout.errors.id_token_hint')) + expect(form.errors[:id_token_hint]) + .to include(t('openid_connect.logout.errors.id_token_hint')) end end @@ -192,8 +221,8 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:redirect_uri]). - to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) + expect(form.errors[:redirect_uri]) + .to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) end end end @@ -205,8 +234,8 @@ let(:current_user) { nil } before do - allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout). - and_return(true) + allow(IdentityConfig.store).to receive(:reject_id_token_hint_in_logout) + .and_return(true) end describe '#submit' do @@ -292,8 +321,8 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:id_token_hint]). - to include(t('openid_connect.logout.errors.id_token_hint_present')) + expect(form.errors[:id_token_hint]) + .to include(t('openid_connect.logout.errors.id_token_hint_present')) end end end @@ -313,8 +342,8 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:redirect_uri]). - to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) + expect(form.errors[:redirect_uri]) + .to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) end end @@ -323,14 +352,14 @@ it 'does not include error about redirect_uri' do expect(valid?).to eq(false) - expect(form.errors[:redirect_uri]). - not_to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) + expect(form.errors[:redirect_uri]) + .not_to include(t('openid_connect.authorization.errors.redirect_uri_no_match')) end it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:client_id]). - to include(t('openid_connect.logout.errors.client_id_missing')) + expect(form.errors[:client_id]) + .to include(t('openid_connect.logout.errors.client_id_missing')) end end end diff --git a/spec/forms/openid_connect_token_form_spec.rb b/spec/forms/openid_connect_token_form_spec.rb index e9b8403418c..b79c08aedbf 100644 --- a/spec/forms/openid_connect_token_form_spec.rb +++ b/spec/forms/openid_connect_token_form_spec.rb @@ -46,13 +46,13 @@ let(:client_private_key) do OpenSSL::PKey::RSA.new(Rails.root.join('keys', 'saml_test_sp.key').read) end - let(:server_public_key) { AppArtifacts.store.oidc_public_key } + let(:server_public_key) { Rails.application.config.oidc_public_key } let(:user) { create(:user) } let!(:identity) do - IdentityLinker.new(user, service_provider). - link_identity( + IdentityLinker.new(user, service_provider) + .link_identity( nonce: nonce, rails_session_id: SecureRandom.hex, ial: 1, @@ -138,8 +138,8 @@ it 'is false, and has errors if the sp is set for pkce only mode' do allow_any_instance_of(ServiceProvider).to receive(:pkce).and_return(true) expect(valid?).to eq(false) - expect(form.errors[:code]). - to include(t('openid_connect.token.errors.invalid_authentication')) + expect(form.errors[:code]) + .to include(t('openid_connect.token.errors.invalid_authentication')) end context 'with a trailing slash in the audience url' do @@ -215,8 +215,8 @@ it 'is invalid' do expect(valid?).to eq(false) - expect(form.errors[:client_assertion]). - to include("Invalid issuer. Expected [\"#{client_id}\"], received wrong") + expect(form.errors[:client_assertion]) + .to include("Invalid issuer. Expected [\"#{client_id}\"], received wrong") end end @@ -225,8 +225,8 @@ it 'is invalid' do expect(valid?).to eq(false) - expect(form.errors[:client_assertion]). - to include("Invalid subject. Expected #{client_id}, received wrong") + expect(form.errors[:client_assertion]) + .to include("Invalid subject. Expected #{client_id}, received wrong") end end @@ -276,8 +276,8 @@ it 'is has an error' do expect(valid?).to eq(false) - expect(form.errors[:client_assertion]). - to include(t('openid_connect.token.errors.invalid_signature')) + expect(form.errors[:client_assertion]) + .to include(t('openid_connect.token.errors.invalid_signature')) end end @@ -314,8 +314,8 @@ it 'is false, and has errors if the sp is set for jwt only mode' do allow_any_instance_of(ServiceProvider).to receive(:pkce).and_return(false) expect(valid?).to eq(false) - expect(form.errors[:code]). - to include(t('openid_connect.token.errors.invalid_authentication')) + expect(form.errors[:code]) + .to include(t('openid_connect.token.errors.invalid_authentication')) end end @@ -325,8 +325,8 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:code_verifier]). - to include(t('openid_connect.token.errors.invalid_code_verifier')) + expect(form.errors[:code_verifier]) + .to include(t('openid_connect.token.errors.invalid_code_verifier')) end end @@ -336,8 +336,8 @@ it 'is not valid' do expect(valid?).to eq(false) - expect(form.errors[:code_verifier]). - to include(t('openid_connect.token.errors.invalid_code_verifier')) + expect(form.errors[:code_verifier]) + .to include(t('openid_connect.token.errors.invalid_code_verifier')) end end @@ -362,8 +362,8 @@ it 'is invalid' do expect(valid?).to eq(false) - expect(form.errors[:code]). - to include(t('openid_connect.token.errors.invalid_authentication')) + expect(form.errors[:code]) + .to include(t('openid_connect.token.errors.invalid_authentication')) end end end @@ -382,11 +382,12 @@ code_verifier_present: false, service_provider_pkce: nil, ial: 1, + integration_errors: nil, ) end end - context 'with invalid params' do + context 'with invalid code' do let(:code) { nil } it 'returns FormResponse with success: false' do @@ -402,6 +403,33 @@ ) end end + + context 'with the wrong grant_type ' do + let(:grant_type) { 'wrong' } + + it 'returns FormResponse with success: false and int error' do + submission = form.submit + + expect(submission.to_h).to include( + success: false, + errors: form.errors.messages, + error_details: hash_including(:grant_type), + client_id: client_id, + user_id: user.uuid, + code_digest: Digest::SHA256.hexdigest(code), + code_verifier_present: false, + service_provider_pkce: nil, + ial: 1, + integration_errors: { + error_details: ['Grant type is not included in the list'], + error_types: [:grant_type], + event: :oidc_token_request, + integration_exists: true, + request_issuer: client_id, + }, + ) + end + end end describe '#response' do diff --git a/spec/forms/password_form_spec.rb b/spec/forms/password_form_spec.rb index 74e76e5bffe..c4ea0483c4e 100644 --- a/spec/forms/password_form_spec.rb +++ b/spec/forms/password_form_spec.rb @@ -86,8 +86,8 @@ it 'returns false' do expect(result.success?).to eq false - expect(result.errors[:password_confirmation]). - to include(t('errors.messages.password_mismatch')) + expect(result.errors[:password_confirmation]) + .to include(t('errors.messages.password_mismatch')) end end diff --git a/spec/forms/phone_recaptcha_form_spec.rb b/spec/forms/phone_recaptcha_form_spec.rb index 6ab1d72f91b..332f99650b7 100644 --- a/spec/forms/phone_recaptcha_form_spec.rb +++ b/spec/forms/phone_recaptcha_form_spec.rb @@ -7,10 +7,10 @@ let(:analytics) { FakeAnalytics.new } subject(:form) { described_class.new(parsed_phone:, analytics:) } before do - allow(IdentityConfig.store).to receive(:phone_recaptcha_country_score_overrides). - and_return(country_score_overrides_config) - allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold). - and_return(score_threshold_config) + allow(IdentityConfig.store).to receive(:phone_recaptcha_country_score_overrides) + .and_return(country_score_overrides_config) + allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold) + .and_return(score_threshold_config) end it 'passes instance variables to form' do @@ -18,16 +18,16 @@ RecaptchaForm, submit: FormResponse.new(success: true), ) - expect(RecaptchaForm).to receive(:new). - with( + expect(RecaptchaForm).to receive(:new) + .with( score_threshold: score_threshold_config, analytics:, recaptcha_action: described_class::RECAPTCHA_ACTION, extra_analytics_properties: { phone_country_code: parsed_phone.country, }, - ). - and_return(recaptcha_form) + ) + .and_return(recaptcha_form) form.submit('token') end diff --git a/spec/forms/recaptcha_enterprise_form_spec.rb b/spec/forms/recaptcha_enterprise_form_spec.rb index 6a133b14570..f6c0f805c7c 100644 --- a/spec/forms/recaptcha_enterprise_form_spec.rb +++ b/spec/forms/recaptcha_enterprise_form_spec.rb @@ -27,12 +27,12 @@ end before do - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id). - and_return(recaptcha_enterprise_project_id) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key). - and_return(recaptcha_enterprise_api_key) - allow(IdentityConfig.store).to receive(:recaptcha_site_key). - and_return(recaptcha_site_key) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id) + .and_return(recaptcha_enterprise_project_id) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key) + .and_return(recaptcha_enterprise_api_key) + allow(IdentityConfig.store).to receive(:recaptcha_site_key) + .and_return(recaptcha_site_key) end describe '#exempt?' do @@ -390,8 +390,8 @@ end end - context 'with extra analytics properties', allowed_extra_analytics: [:extra] do - let(:extra_analytics_properties) { { extra: true } } + context 'with extra analytics properties' do + let(:extra_analytics_properties) { { phone_country_code: true } } it 'logs analytics of the body' do result @@ -409,7 +409,7 @@ score_threshold: score_threshold, form_class: 'RecaptchaEnterpriseForm', recaptcha_action:, - extra: true, + phone_country_code: true, ) end end @@ -425,10 +425,10 @@ end def stub_recaptcha_response(body:, action:, site_key: recaptcha_site_key, token: nil) - stub_request(:post, assessment_url). - with do |req| + stub_request(:post, assessment_url) + .with do |req| req.body == { event: { token:, siteKey: site_key, expectedAction: action } }.to_json - end. - to_return(headers: { 'Content-Type': 'application/json' }, body: body.to_json) + end + .to_return(headers: { 'Content-Type': 'application/json' }, body: body.to_json) end end diff --git a/spec/forms/recaptcha_form_spec.rb b/spec/forms/recaptcha_form_spec.rb index 63bf1096e7d..468abf900de 100644 --- a/spec/forms/recaptcha_form_spec.rb +++ b/spec/forms/recaptcha_form_spec.rb @@ -12,8 +12,8 @@ end before do - allow(IdentityConfig.store).to receive(:recaptcha_secret_key). - and_return(recaptcha_secret_key) + allow(IdentityConfig.store).to receive(:recaptcha_secret_key) + .and_return(recaptcha_secret_key) end describe '#exempt?' do @@ -309,8 +309,8 @@ ) end - context 'with extra analytics properties', allowed_extra_analytics: [:extra] do - let(:extra_analytics_properties) { { extra: true } } + context 'with extra analytics properties' do + let(:extra_analytics_properties) { { phone_country_code: true } } it 'logs analytics of the body' do result @@ -328,7 +328,7 @@ score_threshold: score_threshold, form_class: 'RecaptchaForm', recaptcha_action:, - extra: true, + phone_country_code: true, ) end end @@ -344,8 +344,8 @@ end def stub_recaptcha_response(body:, secret: recaptcha_secret_key, token: nil) - stub_request(:post, RecaptchaForm::VERIFICATION_ENDPOINT). - with { |req| req.body == URI.encode_www_form(secret:, response: token) }. - to_return(headers: { 'Content-Type': 'application/json' }, body: body.to_json) + stub_request(:post, RecaptchaForm::VERIFICATION_ENDPOINT) + .with { |req| req.body == URI.encode_www_form(secret:, response: token) } + .to_return(headers: { 'Content-Type': 'application/json' }, body: body.to_json) end end diff --git a/spec/forms/register_user_email_form_spec.rb b/spec/forms/register_user_email_form_spec.rb index bb9d4a6b72b..d1aead02e72 100644 --- a/spec/forms/register_user_email_form_spec.rb +++ b/spec/forms/register_user_email_form_spec.rb @@ -160,9 +160,9 @@ it 'sends confirmation instructions to existing user' do expect(send_sign_up_email_confirmation).to receive(:call) - expect(SendSignUpEmailConfirmation).to receive(:new). - with(existing_user). - and_return(send_sign_up_email_confirmation) + expect(SendSignUpEmailConfirmation).to receive(:new) + .with(existing_user) + .and_return(send_sign_up_email_confirmation) result = subject.submit(params).to_h @@ -195,8 +195,8 @@ it 'creates rate_limiter events after reaching rate_limiter limit' do 1.upto(rate_limit) do |i| - RegisterUserEmailForm.new(analytics:). - submit( + RegisterUserEmailForm.new(analytics:) + .submit( email: "taken+#{i}@gmail.com", terms_accepted: '1', ) end @@ -216,8 +216,8 @@ send_sign_up_email_confirmation = instance_double(SendSignUpEmailConfirmation) expect(send_sign_up_email_confirmation).to receive(:call) - expect(SendSignUpEmailConfirmation).to receive(:new). - and_return(send_sign_up_email_confirmation) + expect(SendSignUpEmailConfirmation).to receive(:new) + .and_return(send_sign_up_email_confirmation) result = subject.submit(email: email_address.email, terms_accepted: '1') uuid = result.extra[:user_id] @@ -265,8 +265,8 @@ it 'creates rate_limiter events after reaching rate_limiter limit' do 1.upto(rate_limit) do |i| - RegisterUserEmailForm.new(analytics:). - submit(params.merge(email: "taken+#{i}@gmail.com")) + RegisterUserEmailForm.new(analytics:) + .submit(params.merge(email: "taken+#{i}@gmail.com")) end expect(analytics).to have_logged_event( diff --git a/spec/forms/security_event_form_spec.rb b/spec/forms/security_event_form_spec.rb index 4056c01d4d0..b4f96a5a7b3 100644 --- a/spec/forms/security_event_form_spec.rb +++ b/spec/forms/security_event_form_spec.rb @@ -73,8 +73,8 @@ context 'reset_password_on_auth_fraud_event is enabled' do before do allow(IdentityConfig.store).to( - receive(:reset_password_on_auth_fraud_event). - and_return(true), + receive(:reset_password_on_auth_fraud_event) + .and_return(true), ) end @@ -86,8 +86,8 @@ context 'reset_password_on_auth_fraud_event is disabled' do before do allow(IdentityConfig.store).to( - receive(:reset_password_on_auth_fraud_event). - and_return(false), + receive(:reset_password_on_auth_fraud_event) + .and_return(false), ) end @@ -97,8 +97,8 @@ end it 'creates a password_invalidated event' do - expect { submit }. - to(change { user.events.password_invalidated.size }.from(0).to(1)) + expect { submit } + .to(change { user.events.password_invalidated.size }.from(0).to(1)) end end @@ -211,7 +211,7 @@ context 'when signed with a different key than registered to the SP' do let(:rp_private_key) do - OpenSSL::PKey::RSA.new(AppArtifacts.store.oidc_private_key) + AppArtifacts.store.oidc_primary_private_key end it 'is invalid' do @@ -246,8 +246,8 @@ it 'is invalid' do expect(valid?).to eq(false) expect(form.error_code).to eq('jwtAud') - expect(form.errors[:aud]). - to include("invalid aud claim, expected #{api_risc_security_events_url}") + expect(form.errors[:aud]) + .to include("invalid aud claim, expected #{api_risc_security_events_url}") end end end diff --git a/spec/forms/select_email_form_spec.rb b/spec/forms/select_email_form_spec.rb index 539fd7ef340..9775d56ed8c 100644 --- a/spec/forms/select_email_form_spec.rb +++ b/spec/forms/select_email_form_spec.rb @@ -21,9 +21,9 @@ let(:identity) { create(:service_provider_identity, :consented, user:) } it 'updates linked email address' do - expect { response }.to change { identity.reload.email_address_id }. - from(nil). - to(selected_email_id) + expect { response }.to change { identity.reload.email_address_id } + .from(nil) + .to(selected_email_id) end end end diff --git a/spec/forms/sign_in_recaptcha_form_spec.rb b/spec/forms/sign_in_recaptcha_form_spec.rb index 6887ab3b187..428c3cc7593 100644 --- a/spec/forms/sign_in_recaptcha_form_spec.rb +++ b/spec/forms/sign_in_recaptcha_form_spec.rb @@ -21,8 +21,8 @@ ) end before do - allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold). - and_return(score_threshold_config) + allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold) + .and_return(score_threshold_config) end it 'passes instance variables to form' do @@ -30,14 +30,14 @@ RecaptchaMockForm, submit: FormResponse.new(success: true), ) - expect(RecaptchaMockForm).to receive(:new). - with( + expect(RecaptchaMockForm).to receive(:new) + .with( score_threshold: score_threshold_config, score:, analytics:, recaptcha_action: described_class::RECAPTCHA_ACTION, - ). - and_return(recaptcha_form) + ) + .and_return(recaptcha_form) form.submit(recaptcha_token:) end diff --git a/spec/forms/totp_setup_form_spec.rb b/spec/forms/totp_setup_form_spec.rb index 6e2dcd7ac8f..4f8670ebef7 100644 --- a/spec/forms/totp_setup_form_spec.rb +++ b/spec/forms/totp_setup_form_spec.rb @@ -26,8 +26,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) form = TotpSetupForm.new(user, secret, code, name) form.submit diff --git a/spec/forms/update_user_password_form_spec.rb b/spec/forms/update_user_password_form_spec.rb index d9a01f90637..8a44793b200 100644 --- a/spec/forms/update_user_password_form_spec.rb +++ b/spec/forms/update_user_password_form_spec.rb @@ -81,8 +81,8 @@ it 'encrypts the active profile' do encryptor = instance_double(UserProfilesEncryptor) - allow(UserProfilesEncryptor).to receive(:new). - with(user: user, user_session: user_session, password: password).and_return(encryptor) + allow(UserProfilesEncryptor).to receive(:new) + .with(user: user, user_session: user_session, password: password).and_return(encryptor) allow(encryptor).to receive(:encrypt) subject.submit(params) @@ -111,8 +111,8 @@ it 'encrypts the pending profile' do encryptor = instance_double(UserProfilesEncryptor) - allow(UserProfilesEncryptor).to receive(:new). - with(user: user, user_session: user_session, password: password).and_return(encryptor) + allow(UserProfilesEncryptor).to receive(:new) + .with(user: user, user_session: user_session, password: password).and_return(encryptor) allow(encryptor).to receive(:encrypt) subject.submit(params) diff --git a/spec/forms/user_piv_cac_setup_form_spec.rb b/spec/forms/user_piv_cac_setup_form_spec.rb index 41130f6ef03..7e391df4166 100644 --- a/spec/forms/user_piv_cac_setup_form_spec.rb +++ b/spec/forms/user_piv_cac_setup_form_spec.rb @@ -28,8 +28,8 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: 'foo' } - expect(FormResponse).to receive(:new). - with(success: true, errors: {}, extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: true, errors: {}, extra: extra).and_return(result) expect(form.submit).to eq result user.reload expect(TwoFactorAuthentication::PivCacPolicy.new(user).enabled?).to eq true @@ -37,8 +37,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) form.submit end @@ -50,8 +50,8 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: 'foo' } - expect(FormResponse).to receive(:new). - with(success: true, errors: {}, extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: true, errors: {}, extra: extra).and_return(result) expect(form.submit).to eq result expect(TwoFactorAuthentication::PivCacPolicy.new(user.reload).enabled?).to eq true end @@ -65,9 +65,9 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: 'foo' } - expect(FormResponse).to receive(:new). - with(success: false, errors: { type: 'piv_cac.already_associated' }, - extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: false, errors: { type: 'piv_cac.already_associated' }, + extra: extra).and_return(result) expect(form.submit).to eq result expect(TwoFactorAuthentication::PivCacPolicy.new(user.reload).enabled?).to eq false expect(form.error_type).to eq 'piv_cac.already_associated' @@ -85,8 +85,8 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: 'foo' } - expect(FormResponse).to receive(:new). - with(success: false, errors: { type: 'token.bad' }, extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: false, errors: { type: 'token.bad' }, extra: extra).and_return(result) expect(form.submit).to eq result expect(TwoFactorAuthentication::PivCacPolicy.new(user.reload).enabled?).to eq false expect(form.error_type).to eq 'token.bad' @@ -104,8 +104,8 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: 'foo' } - expect(FormResponse).to receive(:new). - with(success: false, errors: { type: 'token.invalid' }, extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: false, errors: { type: 'token.invalid' }, extra: extra).and_return(result) expect(form.submit).to eq result expect(form.error_type).to eq 'token.invalid' end @@ -118,8 +118,8 @@ result = instance_double(FormResponse) extra = { multi_factor_auth_method: 'piv_cac', key_id: nil } - expect(FormResponse).to receive(:new). - with(success: false, errors: {}, extra: extra).and_return(result) + expect(FormResponse).to receive(:new) + .with(success: false, errors: {}, extra: extra).and_return(result) expect(form.submit).to eq result expect(TwoFactorAuthentication::PivCacPolicy.new(user.reload).enabled?).to eq false end diff --git a/spec/forms/webauthn_setup_form_spec.rb b/spec/forms/webauthn_setup_form_spec.rb index f2cc7fee99b..f9d9227b5f1 100644 --- a/spec/forms/webauthn_setup_form_spec.rb +++ b/spec/forms/webauthn_setup_form_spec.rb @@ -55,13 +55,13 @@ user.reload expect(user.webauthn_configurations.roaming_authenticators.count).to eq(1) - expect(user.webauthn_configurations.roaming_authenticators.first.transports). - to eq(['usb']) + expect(user.webauthn_configurations.roaming_authenticators.first.transports) + .to eq(['usb']) end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) subject.submit(params) end @@ -220,8 +220,8 @@ context 'when the attestation response raises an error' do before do - allow(WebAuthn::AttestationStatement). - to receive(:from).and_raise(WebAuthn::AuthenticatorDataFormatError) + allow(WebAuthn::AttestationStatement) + .to receive(:from).and_raise(WebAuthn::AuthenticatorDataFormatError) end it 'returns false with an error when the attestation response raises an error' do @@ -300,8 +300,8 @@ expect(user.webauthn_configurations.platform_authenticators.count).to eq(2) expect( user.webauthn_configurations.platform_authenticators[1].name, - ). - to eq("#{device_name} (1)") + ) + .to eq("#{device_name} (1)") expect(result.to_h[:success]).to eq(true) end end @@ -325,8 +325,8 @@ expect(result.success?).to eq(true) expect(user.webauthn_configurations.platform_authenticators.count).to eq(3) - expect(user.webauthn_configurations.platform_authenticators.last.name). - to eq("#{device_name} (2)") + expect(user.webauthn_configurations.platform_authenticators.last.name) + .to eq("#{device_name} (2)") end end end diff --git a/spec/forms/webauthn_verification_form_spec.rb b/spec/forms/webauthn_verification_form_spec.rb index 5bbeca9a9d2..31ece588fdb 100644 --- a/spec/forms/webauthn_verification_form_spec.rb +++ b/spec/forms/webauthn_verification_form_spec.rb @@ -310,8 +310,8 @@ context 'when verification raises OpenSSL exception' do before do - allow_any_instance_of(WebAuthn::AuthenticatorAssertionResponse).to receive(:verify). - and_raise(OpenSSL::PKey::PKeyError) + allow_any_instance_of(WebAuthn::AuthenticatorAssertionResponse).to receive(:verify) + .and_raise(OpenSSL::PKey::PKeyError) end it 'returns unsucessful result' do diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 317cf5536c8..493d9ee694f 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -21,8 +21,8 @@ let(:raise_on_missing_title) { nil } before do - allow(IdentityConfig.store).to receive(:raise_on_missing_title). - and_return(raise_on_missing_title) + allow(IdentityConfig.store).to receive(:raise_on_missing_title) + .and_return(raise_on_missing_title) end context 'configured not to raise on missing title' do diff --git a/spec/helpers/locale_helper_spec.rb b/spec/helpers/locale_helper_spec.rb index 356aa61e928..b4ab33faee7 100644 --- a/spec/helpers/locale_helper_spec.rb +++ b/spec/helpers/locale_helper_spec.rb @@ -73,8 +73,8 @@ end it 'warns about a bad email_language' do - expect(Rails.logger).to receive(:warn). - with("user_id=#{user.uuid} has bad email_language=#{user.email_language}") + expect(Rails.logger).to receive(:warn) + .with("user_id=#{user.uuid} has bad email_language=#{user.email_language}") subject end diff --git a/spec/helpers/script_helper_spec.rb b/spec/helpers/script_helper_spec.rb index a13e12aa403..432550d65af 100644 --- a/spec/helpers/script_helper_spec.rb +++ b/spec/helpers/script_helper_spec.rb @@ -20,15 +20,15 @@ before do javascript_packs_tag_once('application') javascript_packs_tag_once('document-capture', 'document-capture') - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('application').and_return(['/application.js']) - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('document-capture').and_return(['/document-capture.js']) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('application').and_return(['/application.js']) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('document-capture').and_return(['/document-capture.js']) allow(Rails.application.config.asset_sources).to receive(:get_assets).with( 'application', 'document-capture', - ). - and_return(['clock.svg', 'sprite.svg']) + ) + .and_return(['clock.svg', 'sprite.svg']) end it 'prints asset paths sources' do @@ -91,9 +91,9 @@ context 'with script integrity available' do before do allow(Rails.application.config.asset_sources).to receive(:get_integrity).and_return(nil) - allow(Rails.application.config.asset_sources).to receive(:get_integrity). - with('/application.js'). - and_return('sha256-aztp/wpATyjXXpigZtP8ZP/9mUCHDMaL7OKFRbmnUIazQ9ehNmg4CD5Ljzym/TyA') + allow(Rails.application.config.asset_sources).to receive(:get_integrity) + .with('/application.js') + .and_return('sha256-aztp/wpATyjXXpigZtP8ZP/9mUCHDMaL7OKFRbmnUIazQ9ehNmg4CD5Ljzym/TyA') end it 'adds integrity attribute' do @@ -122,11 +122,11 @@ context 'with attributes' do before do javascript_packs_tag_once('track-errors', defer: true) - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('track-errors').and_return(['/track-errors.js']) - allow(Rails.application.config.asset_sources).to receive(:get_assets). - with('application', 'document-capture', 'track-errors'). - and_return([]) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('track-errors').and_return(['/track-errors.js']) + allow(Rails.application.config.asset_sources).to receive(:get_assets) + .with('application', 'document-capture', 'track-errors') + .and_return([]) end it 'adds attribute' do @@ -147,11 +147,11 @@ url_params: { agency: 'gsa' }, async: true, ) - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('digital-analytics-program').and_return(['/digital-analytics-program.js']) - allow(Rails.application.config.asset_sources).to receive(:get_assets). - with('application', 'document-capture', 'digital-analytics-program'). - and_return([]) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('digital-analytics-program').and_return(['/digital-analytics-program.js']) + allow(Rails.application.config.asset_sources).to receive(:get_assets) + .with('application', 'document-capture', 'digital-analytics-program') + .and_return([]) end it 'includes url parameters in script url for the pack' do @@ -205,8 +205,8 @@ context 'with named scripts argument' do before do - allow(Rails.application.config.asset_sources).to receive(:get_sources).with('application'). - and_return(['/application.js']) + allow(Rails.application.config.asset_sources).to receive(:get_sources).with('application') + .and_return(['/application.js']) end it 'enqueues those scripts before printing them' do diff --git a/spec/helpers/threat_metrix_helper_spec.rb b/spec/helpers/threat_metrix_helper_spec.rb index d0cf955a2b0..be4a52bb204 100644 --- a/spec/helpers/threat_metrix_helper_spec.rb +++ b/spec/helpers/threat_metrix_helper_spec.rb @@ -6,18 +6,18 @@ describe '#threatmetrix_javascript_urls' do let(:session_id) { '1234' } before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_org_id). - and_return('test_id') + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_org_id) + .and_return('test_id') - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('mock-device-profiling').and_return(['/mock-device-profiling.js']) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('mock-device-profiling').and_return(['/mock-device-profiling.js']) end context 'mock is enabled' do before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(true) + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(true) end it 'should return mock config source' do sources = threatmetrix_javascript_urls(session_id) @@ -26,14 +26,14 @@ end context 'mock is not enabled' do before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) end it 'should return actual url' do javascript_sources = threatmetrix_javascript_urls(session_id) - expect(javascript_sources). - to eq(['https://h.online-metrix.net/fp/tags.js?org_id=test_id&session_id=1234']) + expect(javascript_sources) + .to eq(['https://h.online-metrix.net/fp/tags.js?org_id=test_id&session_id=1234']) end end end @@ -41,36 +41,36 @@ describe '#threatmetrix_iframe_url' do let(:session_id) { '1234' } before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_org_id). - and_return('test_id') + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_org_id) + .and_return('test_id') - allow(Rails.application.config.asset_sources).to receive(:get_sources). - with('mock-device-profiling').and_return(['/mock-device-profiling.js']) + allow(Rails.application.config.asset_sources).to receive(:get_sources) + .with('mock-device-profiling').and_return(['/mock-device-profiling.js']) end context 'mock is enabled' do before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(true) + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(true) end it 'should return mock javascript config' do iframe_sources = threatmetrix_iframe_url(session_id) - expect(iframe_sources). - to eq('http://www.example.com/test/device_profiling?org_id=test_id&session_id=1234') + expect(iframe_sources) + .to eq('http://www.example.com/test/device_profiling?org_id=test_id&session_id=1234') end end context 'mock is not enabled' do before do - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) end it 'should return mock config source' do iframe_sources = threatmetrix_iframe_url(session_id) - expect(iframe_sources). - to eq('https://h.online-metrix.net/fp/tags?org_id=test_id&session_id=1234') + expect(iframe_sources) + .to eq('https://h.online-metrix.net/fp/tags?org_id=test_id&session_id=1234') end end end diff --git a/spec/i18n_spec.rb b/spec/i18n_spec.rb index 960aa40598c..3921ab7c8d3 100644 --- a/spec/i18n_spec.rb +++ b/spec/i18n_spec.rb @@ -74,7 +74,6 @@ class BaseTask { key: 'time.formats.event_timestamp', locales: %i[zh] }, { key: 'time.formats.full_date', locales: %i[es] }, # format is the same in Spanish and English { key: 'time.formats.sms_date' }, # for us date format - { key: 'user_mailer.reset_password_instructions.in_person_warning_description_html', locales: %i[es fr zh] }, # Temporary until spanish, french, and chinese translations come in. { key: 'webauthn_platform_recommended.cta' }, # English-only A/B test { key: 'webauthn_platform_recommended.description_private_html' }, # English-only A/B test { key: 'webauthn_platform_recommended.description_secure_account' }, # English-only A/B test @@ -246,9 +245,9 @@ def allowed_untranslated_key?(locale, key) # most common interpolation arguments is the correct one. We then take the keys # in the remaining groups and add them to the missing keys list. keys = - interpolation_arguments.group_by { |_k, v| v }. - sort_by { |_k, v| v.length * -1 }.drop(1). - flat_map { |x| x[1] }.to_h.keys + interpolation_arguments.group_by { |_k, v| v } + .sort_by { |_k, v| v.length * -1 }.drop(1) + .flat_map { |x| x[1] }.to_h.keys missing_interpolation_argument_locale_keys += keys end @@ -301,8 +300,8 @@ def allowed_untranslated_key?(locale, key) root_dir = File.expand_path(File.join(File.dirname(__FILE__), '../')) - ([File.join(root_dir, '/config/locales')] + Dir[File.join(root_dir, '/config/locales/**')]). - sort.each do |group_path| + ([File.join(root_dir, '/config/locales')] + Dir[File.join(root_dir, '/config/locales/**')]) + .sort.each do |group_path| i18n_group = group_path.sub("#{root_dir}/", '') describe i18n_group do @@ -411,8 +410,8 @@ def likely_html_interpolation?(str) end def extract_interpolation_arguments(translation) - translation.scan(I18n::INTERPOLATION_PATTERN). - map(&:compact).map(&:first).to_set + translation.scan(I18n::INTERPOLATION_PATTERN) + .map(&:compact).map(&:first).to_set end def flatten_hash(hash, flatten_arrays: true, parent_keys: [], out_hash: {}) diff --git a/spec/javascript/packages/device/index-spec.js b/spec/javascript/packages/device/index-spec.js index 7df25cf03dc..f03c1950fcf 100644 --- a/spec/javascript/packages/device/index-spec.js +++ b/spec/javascript/packages/device/index-spec.js @@ -4,183 +4,215 @@ import { isCameraCapableMobile, isIPad, } from '@18f/identity-device'; +import { useDefineProperty } from '@18f/identity-test-helpers'; describe('isIPad', () => { - let originalUserAgent; - let originalTouchPoints; - - beforeEach(() => { - originalUserAgent = navigator.userAgent; - originalTouchPoints = navigator.maxTouchPoints; - navigator.maxTouchPoints = 0; - Object.defineProperty(navigator, 'userAgent', { - configurable: true, - writable: true, - }); - Object.defineProperty(navigator, 'maxTouchPoints', { - writable: true, + const defineProperty = useDefineProperty(); + + context('ipad is in the user agent string (old format)', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10', + }); }); - }); - - afterEach(() => { - navigator.userAgent = originalUserAgent; - navigator.maxTouchPoints = originalTouchPoints; - }); - - it('returns true if ipad is in the user agent string (old format)', () => { - navigator.userAgent = - 'Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10'; - expect(isIPad()).to.be.true(); + it('returns true', () => { + expect(isIPad()).to.be.true(); + }); }); - it('returns false if the user agent is Macintosh but with 0 maxTouchPoints', () => { - navigator.userAgent = - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'; - - expect(isIPad()).to.be.false(); - }); + context('user agent is Macintosh', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36', + }); + }); - it('returns true if the user agent is Macintosh but with 5 maxTouchPoints', () => { - navigator.userAgent = - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'; - navigator.maxTouchPoints = 5; + context('with 0 maxTouchPoints', () => { + beforeEach(() => { + defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: + 'Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10', + }); + }); + + it('returns false', () => { + expect(isIPad()).to.be.false(); + }); + }); - expect(isIPad()).to.be.true(); + context('with 5 maxTouchPoints', () => { + beforeEach(() => { + defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: 5, + }); + }); + + it('returns true', () => { + expect(isIPad()).to.be.true(); + }); + }); }); - it('returns false for non-Apple userAgent, even with 5 macTouchPoints', () => { - navigator.userAgent = - 'Mozilla/5.0 (Linux; Android 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.58 Mobile Safari/537.36'; - navigator.maxTouchPoints = 5; + context('with non-Apple userAgent and 5 maxTouchPoints', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Linux; Android 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.58 Mobile Safari/537.36', + }); + defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: 5, + }); + }); - expect(isIPad()).to.be.false(); + it('returns false', () => { + expect(isIPad()).to.be.false(); + }); }); }); describe('isLikelyMobile', () => { - let originalUserAgent; - let originalTouchPoints; - - beforeEach(() => { - originalUserAgent = navigator.userAgent; - originalTouchPoints = navigator.maxTouchPoints; - navigator.maxTouchPoints = 0; - Object.defineProperty(navigator, 'userAgent', { - configurable: true, - writable: true, - }); - Object.defineProperty(navigator, 'maxTouchPoints', { - writable: true, + const defineProperty = useDefineProperty(); + + context('not mobile and has no touchpoints', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36', + }); + defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: 0, + }); }); - }); - - afterEach(() => { - navigator.userAgent = originalUserAgent; - navigator.maxTouchPoints = originalTouchPoints; - }); - it('returns false if not mobile and has no touchpoints', () => { - navigator.userAgent = - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'; - navigator.maxTouchPoints = 0; - - expect(isLikelyMobile()).to.be.false(); + it('returns false', () => { + expect(isLikelyMobile()).to.be.false(); + }); }); - it('returns true if there is an Apple user agent and 5 maxTouchPoints', () => { - navigator.userAgent = - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'; - navigator.maxTouchPoints = 5; + context('Apple user agent and 5 maxTouchPoints', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36', + }); + defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: 5, + }); + }); - expect(isLikelyMobile()).to.be.true(); + it('returns true', () => { + expect(isLikelyMobile()).to.be.true(); + }); }); - it('returns true if likely mobile', () => { - navigator.userAgent = - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148'; + context('with likely-mobile user agent', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148', + }); + }); - expect(isLikelyMobile()).to.be.true(); + it('returns true', () => { + expect(isLikelyMobile()).to.be.true(); + }); }); }); describe('hasMediaAccess', () => { - let originalMediaDevices; - beforeEach(() => { - originalMediaDevices = navigator.mediaDevices; - Object.defineProperty(navigator, 'mediaDevices', { - configurable: true, - writable: true, + const defineProperty = useDefineProperty(); + + context('without media device API access', () => { + beforeEach(() => { + defineProperty(navigator, 'mediaDevices', { + configurable: true, + value: undefined, + }); }); - }); - afterEach(() => { - if (originalMediaDevices === undefined) { - delete navigator.mediaDevices; - } else { - navigator.mediaDevices = originalMediaDevices; - } - }); - - it('returns false if no media device API access', () => { - delete navigator.mediaDevices; - - expect(hasMediaAccess()).to.be.false(); + it('returns false', () => { + expect(hasMediaAccess()).to.be.false(); + }); }); - it('returns true if media device API access', () => { - navigator.mediaDevices = {}; + context('with media device API access', () => { + beforeEach(() => { + defineProperty(navigator, 'mediaDevices', { + configurable: true, + value: {}, + }); + }); - expect(hasMediaAccess()).to.be.true(); + it('returns true', () => { + expect(hasMediaAccess()).to.be.true(); + }); }); }); describe('isCameraCapableMobile', () => { - let originalUserAgent; - let originalMediaDevices; - beforeEach(() => { - originalUserAgent = navigator.userAgent; - originalMediaDevices = navigator.mediaDevices; - Object.defineProperty(navigator, 'userAgent', { - configurable: true, - writable: true, - }); - Object.defineProperty(navigator, 'mediaDevices', { - configurable: true, - writable: true, + const defineProperty = useDefineProperty(); + + context('not mobile', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36', + }); }); - }); - - afterEach(() => { - navigator.userAgent = originalUserAgent; - if (originalMediaDevices === undefined) { - delete navigator.mediaDevices; - } else { - navigator.mediaDevices = originalMediaDevices; - } - }); - it('returns false if not mobile', () => { - navigator.userAgent = - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'; - navigator.mediaDevices = {}; - - expect(isCameraCapableMobile()).to.be.false(); + it('returns false', () => { + expect(isCameraCapableMobile()).to.be.false(); + }); }); - it('returns false if no media device API access', () => { - navigator.userAgent = - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148'; - delete navigator.mediaDevices; - - expect(isCameraCapableMobile()).to.be.false(); - }); + context('likely mobile', () => { + beforeEach(() => { + defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148', + }); + }); - it('returns true if likely mobile and media device API access', () => { - navigator.userAgent = - 'Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148'; - navigator.mediaDevices = {}; + context('without media device API access', () => { + beforeEach(() => { + defineProperty(navigator, 'mediaDevices', { + configurable: true, + value: undefined, + }); + }); + + it('returns false', () => { + expect(isCameraCapableMobile()).to.be.false(); + }); + }); - expect(isCameraCapableMobile()).to.be.true(); + context('with media device API access', () => { + beforeEach(() => { + defineProperty(navigator, 'mediaDevices', { + configurable: true, + value: {}, + }); + }); + + it('returns true', () => { + expect(isCameraCapableMobile()).to.be.true(); + }); + }); }); }); diff --git a/spec/javascript/spec_helper.js b/spec/javascript/spec_helper.js index 71c90d0d1e1..1cd0d9e71bb 100644 --- a/spec/javascript/spec_helper.js +++ b/spec/javascript/spec_helper.js @@ -20,6 +20,7 @@ global.expect = chai.expect; const dom = createDOM(); global.jsdom = dom; global.window = dom.window; +Object.assign(global.navigator, dom.window.navigator); const windowGlobals = Object.fromEntries( Object.getOwnPropertyNames(window) .filter((key) => !(key in global)) diff --git a/spec/jobs/account_creation_threat_metrix_job_spec.rb b/spec/jobs/account_creation_threat_metrix_job_spec.rb index 091df7d8fda..deb21ec8696 100644 --- a/spec/jobs/account_creation_threat_metrix_job_spec.rb +++ b/spec/jobs/account_creation_threat_metrix_job_spec.rb @@ -12,12 +12,12 @@ let(:job_analytics) { FakeAnalytics.new } before do - allow(IdentityConfig.store).to receive(:account_creation_device_profiling). - and_return(authentication_device_profiling) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(lexisnexis_threatmetrix_mock_enabled) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_base_url). - and_return('https://www.example.com') + allow(IdentityConfig.store).to receive(:account_creation_device_profiling) + .and_return(authentication_device_profiling) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(lexisnexis_threatmetrix_mock_enabled) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_base_url) + .and_return('https://www.example.com') allow(instance).to receive(:analytics).and_return(job_analytics) end diff --git a/spec/jobs/data_warehouse/daily_sensitive_column_report_spec.rb b/spec/jobs/data_warehouse/daily_sensitive_column_report_spec.rb index 5c81de89a0b..8ee01850e74 100644 --- a/spec/jobs/data_warehouse/daily_sensitive_column_report_spec.rb +++ b/spec/jobs/data_warehouse/daily_sensitive_column_report_spec.rb @@ -66,8 +66,8 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_idp_dw_tasks). - and_return(s3_idp_dw_tasks) + allow(IdentityConfig.store).to receive(:s3_idp_dw_tasks) + .and_return(s3_idp_dw_tasks) Aws.config[:s3] = { stub_responses: { diff --git a/spec/jobs/data_warehouse/table_summary_stats_export_job_spec.rb b/spec/jobs/data_warehouse/table_summary_stats_export_job_spec.rb index 980f93ce836..da6f88bf8f6 100644 --- a/spec/jobs/data_warehouse/table_summary_stats_export_job_spec.rb +++ b/spec/jobs/data_warehouse/table_summary_stats_export_job_spec.rb @@ -29,10 +29,10 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_data_warehouse_bucket_prefix). - and_return(s3_data_warehouse_bucket_prefix) - allow(IdentityConfig.store).to receive(:data_warehouse_enabled). - and_return(data_warehouse_enabled) + allow(IdentityConfig.store).to receive(:s3_data_warehouse_bucket_prefix) + .and_return(s3_data_warehouse_bucket_prefix) + allow(IdentityConfig.store).to receive(:data_warehouse_enabled) + .and_return(data_warehouse_enabled) Aws.config[:s3] = { stub_responses: { put_object: {}, @@ -50,8 +50,8 @@ let(:data_warehouse_enabled) { false } it 'does not perform the job' do - allow(IdentityConfig.store).to receive(:data_warehouse_enabled). - and_return(data_warehouse_enabled) + allow(IdentityConfig.store).to receive(:data_warehouse_enabled) + .and_return(data_warehouse_enabled) expect(job).not_to receive(:fetch_table_max_ids_and_counts) expect(job).not_to receive(:upload_file_to_s3_bucket) end @@ -85,8 +85,8 @@ before do allow(ActiveRecord::Base.connection).to receive(:tables).and_return(['non_id_table']) - allow(ActiveRecord::Base.connection).to receive(:columns).with('non_id_table'). - and_return([double(name: 'name')]) + allow(ActiveRecord::Base.connection).to receive(:columns).with('non_id_table') + .and_return([double(name: 'name')]) end it 'skips tables without an id column' do diff --git a/spec/jobs/fraud_rejection_daily_job_spec.rb b/spec/jobs/fraud_rejection_daily_job_spec.rb index 52bfbd1daa9..4c87e8ef5b8 100644 --- a/spec/jobs/fraud_rejection_daily_job_spec.rb +++ b/spec/jobs/fraud_rejection_daily_job_spec.rb @@ -11,8 +11,8 @@ rejected_profiles = Profile.where.not(fraud_rejection_at: nil) - allow(job).to receive(:analytics).with(user: rejectedable_profile.user). - and_return(job_analytics) + allow(job).to receive(:analytics).with(user: rejectedable_profile.user) + .and_return(job_analytics) expect { job.perform(Time.zone.today) }.to change { rejected_profiles.count }.by(1) expect(job_analytics).to have_logged_event( diff --git a/spec/jobs/get_usps_proofing_results_job_spec.rb b/spec/jobs/get_usps_proofing_results_job_spec.rb index 48282d9c7ad..99ff7bfaa0a 100644 --- a/spec/jobs/get_usps_proofing_results_job_spec.rb +++ b/spec/jobs/get_usps_proofing_results_job_spec.rb @@ -2608,8 +2608,8 @@ context 'when the results delay is configured to be negative time' do before do - allow(IdentityConfig.store).to receive(:in_person_results_delay_in_hours). - and_return(-1) + allow(IdentityConfig.store).to receive(:in_person_results_delay_in_hours) + .and_return(-1) end context 'when the USPS proofing results has a passed status' do @@ -2637,8 +2637,8 @@ context 'when the results delay is not configured' do before do - allow(IdentityConfig.store).to receive(:in_person_results_delay_in_hours). - and_return(nil) + allow(IdentityConfig.store).to receive(:in_person_results_delay_in_hours) + .and_return(nil) end context 'when the USPS proofing results has a passed status' do diff --git a/spec/jobs/get_usps_ready_proofing_results_job_spec.rb b/spec/jobs/get_usps_ready_proofing_results_job_spec.rb index 0500a8fb50c..7eb3b528917 100644 --- a/spec/jobs/get_usps_ready_proofing_results_job_spec.rb +++ b/spec/jobs/get_usps_ready_proofing_results_job_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe GetUspsReadyProofingResultsJob, allowed_extra_analytics: [:*] do +RSpec.describe GetUspsReadyProofingResultsJob do include UspsIppHelper let(:reprocess_delay_minutes) { 2.0 } @@ -14,8 +14,8 @@ ) ActiveJob::Base.queue_adapter = :test allow(job).to receive(:analytics).and_return(job_analytics) - allow(IdentityConfig.store).to receive(:get_usps_proofing_results_job_reprocess_delay_minutes). - and_return(reprocess_delay_minutes) + allow(IdentityConfig.store).to receive(:get_usps_proofing_results_job_reprocess_delay_minutes) + .and_return(reprocess_delay_minutes) stub_const( 'GetUspsProofingResultsJob::REQUEST_DELAY_IN_SECONDS', request_delay_ms / GetUspsProofingResultsJob::MILLISECONDS_PER_SECOND, @@ -35,9 +35,9 @@ it 'requests the enrollments that need their status checked' do freeze_time do expect(InPersonEnrollment).to( - receive(:needs_status_check_on_ready_enrollments). - with(...reprocess_delay_minutes.minutes.ago). - and_return(InPersonEnrollment.all), + receive(:needs_status_check_on_ready_enrollments) + .with(...reprocess_delay_minutes.minutes.ago) + .and_return(InPersonEnrollment.all), ) job.perform(Time.zone.now) @@ -61,8 +61,8 @@ job.perform(Time.zone.now) - expect(InPersonEnrollment.where.not(status_check_attempted_at: nil).pluck(:id)). - to(match_array(ready_ids)) + expect(InPersonEnrollment.where.not(status_check_attempted_at: nil).pluck(:id)) + .to(match_array(ready_ids)) expect(job_analytics).to have_logged_event( 'GetUspsProofingResultsJob: Job started', enrollments_count: 6, diff --git a/spec/jobs/get_usps_waiting_proofing_results_job_spec.rb b/spec/jobs/get_usps_waiting_proofing_results_job_spec.rb index 57bf43b1389..cf9ee72558b 100644 --- a/spec/jobs/get_usps_waiting_proofing_results_job_spec.rb +++ b/spec/jobs/get_usps_waiting_proofing_results_job_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe GetUspsWaitingProofingResultsJob, allowed_extra_analytics: [:*] do +RSpec.describe GetUspsWaitingProofingResultsJob do include UspsIppHelper let(:reprocess_delay_minutes) { 2.0 } @@ -14,8 +14,8 @@ ) ActiveJob::Base.queue_adapter = :test allow(job).to receive(:analytics).and_return(job_analytics) - allow(IdentityConfig.store).to receive(:get_usps_proofing_results_job_reprocess_delay_minutes). - and_return(reprocess_delay_minutes) + allow(IdentityConfig.store).to receive(:get_usps_proofing_results_job_reprocess_delay_minutes) + .and_return(reprocess_delay_minutes) stub_const( 'GetUspsProofingResultsJob::REQUEST_DELAY_IN_SECONDS', request_delay_ms / GetUspsProofingResultsJob::MILLISECONDS_PER_SECOND, @@ -35,9 +35,9 @@ it 'requests the enrollments that need their status checked' do freeze_time do expect(InPersonEnrollment).to( - receive(:needs_status_check_on_waiting_enrollments). - with(...reprocess_delay_minutes.minutes.ago). - and_return(InPersonEnrollment.all), + receive(:needs_status_check_on_waiting_enrollments) + .with(...reprocess_delay_minutes.minutes.ago) + .and_return(InPersonEnrollment.all), ) job.perform(Time.zone.now) @@ -61,8 +61,8 @@ job.perform(Time.zone.now) - expect(InPersonEnrollment.where.not(status_check_attempted_at: nil).pluck(:id)). - to(match_array(waiting_ids)) + expect(InPersonEnrollment.where.not(status_check_attempted_at: nil).pluck(:id)) + .to(match_array(waiting_ids)) expect(job_analytics).to have_logged_event( 'GetUspsProofingResultsJob: Job started', enrollments_count: 6, diff --git a/spec/jobs/gpo_daily_job_spec.rb b/spec/jobs/gpo_daily_job_spec.rb index 84b13ff7db3..b6a21071095 100644 --- a/spec/jobs/gpo_daily_job_spec.rb +++ b/spec/jobs/gpo_daily_job_spec.rb @@ -13,8 +13,8 @@ end before do - allow(IdentityConfig.store).to receive(:gpo_designated_receiver_pii). - and_return(designated_receiver_pii) + allow(IdentityConfig.store).to receive(:gpo_designated_receiver_pii) + .and_return(designated_receiver_pii) end describe '#perform' do diff --git a/spec/jobs/gpo_expiration_job_spec.rb b/spec/jobs/gpo_expiration_job_spec.rb index a9e4aa86631..74fbfab945d 100644 --- a/spec/jobs/gpo_expiration_job_spec.rb +++ b/spec/jobs/gpo_expiration_job_spec.rb @@ -177,8 +177,8 @@ job.perform(limit: limit) - expect(Profile.where.not(gpo_verification_pending_at: nil).count). - to eql(initial_count - limit) + expect(Profile.where.not(gpo_verification_pending_at: nil).count) + .to eql(initial_count - limit) end end end diff --git a/spec/jobs/gpo_reminder_job_spec.rb b/spec/jobs/gpo_reminder_job_spec.rb index 4a193b5df23..816e2eb5428 100644 --- a/spec/jobs/gpo_reminder_job_spec.rb +++ b/spec/jobs/gpo_reminder_job_spec.rb @@ -43,8 +43,8 @@ let(:job_analytics) { FakeAnalytics.new } before do - allow(IdentityConfig.store).to receive(:usps_confirmation_max_days). - and_return(max_days_ago_to_send_letter) + allow(IdentityConfig.store).to receive(:usps_confirmation_max_days) + .and_return(max_days_ago_to_send_letter) allow(Analytics).to receive(:new).and_return(job_analytics) user_with_invalid_profile.gpo_verification_pending_profile.deactivate(:password_reset) diff --git a/spec/jobs/in_person/enrollments_ready_for_status_check/batch_processor_spec.rb b/spec/jobs/in_person/enrollments_ready_for_status_check/batch_processor_spec.rb index 6eced3d0342..6b02084eef5 100644 --- a/spec/jobs/in_person/enrollments_ready_for_status_check/batch_processor_spec.rb +++ b/spec/jobs/in_person/enrollments_ready_for_status_check/batch_processor_spec.rb @@ -68,10 +68,10 @@ def failed_delete end it 'invalid item is marked as processed and deleted' do - expect(enrollment_pipeline).to receive(:process_message). - with(message).and_return(false).once - expect(sqs_batch_wrapper).to receive(:delete_message_batch). - with(messages).and_return(delete_result).once + expect(enrollment_pipeline).to receive(:process_message) + .with(message).and_return(false).once + expect(sqs_batch_wrapper).to receive(:delete_message_batch) + .with(messages).and_return(delete_result).once expect(delete_result).to receive(:failed).and_return([]) expect(delete_result).to receive(:successful).and_return(messages) expect(error_reporter).not_to receive(:report_error) @@ -87,10 +87,10 @@ def failed_delete end it 'valid item is marked as processed and deleted' do - expect(enrollment_pipeline).to receive(:process_message). - with(message).and_return(true).once - expect(sqs_batch_wrapper).to receive(:delete_message_batch). - with(messages).and_return(delete_result).once + expect(enrollment_pipeline).to receive(:process_message) + .with(message).and_return(true).once + expect(sqs_batch_wrapper).to receive(:delete_message_batch) + .with(messages).and_return(delete_result).once expect(delete_result).to receive(:failed).and_return([]) expect(delete_result).to receive(:successful).and_return( [ @@ -110,10 +110,10 @@ def failed_delete end it 'item is marked as processed but fails to be deleted' do - expect(enrollment_pipeline).to receive(:process_message). - with(message).and_return(true).once - expect(sqs_batch_wrapper).to receive(:delete_message_batch). - with(messages).and_return(delete_result).once + expect(enrollment_pipeline).to receive(:process_message) + .with(message).and_return(true).once + expect(sqs_batch_wrapper).to receive(:delete_message_batch) + .with(messages).and_return(delete_result).once error_entry = failed_delete expect(delete_result).to receive(:failed).and_return( [ @@ -142,10 +142,10 @@ def failed_delete it 'item is marked as processed but the batch delete call throws an error' do error = RuntimeError.new 'test batch error' - expect(enrollment_pipeline).to receive(:process_message). - with(message).and_return(true).once - expect(sqs_batch_wrapper).to receive(:delete_message_batch). - with(messages).and_raise(error).once + expect(enrollment_pipeline).to receive(:process_message) + .with(message).and_return(true).once + expect(sqs_batch_wrapper).to receive(:delete_message_batch) + .with(messages).and_raise(error).once expect(error_reporter).to receive(:report_error).with(error).once expected_analytics_stats = { **analytics_stats, @@ -179,8 +179,8 @@ def failed_delete true, true, ).exactly(5).times - expect(sqs_batch_wrapper).to receive(:delete_message_batch). - with(messages).and_return(delete_result).once + expect(sqs_batch_wrapper).to receive(:delete_message_batch) + .with(messages).and_return(delete_result).once error_entry = failed_delete error_entry2 = failed_delete diff --git a/spec/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline_spec.rb b/spec/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline_spec.rb index ed907478144..54531f8cf89 100644 --- a/spec/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline_spec.rb +++ b/spec/jobs/in_person/enrollments_ready_for_status_check/enrollment_pipeline_spec.rb @@ -8,8 +8,8 @@ let(:pipeline_analytics) { FakeAnalytics.new } before(:each) do - allow(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_email_body_pattern). - and_return('\A\s*(?\d{16})\s*\Z') + allow(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_email_body_pattern) + .and_return('\A\s*(?\d{16})\s*\Z') allow(error_reporter).to receive(:report_error) end @@ -123,8 +123,8 @@ let(:expected_error_extra) { nil } before(:each) do - allow(sqs_message).to receive(:message_id). - and_return(sqs_message_id) + allow(sqs_message).to receive(:message_id) + .and_return(sqs_message_id) end def expect_error(error, **extra) @@ -330,8 +330,8 @@ def expect_error(error, **extra) :pick, ).and_raise(error) - expect(error_reporter).to receive(:report_error). - with( + expect(error_reporter).to receive(:report_error) + .with( error, sqs_message_id:, sns_message_id:, @@ -350,12 +350,12 @@ def expect_error(error, **extra) enrollment = create(:in_person_enrollment, enrollment_code:, status: :pending, user:) error = ActiveRecord::ConnectionNotEstablished.new - expect(InPersonEnrollment).to receive(:update). - with(enrollment.id, ready_for_status_check: true). - and_raise(error) + expect(InPersonEnrollment).to receive(:update) + .with(enrollment.id, ready_for_status_check: true) + .and_raise(error) - expect(error_reporter).to receive(:report_error). - with( + expect(error_reporter).to receive(:report_error) + .with( error, sqs_message_id:, sns_message_id:, @@ -380,8 +380,8 @@ def expect_error(error, **extra) allow(sqs_message).to receive(:body).and_return(sns_text_payload.to_json) enrollment = create(:in_person_enrollment, enrollment_code:, status: :pending, user:) - expect(InPersonEnrollment).to receive(:update). - with(enrollment.id, ready_for_status_check: true).once + expect(InPersonEnrollment).to receive(:update) + .with(enrollment.id, ready_for_status_check: true).once expect(error_reporter).not_to receive(:report_error) @@ -398,8 +398,8 @@ def expect_error(error, **extra) allow(sqs_message).to receive(:body).and_return(sns_html_payload.to_json) enrollment = create(:in_person_enrollment, enrollment_code:, status: :pending, user:) - expect(InPersonEnrollment).to receive(:update). - with(enrollment.id, ready_for_status_check: true).once + expect(InPersonEnrollment).to receive(:update) + .with(enrollment.id, ready_for_status_check: true).once expect(error_reporter).not_to receive(:report_error) @@ -417,8 +417,8 @@ def expect_error(error, **extra) enrollment = create(:in_person_enrollment, enrollment_code:, status: :pending, user:) - expect(InPersonEnrollment).to receive(:update). - with(enrollment.id, ready_for_status_check: true).once + expect(InPersonEnrollment).to receive(:update) + .with(enrollment.id, ready_for_status_check: true).once expect(error_reporter).not_to receive(:report_error) @@ -435,8 +435,8 @@ def expect_error(error, **extra) enrollment = create(:in_person_enrollment, enrollment_code:, status: :pending, user:) - expect(InPersonEnrollment).to receive(:update). - with(enrollment.id, ready_for_status_check: true).once + expect(InPersonEnrollment).to receive(:update) + .with(enrollment.id, ready_for_status_check: true).once expect(error_reporter).not_to receive(:report_error) diff --git a/spec/jobs/in_person/enrollments_ready_for_status_check/sqs_batch_wrapper_spec.rb b/spec/jobs/in_person/enrollments_ready_for_status_check/sqs_batch_wrapper_spec.rb index f9ae2baf538..b4dbb72636e 100644 --- a/spec/jobs/in_person/enrollments_ready_for_status_check/sqs_batch_wrapper_spec.rb +++ b/spec/jobs/in_person/enrollments_ready_for_status_check/sqs_batch_wrapper_spec.rb @@ -26,9 +26,9 @@ def create_mock_message create_mock_message, ] - expect(sqs_client).to receive(:receive_message). - with(receive_params). - and_return(mock_result) + expect(sqs_client).to receive(:receive_message) + .with(receive_params) + .and_return(mock_result) expect(mock_result).to receive(:messages).and_return(mock_messages) expect(sqs_batch_wrapper.poll).to eq(mock_messages) diff --git a/spec/jobs/in_person/enrollments_ready_for_status_check_job_spec.rb b/spec/jobs/in_person/enrollments_ready_for_status_check_job_spec.rb index 429268793e7..c70e25a5cae 100644 --- a/spec/jobs/in_person/enrollments_ready_for_status_check_job_spec.rb +++ b/spec/jobs/in_person/enrollments_ready_for_status_check_job_spec.rb @@ -9,10 +9,10 @@ describe '#perform' do before(:each) do allow(job).to receive(:analytics).and_return(analytics) - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_enabled). - and_return(in_person_enrollments_ready_job_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_enabled) + .and_return(in_person_enrollments_ready_job_enabled) end def process_batch_result @@ -289,9 +289,9 @@ def new_message wait_time_seconds = 20 aws_http_timeout = 5 - expect(Aws::SQS::Client).to receive(:new). - with(http_read_timeout: wait_time_seconds + aws_http_timeout). - and_return(sqs_client) + expect(Aws::SQS::Client).to receive(:new) + .with(http_read_timeout: wait_time_seconds + aws_http_timeout) + .and_return(sqs_client) expect(IdentityConfig.store).to receive_messages( aws_http_timeout:, @@ -302,8 +302,8 @@ def new_message ) wrapper = instance_double(InPerson::EnrollmentsReadyForStatusCheck::SqsBatchWrapper) - expect(InPerson::EnrollmentsReadyForStatusCheck::SqsBatchWrapper).to receive(:new). - with( + expect(InPerson::EnrollmentsReadyForStatusCheck::SqsBatchWrapper).to receive(:new) + .with( sqs_client: sqs_client, queue_url:, receive_params: { @@ -325,8 +325,8 @@ def new_message batch_processor_error_reporter = instance_double( InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter, ) - expect(InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter).to receive(:new). - with( + expect(InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter).to receive(:new) + .with( InPerson::EnrollmentsReadyForStatusCheck::BatchProcessor.name, analytics, ).and_return(batch_processor_error_reporter) @@ -337,28 +337,28 @@ def new_message enrollment_pipeline_error_reporter = instance_double( InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter, ) - expect(InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter).to receive(:new). - with( + expect(InPerson::EnrollmentsReadyForStatusCheck::ErrorReporter).to receive(:new) + .with( InPerson::EnrollmentsReadyForStatusCheck::EnrollmentPipeline.name, analytics, ).and_return(enrollment_pipeline_error_reporter) email_body_pattern = 'abcd' - expect(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_email_body_pattern). - and_return(email_body_pattern) + expect(IdentityConfig.store).to receive(:in_person_enrollments_ready_job_email_body_pattern) + .and_return(email_body_pattern) enrollment_pipeline = instance_double( InPerson::EnrollmentsReadyForStatusCheck::EnrollmentPipeline, ) - expect(InPerson::EnrollmentsReadyForStatusCheck::EnrollmentPipeline).to receive(:new). - with( + expect(InPerson::EnrollmentsReadyForStatusCheck::EnrollmentPipeline).to receive(:new) + .with( error_reporter: enrollment_pipeline_error_reporter, email_body_pattern: /abcd/, ).and_return(enrollment_pipeline) batch_processor = instance_double(InPerson::EnrollmentsReadyForStatusCheck::BatchProcessor) - expect(InPerson::EnrollmentsReadyForStatusCheck::BatchProcessor).to receive(:new). - with( + expect(InPerson::EnrollmentsReadyForStatusCheck::BatchProcessor).to receive(:new) + .with( error_reporter: batch_processor_error_reporter, sqs_batch_wrapper:, enrollment_pipeline:, diff --git a/spec/jobs/in_person/send_proofing_notification_job_spec.rb b/spec/jobs/in_person/send_proofing_notification_job_spec.rb index efdc8ef29ed..6c5cd9adc7a 100644 --- a/spec/jobs/in_person/send_proofing_notification_job_spec.rb +++ b/spec/jobs/in_person/send_proofing_notification_job_spec.rb @@ -50,10 +50,10 @@ before do ActiveJob::Base.queue_adapter = :test allow(job).to receive(:analytics).and_return(analytics) - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) - allow(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled). - and_return(in_person_send_proofing_notifications_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_send_proofing_notifications_enabled) + .and_return(in_person_send_proofing_notifications_enabled) end describe '#perform' do @@ -155,8 +155,8 @@ before do allow(Telephony).to receive(:send_notification).and_return(sms_success_response) - allow(Idv::InPerson::EnrollmentCodeFormatter).to receive(:format). - and_return(formatted_string) + allow(Idv::InPerson::EnrollmentCodeFormatter).to receive(:format) + .and_return(formatted_string) end it 'handles English language preference' do @@ -164,10 +164,10 @@ passed_enrollment.update!(proofed_at: Time.zone.now) formatted_date = I18n.l(proofed_date, format: :sms_date, locale: 'en') - expect(Telephony). - to( - receive(:send_notification). - with( + expect(Telephony) + .to( + receive(:send_notification) + .with( to: phone_number, message: "Login.gov: You visited the Post Office on #{formatted_date}." \ " Check email for your result." \ @@ -185,10 +185,10 @@ passed_enrollment.update!(proofed_at: Time.zone.now) formatted_date = I18n.l(proofed_date, format: :sms_date, locale: 'fr') - expect(Telephony). - to( - receive(:send_notification). - with( + expect(Telephony) + .to( + receive(:send_notification) + .with( to: phone_number, message: "Login.gov : Vous avez visité le bureau de poste le " \ "#{formatted_date}. Vérifiez votre e-mail pour obtenir votre résultat. Ce" \ @@ -206,10 +206,10 @@ passed_enrollment.update!(proofed_at: Time.zone.now) formatted_date = I18n.l(proofed_date, format: :sms_date, locale: 'es') - expect(Telephony). - to( - receive(:send_notification). - with( + expect(Telephony) + .to( + receive(:send_notification) + .with( to: phone_number, message: "Login.gov: Usted acudió a la oficina de correos el " \ "#{formatted_date}. Revise el resultado en su correo electrónico. " \ @@ -248,9 +248,9 @@ context 'when an exception is raised trying to find the enrollment' do it 'logs the exception details' do - allow(InPersonEnrollment). - to receive(:find_by). - and_raise(ActiveRecord::DatabaseConnectionError) + allow(InPersonEnrollment) + .to receive(:find_by) + .and_raise(ActiveRecord::DatabaseConnectionError) job.perform(passed_enrollment.id) @@ -267,10 +267,10 @@ let(:exception_message) { 'SMS unsupported' } it 'logs the exception details' do - allow(Telephony). - to( - receive(:send_notification). - and_raise(Telephony::SmsUnsupportedError.new(exception_message)), + allow(Telephony) + .to( + receive(:send_notification) + .and_raise(Telephony::SmsUnsupportedError.new(exception_message)), ) job.perform(passed_enrollment.id) diff --git a/spec/jobs/job_helpers/stale_job_helper_spec.rb b/spec/jobs/job_helpers/stale_job_helper_spec.rb index 216557c8a64..2dcae9df0d7 100644 --- a/spec/jobs/job_helpers/stale_job_helper_spec.rb +++ b/spec/jobs/job_helpers/stale_job_helper_spec.rb @@ -11,8 +11,8 @@ let(:async_stale_job_timeout_seconds) { 300 } before do - allow(IdentityConfig.store).to receive(:async_stale_job_timeout_seconds). - and_return(async_stale_job_timeout_seconds) + allow(IdentityConfig.store).to receive(:async_stale_job_timeout_seconds) + .and_return(async_stale_job_timeout_seconds) end describe '#stale_job?' do diff --git a/spec/jobs/reports/daily_auths_report_spec.rb b/spec/jobs/reports/daily_auths_report_spec.rb index 3ab49279531..6a2815a88d6 100644 --- a/spec/jobs/reports/daily_auths_report_spec.rb +++ b/spec/jobs/reports/daily_auths_report_spec.rb @@ -12,12 +12,12 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_public_reports_enabled). - and_return(s3_public_reports_enabled) - allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix). - and_return(s3_report_bucket_prefix) - allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix). - and_return(s3_report_public_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_public_reports_enabled) + .and_return(s3_public_reports_enabled) + allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix) + .and_return(s3_report_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix) + .and_return(s3_report_public_bucket_prefix) Aws.config[:s3] = { stub_responses: { @@ -81,8 +81,8 @@ end it 'aggregates by issuer' do - expect(report).to receive(:upload_file_to_s3_bucket). - exactly(2).times do |path:, body:, content_type:, bucket:| + expect(report).to receive(:upload_file_to_s3_bucket) + .exactly(2).times do |path:, body:, content_type:, bucket:| parsed = JSON.parse(body, symbolize_names: true) expect(parsed[:start]).to eq(report_date.beginning_of_day.as_json) diff --git a/spec/jobs/reports/daily_dropoffs_report_spec.rb b/spec/jobs/reports/daily_dropoffs_report_spec.rb index 12a488b2632..a1f15680c25 100644 --- a/spec/jobs/reports/daily_dropoffs_report_spec.rb +++ b/spec/jobs/reports/daily_dropoffs_report_spec.rb @@ -12,12 +12,12 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_public_reports_enabled). - and_return(s3_public_reports_enabled) - allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix). - and_return(s3_report_bucket_prefix) - allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix). - and_return(s3_report_public_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_public_reports_enabled) + .and_return(s3_public_reports_enabled) + allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix) + .and_return(s3_report_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix) + .and_return(s3_report_public_bucket_prefix) Aws.config[:s3] = { stub_responses: { @@ -106,8 +106,8 @@ end it 'aggregates by issuer' do - expect(report).to receive(:upload_file_to_s3_bucket). - exactly(2).times do |path:, body:, content_type:, bucket:| + expect(report).to receive(:upload_file_to_s3_bucket) + .exactly(2).times do |path:, body:, content_type:, bucket:| csv = CSV.parse(body, headers: true) row = csv.first diff --git a/spec/jobs/reports/daily_registration_report_spec.rb b/spec/jobs/reports/daily_registration_report_spec.rb index 62d2b850b5d..4e9d88f873c 100644 --- a/spec/jobs/reports/daily_registration_report_spec.rb +++ b/spec/jobs/reports/daily_registration_report_spec.rb @@ -12,12 +12,12 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_public_reports_enabled). - and_return(s3_public_reports_enabled) - allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix). - and_return(s3_report_bucket_prefix) - allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix). - and_return(s3_report_public_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_public_reports_enabled) + .and_return(s3_public_reports_enabled) + allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix) + .and_return(s3_report_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_report_public_bucket_prefix) + .and_return(s3_report_public_bucket_prefix) Aws.config[:s3] = { stub_responses: { @@ -84,8 +84,8 @@ end it 'calculates users and fully registered users by day' do - expect(report).to receive(:upload_file_to_s3_bucket). - exactly(2).times do |path:, body:, content_type:, bucket:| + expect(report).to receive(:upload_file_to_s3_bucket) + .exactly(2).times do |path:, body:, content_type:, bucket:| parsed = JSON.parse(body, symbolize_names: true) expect(parsed[:finish]).to eq(report_date.end_of_day.as_json) diff --git a/spec/jobs/reports/duplicate_ssn_report_spec.rb b/spec/jobs/reports/duplicate_ssn_report_spec.rb index 271790e7830..f2a3ce9b67e 100644 --- a/spec/jobs/reports/duplicate_ssn_report_spec.rb +++ b/spec/jobs/reports/duplicate_ssn_report_spec.rb @@ -68,8 +68,8 @@ csv = CSV.parse(report_body, headers: true) expect(csv.length).to eq(3) - expect(csv.find { |r| r['uuid'] == unique_profile.user.uuid }). - to be_nil, 'does not include unique users in the report' + expect(csv.find { |r| r['uuid'] == unique_profile.user.uuid }) + .to be_nil, 'does not include unique users in the report' today_user = fingerprint2_today_profile.user today_row = csv.find { |r| r['uuid'] == today_user.uuid } diff --git a/spec/jobs/reports/fraud_metrics_report_spec.rb b/spec/jobs/reports/fraud_metrics_report_spec.rb index 0c7cc22e981..590620aa3d4 100644 --- a/spec/jobs/reports/fraud_metrics_report_spec.rb +++ b/spec/jobs/reports/fraud_metrics_report_spec.rb @@ -62,8 +62,8 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix). - and_return(s3_report_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix) + .and_return(s3_report_bucket_prefix) Aws.config[:s3] = { stub_responses: { @@ -71,19 +71,19 @@ }, } - allow(IdentityConfig.store).to receive(:team_daily_fraud_metrics_emails). - and_return(mock_test_fraud_emails) - allow(IdentityConfig.store).to receive(:team_monthly_fraud_metrics_emails). - and_return(mock_team_fraud_emails) + allow(IdentityConfig.store).to receive(:team_daily_fraud_metrics_emails) + .and_return(mock_test_fraud_emails) + allow(IdentityConfig.store).to receive(:team_monthly_fraud_metrics_emails) + .and_return(mock_team_fraud_emails) - allow(report.fraud_metrics_lg99_report).to receive(:lg99_metrics_table). - and_return(mock_identity_verification_lg99_data) + allow(report.fraud_metrics_lg99_report).to receive(:lg99_metrics_table) + .and_return(mock_identity_verification_lg99_data) - allow(report.fraud_metrics_lg99_report).to receive(:suspended_metrics_table). - and_return(mock_suspended_metrics_table) + allow(report.fraud_metrics_lg99_report).to receive(:suspended_metrics_table) + .and_return(mock_suspended_metrics_table) - allow(report.fraud_metrics_lg99_report).to receive(:reinstated_metrics_table). - and_return(mock_reinstated_metrics_table) + allow(report.fraud_metrics_lg99_report).to receive(:reinstated_metrics_table) + .and_return(mock_reinstated_metrics_table) end it 'sends out a report to just to team agnes' do diff --git a/spec/jobs/reports/monthly_key_metrics_report_spec.rb b/spec/jobs/reports/monthly_key_metrics_report_spec.rb index eebb7131c49..c4bf44ccdd8 100644 --- a/spec/jobs/reports/monthly_key_metrics_report_spec.rb +++ b/spec/jobs/reports/monthly_key_metrics_report_spec.rb @@ -49,8 +49,8 @@ allow(Identity::Hostdata).to receive(:env).and_return('int') allow(Identity::Hostdata).to receive(:aws_account_id).and_return('1234') allow(Identity::Hostdata).to receive(:aws_region).and_return('us-west-1') - allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix). - and_return(s3_report_bucket_prefix) + allow(IdentityConfig.store).to receive(:s3_report_bucket_prefix) + .and_return(s3_report_bucket_prefix) Aws.config[:s3] = { stub_responses: { @@ -58,15 +58,15 @@ }, } - allow(report.proofing_rate_report).to receive(:as_csv). - and_return(mock_proofing_rate_data) - allow(report.monthly_idv_report).to receive(:as_csv). - and_return(mock_monthly_idv_data) + allow(report.proofing_rate_report).to receive(:as_csv) + .and_return(mock_proofing_rate_data) + allow(report.monthly_idv_report).to receive(:as_csv) + .and_return(mock_monthly_idv_data) - allow(IdentityConfig.store).to receive(:team_daily_reports_emails). - and_return(mock_daily_reports_emails) - allow(IdentityConfig.store).to receive(:team_all_login_emails). - and_return(mock_all_login_emails) + allow(IdentityConfig.store).to receive(:team_daily_reports_emails) + .and_return(mock_daily_reports_emails) + allow(IdentityConfig.store).to receive(:team_all_login_emails) + .and_return(mock_all_login_emails) end it 'sends out a report to just to team agnes' do diff --git a/spec/jobs/reports/quarterly_account_stats_spec.rb b/spec/jobs/reports/quarterly_account_stats_spec.rb index 036b85d7abc..e63167ad50b 100644 --- a/spec/jobs/reports/quarterly_account_stats_spec.rb +++ b/spec/jobs/reports/quarterly_account_stats_spec.rb @@ -9,9 +9,9 @@ let(:ninety_days_ago) { end_date - 90.days } it 'saves the report' do - expect(subject).to receive(:report_body). - with(ninety_days_ago, end_date). - and_return('csv text') + expect(subject).to receive(:report_body) + .with(ninety_days_ago, end_date) + .and_return('csv text') expect(subject).to receive(:save_report).with( 'quarterly-account-stats', 'csv text', diff --git a/spec/jobs/reports/query_helpers_spec.rb b/spec/jobs/reports/query_helpers_spec.rb index 178a0d6c939..5dc20e83c32 100644 --- a/spec/jobs/reports/query_helpers_spec.rb +++ b/spec/jobs/reports/query_helpers_spec.rb @@ -9,8 +9,8 @@ end it 'quotes strings to be psql string literals' do - expect(quote(%(a string with "quotes" in 'the middle'))). - to eq(%('a string with "quotes" in ''the middle''')) + expect(quote(%(a string with "quotes" in 'the middle'))) + .to eq(%('a string with "quotes" in ''the middle''')) end it 'quotes arrays as list expressions' do diff --git a/spec/jobs/reports/sp_issuer_user_counts_report_spec.rb b/spec/jobs/reports/sp_issuer_user_counts_report_spec.rb index a063406119d..87efb3a5be2 100644 --- a/spec/jobs/reports/sp_issuer_user_counts_report_spec.rb +++ b/spec/jobs/reports/sp_issuer_user_counts_report_spec.rb @@ -36,11 +36,11 @@ end before do - expect(Db::Identity::SpUserCounts).to receive(:with_issuer).with(issuer). - and_return(user_counts) + expect(Db::Identity::SpUserCounts).to receive(:with_issuer).with(issuer) + .and_return(user_counts) - allow(IdentityConfig.store).to receive(:sp_issuer_user_counts_report_configs). - and_return([{ 'issuer' => issuer, 'emails' => [email] }]) + allow(IdentityConfig.store).to receive(:sp_issuer_user_counts_report_configs) + .and_return([{ 'issuer' => issuer, 'emails' => [email] }]) allow(ReportMailer).to receive(:tables_report).and_call_original end diff --git a/spec/jobs/resolution_proofing_job_spec.rb b/spec/jobs/resolution_proofing_job_spec.rb index 1af200134b2..c28352a132b 100644 --- a/spec/jobs/resolution_proofing_job_spec.rb +++ b/spec/jobs/resolution_proofing_job_spec.rb @@ -20,14 +20,14 @@ let(:ipp_enrollment_in_progress) { false } before do - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(proofing_device_profiling) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(lexisnexis_threatmetrix_mock_enabled) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_base_url). - and_return('https://www.example.com') - allow(IdentityConfig.store).to receive(:idv_resolution_default_vendor). - and_return(:instant_verify) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(proofing_device_profiling) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(lexisnexis_threatmetrix_mock_enabled) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_base_url) + .and_return('https://www.example.com') + allow(IdentityConfig.store).to receive(:idv_resolution_default_vendor) + .and_return(:instant_verify) end describe '#perform' do @@ -95,18 +95,18 @@ expect(result_context[:should_proof_state_id]) # result[:context][:stages][:resolution] - expect(result_context_stages_resolution[:vendor_name]). - to eq('lexisnexis:instant_verify') + expect(result_context_stages_resolution[:vendor_name]) + .to eq('lexisnexis:instant_verify') expect(result_context_stages_resolution[:errors]).to include(:'Execute Instant Verify') expect(result_context_stages_resolution[:exception]).to eq(nil) expect(result_context_stages_resolution[:success]).to eq(true) expect(result_context_stages_resolution[:timed_out]).to eq(false) expect(result_context_stages_resolution[:transaction_id]).to eq('123456') expect(result_context_stages_resolution[:reference]).to eq('Reference1') - expect(result_context_stages_resolution[:can_pass_with_additional_verification]). - to eq(false) - expect(result_context_stages_resolution[:attributes_requiring_additional_verification]). - to eq([]) + expect(result_context_stages_resolution[:can_pass_with_additional_verification]) + .to eq(false) + expect(result_context_stages_resolution[:attributes_requiring_additional_verification]) + .to eq([]) # result[:context][:stages][:state_id] expect(result_context_stages_state_id[:vendor_name]).to eq('aamva:state_id') @@ -199,13 +199,13 @@ expect(result[:timed_out]).to be false # result[:context][:stages][:resolution] - expect(result_context_stages_resolution[:vendor_name]). - to eq('lexisnexis:instant_verify') + expect(result_context_stages_resolution[:vendor_name]) + .to eq('lexisnexis:instant_verify') expect(result_context_stages_resolution[:success]).to eq(false) - expect(result_context_stages_resolution[:can_pass_with_additional_verification]). - to eq(true) - expect(result_context_stages_resolution[:attributes_requiring_additional_verification]). - to eq(['address']) + expect(result_context_stages_resolution[:can_pass_with_additional_verification]) + .to eq(true) + expect(result_context_stages_resolution[:attributes_requiring_additional_verification]) + .to eq(['address']) # result[:context][:stages][:state_id] expect(result_context_stages_state_id[:vendor_name]).to eq('aamva:state_id') @@ -252,13 +252,13 @@ expect(result[:timed_out]).to be false # result[:context][:stages][:resolution] - expect(result_context_stages_resolution[:vendor_name]). - to eq('lexisnexis:instant_verify') + expect(result_context_stages_resolution[:vendor_name]) + .to eq('lexisnexis:instant_verify') expect(result_context_stages_resolution[:success]).to eq(false) - expect(result_context_stages_resolution[:can_pass_with_additional_verification]). - to eq(true) - expect(result_context_stages_resolution[:attributes_requiring_additional_verification]). - to match(['address', 'dead', 'dob', 'ssn']) + expect(result_context_stages_resolution[:can_pass_with_additional_verification]) + .to eq(true) + expect(result_context_stages_resolution[:attributes_requiring_additional_verification]) + .to match(['address', 'dead', 'dob', 'ssn']) # result[:context][:stages][:state_id] expect(result_context_stages_state_id[:vendor_name]).to eq('UnsupportedJurisdiction') @@ -413,18 +413,18 @@ expect(result_context[:should_proof_state_id]) # result[:context][:stages][:resolution] - expect(result_context_stages_resolution[:vendor_name]). - to eq('lexisnexis:instant_verify') + expect(result_context_stages_resolution[:vendor_name]) + .to eq('lexisnexis:instant_verify') expect(result_context_stages_resolution[:errors]).to include(:"Execute Instant Verify") expect(result_context_stages_resolution[:exception]).to eq(nil) expect(result_context_stages_resolution[:success]).to eq(true) expect(result_context_stages_resolution[:timed_out]).to eq(false) expect(result_context_stages_resolution[:transaction_id]).to eq('123456') expect(result_context_stages_resolution[:reference]).to eq('Reference1') - expect(result_context_stages_resolution[:can_pass_with_additional_verification]). - to eq(false) - expect(result_context_stages_resolution[:attributes_requiring_additional_verification]). - to eq([]) + expect(result_context_stages_resolution[:can_pass_with_additional_verification]) + .to eq(false) + expect(result_context_stages_resolution[:attributes_requiring_additional_verification]) + .to eq([]) # result[:context][:stages][:residential_address] expect(result_context_residential_address[:vendor_name]).to eq('lexisnexis:instant_verify') @@ -434,10 +434,10 @@ expect(result_context_residential_address[:timed_out]).to eq(false) expect(result_context_residential_address[:transaction_id]).to eq('123456') expect(result_context_residential_address[:reference]).to eq('Reference1') - expect(result_context_residential_address[:can_pass_with_additional_verification]). - to eq(false) - expect(result_context_residential_address[:attributes_requiring_additional_verification]). - to eq([]) + expect(result_context_residential_address[:can_pass_with_additional_verification]) + .to eq(false) + expect(result_context_residential_address[:attributes_requiring_additional_verification]) + .to eq([]) # result[:context][:stages][:state_id] expect(result_context_stages_state_id[:vendor_name]).to eq('aamva:state_id') @@ -619,8 +619,8 @@ stub_vendor_requests - expect_any_instance_of(Proofing::LexisNexis::InstantVerify::Proofer).to receive(:proof). - with(hash_including(uuid_info)).and_call_original + expect_any_instance_of(Proofing::LexisNexis::InstantVerify::Proofer).to receive(:proof) + .with(hash_including(uuid_info)).and_call_original expect_any_instance_of(Proofing::Aamva::Proofer).to receive(:proof).with( hash_including(uuid_info), @@ -662,17 +662,17 @@ def stub_threatmetrix_request(threatmetrix_response) end def stub_aamva_request(aamva_response) - allow(IdentityConfig.store).to receive(:aamva_private_key). - and_return(AamvaFixtures.example_config.private_key) - allow(IdentityConfig.store).to receive(:aamva_public_key). - and_return(AamvaFixtures.example_config.public_key) - stub_request(:post, IdentityConfig.store.aamva_auth_url). - to_return( + allow(IdentityConfig.store).to receive(:aamva_private_key) + .and_return(AamvaFixtures.example_config.private_key) + allow(IdentityConfig.store).to receive(:aamva_public_key) + .and_return(AamvaFixtures.example_config.public_key) + stub_request(:post, IdentityConfig.store.aamva_auth_url) + .to_return( { body: AamvaFixtures.security_token_response }, { body: AamvaFixtures.authentication_token_response }, ) - stub_request(:post, IdentityConfig.store.aamva_verification_url). - to_return(body: aamva_response) + stub_request(:post, IdentityConfig.store.aamva_verification_url) + .to_return(body: aamva_response) end end end diff --git a/spec/jobs/risc_delivery_job_spec.rb b/spec/jobs/risc_delivery_job_spec.rb index faae3b8bbda..2341109e0a7 100644 --- a/spec/jobs/risc_delivery_job_spec.rb +++ b/spec/jobs/risc_delivery_job_spec.rb @@ -41,8 +41,8 @@ end it 'POSTs the jwt to the given URL' do - req = stub_request(:post, push_notification_url). - with( + req = stub_request(:post, push_notification_url) + .with( body: jwt, headers: { 'Content-Type' => 'application/secevent+jwt', @@ -276,8 +276,8 @@ context 'when the rate limit is overridden' do before do - allow(IdentityConfig.store).to receive(:risc_notifications_rate_limit_overrides). - and_return({ push_notification_url => { 'max_requests' => 1e6, 'interval' => 500 } }) + allow(IdentityConfig.store).to receive(:risc_notifications_rate_limit_overrides) + .and_return({ push_notification_url => { 'max_requests' => 1e6, 'interval' => 500 } }) end it 'allows the request' do diff --git a/spec/jobs/socure_docv_results_job_spec.rb b/spec/jobs/socure_docv_results_job_spec.rb index 92bfa049db3..99aadd2ffdc 100644 --- a/spec/jobs/socure_docv_results_job_spec.rb +++ b/spec/jobs/socure_docv_results_job_spec.rb @@ -17,8 +17,8 @@ let(:expiration_date) { "#{1.year.from_now.year}-01-01" } before do - allow(IdentityConfig.store).to receive(:socure_idplus_base_url). - and_return(socure_idplus_base_url) + allow(IdentityConfig.store).to receive(:socure_idplus_base_url) + .and_return(socure_idplus_base_url) allow(Analytics).to receive(:new).and_return(fake_analytics) end @@ -91,8 +91,8 @@ end before do - stub_request(:post, 'https://example.com/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.com/api/3.0/EmailAuthScore') + .to_return( headers: { 'Content-Type' => 'application/json', }, diff --git a/spec/jobs/socure_reason_code_download_job_spec.rb b/spec/jobs/socure_reason_code_download_job_spec.rb index 61beb823f80..446f1798a41 100644 --- a/spec/jobs/socure_reason_code_download_job_spec.rb +++ b/spec/jobs/socure_reason_code_download_job_spec.rb @@ -23,10 +23,10 @@ end before do - allow(IdentityConfig.store).to receive(:idv_socure_reason_code_download_enabled). - and_return(idv_socure_reason_code_download_enabled) - allow(IdentityConfig.store).to receive(:socure_reason_code_base_url). - and_return('https://example.org') + allow(IdentityConfig.store).to receive(:idv_socure_reason_code_download_enabled) + .and_return(idv_socure_reason_code_download_enabled) + allow(IdentityConfig.store).to receive(:socure_reason_code_base_url) + .and_return('https://example.org') end describe '#perform' do diff --git a/spec/jobs/socure_shadow_mode_proofing_job_spec.rb b/spec/jobs/socure_shadow_mode_proofing_job_spec.rb index 92e93072894..95d0b473dac 100644 --- a/spec/jobs/socure_shadow_mode_proofing_job_spec.rb +++ b/spec/jobs/socure_shadow_mode_proofing_job_spec.rb @@ -123,8 +123,8 @@ before do document_capture_session.store_proofing_result(proofing_result.to_h) - allow(IdentityConfig.store).to receive(:socure_idplus_base_url). - and_return(socure_idplus_base_url) + allow(IdentityConfig.store).to receive(:socure_idplus_base_url) + .and_return(socure_idplus_base_url) end describe '#perform' do @@ -184,8 +184,8 @@ SocureReasonCode.create(code:, description:) end - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_return( headers: { 'Content-Type' => 'application/json', }, diff --git a/spec/jobs/threat_metrix_js_verification_job_spec.rb b/spec/jobs/threat_metrix_js_verification_job_spec.rb index 5390285ef46..79b808b212c 100644 --- a/spec/jobs/threat_metrix_js_verification_job_spec.rb +++ b/spec/jobs/threat_metrix_js_verification_job_spec.rb @@ -64,15 +64,15 @@ end before do - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id). - and_return(threatmetrix_org_id) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_js_signing_cert). - and_return(threatmetrix_signing_certificate) - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(threatmetrix_enabled ? :collect_only : :disabled) - - stub_request(:get, "https://h.online-metrix.net/fp/tags.js?org_id=#{threatmetrix_org_id}&session_id=#{threatmetrix_session_id}"). - to_return( + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_org_id) + .and_return(threatmetrix_org_id) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_js_signing_cert) + .and_return(threatmetrix_signing_certificate) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(threatmetrix_enabled ? :collect_only : :disabled) + + stub_request(:get, "https://h.online-metrix.net/fp/tags.js?org_id=#{threatmetrix_org_id}&session_id=#{threatmetrix_session_id}") + .to_return( status: http_response_status, body: http_response_body, ) @@ -110,8 +110,8 @@ context 'error that is not a configuration error' do before do - stub_request(:get, "https://h.online-metrix.net/fp/tags.js?org_id=#{threatmetrix_org_id}&session_id=#{threatmetrix_session_id}"). - to_timeout + stub_request(:get, "https://h.online-metrix.net/fp/tags.js?org_id=#{threatmetrix_org_id}&session_id=#{threatmetrix_session_id}") + .to_timeout end it 'logs an error_message, and raises' do diff --git a/spec/lib/aamva_test_spec.rb b/spec/lib/aamva_test_spec.rb index 4a6e5e399ba..d67343739fe 100644 --- a/spec/lib/aamva_test_spec.rb +++ b/spec/lib/aamva_test_spec.rb @@ -4,19 +4,19 @@ RSpec.describe AamvaTest do before do allow(IdentityConfig.store).to receive(:proofer_mock_fallback).and_return(false) - allow(IdentityConfig.store).to receive(:aamva_private_key). - and_return(Base64.strict_encode64(AamvaFixtures.aamva_private_key.to_der)) - allow(IdentityConfig.store).to receive(:aamva_public_key). - and_return(Base64.strict_encode64(AamvaFixtures.aamva_public_key.to_der)) - - stub_request(:post, auth_url). - with(body: %r{http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT}). - to_return(body: AamvaFixtures.security_token_response, status: 200) - stub_request(:post, auth_url). - with(body: %r{http://aamva.org/authentication/3.1.0/IAuthenticationService/Authenticate}). - to_return(body: AamvaFixtures.authentication_token_response, status: 200) - stub_request(:post, verification_url). - to_return(body: AamvaFixtures.verification_response_namespaced_success) + allow(IdentityConfig.store).to receive(:aamva_private_key) + .and_return(Base64.strict_encode64(AamvaFixtures.aamva_private_key.to_der)) + allow(IdentityConfig.store).to receive(:aamva_public_key) + .and_return(Base64.strict_encode64(AamvaFixtures.aamva_public_key.to_der)) + + stub_request(:post, auth_url) + .with(body: %r{http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT}) + .to_return(body: AamvaFixtures.security_token_response, status: 200) + stub_request(:post, auth_url) + .with(body: %r{http://aamva.org/authentication/3.1.0/IAuthenticationService/Authenticate}) + .to_return(body: AamvaFixtures.authentication_token_response, status: 200) + stub_request(:post, verification_url) + .to_return(body: AamvaFixtures.verification_response_namespaced_success) end subject(:tester) { AamvaTest.new } @@ -43,8 +43,8 @@ expect(WebMock).to( have_requested(:post, verification_url).with do |req| - expect(Nokogiri::XML(req.body).at_xpath('//aa:MessageDestinationId').text). - to eq('P6'), 'it sends a request with the designated fake state' + expect(Nokogiri::XML(req.body).at_xpath('//aa:MessageDestinationId').text) + .to eq('P6'), 'it sends a request with the designated fake state' end, ) end @@ -54,8 +54,8 @@ tester.test_cert(auth_url:, verification_url:) - expect(Rails.cache.read(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY)). - to be_nil + expect(Rails.cache.read(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY)) + .to be_nil end end end diff --git a/spec/lib/ab_test_spec.rb b/spec/lib/ab_test_spec.rb index b6df14a9009..9e147fe574c 100644 --- a/spec/lib/ab_test_spec.rb +++ b/spec/lib/ab_test_spec.rb @@ -65,9 +65,9 @@ } end it 'passes arguments to discriminator' do - expect(discriminator).to receive(:call). - once. - with( + expect(discriminator).to receive(:call) + .once + .with( request:, service_provider:, session:, diff --git a/spec/lib/action_account_spec.rb b/spec/lib/action_account_spec.rb index 7af09938bd4..30382fdf9e6 100644 --- a/spec/lib/action_account_spec.rb +++ b/spec/lib/action_account_spec.rb @@ -193,9 +193,9 @@ end it 'attributes analytics events to the SP' do - expect(Analytics).to receive(:new). - with(hash_including(sp: 'test-issuer')). - and_return(analytics) + expect(Analytics).to receive(:new) + .with(hash_including(sp: 'test-issuer')) + .and_return(analytics) subtask.run(args:, config:) @@ -272,9 +272,9 @@ end it 'attributes analytics events to the SP' do - expect(Analytics).to receive(:new). - with(hash_including(sp: 'test-issuer')). - and_return(analytics) + expect(Analytics).to receive(:new) + .with(hash_including(sp: 'test-issuer')) + .and_return(analytics) subtask.run(args:, config:) diff --git a/spec/lib/analytics_events_documenter_spec.rb b/spec/lib/analytics_events_documenter_spec.rb index 29e231ce0de..81c2c24ef78 100644 --- a/spec/lib/analytics_events_documenter_spec.rb +++ b/spec/lib/analytics_events_documenter_spec.rb @@ -99,8 +99,8 @@ def some_event; end RUBY it 'reports the missing tag' do - expect(documenter.missing_documentation.first). - to include('some_event event name not detected') + expect(documenter.missing_documentation.first) + .to include('some_event event name not detected') end end @@ -114,8 +114,8 @@ def some_event(success:) RUBY it 'reports the missing tag' do - expect(documenter.missing_documentation.first). - to include('some_event success (undocumented)') + expect(documenter.missing_documentation.first) + .to include('some_event success (undocumented)') end end @@ -129,8 +129,8 @@ def some_event(success) RUBY it 'reports the invalid param' do - expect(documenter.missing_documentation.first). - to include('some_event unexpected positional parameters ["success"]') + expect(documenter.missing_documentation.first) + .to include('some_event unexpected positional parameters ["success"]') end end @@ -159,8 +159,8 @@ def some_event(success:, **extra) RUBY it 'has an error documentation to be missing' do - expect(documenter.missing_documentation.first). - to include('some_event success missing types') + expect(documenter.missing_documentation.first) + .to include('some_event success missing types') end end @@ -310,8 +310,8 @@ def idv_enter_password_submitted( RUBY it 'parses the name correctly' do - expect(documenter.as_json[:events].first[:event_name]). - to eq('idv_enter_password_submitted') + expect(documenter.as_json[:events].first[:event_name]) + .to eq('idv_enter_password_submitted') end end end diff --git a/spec/lib/app_artifacts_spec.rb b/spec/lib/app_artifacts_spec.rb index 55f305c487f..752bbe389f4 100644 --- a/spec/lib/app_artifacts_spec.rb +++ b/spec/lib/app_artifacts_spec.rb @@ -38,6 +38,20 @@ AppArtifacts::MissingArtifactError, 'missing artifact: /%s/test_artifact' ) end + + context 'with allow_missing: true' do + it 'does not raise an error if an artifact is missing' do + expect(secrets_s3).to receive(:read_file).with( + '/%s/test_artifact', + ).and_return(nil) + + store = instance.build do |store| + store.add_artifact(:test_artifact, '/%s/test_artifact', allow_missing: true) + end + + expect(store.test_artifact).to eq nil + end + end end context 'when running locally' do diff --git a/spec/lib/data_requests/local/write_cloudwatch_logs_spec.rb b/spec/lib/data_requests/local/write_cloudwatch_logs_spec.rb index 732cb464bb6..1540a1e9d75 100644 --- a/spec/lib/data_requests/local/write_cloudwatch_logs_spec.rb +++ b/spec/lib/data_requests/local/write_cloudwatch_logs_spec.rb @@ -90,8 +90,8 @@ def build_result_row(event_properties = {}) csv = CSV.parse(io.string, headers: true) - expect(csv.map { |row| [row['multi_factor_auth_method'], row['multi_factor_id']] }). - to eq( + expect(csv.map { |row| [row['multi_factor_auth_method'], row['multi_factor_id']] }) + .to eq( [%w[sms phone_configuration_id:1111], %w[voice phone_configuration_id:2222], %w[piv_cac piv_cac_configuration_id:3333], diff --git a/spec/lib/deploy/activate_spec.rb b/spec/lib/deploy/activate_spec.rb index 4a7a8ad244b..004f0b36d19 100644 --- a/spec/lib/deploy/activate_spec.rb +++ b/spec/lib/deploy/activate_spec.rb @@ -46,12 +46,12 @@ ec2_api_token = SecureRandom.hex - stub_request(:put, 'http://169.254.169.254/latest/api/token'). - to_return(body: ec2_api_token) + stub_request(:put, 'http://169.254.169.254/latest/api/token') + .to_return(body: ec2_api_token) - stub_request(:get, 'http://169.254.169.254/2016-09-02/dynamic/instance-identity/document'). - with(headers: { 'X-aws-ec2-metadata-token' => ec2_api_token }). - to_return(body: { + stub_request(:get, 'http://169.254.169.254/2016-09-02/dynamic/instance-identity/document') + .with(headers: { 'X-aws-ec2-metadata-token' => ec2_api_token }) + .to_return(body: { 'region' => 'us-west-1', 'accountId' => '12345', }.to_json) @@ -125,8 +125,8 @@ context 'outside a deployed production environment' do before do - stub_request(:put, 'http://169.254.169.254/latest/api/token'). - to_timeout + stub_request(:put, 'http://169.254.169.254/latest/api/token') + .to_timeout # for now, stub cloning identity-idp-config allow(subject).to receive(:clone_idp_config) diff --git a/spec/lib/env_irb_prompt_spec.rb b/spec/lib/env_irb_prompt_spec.rb index 08ce2aa8a97..f6ade78b625 100644 --- a/spec/lib/env_irb_prompt_spec.rb +++ b/spec/lib/env_irb_prompt_spec.rb @@ -32,8 +32,8 @@ it 'sets the prompt with the environment name' do configure - expect(irb_conf[:PROMPT][:ENV_PROMPT][:PROMPT_I]). - to include(prompt.bold(prompt.color_green('dev'))) + expect(irb_conf[:PROMPT][:ENV_PROMPT][:PROMPT_I]) + .to include(prompt.bold(prompt.color_green('dev'))) end end @@ -52,8 +52,8 @@ it 'sets the prompt with local' do configure - expect(irb_conf[:PROMPT][:ENV_PROMPT][:PROMPT_I]). - to include(prompt.bold(prompt.color_blue('local'))) + expect(irb_conf[:PROMPT][:ENV_PROMPT][:PROMPT_I]) + .to include(prompt.bold(prompt.color_blue('local'))) end end end diff --git a/spec/lib/feature_management_spec.rb b/spec/lib/feature_management_spec.rb index a1f35529f9c..f5c88b2fe6c 100644 --- a/spec/lib/feature_management_spec.rb +++ b/spec/lib/feature_management_spec.rb @@ -351,8 +351,8 @@ end it 'raises for invalid value' do expect(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:emnabled) - expect { FeatureManagement.proofing_device_profiling_collecting_enabled? }. - to raise_error + expect { FeatureManagement.proofing_device_profiling_collecting_enabled? } + .to raise_error end end @@ -371,8 +371,8 @@ end it 'raises for invalid value' do expect(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:dissabled) - expect { FeatureManagement.proofing_device_profiling_decisioning_enabled? }. - to raise_error + expect { FeatureManagement.proofing_device_profiling_decisioning_enabled? } + .to raise_error end end @@ -385,14 +385,14 @@ subject(:recaptcha_enabled) { FeatureManagement.recaptcha_enabled? } before do - allow(IdentityConfig.store).to receive(:recaptcha_site_key). - and_return(recaptcha_site_key) - allow(IdentityConfig.store).to receive(:recaptcha_secret_key). - and_return(recaptcha_secret_key) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key). - and_return(recaptcha_enterprise_api_key) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id). - and_return(recaptcha_enterprise_project_id) + allow(IdentityConfig.store).to receive(:recaptcha_site_key) + .and_return(recaptcha_site_key) + allow(IdentityConfig.store).to receive(:recaptcha_secret_key) + .and_return(recaptcha_secret_key) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key) + .and_return(recaptcha_enterprise_api_key) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id) + .and_return(recaptcha_enterprise_project_id) end it { is_expected.to eq(false) } @@ -430,8 +430,8 @@ before do allow(FeatureManagement).to receive(:recaptcha_enabled?).and_return(recaptcha_enabled) - allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold). - and_return(phone_recaptcha_score_threshold) + allow(IdentityConfig.store).to receive(:phone_recaptcha_score_threshold) + .and_return(phone_recaptcha_score_threshold) end it { is_expected.to eq(false) } @@ -457,8 +457,8 @@ before do allow(FeatureManagement).to receive(:recaptcha_enabled?).and_return(recaptcha_enabled) - allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold). - and_return(sign_in_recaptcha_score_threshold) + allow(IdentityConfig.store).to receive(:sign_in_recaptcha_score_threshold) + .and_return(sign_in_recaptcha_score_threshold) end it { is_expected.to eq(false) } @@ -483,10 +483,10 @@ subject(:recaptcha_enterprise) { FeatureManagement.recaptcha_enterprise? } before do - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key). - and_return(recaptcha_enterprise_api_key) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id). - and_return(recaptcha_enterprise_project_id) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key) + .and_return(recaptcha_enterprise_api_key) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id) + .and_return(recaptcha_enterprise_project_id) end it { expect(recaptcha_enterprise).to eq(false) } @@ -511,10 +511,10 @@ before do allow(IdentityConfig.store).to receive(:idv_available).and_return(idv_available) - allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_instant_verify). - and_return(vendor_status_lexisnexis_instant_verify) - allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_trueid). - and_return(vendor_status_lexisnexis_trueid) + allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_instant_verify) + .and_return(vendor_status_lexisnexis_instant_verify) + allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_trueid) + .and_return(vendor_status_lexisnexis_trueid) end it 'returns true by default' do diff --git a/spec/lib/identity_config_spec.rb b/spec/lib/identity_config_spec.rb index 2610aaf78ca..f8a2ffd60cd 100644 --- a/spec/lib/identity_config_spec.rb +++ b/spec/lib/identity_config_spec.rb @@ -11,16 +11,16 @@ it 'has defaults defined for all keys in default configuration' do aggregate_failures do key_types.keys.each do |key| - expect(default_yaml_config). - to have_key(key.to_s), "expected default configuration to include value for #{key}" + expect(default_yaml_config) + .to have_key(key.to_s), "expected default configuration to include value for #{key}" end end end it 'has all _enabled keys as booleans' do aggregate_failures do - key_types.select { |key, _type| key.to_s.end_with?('_enabled') }. - each do |key, type| + key_types.select { |key, _type| key.to_s.end_with?('_enabled') } + .each do |key, type| expect(type).to eq(:boolean), "expected #{key} to be a boolean" end end @@ -28,8 +28,8 @@ it 'has all _at keys as timestamps' do aggregate_failures do - key_types.select { |key, _type| key.to_s.end_with?('_at') }. - each do |key, type| + key_types.select { |key, _type| key.to_s.end_with?('_at') } + .each do |key, type| expect(type).to eq(:timestamp), "expected #{key} to be a timestamp" end end @@ -37,8 +37,8 @@ it 'has all _timeout keys as numbers' do aggregate_failures do - key_types.select { |key, _type| key.to_s.end_with?('_timeout') }. - each do |key, type| + key_types.select { |key, _type| key.to_s.end_with?('_timeout') } + .each do |key, type| expect(type).to eq(:float).or(eq(:integer)), "expected #{key} to be a number" end end diff --git a/spec/lib/otp_code_generator_spec.rb b/spec/lib/otp_code_generator_spec.rb index 02a5129a50b..83f5ee8ab4f 100644 --- a/spec/lib/otp_code_generator_spec.rb +++ b/spec/lib/otp_code_generator_spec.rb @@ -19,13 +19,13 @@ end it 'generates crockford-32 encoded words' do - expect(generate_alphanumeric_digits). - to match(/\A[a-z0-9]{#{TwoFactorAuthenticatable::DIRECT_OTP_LENGTH}}\Z/io) + expect(generate_alphanumeric_digits) + .to match(/\A[a-z0-9]{#{TwoFactorAuthenticatable::DIRECT_OTP_LENGTH}}\Z/io) end it 'filters out profanity' do - expect(SecureRandom).to receive(:random_number). - and_return( + expect(SecureRandom).to receive(:random_number) + .and_return( Base32::Crockford.decode('FART1'), Base32::Crockford.decode('FART2'), Base32::Crockford.decode('ABCDE'), diff --git a/spec/lib/pinpoint_supported_countries_spec.rb b/spec/lib/pinpoint_supported_countries_spec.rb index 1a3a84b0ee9..55f39294e9a 100644 --- a/spec/lib/pinpoint_supported_countries_spec.rb +++ b/spec/lib/pinpoint_supported_countries_spec.rb @@ -3,10 +3,10 @@ RSpec.describe PinpointSupportedCountries do before do - stub_request(:get, PinpointSupportedCountries::PINPOINT_SMS_URL). - to_return(body: sms_table) - stub_request(:get, PinpointSupportedCountries::PINPOINT_VOICE_URL). - to_return(body: voice_table) + stub_request(:get, PinpointSupportedCountries::PINPOINT_SMS_URL) + .to_return(body: sms_table) + stub_request(:get, PinpointSupportedCountries::PINPOINT_VOICE_URL) + .to_return(body: voice_table) stub_const('STDERR', StringIO.new) end diff --git a/spec/lib/pwned_password_downloader_spec.rb b/spec/lib/pwned_password_downloader_spec.rb index ff220254e8f..2b1c15c7c8e 100644 --- a/spec/lib/pwned_password_downloader_spec.rb +++ b/spec/lib/pwned_password_downloader_spec.rb @@ -26,8 +26,8 @@ 03643C928B2BCD37475C574E6F31B4650AD:22 BODY ) - stub_request(:get, URI.join(PwnedPasswordDownloader::RANGE_API_ROOT, '00001').to_s). - to_return(body: '00C271B56ABE9E5C137217BF2DE657C7B2F:5') + stub_request(:get, URI.join(PwnedPasswordDownloader::RANGE_API_ROOT, '00001').to_s) + .to_return(body: '00C271B56ABE9E5C137217BF2DE657C7B2F:5') allow(downloader).to receive(:wait_for_progress) end @@ -52,9 +52,9 @@ context 'when server connection fails once' do before do already_called = false - expect(downloader).to receive(:download_one). - exactly(3).times. - and_wrap_original do |original, **kwargs| + expect(downloader).to receive(:download_one) + .exactly(3).times + .and_wrap_original do |original, **kwargs| if already_called original.call(**kwargs) else @@ -73,9 +73,9 @@ context 'when server connection fails repeatedly' do before do - expect(downloader).to receive(:download_one). - at_least(9).times. - and_raise(Socket::ResolutionError) + expect(downloader).to receive(:download_one) + .at_least(9).times + .and_raise(Socket::ResolutionError) end it 'eventually raises an error that the download failed' do diff --git a/spec/lib/reporting/cloudwatch_client_spec.rb b/spec/lib/reporting/cloudwatch_client_spec.rb index 984910a52e3..4d9e42d6386 100644 --- a/spec/lib/reporting/cloudwatch_client_spec.rb +++ b/spec/lib/reporting/cloudwatch_client_spec.rb @@ -100,12 +100,12 @@ def stub_single_page let(:time_slices) { [1..2, 3..4, 5..6] } it 'uses the slices directly' do - expect(client).to receive(:fetch_one). - with(hash_including(start_time: 1, end_time: 2)).and_call_original - expect(client).to receive(:fetch_one). - with(hash_including(start_time: 3, end_time: 4)).and_call_original - expect(client).to receive(:fetch_one). - with(hash_including(start_time: 5, end_time: 6)).and_call_original + expect(client).to receive(:fetch_one) + .with(hash_including(start_time: 1, end_time: 2)).and_call_original + expect(client).to receive(:fetch_one) + .with(hash_including(start_time: 3, end_time: 4)).and_call_original + expect(client).to receive(:fetch_one) + .with(hash_including(start_time: 5, end_time: 6)).and_call_original fetch end diff --git a/spec/lib/reporting/fraud_metrics_lg99_report_spec.rb b/spec/lib/reporting/fraud_metrics_lg99_report_spec.rb index 51164dde294..82c8aa2cefa 100644 --- a/spec/lib/reporting/fraud_metrics_lg99_report_spec.rb +++ b/spec/lib/reporting/fraud_metrics_lg99_report_spec.rb @@ -81,8 +81,8 @@ describe '#suspended_metrics_table' do it 'renders a suspended metrics table' do aggregate_failures do - report.suspended_metrics_table.zip(expected_suspended_metrics_table). - each do |actual, expected| + report.suspended_metrics_table.zip(expected_suspended_metrics_table) + .each do |actual, expected| expect(actual).to eq(expected) end end @@ -92,8 +92,8 @@ describe '#reinstated_metrics_table' do it 'renders a reinstated metrics table' do aggregate_failures do - report.reinstated_metrics_table.zip(expected_reinstated_metrics_table). - each do |actual, expected| + report.reinstated_metrics_table.zip(expected_reinstated_metrics_table) + .each do |actual, expected| expect(actual).to eq(expected) end end diff --git a/spec/lib/reporting/monthly_idv_report_spec.rb b/spec/lib/reporting/monthly_idv_report_spec.rb index b9433c566ca..6e0b6ba6595 100644 --- a/spec/lib/reporting/monthly_idv_report_spec.rb +++ b/spec/lib/reporting/monthly_idv_report_spec.rb @@ -102,8 +102,8 @@ it 'returns IdV reports for the expected months' do [june, july, august].each do |month| - expect(Reporting::IdentityVerificationReport).to receive(:new). - with(issuers: nil, time_range: month, cloudwatch_client: anything) + expect(Reporting::IdentityVerificationReport).to receive(:new) + .with(issuers: nil, time_range: month, cloudwatch_client: anything) end subject.monthly_subreports diff --git a/spec/lib/tasks/dev_rake_spec.rb b/spec/lib/tasks/dev_rake_spec.rb index 84a6e474e72..78dc1c86ea1 100644 --- a/spec/lib/tasks/dev_rake_spec.rb +++ b/spec/lib/tasks/dev_rake_spec.rb @@ -346,17 +346,17 @@ stub_request( :post, %r{/ivs-ippaas-api/IPPRest/resources/rest/optInIPPApplicant}, - ).to_raise(Faraday::TimeoutError).times(2).then. - to_return( + ).to_raise(Faraday::TimeoutError).times(2).then + .to_return( status: 200, body: UspsInPersonProofing::Mock::Fixtures.request_enroll_response, headers: { 'content-type' => 'application/json' }, ).times(1) - expect(UspsInPersonProofing::EnrollmentHelper). - to receive(:schedule_in_person_enrollment).and_call_original.exactly(3).times - expect(Rails.logger).to receive(:error). - with('Exception raised while enrolling user: Exception from WebMock').exactly(2).times + expect(UspsInPersonProofing::EnrollmentHelper) + .to receive(:schedule_in_person_enrollment).and_call_original.exactly(3).times + expect(Rails.logger).to receive(:error) + .with('Exception raised while enrolling user: Exception from WebMock').exactly(2).times Rake::Task['dev:random_in_person_users'].invoke @@ -374,18 +374,18 @@ stub_request( :post, %r{/ivs-ippaas-api/IPPRest/resources/rest/optInIPPApplicant}, - ). - to_return( + ) + .to_return( status: 200, body: UspsInPersonProofing::Mock::Fixtures.request_enroll_response, headers: { 'content-type' => 'application/json' }, - ). - then.to_raise(Faraday::TimeoutError).times(5) + ) + .then.to_raise(Faraday::TimeoutError).times(5) - expect(UspsInPersonProofing::EnrollmentHelper). - to receive(:schedule_in_person_enrollment).and_call_original.exactly(6).times - expect(Rails.logger).to receive(:error). - with('Exception raised while enrolling user: Exception from WebMock').exactly(5).times + expect(UspsInPersonProofing::EnrollmentHelper) + .to receive(:schedule_in_person_enrollment).and_call_original.exactly(6).times + expect(Rails.logger).to receive(:error) + .with('Exception raised while enrolling user: Exception from WebMock').exactly(5).times expect do Rake::Task['dev:random_in_person_users'].invoke @@ -404,18 +404,18 @@ stub_request( :post, %r{/ivs-ippaas-api/IPPRest/resources/rest/optInIPPApplicant}, - ). - to_return( + ) + .to_return( status: 200, body: UspsInPersonProofing::Mock::Fixtures.request_enroll_response, headers: { 'content-type' => 'application/json' }, - ). - then.to_raise(Faraday::TimeoutError).times(3) + ) + .then.to_raise(Faraday::TimeoutError).times(3) - expect(UspsInPersonProofing::EnrollmentHelper). - to receive(:schedule_in_person_enrollment).and_call_original.exactly(4).times - expect(Rails.logger).to receive(:error). - with('Exception raised while enrolling user: Exception from WebMock').exactly(3).times + expect(UspsInPersonProofing::EnrollmentHelper) + .to receive(:schedule_in_person_enrollment).and_call_original.exactly(4).times + expect(Rails.logger).to receive(:error) + .with('Exception raised while enrolling user: Exception from WebMock').exactly(3).times expect do Rake::Task['dev:random_in_person_users'].invoke @@ -431,14 +431,14 @@ stub_request( :post, %r{/ivs-ippaas-api/IPPRest/resources/rest/optInIPPApplicant}, - ).to_raise(Faraday::TimeoutError).times(2).then. - to_return( + ).to_raise(Faraday::TimeoutError).times(2).then + .to_return( status: 200, body: UspsInPersonProofing::Mock::Fixtures.request_enroll_response, headers: { 'content-type' => 'application/json' }, ).times(1) - expect(UspsInPersonProofing::EnrollmentHelper). - to receive(:schedule_in_person_enrollment).and_call_original.exactly(3).times + expect(UspsInPersonProofing::EnrollmentHelper) + .to receive(:schedule_in_person_enrollment).and_call_original.exactly(3).times expect(Kernel).to receive(:sleep).exactly(3).times.with(0.2) Rake::Task['dev:random_in_person_users'].invoke diff --git a/spec/lib/tasks/partners_rake_spec.rb b/spec/lib/tasks/partners_rake_spec.rb index 972901cfe87..5cec95da44e 100644 --- a/spec/lib/tasks/partners_rake_spec.rb +++ b/spec/lib/tasks/partners_rake_spec.rb @@ -113,8 +113,8 @@ it 'displays an error message' do expect { Rake::Task[task].invoke }.to \ - output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n"). - to_stdout + output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n") + .to_stdout end it 'exits' do @@ -132,8 +132,8 @@ it 'displays an error message' do expect { Rake::Task[task].invoke }.to \ - output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n"). - to_stdout + output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n") + .to_stdout end it 'exits' do @@ -151,8 +151,8 @@ it 'displays an error message' do expect { Rake::Task[task].invoke }.to \ - output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n"). - to_stdout + output("You must define the environment variables EMAIL_FILE, SP_FILE, and OUTPUT\n") + .to_stdout end it 'exits' do diff --git a/spec/lib/telephony/otp_sender_spec.rb b/spec/lib/telephony/otp_sender_spec.rb index ae5f58f30ce..02e271d30ea 100644 --- a/spec/lib/telephony/otp_sender_spec.rb +++ b/spec/lib/telephony/otp_sender_spec.rb @@ -269,8 +269,8 @@ let(:otp) { '123456' } it 'is the code separated by commas' do - expect(otp_transformed_for_channel). - to eq( + expect(otp_transformed_for_channel) + .to eq( "1 2 3 4 "\ " 5 6 ", ) @@ -281,8 +281,8 @@ let(:otp) { 'ABC123' } it 'is the code separated by commas' do - expect(otp_transformed_for_channel). - to eq( + expect(otp_transformed_for_channel) + .to eq( "A B C 1 "\ " 2 3 ", ) diff --git a/spec/lib/telephony/pinpoint/opt_out_manager_spec.rb b/spec/lib/telephony/pinpoint/opt_out_manager_spec.rb index e95b6fda5d3..1884138c9ee 100644 --- a/spec/lib/telephony/pinpoint/opt_out_manager_spec.rb +++ b/spec/lib/telephony/pinpoint/opt_out_manager_spec.rb @@ -8,8 +8,8 @@ let(:phone_number) { Faker::PhoneNumber.cell_phone } before do - allow(opt_out_manager).to receive(:build_client). - and_return(first_client, second_client) + allow(opt_out_manager).to receive(:build_client) + .and_return(first_client, second_client) end let(:first_client) { Aws::SNS::Client.new(stub_responses: true) } @@ -123,8 +123,8 @@ def add_second_region_config end it 'iterates phone numbers across regions' do - expect(opt_out_manager.opted_out_numbers.to_a). - to eq([phone1, phone2, phone3, phone4, phone5, phone6]) + expect(opt_out_manager.opted_out_numbers.to_a) + .to eq([phone1, phone2, phone3, phone4, phone5, phone6]) end end end diff --git a/spec/lib/telephony/pinpoint/voice_sender_spec.rb b/spec/lib/telephony/pinpoint/voice_sender_spec.rb index f82bfc378cd..438e352ed8d 100644 --- a/spec/lib/telephony/pinpoint/voice_sender_spec.rb +++ b/spec/lib/telephony/pinpoint/voice_sender_spec.rb @@ -62,9 +62,9 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c end it 'initializes a pinpoint sms and voice client and uses that to send a message' do - expect(pinpoint_client).to receive(:send_voice_message). - with(expected_message). - and_return(pinpoint_response) + expect(pinpoint_client).to receive(:send_voice_message) + .with(expected_message) + .and_return(pinpoint_response) response = voice_sender.deliver(message: message, to: recipient_phone, country_code: 'US') @@ -81,9 +81,9 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c it 'calls the user with a spanish voice' do expected_message[:content][:ssml_message][:language_code] = 'es-US' expected_message[:content][:ssml_message][:voice_id] = 'Miguel' - expect(pinpoint_client).to receive(:send_voice_message). - with(expected_message). - and_return(pinpoint_response) + expect(pinpoint_client).to receive(:send_voice_message) + .with(expected_message) + .and_return(pinpoint_response) response = voice_sender.deliver(message: message, to: recipient_phone, country_code: 'US') @@ -100,9 +100,9 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c it 'calls the user with a french voice' do expected_message[:content][:ssml_message][:language_code] = 'fr-FR' expected_message[:content][:ssml_message][:voice_id] = 'Mathieu' - expect(pinpoint_client).to receive(:send_voice_message). - with(expected_message). - and_return(pinpoint_response) + expect(pinpoint_client).to receive(:send_voice_message) + .with(expected_message) + .and_return(pinpoint_response) response = voice_sender.deliver(message: message, to: recipient_phone, country_code: 'US') @@ -189,8 +189,8 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c context 'when pinpoint raises a timeout exception' do it 'rescues the exception and returns an error' do exception = Seahorse::Client::NetworkingError.new(Net::ReadTimeout.new) - expect(pinpoint_client). - to receive(:send_voice_message).and_raise(exception) + expect(pinpoint_client) + .to receive(:send_voice_message).and_raise(exception) response = voice_sender.deliver(message: message, to: recipient_phone, country_code: 'US') @@ -217,9 +217,9 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c context 'when the first config succeeds' do before do - expect(pinpoint_client).to receive(:send_voice_message). - with(expected_message). - and_return(pinpoint_response) + expect(pinpoint_client).to receive(:send_voice_message) + .with(expected_message) + .and_return(pinpoint_response) expect(backup_pinpoint_client).to_not receive(:send_voice_message) end @@ -242,9 +242,9 @@ def mock_build_clients(client: pinpoint_client, backup_client: backup_pinpoint_c # second config succeeds expected_message[:origination_phone_number] = backup_longcode - expect(backup_pinpoint_client).to receive(:send_voice_message). - with(expected_message). - and_return(pinpoint_response) + expect(backup_pinpoint_client).to receive(:send_voice_message) + .with(expected_message) + .and_return(pinpoint_response) end it 'logs a warning and tries the other configs' do diff --git a/spec/lib/telephony/telephony_spec.rb b/spec/lib/telephony/telephony_spec.rb index 1c71c6005ac..723d2263cb5 100644 --- a/spec/lib/telephony/telephony_spec.rb +++ b/spec/lib/telephony/telephony_spec.rb @@ -52,8 +52,8 @@ ).to eq 124 # The double-length characters should count as twice their length - expect(Telephony.sms_character_length(Telephony::GSM_DOUBLE_CHARACTERS.join(''))). - to eq(Telephony::GSM_DOUBLE_CHARACTERS.length * 2) + expect(Telephony.sms_character_length(Telephony::GSM_DOUBLE_CHARACTERS.join(''))) + .to eq(Telephony::GSM_DOUBLE_CHARACTERS.length * 2) # Space, new line, and carriage return all count as 1 character expect(Telephony.sms_character_length("\n\r ")).to eq 3 @@ -61,8 +61,8 @@ expect(Telephony.sms_character_length("Login.gov\nParty")).to eq 15 random_double_character = Telephony::GSM_DOUBLE_CHARACTERS.to_a.sample - expect(Telephony.sms_character_length("abc\n¥ΔΦΓΛΩΠΨΣΘΞ#{random_double_character}")). - to eq 17 + expect(Telephony.sms_character_length("abc\n¥ΔΦΓΛΩΠΨΣΘΞ#{random_double_character}")) + .to eq 17 end it 'calculates correct length of messages containing non-GSM characters' do diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb index 4bf1af6242b..297b4c5a7f9 100644 --- a/spec/mailers/previews/user_mailer_preview.rb +++ b/spec/mailers/previews/user_mailer_preview.rb @@ -1,15 +1,15 @@ class UserMailerPreview < ActionMailer::Preview def email_confirmation_instructions - UserMailer.with(user: user, email_address: email_address_record). - email_confirmation_instructions( + UserMailer.with(user: user, email_address: email_address_record) + .email_confirmation_instructions( SecureRandom.hex, request_id: SecureRandom.uuid, ) end def signup_with_your_email - UserMailer.with(user: user, email_address: email_address_record). - signup_with_your_email(request_id: SecureRandom.uuid) + UserMailer.with(user: user, email_address: email_address_record) + .signup_with_your_email(request_id: SecureRandom.uuid) end def reset_password_instructions @@ -35,18 +35,18 @@ def reset_password_instructions_with_pending_in_person_warning end def password_changed - UserMailer.with(user: user, email_address: email_address_record). - password_changed(disavowal_token: SecureRandom.hex) + UserMailer.with(user: user, email_address: email_address_record) + .password_changed(disavowal_token: SecureRandom.hex) end def phone_added - UserMailer.with(user: user, email_address: email_address_record). - phone_added(disavowal_token: SecureRandom.hex) + UserMailer.with(user: user, email_address: email_address_record) + .phone_added(disavowal_token: SecureRandom.hex) end def personal_key_sign_in - UserMailer.with(user: user, email_address: email_address_record). - personal_key_sign_in(disavowal_token: SecureRandom.hex) + UserMailer.with(user: user, email_address: email_address_record) + .personal_key_sign_in(disavowal_token: SecureRandom.hex) end def new_device_sign_in_after_2fa @@ -144,8 +144,8 @@ def verify_by_mail_letter_requested end def add_email - UserMailer.with(user: user, email_address: email_address_record). - add_email(token: SecureRandom.hex, request_id: nil) + UserMailer.with(user: user, email_address: email_address_record) + .add_email(token: SecureRandom.hex, request_id: nil) end def email_added @@ -157,8 +157,8 @@ def email_deleted end def add_email_associated_with_another_account - UserMailer.with(user: user, email_address: email_address_record). - add_email_associated_with_another_account + UserMailer.with(user: user, email_address: email_address_record) + .add_email_associated_with_another_account end def account_verified diff --git a/spec/mailers/report_mailer_spec.rb b/spec/mailers/report_mailer_spec.rb index de7988e5d81..414f62a9ec7 100644 --- a/spec/mailers/report_mailer_spec.rb +++ b/spec/mailers/report_mailer_spec.rb @@ -112,8 +112,8 @@ it 'renders the tables in HTML', aggregate_failures: true do doc = Nokogiri::HTML(mail.html_part.body.to_s) - expect(doc.css('h2').map(&:text)). - to eq(['Table 1', 'Custom Table 2', 'Custom Table 3 With Very Long Name']) + expect(doc.css('h2').map(&:text)) + .to eq(['Table 1', 'Custom Table 2', 'Custom Table 3 With Very Long Name']) _first_table, percent_table, float_table = doc.css('table') @@ -144,8 +144,8 @@ tables = mail.attachments.map { |a| CSV.parse(a.read) } expect(tables).to eq( - [first_table, second_table, third_table]. - map { |table| table.map { |row| row.map(&:to_s) } }, + [first_table, second_table, third_table] + .map { |table| table.map { |row| row.map(&:to_s) } }, ) end end diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb index 8155d26713a..8e273ac41ef 100644 --- a/spec/mailers/user_mailer_spec.rb +++ b/spec/mailers/user_mailer_spec.rb @@ -12,8 +12,8 @@ describe '#validate_user_and_email_address' do let(:request_id) { '1234-abcd' } let(:mail) do - UserMailer.with(user: user, email_address: email_address). - signup_with_your_email(request_id: request_id) + UserMailer.with(user: user, email_address: email_address) + .signup_with_your_email(request_id: request_id) end context 'with user and email address match' do @@ -35,8 +35,8 @@ describe '#add_email' do let(:token) { SecureRandom.hex } let(:mail) do - UserMailer.with(user: user, email_address: email_address). - add_email(token: token, request_id: nil, from_select_email_flow: nil) + UserMailer.with(user: user, email_address: email_address) + .add_email(token: token, request_id: nil, from_select_email_flow: nil) end it_behaves_like 'a system email' @@ -52,8 +52,8 @@ context 'when user adds email from select email flow' do let(:token) { SecureRandom.hex } let(:mail) do - UserMailer.with(user: user, email_address: email_address). - add_email(token: token, request_id: nil, from_select_email_flow: true) + UserMailer.with(user: user, email_address: email_address) + .add_email(token: token, request_id: nil, from_select_email_flow: true) end it 'renders the add_email_confirmation_url' do @@ -93,8 +93,8 @@ describe '#add_email_associated_with_another_account' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - add_email_associated_with_another_account + UserMailer.with(user: user, email_address: email_address) + .add_email_associated_with_another_account end it_behaves_like 'a system email' @@ -291,8 +291,8 @@ describe '#personal_key_sign_in' do let(:mail) do - UserMailer.with(user: user, email_address: user.email_addresses.first). - personal_key_sign_in(disavowal_token: 'asdf1234') + UserMailer.with(user: user, email_address: user.email_addresses.first) + .personal_key_sign_in(disavowal_token: 'asdf1234') end it_behaves_like 'a system email' @@ -321,8 +321,8 @@ let(:token) { 'asdf123' } let(:mail) do - UserMailer.with(user: user, email_address: user.email_addresses.first). - email_confirmation_instructions( + UserMailer.with(user: user, email_address: user.email_addresses.first) + .email_confirmation_instructions( token, request_id: request_id, ) @@ -386,8 +386,8 @@ describe '#signup_with_your_email' do let(:request_id) { '1234-abcd' } let(:mail) do - UserMailer.with(user: user, email_address: user.email_addresses.first). - signup_with_your_email(request_id: request_id) + UserMailer.with(user: user, email_address: user.email_addresses.first) + .signup_with_your_email(request_id: request_id) end it_behaves_like 'a system email' @@ -423,8 +423,8 @@ describe '#phone_added' do disavowal_token = 'i_am_disavowal_token' let(:mail) do - UserMailer.with(user: user, email_address: email_address). - phone_added(disavowal_token: disavowal_token) + UserMailer.with(user: user, email_address: email_address) + .phone_added(disavowal_token: disavowal_token) end it_behaves_like 'a system email' @@ -509,8 +509,8 @@ def expect_email_body_to_have_help_and_contact_links describe '#account_reset_granted' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - account_reset_granted(user.account_reset_request) + UserMailer.with(user: user, email_address: email_address) + .account_reset_granted(user.account_reset_request) end let(:account_reset_deletion_period_hours) { '24 hours' } let(:token_expiration_interval) { '24 hours' } @@ -556,8 +556,8 @@ def expect_email_body_to_have_help_and_contact_links describe '#account_reset_complete' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - account_reset_complete + UserMailer.with(user: user, email_address: email_address) + .account_reset_complete end it_behaves_like 'a system email' @@ -572,8 +572,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( strip_tags(t('user_mailer.account_reset_complete.intro_html', app_name_html: APP_NAME)), ) end @@ -581,8 +581,8 @@ def expect_email_body_to_have_help_and_contact_links describe '#account_delete_submitted' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - account_delete_submitted + UserMailer.with(user: user, email_address: email_address) + .account_delete_submitted end it_behaves_like 'a system email' @@ -597,8 +597,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( strip_tags(t('user_mailer.account_reset_complete.intro_html', app_name_html: APP_NAME)), ) end @@ -606,8 +606,8 @@ def expect_email_body_to_have_help_and_contact_links describe '#account_reset_cancel' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - account_reset_cancel + UserMailer.with(user: user, email_address: email_address) + .account_reset_cancel end it_behaves_like 'a system email' @@ -622,8 +622,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( strip_tags(t('user_mailer.account_reset_cancel.intro_html', app_name_html: APP_NAME)), ) end @@ -644,13 +644,13 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( strip_tags(t('user_mailer.please_reset_password.intro', app_name: APP_NAME)), ) - expect(mail.html_part.body). - to have_content(strip_tags(t('user_mailer.please_reset_password.call_to_action'))) + expect(mail.html_part.body) + .to have_content(strip_tags(t('user_mailer.please_reset_password.call_to_action'))) end it 'logs email metadata to analytics' do @@ -779,8 +779,8 @@ def expect_email_body_to_have_help_and_contact_links let(:date_time) { Time.zone.now } let(:profile) { create(:profile, :active) } let(:mail) do - UserMailer.with(user: user, email_address: email_address). - account_verified(profile: profile) + UserMailer.with(user: user, email_address: email_address) + .account_verified(profile: profile) end it_behaves_like 'a system email' @@ -867,15 +867,15 @@ def expect_email_body_to_have_help_and_contact_links let(:in_person_outage_expected_update_date) { 'October 31, 2023' } it 'renders a warning when the flag is enabled' do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date). - and_return(in_person_outage_emailed_by_date) - allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date). - and_return(in_person_outage_expected_update_date) - - expect(mail.html_part.body). - to have_content( + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date) + .and_return(in_person_outage_emailed_by_date) + allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date) + .and_return(in_person_outage_expected_update_date) + + expect(mail.html_part.body) + .to have_content( t( 'idv.failure.exceptions.in_person_outage_error_message.ready_to_verify.title', date: formatted_date, @@ -884,12 +884,12 @@ def expect_email_body_to_have_help_and_contact_links end it 'does not render a warning when outage dates are not included' do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date). - and_return('') - allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date). - and_return('') + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date) + .and_return('') + allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date) + .and_return('') expect(mail.html_part.body).to_not have_content( t( @@ -900,11 +900,11 @@ def expect_email_body_to_have_help_and_contact_links end it 'does not render a warning when the flag is disabled' do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(false) - expect(mail.html_part.body). - to_not have_content( + expect(mail.html_part.body) + .to_not have_content( t('idv.failure.exceptions.in_person_outage_error_message.ready_to_verify.title'), ) end @@ -1100,8 +1100,8 @@ def expect_email_body_to_have_help_and_contact_links expect(mail.html_part.body).to have_content(part) end - t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list'). - each do |item| + t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list') + .each do |item| expect(mail.html_part.body).to have_content(strip_tags(item)) end end @@ -1124,8 +1124,8 @@ def expect_email_body_to_have_help_and_contact_links expect(mail.html_part.body).to have_content(part) end - t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list'). - each do |item| + t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list') + .each do |item| expect(mail.html_part.body).to have_content(strip_tags(item)) end end @@ -1338,15 +1338,15 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( t( 'user_mailer.in_person_completion_survey.body.thanks', app_name: APP_NAME, ), ) - expect(mail.html_part.body). - to have_selector( + expect(mail.html_part.body) + .to have_selector( "a[href='#{MarketingSite.security_and_privacy_practices_url}']", ) end @@ -1358,8 +1358,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the post opt-in in person completion survey url' do - expect(mail.html_part.body). - to have_selector( + expect(mail.html_part.body) + .to have_selector( "a[href='#{IdentityConfig.store.in_person_opt_in_available_completion_survey_url}']", ) end @@ -1372,8 +1372,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the pre opt-in in person completion survey url' do - expect(mail.html_part.body). - to have_selector( + expect(mail.html_part.body) + .to have_selector( "a[href='#{IdentityConfig.store.in_person_completion_survey_url}']", ) end @@ -1383,8 +1383,8 @@ def expect_email_body_to_have_help_and_contact_links describe '#suspended_reset_password' do let(:mail) do - UserMailer.with(user: user, email_address: email_address). - suspended_reset_password + UserMailer.with(user: user, email_address: email_address) + .suspended_reset_password end it_behaves_like 'a system email' @@ -1399,8 +1399,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( t( 'user_mailer.suspended_reset_password.message', support_code: IdentityConfig.store.account_suspended_support_code, @@ -1427,8 +1427,8 @@ def expect_email_body_to_have_help_and_contact_links end it 'renders the body' do - expect(mail.html_part.body). - to have_content( + expect(mail.html_part.body) + .to have_content( t( 'user_mailer.suspended_create_account.message', app_name: APP_NAME, @@ -1555,10 +1555,10 @@ def expect_email_body_to_have_help_and_contact_links let(:user) { build(:user, email_language: :es) } it 'translates the footer help text correctly' do - expect(mail.html_part.body). - to include(t('user_mailer.suspension_confirmed.contact_agency', locale: :es)) - expect(mail.html_part.body). - to_not include(t('user_mailer.suspension_confirmed.contact_agency', locale: :en)) + expect(mail.html_part.body) + .to include(t('user_mailer.suspension_confirmed.contact_agency', locale: :es)) + expect(mail.html_part.body) + .to_not include(t('user_mailer.suspension_confirmed.contact_agency', locale: :en)) end end end diff --git a/spec/models/agreements/iaa_gtc_spec.rb b/spec/models/agreements/iaa_gtc_spec.rb index 394fa9ed94a..c7bcecbecee 100644 --- a/spec/models/agreements/iaa_gtc_spec.rb +++ b/spec/models/agreements/iaa_gtc_spec.rb @@ -8,15 +8,15 @@ it { is_expected.to validate_uniqueness_of(:gtc_number) } it { is_expected.to validate_presence_of(:mod_number) } it do - is_expected.to validate_numericality_of(:mod_number). - only_integer. - is_greater_than_or_equal_to(0) + is_expected.to validate_numericality_of(:mod_number) + .only_integer + .is_greater_than_or_equal_to(0) end it do - is_expected.to validate_numericality_of(:estimated_amount). - is_less_than(10_000_000_000). - is_greater_than_or_equal_to(0). - allow_nil + is_expected.to validate_numericality_of(:estimated_amount) + .is_less_than(10_000_000_000) + .is_greater_than_or_equal_to(0) + .allow_nil end it { is_expected.to validate_presence_of(:start_date) } it { is_expected.to validate_presence_of(:end_date) } diff --git a/spec/models/agreements/iaa_order_spec.rb b/spec/models/agreements/iaa_order_spec.rb index f5a3cf44a92..dfd5d099c11 100644 --- a/spec/models/agreements/iaa_order_spec.rb +++ b/spec/models/agreements/iaa_order_spec.rb @@ -7,27 +7,27 @@ it { is_expected.to validate_presence_of(:order_number) } it { is_expected.to validate_uniqueness_of(:order_number).scoped_to(:iaa_gtc_id) } it do - is_expected.to validate_numericality_of(:order_number). - only_integer. - is_greater_than_or_equal_to(0) + is_expected.to validate_numericality_of(:order_number) + .only_integer + .is_greater_than_or_equal_to(0) end it { is_expected.to validate_presence_of(:mod_number) } it do - is_expected.to validate_numericality_of(:mod_number). - only_integer. - is_greater_than_or_equal_to(0) + is_expected.to validate_numericality_of(:mod_number) + .only_integer + .is_greater_than_or_equal_to(0) end it { is_expected.to validate_presence_of(:pricing_model) } it do - is_expected.to validate_numericality_of(:pricing_model). - only_integer. - is_greater_than_or_equal_to(0) + is_expected.to validate_numericality_of(:pricing_model) + .only_integer + .is_greater_than_or_equal_to(0) end it do - is_expected.to validate_numericality_of(:estimated_amount). - is_less_than(10_000_000_000). - is_greater_than_or_equal_to(0). - allow_nil + is_expected.to validate_numericality_of(:estimated_amount) + .is_less_than(10_000_000_000) + .is_greater_than_or_equal_to(0) + .allow_nil end it { is_expected.to validate_presence_of(:start_date) } it { is_expected.to validate_presence_of(:end_date) } diff --git a/spec/models/agreements/integration_spec.rb b/spec/models/agreements/integration_spec.rb index 81ad9da74ca..dbeb2245066 100644 --- a/spec/models/agreements/integration_spec.rb +++ b/spec/models/agreements/integration_spec.rb @@ -9,9 +9,9 @@ it { is_expected.to validate_presence_of(:name) } it { is_expected.to validate_uniqueness_of(:dashboard_identifier).allow_nil } it do - is_expected.to validate_numericality_of(:dashboard_identifier). - only_integer. - is_greater_than(0) + is_expected.to validate_numericality_of(:dashboard_identifier) + .only_integer + .is_greater_than(0) end it { is_expected.to belong_to(:partner_account) } diff --git a/spec/models/in_person_enrollment_spec.rb b/spec/models/in_person_enrollment_spec.rb index 0a6e70ac233..290abe0d61b 100644 --- a/spec/models/in_person_enrollment_spec.rb +++ b/spec/models/in_person_enrollment_spec.rb @@ -10,8 +10,8 @@ describe 'Status' do it 'defines enum correctly' do - should define_enum_for(:status). - with_values([:establishing, :pending, :passed, :failed, :expired, :cancelled]) + should define_enum_for(:status) + .with_values([:establishing, :pending, :passed, :failed, :expired, :cancelled]) end end @@ -20,8 +20,8 @@ user1 = create(:user) user2 = create(:user) profile2 = create(:profile, gpo_verification_pending_at: 1.day.ago, user: user2) - expect { create(:in_person_enrollment, user: user1, profile: profile2) }. - to raise_error ActiveRecord::RecordInvalid + expect { create(:in_person_enrollment, user: user1, profile: profile2) } + .to raise_error ActiveRecord::RecordInvalid expect(InPersonEnrollment.count).to eq 0 end @@ -31,8 +31,8 @@ profile2 = create(:profile, gpo_verification_pending_at: 1.day.ago, user: user) create(:in_person_enrollment, user: user, profile: profile, status: :pending) expect(InPersonEnrollment.pending.count).to eq 1 - expect { create(:in_person_enrollment, user: user, profile: profile2, status: :pending) }. - to raise_error ActiveRecord::RecordNotUnique + expect { create(:in_person_enrollment, user: user, profile: profile2, status: :pending) } + .to raise_error ActiveRecord::RecordNotUnique expect(InPersonEnrollment.pending.count).to eq 1 end @@ -41,8 +41,8 @@ profile = create(:profile, gpo_verification_pending_at: 1.day.ago, user: user) unique_id = InPersonEnrollment.generate_unique_id create(:in_person_enrollment, user: user, profile: profile, unique_id: unique_id) - expect { create(:in_person_enrollment, user: user, profile: profile, unique_id: unique_id) }. - to raise_error ActiveRecord::RecordNotUnique + expect { create(:in_person_enrollment, user: user, profile: profile, unique_id: unique_id) } + .to raise_error ActiveRecord::RecordNotUnique expect(InPersonEnrollment.count).to eq 1 end @@ -388,10 +388,10 @@ let(:validity_in_days) { 10 } before do - allow(IdentityConfig.store). - to( - receive(:in_person_enrollment_validity_in_days). - and_return(validity_in_days), + allow(IdentityConfig.store) + .to( + receive(:in_person_enrollment_validity_in_days) + .and_return(validity_in_days), ) end @@ -461,10 +461,10 @@ context 'eipp enrollment' do let(:eipp_validity_in_days) { 7 } before do - allow(IdentityConfig.store). - to( - receive(:in_person_eipp_enrollment_validity_in_days). - and_return(eipp_validity_in_days), + allow(IdentityConfig.store) + .to( + receive(:in_person_eipp_enrollment_validity_in_days) + .and_return(eipp_validity_in_days), ) end it 'days_to_due_date returns the number of days left until the due date' do diff --git a/spec/models/phone_number_opt_out_spec.rb b/spec/models/phone_number_opt_out_spec.rb index 942681208af..18d4a964366 100644 --- a/spec/models/phone_number_opt_out_spec.rb +++ b/spec/models/phone_number_opt_out_spec.rb @@ -29,8 +29,8 @@ spaces = '+1 888 867 5309' dashes = '+1-888-867-5309' - expect(PhoneNumberOptOut.create_or_find_with_phone(spaces).id). - to eq(PhoneNumberOptOut.create_or_find_with_phone(dashes).id) + expect(PhoneNumberOptOut.create_or_find_with_phone(spaces).id) + .to eq(PhoneNumberOptOut.create_or_find_with_phone(dashes).id) end end @@ -51,8 +51,8 @@ it 'formats the phone internationally' do unformatted = '1 (888) 867-5309' - expect(PhoneNumberOptOut.create_or_find_with_phone(unformatted).formatted_phone). - to eq('+1 888-867-5309') + expect(PhoneNumberOptOut.create_or_find_with_phone(unformatted).formatted_phone) + .to eq('+1 888-867-5309') end end diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb index 10a5cc1aa64..1e7f1ffeec1 100644 --- a/spec/models/profile_spec.rb +++ b/spec/models/profile_spec.rb @@ -112,24 +112,24 @@ encrypt_pii - expect(user.reload.encrypted_recovery_code_digest_generated_at.to_i). - to be_within(1).of(Time.zone.now.to_i) + expect(user.reload.encrypted_recovery_code_digest_generated_at.to_i) + .to be_within(1).of(Time.zone.now.to_i) end context 'ssn fingerprinting' do it 'fingerprints the ssn' do - expect { encrypt_pii }. - to change { profile.ssn_signature }. - from(nil).to(Pii::Fingerprinter.fingerprint(ssn)) + expect { encrypt_pii } + .to change { profile.ssn_signature } + .from(nil).to(Pii::Fingerprinter.fingerprint(ssn)) end context 'ssn is blank' do let(:ssn) { nil } it 'does not fingerprint the SSN' do - expect { encrypt_pii }. - to_not change { profile.ssn_signature }. - from(nil) + expect { encrypt_pii } + .to_not change { profile.ssn_signature } + .from(nil) end end end @@ -144,18 +144,18 @@ ].join(':'), ) - expect { encrypt_pii }. - to change { profile.name_zip_birth_year_signature }. - from(nil).to(fingerprint) + expect { encrypt_pii } + .to change { profile.name_zip_birth_year_signature } + .from(nil).to(fingerprint) end context 'when a part of the compound PII key is missing' do let(:dob) { nil } it 'does not write a fingerprint' do - expect { encrypt_pii }. - to_not change { profile.name_zip_birth_year_signature }. - from(nil) + expect { encrypt_pii } + .to_not change { profile.name_zip_birth_year_signature } + .from(nil) end end end @@ -265,8 +265,8 @@ expect(profile.verified_at).to be_present # changed # TODO: call activate on the new profile instead - expect { user.profiles.create!(active: true) }. - to raise_error(ActiveRecord::RecordInvalid) + expect { user.profiles.create!(active: true) } + .to raise_error(ActiveRecord::RecordInvalid) end it 'prevents save! via psql unique partial index' do @@ -393,8 +393,8 @@ it 'sends a reproof completed push event' do profile = create(:profile, :active, user: user) - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::ReproofCompletedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::ReproofCompletedEvent.new(user: user)) expect(profile.activated_at).to be_present expect(profile.active).to eq(true) @@ -1164,8 +1164,8 @@ profile.fraud_pending_reason = 'threatmetrix_review' expect { profile.deactivate_for_fraud_review }.to( - change { profile.fraud_review_pending? }.from(false).to(true). - and(change { profile.in_person_verification_pending_at }.to(nil)), + change { profile.fraud_review_pending? }.from(false).to(true) + .and(change { profile.in_person_verification_pending_at }.to(nil)), ) expect(profile).to_not be_active diff --git a/spec/models/service_provider_identity_spec.rb b/spec/models/service_provider_identity_spec.rb index 4d21613b5ac..6b1fcb95a63 100644 --- a/spec/models/service_provider_identity_spec.rb +++ b/spec/models/service_provider_identity_spec.rb @@ -28,8 +28,8 @@ identity = create(:service_provider_identity) identity.uuid = nil - expect { identity.save }. - to raise_error( + expect { identity.save } + .to raise_error( ActiveRecord::NotNullViolation, /null value in column "uuid".*violates not-null constraint/, ) @@ -41,8 +41,8 @@ identity2 = create(:service_provider_identity) identity2.uuid = identity1.uuid - expect { identity2.save }. - to raise_error( + expect { identity2.save } + .to raise_error( ActiveRecord::StatementInvalid, /duplicate key value violates unique constraint/, ) @@ -71,8 +71,8 @@ it 'generates it via SecureRandom.uuid' do identity = build(:service_provider_identity) - expect(identity.generate_uuid). - to match(/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/) + expect(identity.generate_uuid) + .to match(/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/) end end end @@ -123,14 +123,14 @@ describe 'uniqueness validation for service provider per user' do it 'raises an error when uniqueness constraint is broken' do ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp') - expect { ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp') }. - to raise_error(ActiveRecord::RecordNotUnique) + expect { ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp') } + .to raise_error(ActiveRecord::RecordNotUnique) end it 'does not raise an error for a different service provider' do ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp') - expect { ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp2') }. - to_not raise_error + expect { ServiceProviderIdentity.create(user_id: user.id, service_provider: 'externalapp2') } + .to_not raise_error end end diff --git a/spec/models/service_provider_spec.rb b/spec/models/service_provider_spec.rb index 387a17e1dbb..bc52f9ea8b9 100644 --- a/spec/models/service_provider_spec.rb +++ b/spec/models/service_provider_spec.rb @@ -9,10 +9,10 @@ it { is_expected.to belong_to(:agency) } it do - is_expected.to have_many(:identities). - inverse_of(:service_provider_record). - with_foreign_key('service_provider'). - with_primary_key('issuer') + is_expected.to have_many(:identities) + .inverse_of(:service_provider_record) + .with_foreign_key('service_provider') + .with_primary_key('issuer') end end @@ -65,8 +65,8 @@ describe '#skip_encryption_allowed' do context 'SP in allowed list' do before do - allow(IdentityConfig.store).to receive(:skip_encryption_allowed_list). - and_return(['http://localhost:3000']) + allow(IdentityConfig.store).to receive(:skip_encryption_allowed_list) + .and_return(['http://localhost:3000']) end it 'allows the SP to optionally skip encrypting the SAML response' do @@ -84,8 +84,8 @@ describe '#facial_match_ial_allowed?' do context 'when facial match general availability is enabled' do before do - allow(IdentityConfig.store).to receive(:facial_match_general_availability_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:facial_match_general_availability_enabled) + .and_return(true) end it 'allows the service provider to use facial match IALs' do @@ -95,8 +95,8 @@ context 'when the facial match general availability is disabled' do before do - allow(IdentityConfig.store).to receive(:facial_match_general_availability_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:facial_match_general_availability_enabled) + .and_return(false) end it 'does not allow the service provider to use facial match IALs' do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 288f591a368..38353bf3e52 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -12,13 +12,13 @@ it { is_expected.to have_many(:webauthn_configurations) } it { is_expected.to have_many(:in_person_enrollments).dependent(:destroy) } it { - is_expected.to have_one(:pending_in_person_enrollment). - conditions(status: :pending). - order(created_at: :desc). - class_name('InPersonEnrollment'). - with_foreign_key(:user_id). - inverse_of(:user). - dependent(:destroy) + is_expected.to have_one(:pending_in_person_enrollment) + .conditions(status: :pending) + .order(created_at: :desc) + .class_name('InPersonEnrollment') + .with_foreign_key(:user_id) + .inverse_of(:user) + .dependent(:destroy) } end @@ -49,8 +49,8 @@ user = create(:user) user.uuid = nil - expect { user.save }. - to raise_error( + expect { user.save } + .to raise_error( ActiveRecord::NotNullViolation, /null value in column "uuid".*violates not-null constraint/, ) @@ -62,8 +62,8 @@ user2 = create(:user, email: "mkuniqu.#{user1.email}") user2.uuid = user1.uuid - expect { user2.save }. - to raise_error( + expect { user2.save } + .to raise_error( ActiveRecord::StatementInvalid, /duplicate key value violates unique constraint/, ) @@ -92,8 +92,8 @@ it 'generates it via SecureRandom.uuid' do user = build(:user) - expect(user.generate_uuid). - to match(/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/) + expect(user.generate_uuid) + .to match(/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/) end end end @@ -586,10 +586,10 @@ let(:accepted_terms_at) { nil } let(:user) { create(:user, :fully_registered, accepted_terms_at: accepted_terms_at) } before do - allow(IdentityConfig.store).to receive(:rules_of_use_horizon_years). - and_return(rules_of_use_horizon_years) - allow(IdentityConfig.store).to receive(:rules_of_use_updated_at). - and_return(rules_of_use_updated_at) + allow(IdentityConfig.store).to receive(:rules_of_use_horizon_years) + .and_return(rules_of_use_horizon_years) + allow(IdentityConfig.store).to receive(:rules_of_use_updated_at) + .and_return(rules_of_use_updated_at) end context 'when a user has not accepted rules of use yet' do @@ -1002,8 +1002,8 @@ end it 'send account disabled push event' do - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::AccountDisabledEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::AccountDisabledEvent.new( user: user, )) user.suspend! @@ -1055,8 +1055,8 @@ email_addresses = user.email_addresses email_address = email_addresses.last expect(email_addresses.count).to eq 1 - expect { user.reinstate! }. - to(change { SuspendedEmail.find_with_email(email_address.email) }.to(nil)) + expect { user.reinstate! } + .to(change { SuspendedEmail.find_with_email(email_address.email) }.to(nil)) expect(user.email_addresses.reload.last).to be_present end @@ -1072,8 +1072,8 @@ end it 'send account enabled push event' do - expect(PushNotification::HttpPush).to receive(:deliver).once. - with(PushNotification::AccountEnabledEvent.new( + expect(PushNotification::HttpPush).to receive(:deliver).once + .with(PushNotification::AccountEnabledEvent.new( user: user, )) user.reinstate! @@ -1098,8 +1098,8 @@ let(:issuer) { service_provider.issuer } before do - allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?). - and_return(true) + allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?) + .and_return(true) end def test_send_survey(should_send) @@ -1182,8 +1182,8 @@ def it_should_not_send_survey end before do - allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?). - and_return(false) + allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?) + .and_return(false) end it 'should not send survey' do @@ -1206,10 +1206,10 @@ def it_should_not_send_survey describe '#broken_personal_key?' do before do - allow(IdentityConfig.store).to receive(:broken_personal_key_window_start). - and_return(3.days.ago) - allow(IdentityConfig.store).to receive(:broken_personal_key_window_finish). - and_return(1.day.ago) + allow(IdentityConfig.store).to receive(:broken_personal_key_window_start) + .and_return(3.days.ago) + allow(IdentityConfig.store).to receive(:broken_personal_key_window_finish) + .and_return(1.day.ago) end let(:user) { build(:user) } @@ -1532,8 +1532,8 @@ def it_should_not_send_survey end it 'interleaves identities and events, decorates events, and sorts them in descending order' do - expect(user.recent_events). - to eq [another_event.decorate, identity, event.decorate] + expect(user.recent_events) + .to eq [another_event.decorate, identity, event.decorate] end end @@ -1640,14 +1640,14 @@ def it_should_not_send_survey it 'returns ial1 if identity is not verified' do allow(user).to receive(:identity_verified?).and_return(false) - expect(user.delete_account_bullet_key). - to eq t('users.delete.bullet_2_basic', app_name: APP_NAME) + expect(user.delete_account_bullet_key) + .to eq t('users.delete.bullet_2_basic', app_name: APP_NAME) end it 'returns ial2 if identity is verified' do allow(user).to receive(:identity_verified?).and_return(true) - expect(user.delete_account_bullet_key). - to eq t('users.delete.bullet_2_verified', app_name: APP_NAME) + expect(user.delete_account_bullet_key) + .to eq t('users.delete.bullet_2_verified', app_name: APP_NAME) end end diff --git a/spec/policies/idv/flow_policy_spec.rb b/spec/policies/idv/flow_policy_spec.rb index 8561f382d84..246cb8ddf1b 100644 --- a/spec/policies/idv/flow_policy_spec.rb +++ b/spec/policies/idv/flow_policy_spec.rb @@ -146,8 +146,8 @@ context 'each step in the flow' do before do - allow(Idv::PhoneConfirmationSession).to receive(:from_h). - with(user_phone_confirmation_session).and_return(user_phone_confirmation_session) + allow(Idv::PhoneConfirmationSession).to receive(:from_h) + .with(user_phone_confirmation_session).and_return(user_phone_confirmation_session) allow(user).to receive(:gpo_pending_profile?).and_return(has_gpo_pending_profile) end context 'empty session' do @@ -227,8 +227,8 @@ it 'returns ipp_ssn' do expect(subject.info_for_latest_step.key).to eq(:ipp_ssn) expect(subject.controller_allowed?(controller: Idv::InPerson::SsnController)).to be - expect(subject.controller_allowed?(controller: Idv::InPerson::VerifyInfoController)). - not_to be + expect(subject.controller_allowed?(controller: Idv::InPerson::VerifyInfoController)) + .not_to be end end diff --git a/spec/policies/idv/gpo_verify_by_mail_policy_spec.rb b/spec/policies/idv/gpo_verify_by_mail_policy_spec.rb index 99f3eeeeed6..e941d2dbe0a 100644 --- a/spec/policies/idv/gpo_verify_by_mail_policy_spec.rb +++ b/spec/policies/idv/gpo_verify_by_mail_policy_spec.rb @@ -15,8 +15,8 @@ describe '#resend_letter_available?' do context 'when the feature flag is off' do before do - allow(IdentityConfig.store).to receive(:enable_usps_verification). - and_return false + allow(IdentityConfig.store).to receive(:enable_usps_verification) + .and_return false end it 'returns false' do @@ -26,8 +26,8 @@ context 'when the feature flag is on' do before do - allow(IdentityConfig.store).to receive(:enable_usps_verification). - and_return true + allow(IdentityConfig.store).to receive(:enable_usps_verification) + .and_return true end it 'returns false when the user is rate-limited' do @@ -55,8 +55,8 @@ describe '#send_letter_available?' do context 'when the feature flag is off' do before do - allow(IdentityConfig.store).to receive(:enable_usps_verification). - and_return false + allow(IdentityConfig.store).to receive(:enable_usps_verification) + .and_return false end it 'returns false' do @@ -66,8 +66,8 @@ context 'when the feature flag is on' do before do - allow(IdentityConfig.store).to receive(:enable_usps_verification). - and_return true + allow(IdentityConfig.store).to receive(:enable_usps_verification) + .and_return true end it 'returns true when the user is not rate-limited' do @@ -119,12 +119,12 @@ let(:minimum_wait_before_another_usps_letter_in_hours) { 24 } before do - allow(IdentityConfig.store).to receive(:max_mail_events). - and_return(max_letter_request_events) - allow(IdentityConfig.store).to receive(:max_mail_events_window_in_days). - and_return(letter_request_events_window_days) - allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours). - and_return(minimum_wait_before_another_usps_letter_in_hours) + allow(IdentityConfig.store).to receive(:max_mail_events) + .and_return(max_letter_request_events) + allow(IdentityConfig.store).to receive(:max_mail_events_window_in_days) + .and_return(letter_request_events_window_days) + allow(IdentityConfig.store).to receive(:minimum_wait_before_another_usps_letter_in_hours) + .and_return(minimum_wait_before_another_usps_letter_in_hours) end context 'when no letters have been requested' do diff --git a/spec/policies/idv/step_info_spec.rb b/spec/policies/idv/step_info_spec.rb index e89f3867b41..e8f59aeaa00 100644 --- a/spec/policies/idv/step_info_spec.rb +++ b/spec/policies/idv/step_info_spec.rb @@ -57,8 +57,8 @@ def self.name end it 'returns an absolute "path" for the controller name' do - expect(Idv::StepInfo.full_controller_name(idv_step_controller_class)). - to eq('/idv/lets/go/deeper/anonymous') + expect(Idv::StepInfo.full_controller_name(idv_step_controller_class)) + .to eq('/idv/lets/go/deeper/anonymous') end end end diff --git a/spec/presenters/account_reset/pending_presenter_spec.rb b/spec/presenters/account_reset/pending_presenter_spec.rb index 631d6976dcc..6be67106fda 100644 --- a/spec/presenters/account_reset/pending_presenter_spec.rb +++ b/spec/presenters/account_reset/pending_presenter_spec.rb @@ -21,8 +21,8 @@ describe '#time_remaining_until_granted' do before { I18n.locale = :en } before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(10) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(10) end context 'fraud user' do diff --git a/spec/presenters/account_show_presenter_spec.rb b/spec/presenters/account_show_presenter_spec.rb index 8c909b36dd3..f06774f5557 100644 --- a/spec/presenters/account_show_presenter_spec.rb +++ b/spec/presenters/account_show_presenter_spec.rb @@ -526,9 +526,9 @@ subject(:connected_apps) { presenter.connected_apps } it 'delegates to user, eager-loading view-specific relations' do - expect(connected_apps).to be_present. - and eq(user.connected_apps). - and all( + expect(connected_apps).to be_present + .and eq(user.connected_apps) + .and all( satisfy do |app| app.association(:service_provider_record).loaded? && app.association(:email_address).loaded? diff --git a/spec/presenters/confirm_delete_email_presenter_spec.rb b/spec/presenters/confirm_delete_email_presenter_spec.rb index cc225532c01..8276fef88ed 100644 --- a/spec/presenters/confirm_delete_email_presenter_spec.rb +++ b/spec/presenters/confirm_delete_email_presenter_spec.rb @@ -7,8 +7,8 @@ describe '#confirm_delete_message' do it 'supplies a message for confirm delete page' do - expect(presenter.confirm_delete_message). - to eq(t('email_addresses.delete.confirm', email: email_address.email)) + expect(presenter.confirm_delete_message) + .to eq(t('email_addresses.delete.confirm', email: email_address.email)) end end end diff --git a/spec/presenters/idv/account_verified_email_presenter_spec.rb b/spec/presenters/idv/account_verified_email_presenter_spec.rb index 27d34501786..a422e1cf0db 100644 --- a/spec/presenters/idv/account_verified_email_presenter_spec.rb +++ b/spec/presenters/idv/account_verified_email_presenter_spec.rb @@ -15,8 +15,8 @@ subject(:presenter) { described_class.new(profile:, url_options: {}) } before do - allow(IdentityConfig.store).to receive(:idv_account_verified_email_campaign_id). - and_return('20241030') + allow(IdentityConfig.store).to receive(:idv_account_verified_email_campaign_id) + .and_return('20241030') end context 'when there is no associated service provider' do diff --git a/spec/presenters/idv/in_person/ready_to_verify_presenter_spec.rb b/spec/presenters/idv/in_person/ready_to_verify_presenter_spec.rb index aae5df981fb..5d0252ef6e5 100644 --- a/spec/presenters/idv/in_person/ready_to_verify_presenter_spec.rb +++ b/spec/presenters/idv/in_person/ready_to_verify_presenter_spec.rb @@ -173,8 +173,8 @@ subject(:update_date) { presenter.formatted_outage_expected_update_date } it 'returns a formatted date for expected update after an outage' do - allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date). - and_return(in_person_outage_expected_update_date) + allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date) + .and_return(in_person_outage_expected_update_date) update_day, update_month = update_date.remove(',').split(' ') expect(Date::DAYNAMES.include?(update_day && update_day.capitalize)).to be_truthy @@ -188,8 +188,8 @@ subject(:email_date) { presenter.formatted_outage_emailed_by_date } it 'returns a formatted email date' do - allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date). - and_return(in_person_outage_emailed_by_date) + allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date) + .and_return(in_person_outage_emailed_by_date) email_day, email_month = email_date.remove(',').split(' ') expect(Date::DAYNAMES.include?(email_day && email_day.capitalize)).to be_truthy @@ -202,14 +202,14 @@ subject(:outage_message_enabled) { presenter.outage_message_enabled? } it 'returns true when the flag is enabled' do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true).once + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true).once expect(outage_message_enabled).to be(true) end it 'returns false when the flag is disabled' do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(false).once + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(false).once expect(outage_message_enabled).to be(false) end end diff --git a/spec/presenters/mfa_confirmation_presenter_spec.rb b/spec/presenters/mfa_confirmation_presenter_spec.rb index 6ccecac9b7a..275eca6f4d9 100644 --- a/spec/presenters/mfa_confirmation_presenter_spec.rb +++ b/spec/presenters/mfa_confirmation_presenter_spec.rb @@ -8,8 +8,8 @@ describe '#heading?' do it 'supplies a message for successful MFA setup' do - expect(presenter.heading). - to eq(t('titles.mfa_setup.suggest_second_mfa')) + expect(presenter.heading) + .to eq(t('titles.mfa_setup.suggest_second_mfa')) end context 'after successful face or touch unlock setup' do @@ -21,16 +21,16 @@ end it 'shows the correct heading' do - expect(presenter.heading). - to eq(t('titles.mfa_setup.face_touch_unlock_confirmation')) + expect(presenter.heading) + .to eq(t('titles.mfa_setup.face_touch_unlock_confirmation')) end end end describe '#info?' do it 'supplies a message for successful MFA setup' do - expect(presenter.info). - to eq( + expect(presenter.info) + .to eq( t('mfa.account_info'), ) end @@ -44,16 +44,16 @@ end it 'shows the correct information' do - expect(presenter.info). - to eq(t('mfa.webauthn_platform_message')) + expect(presenter.info) + .to eq(t('mfa.webauthn_platform_message')) end end end describe '#button?' do it 'supplies a message' do - expect(presenter.button). - to eq(t('mfa.add')) + expect(presenter.button) + .to eq(t('mfa.add')) end end diff --git a/spec/presenters/openid_connect_certs_presenter_spec.rb b/spec/presenters/openid_connect_certs_presenter_spec.rb index 7babb6a127e..da2bc11c601 100644 --- a/spec/presenters/openid_connect_certs_presenter_spec.rb +++ b/spec/presenters/openid_connect_certs_presenter_spec.rb @@ -4,17 +4,23 @@ subject(:presenter) { OpenidConnectCertsPresenter.new } describe '#certs' do - it 'renders the server public key as a JWK set' do + it 'renders the server public keys as a JWK set' do json = presenter.certs - expect(json[:keys].size).to eq(1) + expect(json[:keys].size).to eq(2) expect(json[:keys].all? { |k| k[:alg] == 'RS256' }).to eq(true) expect(json[:keys].all? { |k| k[:use] == 'sig' }).to eq(true) - key_from_response = JWT::JWK.import(json[:keys].first).public_key - public_key = AppArtifacts.store.oidc_public_key + # Primary key should be first + primary_key_from_response, secondary_key_from_response = json[:keys].map do |key| + JWT::JWK.import(key).public_key + end - expect(key_from_response.to_pem).to eq(public_key.to_pem) + primary_public_key = Rails.application.config.oidc_public_key + expect(primary_key_from_response.to_pem).to eq(primary_public_key.to_pem) + + secondary_public_key = Rails.application.config.oidc_public_key_queue.last + expect(secondary_key_from_response.to_pem).to eq(secondary_public_key.to_pem) end end end diff --git a/spec/presenters/openid_connect_configuration_presenter_spec.rb b/spec/presenters/openid_connect_configuration_presenter_spec.rb index 878623ce2ff..e3d094633fe 100644 --- a/spec/presenters/openid_connect_configuration_presenter_spec.rb +++ b/spec/presenters/openid_connect_configuration_presenter_spec.rb @@ -19,8 +19,8 @@ expect(configuration[:service_documentation]).to eq('https://developers.login.gov/') expect(configuration[:response_types_supported]).to eq(%w[code]) expect(configuration[:grant_types_supported]).to eq(%w[authorization_code]) - expect(configuration[:acr_values_supported]). - to match_array(Saml::Idp::Constants::VALID_AUTHN_CONTEXTS) + expect(configuration[:acr_values_supported]) + .to match_array(Saml::Idp::Constants::VALID_AUTHN_CONTEXTS) expect(configuration[:subject_types_supported]).to eq(%w[pairwise]) expect(configuration[:id_token_signing_alg_values_supported]).to eq(%w[RS256]) expect(configuration[:token_endpoint_auth_methods_supported]).to eq(%w[private_key_jwt]) diff --git a/spec/presenters/openid_connect_user_info_presenter_spec.rb b/spec/presenters/openid_connect_user_info_presenter_spec.rb index b0f5d213e2c..2af4dc32ab0 100644 --- a/spec/presenters/openid_connect_user_info_presenter_spec.rb +++ b/spec/presenters/openid_connect_user_info_presenter_spec.rb @@ -385,8 +385,8 @@ end it 'defers to user alternate email' do - expect(identity.user.reload.email_addresses.first.id). - to_not eq(identity.email_address_id) + expect(identity.user.reload.email_addresses.first.id) + .to_not eq(identity.email_address_id) expect(identity.user.reload.email_addresses.count).to be 1 expect(user_info[:email]).to eq(identity.user.email_addresses.last.email) end diff --git a/spec/presenters/risc_configuration_presenter_spec.rb b/spec/presenters/risc_configuration_presenter_spec.rb index 6822b830c6e..100eb80b08f 100644 --- a/spec/presenters/risc_configuration_presenter_spec.rb +++ b/spec/presenters/risc_configuration_presenter_spec.rb @@ -12,8 +12,8 @@ aggregate_failures do expect(configuration[:issuer]).to eq(root_url) expect(configuration[:jwks_uri]).to eq(api_openid_connect_certs_url) - expect(configuration[:delivery_methods_supported]). - to eq([RiscConfigurationPresenter::DELIVERY_METHOD_PUSH]) + expect(configuration[:delivery_methods_supported]) + .to eq([RiscConfigurationPresenter::DELIVERY_METHOD_PUSH]) expect(configuration[:delivery].first).to eq( delivery_method: RiscConfigurationPresenter::DELIVERY_METHOD_PUSH, diff --git a/spec/presenters/two_factor_auth_code/authenticator_delivery_presenter_spec.rb b/spec/presenters/two_factor_auth_code/authenticator_delivery_presenter_spec.rb index fae72c6853d..591cb36dd60 100644 --- a/spec/presenters/two_factor_auth_code/authenticator_delivery_presenter_spec.rb +++ b/spec/presenters/two_factor_auth_code/authenticator_delivery_presenter_spec.rb @@ -3,8 +3,8 @@ RSpec.describe TwoFactorAuthCode::AuthenticatorDeliveryPresenter do let(:view) { ActionController::Base.new.view_context } let(:presenter) do - TwoFactorAuthCode::AuthenticatorDeliveryPresenter. - new(data: {}, view: view, service_provider: nil) + TwoFactorAuthCode::AuthenticatorDeliveryPresenter + .new(data: {}, view: view, service_provider: nil) end describe '#header' do diff --git a/spec/presenters/two_factor_authentication/piv_cac_edit_presenter_spec.rb b/spec/presenters/two_factor_authentication/piv_cac_edit_presenter_spec.rb index 23aa801617c..d485a394fcc 100644 --- a/spec/presenters/two_factor_authentication/piv_cac_edit_presenter_spec.rb +++ b/spec/presenters/two_factor_authentication/piv_cac_edit_presenter_spec.rb @@ -17,8 +17,8 @@ describe '#rename_button_label' do it 'returns rename button label' do - expect(presenter.rename_button_label). - to eq(t('two_factor_authentication.piv_cac.change_nickname')) + expect(presenter.rename_button_label) + .to eq(t('two_factor_authentication.piv_cac.change_nickname')) end end @@ -30,15 +30,15 @@ describe '#rename_success_alert_text' do it 'returns rename success alert text' do - expect(presenter.rename_success_alert_text). - to eq(t('two_factor_authentication.piv_cac.renamed')) + expect(presenter.rename_success_alert_text) + .to eq(t('two_factor_authentication.piv_cac.renamed')) end end describe '#delete_success_alert_text' do it 'returns delete success alert text' do - expect(presenter.delete_success_alert_text). - to eq(t('two_factor_authentication.piv_cac.deleted')) + expect(presenter.delete_success_alert_text) + .to eq(t('two_factor_authentication.piv_cac.deleted')) end end end diff --git a/spec/presenters/two_factor_authentication/sign_in_phone_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/sign_in_phone_selection_presenter_spec.rb index 5de1906cb8b..e7c0e22bfc5 100644 --- a/spec/presenters/two_factor_authentication/sign_in_phone_selection_presenter_spec.rb +++ b/spec/presenters/two_factor_authentication/sign_in_phone_selection_presenter_spec.rb @@ -99,8 +99,8 @@ context 'sms vendor outage' do before do - allow_any_instance_of(OutageStatus).to receive(:vendor_outage?).with(:sms). - and_return(true) + allow_any_instance_of(OutageStatus).to receive(:vendor_outage?).with(:sms) + .and_return(true) end it { expect(presenter.disabled?).to eq(true) } @@ -114,8 +114,8 @@ context 'voice vendor outage' do before do - allow_any_instance_of(OutageStatus).to receive(:vendor_outage?).with(:voice). - and_return(true) + allow_any_instance_of(OutageStatus).to receive(:vendor_outage?).with(:voice) + .and_return(true) end it { expect(presenter.disabled?).to eq(true) } diff --git a/spec/presenters/two_factor_options_presenter_spec.rb b/spec/presenters/two_factor_options_presenter_spec.rb index a86ec05b8d3..7ff35b9d368 100644 --- a/spec/presenters/two_factor_options_presenter_spec.rb +++ b/spec/presenters/two_factor_options_presenter_spec.rb @@ -132,8 +132,8 @@ context 'when a presenter which is recommended' do before do - allow_any_instance_of(TwoFactorAuthentication::SetUpPivCacSelectionPresenter). - to receive(:recommended?).and_return(true) + allow_any_instance_of(TwoFactorAuthentication::SetUpPivCacSelectionPresenter) + .to receive(:recommended?).and_return(true) end it 'orders options by recommended' do diff --git a/spec/requests/csp_spec.rb b/spec/requests/csp_spec.rb index 0a07ae9668f..a120cd872ce 100644 --- a/spec/requests/csp_spec.rb +++ b/spec/requests/csp_spec.rb @@ -4,8 +4,8 @@ context 'on endpoints that will redirect to an SP' do context 'when using client side OIDC redirect' do before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('client_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('client_side') end context 'when openid_connect_content_security_form_action_enabled is enabled' do @@ -95,8 +95,8 @@ context 'when using server side OIDC redirect' do before do - allow(IdentityConfig.store).to receive(:openid_connect_redirect). - and_return('server_side') + allow(IdentityConfig.store).to receive(:openid_connect_redirect) + .and_return('server_side') end context 'when openid_connect_content_security_form_action_enabled is enabled' do diff --git a/spec/requests/openid_connect_authorize_spec.rb b/spec/requests/openid_connect_authorize_spec.rb index 051b1061602..2bcc0929033 100644 --- a/spec/requests/openid_connect_authorize_spec.rb +++ b/spec/requests/openid_connect_authorize_spec.rb @@ -6,8 +6,8 @@ it 'prompts the user to 2FA' do openid_test('select_account') follow_redirect! - expect(response). - to redirect_to login_two_factor_path(otp_delivery_preference: 'sms') + expect(response) + .to redirect_to login_two_factor_path(otp_delivery_preference: 'sms') end it 'prompts the user to 2FA if prompt is login' do @@ -20,8 +20,8 @@ it 'prompts the user to 2FA if prompt is not given' do openid_test follow_redirect! - expect(response). - to redirect_to login_two_factor_path(otp_delivery_preference: 'sms') + expect(response) + .to redirect_to login_two_factor_path(otp_delivery_preference: 'sms') end def openid_test(prompt = nil) diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb index c14757e68cd..027403285fa 100644 --- a/spec/requests/rack_attack_spec.rb +++ b/spec/requests/rack_attack_spec.rb @@ -98,15 +98,15 @@ end expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') expect(analytics).to have_logged_event('Rate Limit Triggered', type: 'req/ip') end it 'does not throttle if the path is in the allowlist' do - allow(IdentityConfig.store).to receive(:requests_per_ip_path_prefixes_allowlist). - and_return(['/account']) + allow(IdentityConfig.store).to receive(:requests_per_ip_path_prefixes_allowlist) + .and_return(['/account']) analytics = FakeAnalytics.new allow(Analytics).to receive(:new).and_return(analytics) @@ -115,8 +115,8 @@ end expect(response.status).to eq(302) - expect(response.body). - to_not include('Please wait a few minutes before you try again.') + expect(response.body) + .to_not include('Please wait a few minutes before you try again.') expect(analytics).to_not have_logged_event('Rate Limit Triggered') end @@ -129,8 +129,8 @@ end expect(response.status).to eq(200) - expect(response.body). - to_not include('Please wait a few minutes before you try again.') + expect(response.body) + .to_not include('Please wait a few minutes before you try again.') expect(analytics).to_not have_logged_event('Rate Limit Triggered') end end @@ -257,8 +257,8 @@ expect(analytics).to have_logged_event('Rate Limit Triggered', type: 'logins/ip') expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') Rack::Attack.cache.store.clear end @@ -316,8 +316,8 @@ expect(analytics).to have_logged_event('Rate Limit Triggered', type: 'logins/email+ip') expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') Rack::Attack.cache.store.clear @@ -385,8 +385,8 @@ type: 'email_registrations/ip', ) expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') Rack::Attack.cache.store.clear end @@ -418,8 +418,8 @@ end expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') end end @@ -449,8 +449,8 @@ end expect(response.status).to eq(429) - expect(response.body). - to include('Please wait a few minutes before you try again.') + expect(response.body) + .to include('Please wait a few minutes before you try again.') expect(response.header['Content-type']).to include('text/html') end end diff --git a/spec/routing/gpo_verification_routing_spec.rb b/spec/routing/gpo_verification_routing_spec.rb index 3db19402e49..3c0579b6b60 100644 --- a/spec/routing/gpo_verification_routing_spec.rb +++ b/spec/routing/gpo_verification_routing_spec.rb @@ -14,8 +14,8 @@ end before do - allow(FeatureManagement).to receive(:gpo_verification_enabled?). - and_return(enable_gpo_verification) + allow(FeatureManagement).to receive(:gpo_verification_enabled?) + .and_return(enable_gpo_verification) Rails.application.reload_routes! end @@ -28,13 +28,13 @@ it 'does not route to endpoints controlled by feature flag' do get_routes.each do |route| - expect(get: route). - to route_to(controller: 'pages', action: 'page_not_found', path: route) + expect(get: route) + .to route_to(controller: 'pages', action: 'page_not_found', path: route) end put_routes.each do |route| - expect(put: route). - to route_to(controller: 'pages', action: 'page_not_found', path: route) + expect(put: route) + .to route_to(controller: 'pages', action: 'page_not_found', path: route) end end end diff --git a/spec/services/access_token_verifier_spec.rb b/spec/services/access_token_verifier_spec.rb index d264ff59412..003336f6b40 100644 --- a/spec/services/access_token_verifier_spec.rb +++ b/spec/services/access_token_verifier_spec.rb @@ -25,8 +25,8 @@ response, result_identity = result expect(response.success?).to eq(false) - expect(response.errors[:access_token]). - to include(t('openid_connect.user_info.errors.no_authorization')) + expect(response.errors[:access_token]) + .to include(t('openid_connect.user_info.errors.no_authorization')) expect(result_identity).to be_nil end end @@ -38,8 +38,8 @@ response, result_identity = result expect(response.success?).to eq(false) - expect(response.errors[:access_token]). - to include(t('openid_connect.user_info.errors.malformed_authorization')) + expect(response.errors[:access_token]) + .to include(t('openid_connect.user_info.errors.malformed_authorization')) expect(result_identity).to be_nil end end diff --git a/spec/services/account_creation/device_profiling_spec.rb b/spec/services/account_creation/device_profiling_spec.rb index 03f3c69bfec..bccaa768172 100644 --- a/spec/services/account_creation/device_profiling_spec.rb +++ b/spec/services/account_creation/device_profiling_spec.rb @@ -31,10 +31,10 @@ context 'ThreatMetrix is enabled' do before do - allow(IdentityConfig.store).to receive(:account_creation_device_profiling). - and_return(:collect_only) - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:account_creation_device_profiling) + .and_return(:collect_only) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) end context 'session id is missing' do diff --git a/spec/services/account_reset/grant_request_spec.rb b/spec/services/account_reset/grant_request_spec.rb index f87bd5803ea..3f96a4295eb 100644 --- a/spec/services/account_reset/grant_request_spec.rb +++ b/spec/services/account_reset/grant_request_spec.rb @@ -35,8 +35,8 @@ let(:user2) { create(:user, :fraud_rejection) } context 'with nil being set for fraud time' do before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(nil) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(nil) end it 'grants request for all users' do diff --git a/spec/services/account_reset/grant_requests_and_send_emails_spec.rb b/spec/services/account_reset/grant_requests_and_send_emails_spec.rb index 5311dc5e3c3..a2f19b6facd 100644 --- a/spec/services/account_reset/grant_requests_and_send_emails_spec.rb +++ b/spec/services/account_reset/grant_requests_and_send_emails_spec.rb @@ -57,8 +57,8 @@ let(:user) { create(:user, :fraud_review_pending) } let(:user2) { create(:user, :fraud_rejection) } before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(10) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(10) end it 'does not send notifications when the notifications were already sent' do before_waiting_the_full_fraud_wait_period(now) do @@ -154,8 +154,8 @@ context 'with fraud wait period not set' do before do - allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days). - and_return(nil) + allow(IdentityConfig.store).to receive(:account_reset_fraud_user_wait_period_days) + .and_return(nil) end it 'does not send notifications before a request wait period is done' do create_account_reset_request_for(user) diff --git a/spec/services/account_reset/pending_request_for_user_spec.rb b/spec/services/account_reset/pending_request_for_user_spec.rb index 764e23e13b9..ebe9080c8f9 100644 --- a/spec/services/account_reset/pending_request_for_user_spec.rb +++ b/spec/services/account_reset/pending_request_for_user_spec.rb @@ -116,10 +116,10 @@ phone_config1 = create(:phone_configuration, user: user) phone_config2 = create(:phone_configuration, user: user) - expect(Telephony).to receive(:send_account_reset_cancellation_notice). - with(to: phone_config1.phone, country_code: 'US') - expect(Telephony).to receive(:send_account_reset_cancellation_notice). - with(to: phone_config2.phone, country_code: 'US') + expect(Telephony).to receive(:send_account_reset_cancellation_notice) + .with(to: phone_config1.phone, country_code: 'US') + expect(Telephony).to receive(:send_account_reset_cancellation_notice) + .with(to: phone_config2.phone, country_code: 'US') subject.notify_user! end diff --git a/spec/services/agency_identity_linker_spec.rb b/spec/services/agency_identity_linker_spec.rb index 991a90291ea..7a087817cd2 100644 --- a/spec/services/agency_identity_linker_spec.rb +++ b/spec/services/agency_identity_linker_spec.rb @@ -20,10 +20,10 @@ user.destroy! expect(User.where(id: user.id).count).to eq(0) user2 = create(:user) - expect { create_service_provider_identity(user2, 'sp3', 'UUID1') }. - to raise_error ActiveRecord::RecordNotUnique - expect { create_service_provider_identity(user2, 'sp4', 'UUID2') }. - to raise_error ActiveRecord::RecordNotUnique + expect { create_service_provider_identity(user2, 'sp3', 'UUID1') } + .to raise_error ActiveRecord::RecordNotUnique + expect { create_service_provider_identity(user2, 'sp4', 'UUID2') } + .to raise_error ActiveRecord::RecordNotUnique end it 'does not allow agency_identity uuid to be reused after user deletes account' do @@ -37,10 +37,10 @@ expect(AgencyIdentity.where(user_id: user.id).count).to eq(0) expect(AgencyIdentity.where(uuid: 'UUID1').count).to eq(0) user2 = create(:user) - expect { create_service_provider_identity(user2, 'sp3', 'UUID1') }. - to raise_error ActiveRecord::RecordNotUnique - expect { create_service_provider_identity(user2, 'sp4', 'UUID2') }. - to raise_error ActiveRecord::RecordNotUnique + expect { create_service_provider_identity(user2, 'sp3', 'UUID1') } + .to raise_error ActiveRecord::RecordNotUnique + expect { create_service_provider_identity(user2, 'sp4', 'UUID2') } + .to raise_error ActiveRecord::RecordNotUnique end it 'links identity with 1 sp' do diff --git a/spec/services/agreements/integration_seeder_spec.rb b/spec/services/agreements/integration_seeder_spec.rb index bc0dd91e41c..6e939c09d92 100644 --- a/spec/services/agreements/integration_seeder_spec.rb +++ b/spec/services/agreements/integration_seeder_spec.rb @@ -13,9 +13,9 @@ integration = create(:integration, issuer: 'new_issuer', name: 'Old Name') expect { seeder.run }.to \ - change { integration.reload.name }. - from('Old Name'). - to('Test Agency App') + change { integration.reload.name } + .from('Old Name') + .to('Test Agency App') end end end diff --git a/spec/services/analytics_spec.rb b/spec/services/analytics_spec.rb index 05de32b266b..872ae64c5ee 100644 --- a/spec/services/analytics_spec.rb +++ b/spec/services/analytics_spec.rb @@ -97,8 +97,8 @@ end it 'includes the tracing header as trace_id' do - expect(ahoy).to receive(:track). - with('Trackable Event', hash_including(trace_id: amazon_trace_id)) + expect(ahoy).to receive(:track) + .with('Trackable Event', hash_including(trace_id: amazon_trace_id)) analytics.track_event('Trackable Event') end @@ -246,8 +246,8 @@ end it 'includes the sp_request' do - expect(ahoy).to receive(:track). - with('Trackable Event', hash_including(expected_attributes)) + expect(ahoy).to receive(:track) + .with('Trackable Event', hash_including(expected_attributes)) analytics.track_event('Trackable Event') end @@ -274,8 +274,8 @@ end it 'includes the sp_request' do - expect(ahoy).to receive(:track). - with('Trackable Event', hash_including(expected_attributes)) + expect(ahoy).to receive(:track) + .with('Trackable Event', hash_including(expected_attributes)) analytics.track_event('Trackable Event') end @@ -311,8 +311,8 @@ end it 'then includes :sp_request in the event' do - expect(ahoy).to receive(:track). - with('Trackable Event', hash_including(expected_attributes)) + expect(ahoy).to receive(:track) + .with('Trackable Event', hash_including(expected_attributes)) analytics.track_event('Trackable Event') end diff --git a/spec/services/attribute_asserter_spec.rb b/spec/services/attribute_asserter_spec.rb index 9f3595897f6..13a0934adbb 100644 --- a/spec/services/attribute_asserter_spec.rb +++ b/spec/services/attribute_asserter_spec.rb @@ -79,8 +79,8 @@ [ Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF, Saml::Idp::Constants::IAL_VERIFIED_ACR, - ]. - each do |ial_value| + ] + .each do |ial_value| let(:authn_context) do [ ial_value, @@ -92,8 +92,8 @@ let(:attribute_bundle) { %w[email phone first_name] } it 'includes all requested attributes + uuid' do - expect(user.asserted_attributes.keys). - to eq(%i[uuid email phone first_name verified_at aal ial]) + expect(user.asserted_attributes.keys) + .to eq(%i[uuid email phone first_name verified_at aal ial]) end it 'creates getter function' do @@ -117,8 +117,8 @@ end it 'includes all requested attributes + uuid' do - expect(user.asserted_attributes.keys). - to eq(%i[uuid email phone first_name verified_at aal ial]) + expect(user.asserted_attributes.keys) + .to eq(%i[uuid email phone first_name verified_at aal ial]) end end end @@ -143,8 +143,8 @@ let(:attribute_bundle) { %w[email phone first_name ascii] } it 'skips ascii as an attribute' do - expect(user.asserted_attributes.keys). - to eq(%i[uuid email phone first_name verified_at aal ial]) + expect(user.asserted_attributes.keys) + .to eq(%i[uuid email phone first_name verified_at aal ial]) end it 'transliterates attributes to ASCII' do @@ -171,8 +171,8 @@ # rubocop:enable Layout/LineLength it 'uses authn request bundle' do - expect(user.asserted_attributes.keys). - to eq(%i[uuid email first_name last_name ssn phone verified_at aal ial]) + expect(user.asserted_attributes.keys) + .to eq(%i[uuid email first_name last_name ssn phone verified_at aal ial]) end end end @@ -679,8 +679,8 @@ end it 'defers to user alternate email' do - expect(get_asserted_attribute(user, :email)). - to eq 'email@example.com' + expect(get_asserted_attribute(user, :email)) + .to eq 'email@example.com' end end @@ -707,8 +707,8 @@ end it 'defers to user alternate email' do - expect(get_asserted_attribute(user, :email)). - to eq user.email_addresses.last.email + expect(get_asserted_attribute(user, :email)) + .to eq user.email_addresses.last.email end end @@ -747,8 +747,8 @@ end it 'defers to user alternate email' do - expect(get_asserted_attribute(user, :email)). - to eq 'email@example.com' + expect(get_asserted_attribute(user, :email)) + .to eq 'email@example.com' end end @@ -775,8 +775,8 @@ end it 'defers to user alternate email' do - expect(get_asserted_attribute(user, :email)). - to eq user.email_addresses.last.email + expect(get_asserted_attribute(user, :email)) + .to eq user.email_addresses.last.email end end end diff --git a/spec/services/auth_methods_session_spec.rb b/spec/services/auth_methods_session_spec.rb index eca84837bcf..a9532a9fe20 100644 --- a/spec/services/auth_methods_session_spec.rb +++ b/spec/services/auth_methods_session_spec.rb @@ -14,9 +14,9 @@ context 'no auth events' do it 'modifies auth events to include the new event' do - expect { result }.to change { auth_methods_session.auth_events }. - from([]). - to([{ auth_method:, at: Time.zone.now }]) + expect { result }.to change { auth_methods_session.auth_events } + .from([]) + .to([{ auth_method:, at: Time.zone.now }]) end it 'returns the new array of auth events' do @@ -29,9 +29,9 @@ let(:user_session) { { auth_events: [first_auth_event] } } it 'appends the new event to the existing set' do - expect { result }.to change { auth_methods_session.auth_events }. - from([first_auth_event]). - to([first_auth_event, { auth_method:, at: Time.zone.now }]) + expect { result }.to change { auth_methods_session.auth_events } + .from([first_auth_event]) + .to([first_auth_event, { auth_method:, at: Time.zone.now }]) end it 'returns the new array of auth events' do @@ -49,9 +49,9 @@ let(:user_session) { { auth_events: [first_auth_event, second_auth_event] } } it 'ejects the oldest' do - expect { result }.to change { auth_methods_session.auth_events }. - from([first_auth_event, second_auth_event]). - to([second_auth_event, { auth_method:, at: Time.zone.now }]) + expect { result }.to change { auth_methods_session.auth_events } + .from([first_auth_event, second_auth_event]) + .to([second_auth_event, { auth_method:, at: Time.zone.now }]) end end end diff --git a/spec/services/authn_context_resolver_spec.rb b/spec/services/authn_context_resolver_spec.rb index 2f2b34b9572..8d29ecd95cd 100644 --- a/spec/services/authn_context_resolver_spec.rb +++ b/spec/services/authn_context_resolver_spec.rb @@ -629,8 +629,8 @@ let(:user) { build(:user, :fully_registered) } it "asserts #{Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF}" do - expect(subject.asserted_ial_acr). - to eq(Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF) + expect(subject.asserted_ial_acr) + .to eq(Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF) expect(result.identity_proofing?).to be true expect(result.aal2?).to be true end @@ -640,8 +640,8 @@ let(:user) { build(:user, :proofed) } it "asserts #{Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF}" do - expect(subject.asserted_ial_acr). - to eq(Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF) + expect(subject.asserted_ial_acr) + .to eq(Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF) end end end @@ -659,16 +659,16 @@ end before do - allow_any_instance_of(ServiceProvider). - to receive(:facial_match_ial_allowed?). - and_return(true) + allow_any_instance_of(ServiceProvider) + .to receive(:facial_match_ial_allowed?) + .and_return(true) end context 'with facial match comparison is required' do context 'when user is not verified' do it "asserts the resolved IAL as #{Saml::Idp::Constants::IAL_AUTH_ONLY_ACR}" do - expect(subject.asserted_ial_acr). - to eq(Saml::Idp::Constants::IAL_AUTH_ONLY_ACR) + expect(subject.asserted_ial_acr) + .to eq(Saml::Idp::Constants::IAL_AUTH_ONLY_ACR) end it 'sets facial_match to true' do diff --git a/spec/services/backup_code_generator_spec.rb b/spec/services/backup_code_generator_spec.rb index 24e6ac14dc2..8bbbbbe6334 100644 --- a/spec/services/backup_code_generator_spec.rb +++ b/spec/services/backup_code_generator_spec.rb @@ -9,15 +9,15 @@ subject(:codes) { generator.delete_and_regenerate } it 'generates backup codes' do - expect { codes }. - to change { user.reload.backup_code_configurations.count }. - from(0). - to(BackupCodeGenerator::NUMBER_OF_CODES) + expect { codes } + .to change { user.reload.backup_code_configurations.count } + .from(0) + .to(BackupCodeGenerator::NUMBER_OF_CODES) end it 'returns valid 12-character codes via base32 crockford' do - expect(Base32::Crockford).to receive(:encode). - and_call_original.at_least(BackupCodeGenerator::NUMBER_OF_CODES).times + expect(Base32::Crockford).to receive(:encode) + .and_call_original.at_least(BackupCodeGenerator::NUMBER_OF_CODES).times expect(codes).to be_present codes.each do |code| @@ -60,8 +60,8 @@ profane = Base32::Crockford.decode('FART') not_profane = Base32::Crockford.decode('ABCD') - expect(SecureRandom).to receive(:random_number). - and_return(profane, not_profane) + expect(SecureRandom).to receive(:random_number) + .and_return(profane, not_profane) code = generator.send(:backup_code) diff --git a/spec/services/browser_support_spec.rb b/spec/services/browser_support_spec.rb index 5fb5f0bf541..20757db7be4 100644 --- a/spec/services/browser_support_spec.rb +++ b/spec/services/browser_support_spec.rb @@ -14,8 +14,8 @@ context 'with browser support config file missing' do before do - expect(File).to receive(:read).once.with(Rails.root.join('browsers.json')). - and_raise(Errno::ENOENT.new) + expect(File).to receive(:read).once.with(Rails.root.join('browsers.json')) + .and_raise(Errno::ENOENT.new) end it { expect(supported).to eq(true) } @@ -28,8 +28,8 @@ context 'with invalid support config' do before do - expect(File).to receive(:read).once.with(Rails.root.join('browsers.json')). - and_return('invalid') + expect(File).to receive(:read).once.with(Rails.root.join('browsers.json')) + .and_return('invalid') end it { expect(supported).to eq(true) } diff --git a/spec/services/database_health_checker_spec.rb b/spec/services/database_health_checker_spec.rb index c10fe76fdaf..ffcd239573a 100644 --- a/spec/services/database_health_checker_spec.rb +++ b/spec/services/database_health_checker_spec.rb @@ -13,8 +13,8 @@ context 'when the database is unhealthy' do before do - expect(DatabaseHealthChecker).to receive(:simple_query). - and_raise(RuntimeError.new('canceling statement due to statement timeout')) + expect(DatabaseHealthChecker).to receive(:simple_query) + .and_raise(RuntimeError.new('canceling statement due to statement timeout')) end it 'returns an unhealthy check' do diff --git a/spec/services/doc_auth/error_generator_spec.rb b/spec/services/doc_auth/error_generator_spec.rb index 96b3a344bfa..6133c9b7730 100644 --- a/spec/services/doc_auth/error_generator_spec.rb +++ b/spec/services/doc_auth/error_generator_spec.rb @@ -107,8 +107,8 @@ def build_error_info( failed: [{ name: 'Unknown Alert', result: 'Attention' }], ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).twice + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).twice output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -243,8 +243,8 @@ def build_error_info( failed: [{ name: 'Not a known alert', result: 'Failed' }], ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).twice + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).twice output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -264,8 +264,8 @@ def build_error_info( ], ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message, :unknown_alerts)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message, :unknown_alerts)).once output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -283,8 +283,8 @@ def build_error_info( failed: [{ name: 'Birth Date Crosscheck', result: 'Failed' }], ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message, :unknown_alerts)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message, :unknown_alerts)).once output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -304,8 +304,8 @@ def build_error_info( Front: passport_classification_details }, ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message, :unknown_alerts)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message, :unknown_alerts)).once output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -326,8 +326,8 @@ def build_error_info( FaceMatchResult: 'Fail', FaceErrorMessage: 'Successful. Liveness: Live', } - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).twice + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).twice output = described_class.new(config).generate_doc_auth_errors(error_info) expect(output.keys).to contain_exactly(:general, :front, :back, :hints) expect(output[:general]).to contain_exactly(DocAuth::Errors::GENERAL_ERROR) @@ -364,8 +364,8 @@ def build_error_info( Front: passport_classification_details }, ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message, :unknown_alerts)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message, :unknown_alerts)).once output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -384,8 +384,8 @@ def build_error_info( Front: vhic_classification_details }, ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message, :unknown_alerts)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message, :unknown_alerts)).once output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -405,8 +405,8 @@ def build_error_info( classification_info: { Front: unknown_classification_details }, ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).twice + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).twice output = described_class.new(config).generate_doc_auth_errors(error_info) @@ -422,8 +422,8 @@ def build_error_info( doc_result: 'Passed', failed: [{ name: 'Not a known alert', result: 'Failed' }], ) - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).twice + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).twice # this is a fall back result, we cannot generate error but the generator is called # which should not happen @@ -527,8 +527,8 @@ def build_error_info( FaceMatchResult: 'Fail', FaceErrorMessage: 'Successful. Liveness: Live', } - expect(warn_notifier).to receive(:call). - with(hash_including(:response_info, :message)).once + expect(warn_notifier).to receive(:call) + .with(hash_including(:response_info, :message)).once output = described_class.new(config).generate_doc_auth_errors(error_info) expect(output.keys).to contain_exactly(:general, :front, :back, :hints, :selfie) expect(output[:general]).to contain_exactly(DocAuth::Errors::SELFIE_FAILURE) diff --git a/spec/services/doc_auth/lexis_nexis/lexis_nexis_client_spec.rb b/spec/services/doc_auth/lexis_nexis/lexis_nexis_client_spec.rb index e12ad421aaf..bffcfe8046c 100644 --- a/spec/services/doc_auth/lexis_nexis/lexis_nexis_client_spec.rb +++ b/spec/services/doc_auth/lexis_nexis/lexis_nexis_client_spec.rb @@ -170,8 +170,8 @@ let(:status_code) { 1002 } let(:status_message) { 'The request sent by the client was syntactically incorrect.' } it 'return failed response with correct statuses' do - stub_request(:post, image_upload_url). - to_return( + stub_request(:post, image_upload_url) + .to_return( body: { status: { code: status_code, @@ -206,8 +206,8 @@ context 'when json is not returned in the body' do it 'return failed response with correct statuses' do - stub_request(:post, image_upload_url). - to_return( + stub_request(:post, image_upload_url) + .to_return( body: 'not json', status: 401, ) diff --git a/spec/services/doc_auth/lexis_nexis/responses/true_id_response_spec.rb b/spec/services/doc_auth/lexis_nexis/responses/true_id_response_spec.rb index 2d3584ce73d..16cf8f0af3a 100644 --- a/spec/services/doc_auth/lexis_nexis/responses/true_id_response_spec.rb +++ b/spec/services/doc_auth/lexis_nexis/responses/true_id_response_spec.rb @@ -235,11 +235,11 @@ context 'when identification card issued by a country' do let(:success_response) do body = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - doc_class_node = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_class_node = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_class_node.first['Values'].first['Value'] = 'Identification Card' - doc_issuer_type = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_issuer_type = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_issuer_type.first['Values'].first['Value'] = 'Country' end.to_json instance_double(Faraday::Response, status: 200, body: body) @@ -254,8 +254,8 @@ let(:success_response_body) { LexisNexisFixtures.true_id_response_success } it 'reads the additional PII attributes' do - allow(IdentityConfig.store).to receive(:doc_auth_read_additional_pii_attributes_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:doc_auth_read_additional_pii_attributes_enabled) + .and_return(true) pii_from_doc = response.pii_from_doc @@ -270,8 +270,8 @@ context 'when there is no address line 2' do let(:success_response_no_line2) do body_no_line2 = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - json['Products'].first['ParameterDetails'] = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] != 'Fields_AddressLine2' } + json['Products'].first['ParameterDetails'] = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] != 'Fields_AddressLine2' } end.to_json instance_double(Faraday::Response, status: 200, body: body_no_line2) end @@ -410,8 +410,8 @@ def get_decision_product(resp) failure_response_no_liveness, config, liveness_checking_enabled ).to_h - expect(output.to_h[:log_alert_results]). - to match(a_hash_including(visible_pattern: { no_side: 'Failed' })) + expect(output.to_h[:log_alert_results]) + .to match(a_hash_including(visible_pattern: { no_side: 'Failed' })) end it 'returns Failed for liveness failure' do @@ -638,9 +638,9 @@ def get_decision_product(resp) let(:success_response_body) do body = JSON.parse(super(), symbolize_names: true) - parameter = body[:Products]. - first[:ParameterDetails]. - find { |h| h[:Name] == 'DocAuthResult' } + parameter = body[:Products] + .first[:ParameterDetails] + .find { |h| h[:Name] == 'DocAuthResult' } parameter[:Values] = [{ Value: doc_auth_result }] @@ -672,8 +672,8 @@ def get_decision_product(resp) let(:doc_class_name) { 'Drivers License' } let(:success_response) do response = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - doc_class_node = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocClassName' } + doc_class_node = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocClassName' } doc_class_node.first['Values'].first['Value'] = doc_class_name end.to_json instance_double(Faraday::Response, status: 200, body: response) @@ -701,8 +701,8 @@ def get_decision_product(resp) context 'when country code is not supported' do let(:success_response) do body = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - doc_country_node = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'Fields_CountryCode' && f['Group'] == 'IDAUTH_FIELD_DATA' } + doc_country_node = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'Fields_CountryCode' && f['Group'] == 'IDAUTH_FIELD_DATA' } doc_country_node.first['Values'].first['Value'] = 'CAN' end.to_json instance_double(Faraday::Response, status: 200, body: body) @@ -715,11 +715,11 @@ def get_decision_product(resp) context 'when id is federal identification card' do let(:success_response) do body = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - doc_class_node = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_class_node = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_class_node.first['Values'].first['Value'] = 'Identification Card' - doc_issuer_type = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_issuer_type = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_issuer_type.first['Values'].first['Value'] = 'Country' end.to_json instance_double(Faraday::Response, status: 200, body: body) @@ -732,15 +732,15 @@ def get_decision_product(resp) context 'when id is federal ID and image dpi is low' do let(:error_response) do body = JSON.parse(LexisNexisFixtures.true_id_response_success_3).tap do |json| - doc_class_node = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_class_node = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocClassName' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_class_node.first['Values'].first['Value'] = 'Identification Card' - doc_issuer_type = json['Products'].first['ParameterDetails']. - select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } + doc_issuer_type = json['Products'].first['ParameterDetails'] + .select { |f| f['Name'] == 'DocIssuerType' && f['Group'] == 'AUTHENTICATION_RESULT' } doc_issuer_type.first['Values'].first['Value'] = 'Country' - image_metric_resolution = json['Products'].first['ParameterDetails']. - select do |f| + image_metric_resolution = json['Products'].first['ParameterDetails'] + .select do |f| f['Group'] == 'IMAGE_METRICS_RESULT' && f['Name'] == 'HorizontalResolution' end diff --git a/spec/services/doc_auth/mock/result_response_spec.rb b/spec/services/doc_auth/mock/result_response_spec.rb index f79c503e1fb..2abe9c95262 100644 --- a/spec/services/doc_auth/mock/result_response_spec.rb +++ b/spec/services/doc_auth/mock/result_response_spec.rb @@ -20,8 +20,8 @@ expect(response.success?).to eq(true) expect(response.errors).to eq({}) expect(response.exception).to eq(nil) - expect(response.pii_from_doc.to_h). - to eq(Idp::Constants::MOCK_IDV_APPLICANT) + expect(response.pii_from_doc.to_h) + .to eq(Idp::Constants::MOCK_IDV_APPLICANT) expect(response.attention_with_barcode?).to eq(false) expect(response.selfie_status).to eq(:success) end @@ -210,8 +210,8 @@ expect(response.success?).to eq(true) expect(response.errors).to eq({}) expect(response.exception).to eq(nil) - expect(response.pii_from_doc.to_h). - to eq(Idp::Constants::MOCK_IDV_APPLICANT) + expect(response.pii_from_doc.to_h) + .to eq(Idp::Constants::MOCK_IDV_APPLICANT) expect(response.attention_with_barcode?).to eq(false) end end diff --git a/spec/services/doc_auth/socure/request_spec.rb b/spec/services/doc_auth/socure/request_spec.rb index bab8c1901f9..29423171da3 100644 --- a/spec/services/doc_auth/socure/request_spec.rb +++ b/spec/services/doc_auth/socure/request_spec.rb @@ -14,8 +14,8 @@ let(:fake_metric_name) { 'fake metric' } before do - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) allow(request).to receive(:endpoint).and_return(fake_socure_endpoint) allow(request).to receive(:metric_name).and_return(fake_metric_name) diff --git a/spec/services/doc_auth/socure/requests/document_request_spec.rb b/spec/services/doc_auth/socure/requests/document_request_spec.rb index 8eeafaced02..fb1c06197e3 100644 --- a/spec/services/doc_auth/socure/requests/document_request_spec.rb +++ b/spec/services/doc_auth/socure/requests/document_request_spec.rb @@ -47,10 +47,10 @@ let(:fake_socure_status) { 200 } before do - allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). - and_return(fake_socure_endpoint) - stub_request(:post, fake_socure_endpoint). - to_return( + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint) + .and_return(fake_socure_endpoint) + stub_request(:post, fake_socure_endpoint) + .to_return( status: fake_socure_status, body: JSON.generate(fake_socure_response), ) @@ -59,8 +59,8 @@ it 'fetches from the correct url' do document_request.fetch - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with(body: JSON.generate(expected_request_body)) + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with(body: JSON.generate(expected_request_body)) end it 'passes the response through' do @@ -75,8 +75,8 @@ it 'includes the correct language in the request_body' do document_request.fetch - expect(WebMock).to have_requested(:post, fake_socure_endpoint). - with(body: JSON.generate(expected_request_body)) + expect(WebMock).to have_requested(:post, fake_socure_endpoint) + .with(body: JSON.generate(expected_request_body)) end end diff --git a/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb b/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb index ae7a67a63c7..dc9e19cc6cc 100644 --- a/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb +++ b/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb @@ -24,8 +24,8 @@ end before do - allow(IdentityConfig.store).to receive(:socure_idplus_base_url). - and_return(fake_socure_endpoint) + allow(IdentityConfig.store).to receive(:socure_idplus_base_url) + .and_return(fake_socure_endpoint) allow(DocumentCaptureSession).to receive(:find_by).and_return(document_capture_session) end @@ -43,8 +43,8 @@ end it 'expect correct doc auth response for a socure fail response' do - stub_request(:post, fake_socure_api_endpoint). - to_return( + stub_request(:post, fake_socure_api_endpoint) + .to_return( status: fake_socure_status, body: JSON.generate(fake_socure_response), ) diff --git a/spec/services/encrypted_attribute_spec.rb b/spec/services/encrypted_attribute_spec.rb index 0685d6e8cd5..a52b2ac26cb 100644 --- a/spec/services/encrypted_attribute_spec.rb +++ b/spec/services/encrypted_attribute_spec.rb @@ -28,8 +28,8 @@ encrypted_with_old_key = encrypted_email rotate_attribute_encryption_key_with_invalid_queue - expect { EncryptedAttribute.new(encrypted_with_old_key) }. - to raise_error Encryption::EncryptionError, 'unable to decrypt attribute with any key' + expect { EncryptedAttribute.new(encrypted_with_old_key) } + .to raise_error Encryption::EncryptionError, 'unable to decrypt attribute with any key' end end diff --git a/spec/services/encrypted_redis_struct_storage_spec.rb b/spec/services/encrypted_redis_struct_storage_spec.rb index 6f3d2d091e0..0841541d3b5 100644 --- a/spec/services/encrypted_redis_struct_storage_spec.rb +++ b/spec/services/encrypted_redis_struct_storage_spec.rb @@ -109,8 +109,8 @@ def self.redis_key_prefix let(:id) { '' } it 'errors' do - expect { EncryptedRedisStructStorage.store(struct_class.new) }. - to raise_error(ArgumentError, 'id cannot be empty') + expect { EncryptedRedisStructStorage.store(struct_class.new) } + .to raise_error(ArgumentError, 'id cannot be empty') end end diff --git a/spec/services/encryption/contextless_kms_client_spec.rb b/spec/services/encryption/contextless_kms_client_spec.rb index 1cc5858418b..1fe0da64319 100644 --- a/spec/services/encryption/contextless_kms_client_spec.rb +++ b/spec/services/encryption/contextless_kms_client_spec.rb @@ -21,12 +21,12 @@ allow(IdentityConfig.store).to receive(:password_pepper).and_return(password_pepper) encryptor = Encryption::Encryptors::AesEncryptor.new - allow(encryptor).to receive(:encrypt). - with(local_plaintext, password_pepper). - and_return(local_ciphertext) - allow(encryptor).to receive(:decrypt). - with(local_ciphertext, password_pepper). - and_return(local_plaintext) + allow(encryptor).to receive(:encrypt) + .with(local_plaintext, password_pepper) + .and_return(local_ciphertext) + allow(encryptor).to receive(:decrypt) + .with(local_ciphertext, password_pepper) + .and_return(local_plaintext) allow(Encryption::Encryptors::AesEncryptor).to receive(:new).and_return(encryptor) stub_aws_kms_client(kms_plaintext, kms_ciphertext) @@ -101,12 +101,12 @@ allow(IdentityConfig.store).to receive(:password_pepper).and_return(password_pepper) encryptor = Encryption::Encryptors::AesEncryptor.new - allow(encryptor).to receive(:encrypt). - with(local_plaintext, password_pepper). - and_return(local_ciphertext) - allow(encryptor).to receive(:decrypt). - with(local_ciphertext, password_pepper). - and_return(local_plaintext) + allow(encryptor).to receive(:encrypt) + .with(local_plaintext, password_pepper) + .and_return(local_ciphertext) + allow(encryptor).to receive(:decrypt) + .with(local_ciphertext, password_pepper) + .and_return(local_plaintext) allow(Encryption::Encryptors::AesEncryptor).to receive(:new).and_return(encryptor) stub_mapped_aws_kms_client( diff --git a/spec/services/encryption/encryptors/background_proofing_arg_encryptor_spec.rb b/spec/services/encryption/encryptors/background_proofing_arg_encryptor_spec.rb index 12cb4f27bc0..556ea6e9e7d 100644 --- a/spec/services/encryption/encryptors/background_proofing_arg_encryptor_spec.rb +++ b/spec/services/encryption/encryptors/background_proofing_arg_encryptor_spec.rb @@ -7,12 +7,12 @@ it 'returns a KMS wrapped AES encrypted ciphertext' do aes_encryptor = instance_double(Encryption::Encryptors::AesEncryptor) kms_client = instance_double(Encryption::KmsClient) - allow(aes_encryptor).to receive(:encrypt). - with(plaintext, IdentityConfig.store.session_encryption_key[0...32]). - and_return('aes output') - allow(kms_client).to receive(:encrypt). - with('aes output', 'context' => 'session-encryption'). - and_return('kms output') + allow(aes_encryptor).to receive(:encrypt) + .with(plaintext, IdentityConfig.store.session_encryption_key[0...32]) + .and_return('aes output') + allow(kms_client).to receive(:encrypt) + .with('aes output', 'context' => 'session-encryption') + .and_return('kms output') allow(Encryption::Encryptors::AesEncryptor).to receive(:new).and_return(aes_encryptor) allow(Encryption::KmsClient).to receive(:new).with( kms_key_id: IdentityConfig.store.aws_kms_session_key_id, diff --git a/spec/services/encryption/encryptors/pii_encryptor_spec.rb b/spec/services/encryption/encryptors/pii_encryptor_spec.rb index 164ad30f92a..6d9f6b3a0ef 100644 --- a/spec/services/encryption/encryptors/pii_encryptor_spec.rb +++ b/spec/services/encryption/encryptors/pii_encryptor_spec.rb @@ -39,9 +39,9 @@ expect(SCrypt::Password).to receive(:new).and_return(scrypt_password) cipher = subject.send(:aes_cipher) - expect(cipher).to receive(:encrypt). - with(plaintext, decoded_scrypt_digest). - and_return('aes_ciphertext') + expect(cipher).to receive(:encrypt) + .with(plaintext, decoded_scrypt_digest) + .and_return('aes_ciphertext') single_region_kms_client = subject.send(:single_region_kms_client) multi_region_kms_client = subject.send(:multi_region_kms_client) @@ -53,12 +53,12 @@ IdentityConfig.store.aws_kms_multi_region_key_id, ) - expect(single_region_kms_client).to receive(:encrypt). - with('aes_ciphertext', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }). - and_return('single_region_kms_ciphertext') - expect(multi_region_kms_client).to receive(:encrypt). - with('aes_ciphertext', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }). - and_return('multi_region_kms_ciphertext') + expect(single_region_kms_client).to receive(:encrypt) + .with('aes_ciphertext', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }) + .and_return('single_region_kms_ciphertext') + expect(multi_region_kms_client).to receive(:encrypt) + .with('aes_ciphertext', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }) + .and_return('multi_region_kms_ciphertext') ciphertext_single_region, ciphertext_multi_region = subject.encrypt( plaintext, user_uuid: 'uuid-123-abc' @@ -94,8 +94,8 @@ ciphertext_pair = subject.encrypt(plaintext, user_uuid: 'uuid-123-abc') new_encryptor = described_class.new('This is not the passowrd') - expect { new_encryptor.decrypt(ciphertext_pair, user_uuid: 'uuid-123-abc') }. - to raise_error Encryption::EncryptionError + expect { new_encryptor.decrypt(ciphertext_pair, user_uuid: 'uuid-123-abc') } + .to raise_error Encryption::EncryptionError end it 'uses layered AES and KMS to decrypt the contents' do @@ -109,14 +109,14 @@ expect(SCrypt::Password).to receive(:new).and_return(scrypt_password) kms_client = subject.send(:multi_region_kms_client) - expect(kms_client).to receive(:decrypt). - with('kms_ciphertext_mr', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }). - and_return('aes_ciphertext') + expect(kms_client).to receive(:decrypt) + .with('kms_ciphertext_mr', { 'context' => 'pii-encryption', 'user_uuid' => 'uuid-123-abc' }) + .and_return('aes_ciphertext') cipher = subject.send(:aes_cipher) - expect(cipher).to receive(:decrypt). - with('aes_ciphertext', decoded_scrypt_digest). - and_return(plaintext) + expect(cipher).to receive(:decrypt) + .with('aes_ciphertext', decoded_scrypt_digest) + .and_return(plaintext) ciphertext_pair = Encryption::RegionalCiphertextPair.new( single_region_ciphertext: { diff --git a/spec/services/encryption/kms_client_spec.rb b/spec/services/encryption/kms_client_spec.rb index 4c31b398eee..59f70b19c51 100644 --- a/spec/services/encryption/kms_client_spec.rb +++ b/spec/services/encryption/kms_client_spec.rb @@ -23,12 +23,12 @@ 'b' * 3000 => 'local2', 'c' * 3000 => 'local3', }.each do |plaintext, ciphertext| - allow(encryptor).to receive(:encrypt). - with(plaintext, local_encryption_key). - and_return(ciphertext) - allow(encryptor).to receive(:decrypt). - with(ciphertext, local_encryption_key). - and_return(plaintext) + allow(encryptor).to receive(:encrypt) + .with(plaintext, local_encryption_key) + .and_return(ciphertext) + allow(encryptor).to receive(:decrypt) + .with(ciphertext, local_encryption_key) + .and_return(plaintext) end allow(Encryption::Encryptors::AesEncryptor).to receive(:new).and_return(encryptor) allow(FeatureManagement).to receive(:use_kms?).and_return(kms_enabled) @@ -140,12 +140,12 @@ context 'with a contextless ciphertext' do before do contextless_client = Encryption::ContextlessKmsClient.new - allow(contextless_client).to receive(:decrypt). - with('KMSx123abc', log_context: encryption_context). - and_return('plaintext') - allow(contextless_client).to receive(:decrypt). - with('123abc', log_context: encryption_context). - and_return('plaintext') + allow(contextless_client).to receive(:decrypt) + .with('KMSx123abc', log_context: encryption_context) + .and_return('plaintext') + allow(contextless_client).to receive(:decrypt) + .with('123abc', log_context: encryption_context) + .and_return('plaintext') allow(Encryption::ContextlessKmsClient).to receive(:new).and_return(contextless_client) end diff --git a/spec/services/encryption/password_verifier_spec.rb b/spec/services/encryption/password_verifier_spec.rb index 1aeec5c8813..31bc2bf1162 100644 --- a/spec/services/encryption/password_verifier_spec.rb +++ b/spec/services/encryption/password_verifier_spec.rb @@ -35,9 +35,9 @@ scrypt_password = double(SCrypt::Password, digest: 'scrypted_password') encoded_scrypt_password = Base64.strict_encode64('scrypted_password') - expect(SCrypt::Engine).to receive(:hash_secret). - with(password, scrypt_salt, 32). - and_return('scrypted') + expect(SCrypt::Engine).to receive(:hash_secret) + .with(password, scrypt_salt, 32) + .and_return('scrypted') expect(SCrypt::Password).to receive(:new).with('scrypted').and_return(scrypt_password) single_region_kms_client = subject.send(:single_region_kms_client) diff --git a/spec/services/forget_all_browsers_spec.rb b/spec/services/forget_all_browsers_spec.rb index b37827e19ce..4dedb5a19de 100644 --- a/spec/services/forget_all_browsers_spec.rb +++ b/spec/services/forget_all_browsers_spec.rb @@ -11,9 +11,9 @@ describe '#call' do it 'updates the remember_device_revoked_at' do - expect { service.call }.to change { user.remember_device_revoked_at.to_i }. - from(original_revoked_at.to_i). - to(now.to_i) + expect { service.call }.to change { user.remember_device_revoked_at.to_i } + .from(original_revoked_at.to_i) + .to(now.to_i) end end end diff --git a/spec/services/frontend_error_logger_spec.rb b/spec/services/frontend_error_logger_spec.rb index 2e23ba28f1d..98ad16ffc4b 100644 --- a/spec/services/frontend_error_logger_spec.rb +++ b/spec/services/frontend_error_logger_spec.rb @@ -4,8 +4,8 @@ let(:valid) { true } before do - allow_any_instance_of(FrontendErrorForm).to receive(:submit). - and_return(FormResponse.new(success: valid)) + allow_any_instance_of(FrontendErrorForm).to receive(:submit) + .and_return(FormResponse.new(success: valid)) end describe '.track_event' do diff --git a/spec/services/funnel/registration/add_mfa_spec.rb b/spec/services/funnel/registration/add_mfa_spec.rb index d6f21fc19ed..c19760414f8 100644 --- a/spec/services/funnel/registration/add_mfa_spec.rb +++ b/spec/services/funnel/registration/add_mfa_spec.rb @@ -29,9 +29,9 @@ context 'with threat metrix for account creation enabled' do before do - allow(FeatureManagement). - to receive(:account_creation_device_profiling_collecting_enabled?). - and_return(:collect_only) + allow(FeatureManagement) + .to receive(:account_creation_device_profiling_collecting_enabled?) + .and_return(:collect_only) end it 'triggers threatmetrix job call' do expect(AccountCreationThreatMetrixJob).to receive(:perform_later) diff --git a/spec/services/gpo_confirmation_maker_spec.rb b/spec/services/gpo_confirmation_maker_spec.rb index 5e4c8d0e79d..1c3027ce847 100644 --- a/spec/services/gpo_confirmation_maker_spec.rb +++ b/spec/services/gpo_confirmation_maker_spec.rb @@ -67,8 +67,8 @@ profane = Base32::Crockford.decode('FART') not_profane = Base32::Crockford.decode('ABCD') - expect(SecureRandom).to receive(:random_number). - and_return(profane, not_profane) + expect(SecureRandom).to receive(:random_number) + .and_return(profane, not_profane) expect(subject.otp).to eq('000000ABCD') end diff --git a/spec/services/gpo_confirmation_spec.rb b/spec/services/gpo_confirmation_spec.rb index 9b5f67e1fc7..fd644bd245b 100644 --- a/spec/services/gpo_confirmation_spec.rb +++ b/spec/services/gpo_confirmation_spec.rb @@ -64,8 +64,8 @@ valid_attributes.dup.tap { |a| a[:zipcode] = '00001' } end before do - allow(IdentityConfig.store).to receive(:invalid_gpo_confirmation_zipcode). - and_return(invalid_gpo_confirmation_zipcode) + allow(IdentityConfig.store).to receive(:invalid_gpo_confirmation_zipcode) + .and_return(invalid_gpo_confirmation_zipcode) end it 'does not validate' do diff --git a/spec/services/gpo_confirmation_uploader_spec.rb b/spec/services/gpo_confirmation_uploader_spec.rb index 88dc591c5a1..9ed9768892b 100644 --- a/spec/services/gpo_confirmation_uploader_spec.rb +++ b/spec/services/gpo_confirmation_uploader_spec.rb @@ -85,13 +85,13 @@ end it 'raises after 5 unsuccessful retries' do - expect(Net::SFTP).to receive(:start). - exactly(5).times. - with(*sftp_options). - and_yield(sftp_connection) - expect(sftp_connection).to receive(:upload!). - exactly(5).times. - and_raise(Net::SSH::ConnectionTimeout) + expect(Net::SFTP).to receive(:start) + .exactly(5).times + .with(*sftp_options) + .and_yield(sftp_connection) + expect(sftp_connection).to receive(:upload!) + .exactly(5).times + .and_raise(Net::SSH::ConnectionTimeout) expect { subject }.to raise_error(Net::SSH::ConnectionTimeout) end @@ -125,8 +125,8 @@ context 'when there is an error' do it 'notifies NewRelic and does not clear confirmations if SFTP fails' do expect(uploader).to receive(:generate_export).with(confirmations).and_return(export) - expect(uploader).to receive(:upload_export).with(export). - and_raise(StandardError, 'test error') + expect(uploader).to receive(:upload_export).with(export) + .and_raise(StandardError, 'test error') expect(uploader).not_to receive(:clear_confirmations) expect(NewRelic::Agent).to receive(:notice_error) @@ -183,8 +183,8 @@ end it 'tells New Relic that there are invalid records' do - expect(NewRelic::Agent).to receive(:notice_error). - with(GpoConfirmationUploader::InvalidGpoConfirmationsPresent) + expect(NewRelic::Agent).to receive(:notice_error) + .with(GpoConfirmationUploader::InvalidGpoConfirmationsPresent) expect(uploader).to receive(:generate_export).with([valid_confirmation]).and_return(export) expect(uploader).to receive(:upload_export).with(export) diff --git a/spec/services/gpo_daily_test_sender_spec.rb b/spec/services/gpo_daily_test_sender_spec.rb index d5cfb1c834a..eabb79cbfff 100644 --- a/spec/services/gpo_daily_test_sender_spec.rb +++ b/spec/services/gpo_daily_test_sender_spec.rb @@ -15,14 +15,14 @@ end before do - allow(IdentityConfig.store).to receive(:gpo_designated_receiver_pii). - and_return(designated_receiver_pii) + allow(IdentityConfig.store).to receive(:gpo_designated_receiver_pii) + .and_return(designated_receiver_pii) end describe '#run' do it 'creates a GPO confirmation and code for the current date' do - expect { sender.run }. - to(change { GpoConfirmation.count }.by(1).and(change { GpoConfirmationCode.count }.by(1))) + expect { sender.run } + .to(change { GpoConfirmation.count }.by(1).and(change { GpoConfirmationCode.count }.by(1))) gpo_confirmation_code = GpoConfirmationCode.find_by( otp_fingerprint: Pii::Fingerprinter.fingerprint(sender.otp_from_date), @@ -35,9 +35,9 @@ let(:designated_receiver_pii) { {} } it 'does not create gpo records' do - expect { sender.run }. - to(change { GpoConfirmation.count }.by(0). - and(change { GpoConfirmationCode.count }.by(0))) + expect { sender.run } + .to(change { GpoConfirmation.count }.by(0) + .and(change { GpoConfirmationCode.count }.by(0))) end it 'warns and does not blow up (so the calling job can continue normally)' do diff --git a/spec/services/gpo_reminder_sender_spec.rb b/spec/services/gpo_reminder_sender_spec.rb index a8ce6708be2..517f85e8ede 100644 --- a/spec/services/gpo_reminder_sender_spec.rb +++ b/spec/services/gpo_reminder_sender_spec.rb @@ -2,13 +2,13 @@ RSpec.shared_examples 'sends no emails' do it 'sends no emails' do - expect { subject.send_emails(time_due_for_reminder) }. - not_to change { ActionMailer::Base.deliveries.size } + expect { subject.send_emails(time_due_for_reminder) } + .not_to change { ActionMailer::Base.deliveries.size } end it 'logs no events' do - expect { subject.send_emails(time_due_for_reminder) }. - not_to change { fake_analytics.events.count } + expect { subject.send_emails(time_due_for_reminder) } + .not_to change { fake_analytics.events.count } end end @@ -16,8 +16,8 @@ expected_number_of_analytics_events: expected_number_of_emails| it "sends that user #{expected_number_of_emails} email(s)" do - expect { subject.send_emails(time_due_for_reminder) }. - to change { ActionMailer::Base.deliveries.size }.by(expected_number_of_emails) + expect { subject.send_emails(time_due_for_reminder) } + .to change { ActionMailer::Base.deliveries.size }.by(expected_number_of_emails) end it 'logs the email events' do @@ -38,10 +38,10 @@ let!(:user) { create(:user, :with_pending_gpo_profile, code_sent_at: code_sent_at) } let(:gpo_confirmation_code) do - user. - gpo_verification_pending_profile. - gpo_confirmation_codes. - first + user + .gpo_verification_pending_profile + .gpo_confirmation_codes + .first end let(:fake_analytics) { FakeAnalytics.new } @@ -105,10 +105,10 @@ def set_reminder_sent_at(to_time) subject.send_emails(time_due_for_reminder) user.gpo_verification_pending_profile.gpo_confirmation_codes.each(&:reload) - expect(user.gpo_verification_pending_profile.gpo_confirmation_codes[0].reminder_sent_at). - to be_within(1.second).of(Time.zone.now) - expect(user.gpo_verification_pending_profile.gpo_confirmation_codes[1].reminder_sent_at). - to be_within(1.second).of(Time.zone.now) + expect(user.gpo_verification_pending_profile.gpo_confirmation_codes[0].reminder_sent_at) + .to be_within(1.second).of(Time.zone.now) + expect(user.gpo_verification_pending_profile.gpo_confirmation_codes[1].reminder_sent_at) + .to be_within(1.second).of(Time.zone.now) end end diff --git a/spec/services/id_token_builder_spec.rb b/spec/services/id_token_builder_spec.rb index 17d0dc69380..e70f247e656 100644 --- a/spec/services/id_token_builder_spec.rb +++ b/spec/services/id_token_builder_spec.rb @@ -37,7 +37,7 @@ let(:decoded_id_token) do JWT.decode( id_token, - AppArtifacts.store.oidc_public_key, + Rails.application.config.oidc_public_key, true, algorithm: 'RS256', ).map(&:with_indifferent_access) @@ -64,10 +64,10 @@ context 'sp request includes VTR' do before do - allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests). - and_return(true) - allow(IdentityConfig.store).to receive(:vtm_url). - and_return(vtm_url) + allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests) + .and_return(true) + allow(IdentityConfig.store).to receive(:vtm_url) + .and_return(vtm_url) end it 'sets the vot if the sp requests it' do @@ -192,8 +192,8 @@ end it 'sets the code hash correctly' do - leftmost_128_bits = Digest::SHA256.digest(code). - byteslice(0, IdTokenBuilder::NUM_BYTES_FIRST_128_BITS) + leftmost_128_bits = Digest::SHA256.digest(code) + .byteslice(0, IdTokenBuilder::NUM_BYTES_FIRST_128_BITS) expected_hash = Base64.urlsafe_encode64(leftmost_128_bits, padding: false) expect(decoded_payload[:c_hash]).to eq(expected_hash) @@ -224,7 +224,9 @@ end it 'sets the kid for the signing key in the JWT headers' do - expect(decoded_headers[:kid]).to eq(JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid) + expect(decoded_headers[:kid]).to eq( + JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid, + ) end end end diff --git a/spec/services/identity_linker_spec.rb b/spec/services/identity_linker_spec.rb index 262e1746b5b..89c92186bf5 100644 --- a/spec/services/identity_linker_spec.rb +++ b/spec/services/identity_linker_spec.rb @@ -17,9 +17,9 @@ uuid: last_identity.uuid, } - identity_attributes = last_identity.attributes.symbolize_keys. - except(:created_at, :updated_at, :id, :session_uuid, - :last_authenticated_at, :nonce) + identity_attributes = last_identity.attributes.symbolize_keys + .except(:created_at, :updated_at, :id, :session_uuid, + :last_authenticated_at, :nonce) expect(last_identity.session_uuid).to match(/.{8}-.{4}-.{4}-.{4}-.{12}/) expect(last_identity.last_authenticated_at).to be_present @@ -64,8 +64,8 @@ let(:six_months_ago) { 6.months.ago } it 'does not override a previous last_consented_at by default' do - IdentityLinker.new(user, service_provider). - link_identity(last_consented_at: six_months_ago) + IdentityLinker.new(user, service_provider) + .link_identity(last_consented_at: six_months_ago) last_identity = user.reload.last_identity expect(last_identity.last_consented_at.to_i).to eq(six_months_ago.to_i) @@ -75,8 +75,8 @@ end it 'updates last_consented_at when present' do - IdentityLinker.new(user, service_provider). - link_identity(last_consented_at: now) + IdentityLinker.new(user, service_provider) + .link_identity(last_consented_at: now) last_identity = user.reload.last_identity expect(last_identity.last_consented_at.to_i).to eq(now.to_i) @@ -96,8 +96,8 @@ verified_attributes: %i[all_emails verified_at], ) end.to( - change { user.identities.last.verified_attributes }. - to(%w[address all_emails email verified_at]), + change { user.identities.last.verified_attributes } + .to(%w[address all_emails email verified_at]), ) end end @@ -112,17 +112,17 @@ end subject(:link_identity) do - IdentityLinker.new(user, service_provider). - link_identity(clear_deleted_at: clear_deleted_at) + IdentityLinker.new(user, service_provider) + .link_identity(clear_deleted_at: clear_deleted_at) end context ':clear_deleted_at is nil' do let(:clear_deleted_at) { nil } it 'nulls out deleted_at' do - expect { link_identity }. - to_not change { user.reload.last_identity.deleted_at&.to_i }. - from(yesterday.to_i) + expect { link_identity } + .to_not change { user.reload.last_identity.deleted_at&.to_i } + .from(yesterday.to_i) end end @@ -130,16 +130,16 @@ let(:clear_deleted_at) { true } it 'nulls out deleted_at' do - expect { link_identity }. - to change { user.reload.last_identity.deleted_at&.to_i }. - from(yesterday.to_i).to(nil) + expect { link_identity } + .to change { user.reload.last_identity.deleted_at&.to_i } + .from(yesterday.to_i).to(nil) end end end it 'rejects bad attributes names' do - expect { IdentityLinker.new(user, service_provider).link_identity(foobar: true) }. - to raise_error(ArgumentError) + expect { IdentityLinker.new(user, service_provider).link_identity(foobar: true) } + .to raise_error(ArgumentError) end it 'does not link to an identity record if the provider is nil' do diff --git a/spec/services/idv/in_person/completion_survey_sender_spec.rb b/spec/services/idv/in_person/completion_survey_sender_spec.rb index 0e524d763bc..846a29a41d6 100644 --- a/spec/services/idv/in_person/completion_survey_sender_spec.rb +++ b/spec/services/idv/in_person/completion_survey_sender_spec.rb @@ -6,8 +6,8 @@ let(:issuer) { 'test_issuer' } it 'does nothing if the user should not receive a survey' do - allow(user).to receive(:should_receive_in_person_completion_survey?). - with(issuer).and_return(false) + allow(user).to receive(:should_receive_in_person_completion_survey?) + .with(issuer).and_return(false) described_class.send_completion_survey(user, issuer) expect_delivered_email_count(0) @@ -15,8 +15,8 @@ context 'user should receive a survey' do before do - allow(user).to receive(:should_receive_in_person_completion_survey?). - with(issuer).and_return(true) + allow(user).to receive(:should_receive_in_person_completion_survey?) + .with(issuer).and_return(true) create(:service_provider, issuer: issuer) create(:in_person_enrollment, user: user, issuer: issuer, status: :passed) diff --git a/spec/services/idv/in_person_config_spec.rb b/spec/services/idv/in_person_config_spec.rb index 0665aa2fbb4..54d947ff840 100644 --- a/spec/services/idv/in_person_config_spec.rb +++ b/spec/services/idv/in_person_config_spec.rb @@ -5,8 +5,8 @@ let(:idv_sp_required) { false } before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) allow(IdentityConfig.store).to receive(:idv_sp_required).and_return(idv_sp_required) end diff --git a/spec/services/idv/profile_maker_spec.rb b/spec/services/idv/profile_maker_spec.rb index 987438eff83..a3037ef8cc5 100644 --- a/spec/services/idv/profile_maker_spec.rb +++ b/spec/services/idv/profile_maker_spec.rb @@ -142,10 +142,10 @@ context 'with in_person_verification_needed' do context 'when threatmetrix decisioning is disabled' do before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx_mock) - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:disabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx_mock) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(:disabled) end let(:profile) do @@ -182,10 +182,10 @@ let(:in_person_proofing_enforce_tmx_mock) { true } before do - allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). - and_return(in_person_proofing_enforce_tmx_mock) - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(:enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx) + .and_return(in_person_proofing_enforce_tmx_mock) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(:enabled) end let(:profile) do diff --git a/spec/services/idv/proofing_components_spec.rb b/spec/services/idv/proofing_components_spec.rb index 8c871f87725..eee7a899214 100644 --- a/spec/services/idv/proofing_components_spec.rb +++ b/spec/services/idv/proofing_components_spec.rb @@ -35,8 +35,8 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return('test_vendor') idv_session.mark_verify_info_step_complete! idv_session.address_verification_mechanism = 'gpo' - allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?). - and_return(true) + allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?) + .and_return(true) idv_session.threatmetrix_review_status = 'pass' idv_session.source_check_vendor = 'aamva' end @@ -198,8 +198,8 @@ describe '#threatmetrix' do context 'device profiling collecting enabled' do before do - allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?). - and_return(true) + allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?) + .and_return(true) end context 'threatmetrix_review_status present' do @@ -221,8 +221,8 @@ context 'device profiling collecting disabled' do before do - allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?). - and_return(false) + allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?) + .and_return(false) end context 'threatmetrix_review_status present' do diff --git a/spec/services/idv/send_phone_confirmation_otp_spec.rb b/spec/services/idv/send_phone_confirmation_otp_spec.rb index 72bb15575fa..81ec1423bcc 100644 --- a/spec/services/idv/send_phone_confirmation_otp_spec.rb +++ b/spec/services/idv/send_phone_confirmation_otp_spec.rb @@ -30,10 +30,10 @@ allow(Idv::PhoneConfirmationSession).to receive(:generate_code).and_return(otp_code) # Mock OtpRateLimiter - allow(OtpRateLimiter).to receive(:new).with(user: user, phone: phone, phone_confirmed: true). - and_return(otp_rate_limiter) - allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?). - and_return(exceeded_otp_send_limit) + allow(OtpRateLimiter).to receive(:new).with(user: user, phone: phone, phone_confirmed: true) + .and_return(otp_rate_limiter) + allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?) + .and_return(exceeded_otp_send_limit) end subject { described_class.new(user: user, idv_session: idv_session) } @@ -123,8 +123,8 @@ describe '#user_locked_out?' do before do - allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?). - and_return(exceeded_otp_send_limit) + allow(otp_rate_limiter).to receive(:exceeded_otp_send_limit?) + .and_return(exceeded_otp_send_limit) end context 'the user is locked out' do diff --git a/spec/services/otp_preference_updater_spec.rb b/spec/services/otp_preference_updater_spec.rb index fa120485581..82c42219bed 100644 --- a/spec/services/otp_preference_updater_spec.rb +++ b/spec/services/otp_preference_updater_spec.rb @@ -37,8 +37,8 @@ otp_make_default_number: nil, phone_id: 1 } - expect(UpdateUserPhoneConfiguration).to receive(:update!). - with(user: user, attributes: attributes) + expect(UpdateUserPhoneConfiguration).to receive(:update!) + .with(user: user, attributes: attributes) updater.call end diff --git a/spec/services/otp_rate_limiter_spec.rb b/spec/services/otp_rate_limiter_spec.rb index 27c6187d5a8..9313404cdb7 100644 --- a/spec/services/otp_rate_limiter_spec.rb +++ b/spec/services/otp_rate_limiter_spec.rb @@ -61,8 +61,8 @@ it 'increments the otp_send_count' do otp_rate_limiter.increment - expect { otp_rate_limiter.increment }. - to change { otp_rate_limiter.rate_limiter.attempts }.from(1).to(2) + expect { otp_rate_limiter.increment } + .to change { otp_rate_limiter.rate_limiter.attempts }.from(1).to(2) end end diff --git a/spec/services/outage_status_spec.rb b/spec/services/outage_status_spec.rb index c9e5529fa61..b0121dbe531 100644 --- a/spec/services/outage_status_spec.rb +++ b/spec/services/outage_status_spec.rb @@ -12,8 +12,8 @@ context 'when all vendors are operational' do before do OutageStatus::ALL_VENDORS.each do |vendor| - allow(IdentityConfig.store).to receive(:"vendor_status_#{vendor}"). - and_return(:operational) + allow(IdentityConfig.store).to receive(:"vendor_status_#{vendor}") + .and_return(:operational) end end @@ -29,8 +29,8 @@ context 'when any vendor has an outage' do OutageStatus::ALL_VENDORS.each do |vendor| before do - allow(IdentityConfig.store).to receive(:"vendor_status_#{vendor}"). - and_return(:full_outage) + allow(IdentityConfig.store).to receive(:"vendor_status_#{vendor}") + .and_return(:full_outage) end it "correctly reports a vendor outage when #{vendor} is offline" do @@ -41,8 +41,8 @@ context 'when an idv vendor has an outage' do before do - allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_trueid). - and_return(:full_outage) + allow(IdentityConfig.store).to receive(:vendor_status_lexisnexis_trueid) + .and_return(:full_outage) end it 'correctly reports an idv vendor outage' do @@ -56,8 +56,8 @@ context 'when a non-idv vendor has an outage' do before do - allow(IdentityConfig.store).to receive(:vendor_status_sms). - and_return(:full_outage) + allow(IdentityConfig.store).to receive(:vendor_status_sms) + .and_return(:full_outage) end it 'correctly reports no idv vendor outage' do @@ -131,10 +131,10 @@ subject(:status) { vendor_status.idv_scheduled_maintenance_status } before do - allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_start). - and_return(start) - allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_finish). - and_return(finish) + allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_start) + .and_return(start) + allow(IdentityConfig.store).to receive(:vendor_status_idv_scheduled_maintenance_finish) + .and_return(finish) travel_to(now) end diff --git a/spec/services/outbound_health_checker_spec.rb b/spec/services/outbound_health_checker_spec.rb index a67b03a5f4e..7a269c80a38 100644 --- a/spec/services/outbound_health_checker_spec.rb +++ b/spec/services/outbound_health_checker_spec.rb @@ -21,8 +21,8 @@ context 'successful connection to endpoint' do before do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_return(status: status) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_return(status: status) end context '200 response from endpoint' do @@ -80,8 +80,8 @@ context 'timeout from endpoint' do it 'retries and is healthy if the second request succeeds' do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_timeout.then.to_return(status: 200) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_timeout.then.to_return(status: 200) expect(check).to be_healthy end @@ -107,22 +107,22 @@ end it 'retries and is healthy if the second request succeeds' do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_raise(Faraday::ConnectionFailed).then.to_return(status: 200) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_raise(Faraday::ConnectionFailed).then.to_return(status: 200) expect(check).to be_healthy end it 'is not healthy after 2 retries' do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_raise(Faraday::ConnectionFailed) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_raise(Faraday::ConnectionFailed) expect(check).to_not be_healthy end it 'notifies newrelic' do - stub_request(:head, IdentityConfig.store.outbound_connection_check_url). - to_raise(Faraday::ConnectionFailed) + stub_request(:head, IdentityConfig.store.outbound_connection_check_url) + .to_raise(Faraday::ConnectionFailed) expect(NewRelic::Agent).to receive(:notice_error) diff --git a/spec/services/piv_cac/check_config_spec.rb b/spec/services/piv_cac/check_config_spec.rb index acab30772f5..19490aba4d0 100644 --- a/spec/services/piv_cac/check_config_spec.rb +++ b/spec/services/piv_cac/check_config_spec.rb @@ -22,8 +22,8 @@ context 'non-https config' do it 'does raise an error' do - expect { PivCac::CheckConfig.call }. - to raise_error(RuntimeError, "piv_cac_verify_token_url configured without SSL: #{url}") + expect { PivCac::CheckConfig.call } + .to raise_error(RuntimeError, "piv_cac_verify_token_url configured without SSL: #{url}") end end diff --git a/spec/services/piv_cac_service_spec.rb b/spec/services/piv_cac_service_spec.rb index f6e7ae39017..e4acf4258f4 100644 --- a/spec/services/piv_cac_service_spec.rb +++ b/spec/services/piv_cac_service_spec.rb @@ -125,12 +125,12 @@ end let!(:request) do - stub_request(:post, 'localhost:8443'). - with( + stub_request(:post, 'localhost:8443') + .with( body: 'token=foo', headers: { 'Authentication' => /^hmac\s+:.+:.+$/ }, - ). - to_return( + ) + .to_return( status: [200, 'Ok'], body: '{"subject":"dn","uuid":"uuid"}', ) @@ -167,12 +167,12 @@ end let!(:request) do - stub_request(:post, 'localhost:8443'). - with( + stub_request(:post, 'localhost:8443') + .with( body: 'token=foo', headers: { 'Authentication' => /^hmac\s+:.+:.+$/ }, - ). - to_return( + ) + .to_return( status: [200, 'Ok'], body: '{"subject":"dn","uuid":"uuid"}', ) @@ -209,9 +209,9 @@ end let!(:request) do - stub_request(:post, 'localhost:8443'). - with(body: 'token=foo'). - to_return( + stub_request(:post, 'localhost:8443') + .with(body: 'token=foo') + .to_return( status: [200, 'Ok'], body: 'bad-json', ) @@ -234,8 +234,8 @@ end let!(:request) do - stub_request(:post, 'localhost:8443'). - to_raise(Faraday::ConnectionFailed) + stub_request(:post, 'localhost:8443') + .to_raise(Faraday::ConnectionFailed) end it 'returns an error' do diff --git a/spec/services/profanity_detector_spec.rb b/spec/services/profanity_detector_spec.rb index 38e4cb3560a..8f8826196fa 100644 --- a/spec/services/profanity_detector_spec.rb +++ b/spec/services/profanity_detector_spec.rb @@ -27,8 +27,8 @@ describe '.without_profanity' do it 'keeps executing a block until it does not return something profane' do - expect(SecureRandom).to receive(:random_number). - and_return( + expect(SecureRandom).to receive(:random_number) + .and_return( Base32::Crockford.decode('FART1'), Base32::Crockford.decode('FART2'), Base32::Crockford.decode('ABCDE'), diff --git a/spec/services/proofing/aamva/authentication_client_spec.rb b/spec/services/proofing/aamva/authentication_client_spec.rb index c787a754801..4de9ca522a2 100644 --- a/spec/services/proofing/aamva/authentication_client_spec.rb +++ b/spec/services/proofing/aamva/authentication_client_spec.rb @@ -3,14 +3,14 @@ RSpec.describe Proofing::Aamva::AuthenticationClient do let(:config) { AamvaFixtures.example_config } let(:security_token_request_stub) do - stub_request(:post, config.auth_url). - with(body: AamvaFixtures.security_token_request). - to_return(body: AamvaFixtures.security_token_response, status: 200) + stub_request(:post, config.auth_url) + .with(body: AamvaFixtures.security_token_request) + .to_return(body: AamvaFixtures.security_token_response, status: 200) end let(:auth_token_request_stub) do - stub_request(:post, config.auth_url). - with(body: AamvaFixtures.authentication_token_request). - to_return(body: AamvaFixtures.authentication_token_response, status: 200) + stub_request(:post, config.auth_url) + .with(body: AamvaFixtures.authentication_token_request) + .to_return(body: AamvaFixtures.authentication_token_response, status: 200) end let(:security_context_token_identifier) { 'sct-token-identifier' } @@ -21,11 +21,11 @@ describe '#fetch_token' do before do security_token_request = Proofing::Aamva::Request::SecurityTokenRequest.new(config) - allow(security_token_request).to receive(:body). - and_return(AamvaFixtures.security_token_request) + allow(security_token_request).to receive(:body) + .and_return(AamvaFixtures.security_token_request) allow(security_token_request).to receive(:nonce).and_return(client_hmac_secret) - allow(Proofing::Aamva::Request::SecurityTokenRequest).to receive(:new). - and_return(security_token_request) + allow(Proofing::Aamva::Request::SecurityTokenRequest).to receive(:new) + .and_return(security_token_request) security_token_request_stub auth_token_request = Proofing::Aamva::Request::AuthenticationTokenRequest.new( @@ -35,17 +35,17 @@ server_hmac_secret: server_hmac_secret, config: config, ) - allow(auth_token_request).to receive(:body). - and_return(AamvaFixtures.authentication_token_request) - allow(Proofing::Aamva::Request::AuthenticationTokenRequest).to receive(:new). - with( + allow(auth_token_request).to receive(:body) + .and_return(AamvaFixtures.authentication_token_request) + allow(Proofing::Aamva::Request::AuthenticationTokenRequest).to receive(:new) + .with( config: config, security_context_token_identifier: security_context_token_identifier, security_context_token_reference: security_context_token_reference, client_hmac_secret: client_hmac_secret, server_hmac_secret: server_hmac_secret, - ). - and_return(auth_token_request) + ) + .and_return(auth_token_request) auth_token_request_stub end diff --git a/spec/services/proofing/aamva/proofer_spec.rb b/spec/services/proofing/aamva/proofer_spec.rb index 33bbdfb169f..0885a98d462 100644 --- a/spec/services/proofing/aamva/proofer_spec.rb +++ b/spec/services/proofing/aamva/proofer_spec.rb @@ -34,13 +34,13 @@ let(:verification_response) { AamvaFixtures.verification_response } before do - stub_request(:post, AamvaFixtures.example_config.auth_url). - to_return( + stub_request(:post, AamvaFixtures.example_config.auth_url) + .to_return( { body: AamvaFixtures.security_token_response }, { body: AamvaFixtures.authentication_token_response }, ) - stub_request(:post, AamvaFixtures.example_config.verification_url). - to_return(body: verification_response) + stub_request(:post, AamvaFixtures.example_config.verification_url) + .to_return(body: verification_response) end describe '#proof' do @@ -645,8 +645,8 @@ def self.test_not_successful let(:exception) { RuntimeError.new } before do - allow_any_instance_of(::Proofing::Aamva::Request::VerificationRequest). - to receive(:send).and_raise(exception) + allow_any_instance_of(::Proofing::Aamva::Request::VerificationRequest) + .to receive(:send).and_raise(exception) end it 'logs to NewRelic' do @@ -742,8 +742,8 @@ def self.test_not_successful context 'when the DMV is in a defined maintenance window' do before do - expect(Idv::AamvaStateMaintenanceWindow).to receive(:in_maintenance_window?). - and_return(true) + expect(Idv::AamvaStateMaintenanceWindow).to receive(:in_maintenance_window?) + .and_return(true) end it 'sets jurisdiction_in_maintenance_window to true' do @@ -754,8 +754,8 @@ def self.test_not_successful context 'when the DMV is not in a defined maintenance window' do before do - expect(Idv::AamvaStateMaintenanceWindow).to receive(:in_maintenance_window?). - and_return(false) + expect(Idv::AamvaStateMaintenanceWindow).to receive(:in_maintenance_window?) + .and_return(false) end it 'sets jurisdiction_in_maintenance_window to false' do diff --git a/spec/services/proofing/aamva/request/authentication_token_request_spec.rb b/spec/services/proofing/aamva/request/authentication_token_request_spec.rb index 930444f2af6..63fa5728f3c 100644 --- a/spec/services/proofing/aamva/request/authentication_token_request_spec.rb +++ b/spec/services/proofing/aamva/request/authentication_token_request_spec.rb @@ -22,9 +22,9 @@ before do allow(Time).to receive(:now).and_return(Time.utc(2017)) - allow(SecureRandom).to receive(:uuid). - at_least(:once). - and_return('12345678-abcd-efgh-ijkl-1234567890ab') + allow(SecureRandom).to receive(:uuid) + .at_least(:once) + .and_return('12345678-abcd-efgh-ijkl-1234567890ab') end describe '#body' do @@ -55,8 +55,8 @@ describe '#send' do context 'when the request is successful' do it 'returns a response object' do - stub_request(:post, config.auth_url). - to_return(body: AamvaFixtures.authentication_token_response, status: 200) + stub_request(:post, config.auth_url) + .to_return(body: AamvaFixtures.authentication_token_response, status: 200) result = subject.send @@ -67,8 +67,8 @@ # rubocop:disable Layout/LineLength context 'when the request times out' do it 'raises an error' do - stub_request(:post, config.auth_url). - to_timeout + stub_request(:post, config.auth_url) + .to_timeout expect { subject.send }.to raise_error( ::Proofing::TimeoutError, @@ -80,8 +80,8 @@ context 'when the connection fails' do it 'raises an error' do - stub_request(:post, config.auth_url). - to_raise(Faraday::ConnectionFailed.new('error')) + stub_request(:post, config.auth_url) + .to_raise(Faraday::ConnectionFailed.new('error')) expect { subject.send }.to raise_error( ::Proofing::TimeoutError, diff --git a/spec/services/proofing/aamva/request/security_token_request_spec.rb b/spec/services/proofing/aamva/request/security_token_request_spec.rb index 75a8702d72c..5f86ca01e02 100644 --- a/spec/services/proofing/aamva/request/security_token_request_spec.rb +++ b/spec/services/proofing/aamva/request/security_token_request_spec.rb @@ -7,12 +7,12 @@ before do allow(Time).to receive(:now).and_return(Time.utc(2017)) - allow(SecureRandom).to receive(:base64). - with(32). - and_return('MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA=') - allow(SecureRandom).to receive(:uuid). - at_least(:once). - and_return('12345678-abcd-efgh-ijkl-1234567890ab') + allow(SecureRandom).to receive(:base64) + .with(32) + .and_return('MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA=') + allow(SecureRandom).to receive(:uuid) + .at_least(:once) + .and_return('12345678-abcd-efgh-ijkl-1234567890ab') end subject(:security_token_request) { described_class.new(config) } @@ -30,10 +30,10 @@ expect(signature.text).to_not be_nil expect(signature.text).to_not be_empty - body_without_sig = security_token_request.body. - gsub(public_key.text, ''). - gsub(signature.text, ''). - gsub(key_identifier.text, '') + body_without_sig = security_token_request.body + .gsub(public_key.text, '') + .gsub(signature.text, '') + .gsub(key_identifier.text, '') expect(body_without_sig).to eq(AamvaFixtures.security_token_request) end @@ -61,8 +61,8 @@ describe '#send' do context 'when the request is successful' do it 'returns a response object' do - stub_request(:post, config.auth_url). - to_return(body: AamvaFixtures.security_token_response, status: 200) + stub_request(:post, config.auth_url) + .to_return(body: AamvaFixtures.security_token_response, status: 200) result = security_token_request.send @@ -72,9 +72,9 @@ context 'when the request times out once' do it 'retries and tries again' do - stub_request(:post, config.auth_url). - to_timeout. - to_return(body: AamvaFixtures.security_token_response, status: 200) + stub_request(:post, config.auth_url) + .to_timeout + .to_return(body: AamvaFixtures.security_token_response, status: 200) result = security_token_request.send @@ -85,8 +85,8 @@ # rubocop:disable Layout/LineLength context 'when the request times out a second time' do it 'raises an error' do - stub_request(:post, config.auth_url). - to_timeout + stub_request(:post, config.auth_url) + .to_timeout expect { security_token_request.send }.to raise_error( ::Proofing::TimeoutError, @@ -98,8 +98,8 @@ context 'when the connection fails' do it 'raises an error' do - stub_request(:post, config.auth_url). - to_raise(Faraday::ConnectionFailed.new('error')) + stub_request(:post, config.auth_url) + .to_raise(Faraday::ConnectionFailed.new('error')) expect { security_token_request.send }.to raise_error( ::Proofing::TimeoutError, diff --git a/spec/services/proofing/aamva/request/verification_request_spec.rb b/spec/services/proofing/aamva/request/verification_request_spec.rb index 79b52ef2716..ff092966c78 100644 --- a/spec/services/proofing/aamva/request/verification_request_spec.rb +++ b/spec/services/proofing/aamva/request/verification_request_spec.rb @@ -249,8 +249,8 @@ describe '#send' do context 'when the request is successful' do it 'returns a response object' do - stub_request(:post, config.verification_url). - to_return(body: AamvaFixtures.verification_response, status: 200) + stub_request(:post, config.verification_url) + .to_return(body: AamvaFixtures.verification_response, status: 200) response = subject.send @@ -270,8 +270,8 @@ # rubocop:disable Layout/LineLength context 'when the request times out' do it 'raises an error' do - stub_request(:post, config.verification_url). - to_timeout + stub_request(:post, config.verification_url) + .to_timeout expect { subject.send }.to raise_error( ::Proofing::TimeoutError, @@ -283,8 +283,8 @@ context 'when the connection fails' do it 'raises an error' do - stub_request(:post, config.verification_url). - to_raise(Faraday::ConnectionFailed.new('error')) + stub_request(:post, config.verification_url) + .to_raise(Faraday::ConnectionFailed.new('error')) expect { subject.send }.to raise_error( ::Proofing::TimeoutError, diff --git a/spec/services/proofing/aamva/verification_client_spec.rb b/spec/services/proofing/aamva/verification_client_spec.rb index 14a765a2445..75c998b4dcc 100644 --- a/spec/services/proofing/aamva/verification_client_spec.rb +++ b/spec/services/proofing/aamva/verification_client_spec.rb @@ -17,14 +17,14 @@ describe '#send_verification_request' do before do - allow(Proofing::Aamva::AuthenticationClient).to receive(:auth_token). - and_return('ThisIsTheToken') + allow(Proofing::Aamva::AuthenticationClient).to receive(:auth_token) + .and_return('ThisIsTheToken') end it 'gets the auth token from the auth client' do - verification_stub = stub_request(:post, AamvaFixtures.example_config.verification_url). - to_return(body: AamvaFixtures.verification_response, status: 200). - with do |request| + verification_stub = stub_request(:post, AamvaFixtures.example_config.verification_url) + .to_return(body: AamvaFixtures.verification_response, status: 200) + .with do |request| xml_text_at_path(request.body, '//dldv:token').gsub(/\s/, '') == 'ThisIsTheToken' end @@ -42,11 +42,11 @@ let(:response_http_status) { 200 } before do - allow(Proofing::Aamva::AuthenticationClient).to receive(:auth_token). - and_return('ThisIsTheToken') + allow(Proofing::Aamva::AuthenticationClient).to receive(:auth_token) + .and_return('ThisIsTheToken') - stub_request(:post, AamvaFixtures.example_config.verification_url). - to_return(body: response_body, status: response_http_status) + stub_request(:post, AamvaFixtures.example_config.verification_url) + .to_return(body: response_body, status: response_http_status) end let(:response) do diff --git a/spec/services/proofing/lexis_nexis/ddp/proofing_spec.rb b/spec/services/proofing/lexis_nexis/ddp/proofing_spec.rb index 0f9485bf8b1..abd414271af 100644 --- a/spec/services/proofing/lexis_nexis/ddp/proofing_spec.rb +++ b/spec/services/proofing/lexis_nexis/ddp/proofing_spec.rb @@ -149,8 +149,8 @@ result = proofer.proof(proofing_applicant) expect(result.success?).to eq(false) - expect(result.exception.inspect). - to include(LexisNexisFixtures.ddp_unexpected_review_status) + expect(result.exception.inspect) + .to include(LexisNexisFixtures.ddp_unexpected_review_status) end end end @@ -161,8 +161,8 @@ end before do - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_authentication_policy). - and_return('test-authentication-policy') + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_authentication_policy) + .and_return('test-authentication-policy') end context 'when the response is a full match' do let(:response_body) { LexisNexisFixtures.ddp_success_response_json } diff --git a/spec/services/proofing/lexis_nexis/ddp/response_redacter_spec.rb b/spec/services/proofing/lexis_nexis/ddp/response_redacter_spec.rb index a641ff46018..645d166a14e 100644 --- a/spec/services/proofing/lexis_nexis/ddp/response_redacter_spec.rb +++ b/spec/services/proofing/lexis_nexis/ddp/response_redacter_spec.rb @@ -2,8 +2,8 @@ RSpec.describe Proofing::LexisNexis::Ddp::ResponseRedacter do let(:json) do - Proofing::LexisNexis::Ddp::ResponseRedacter. - redact(sample_hash) + Proofing::LexisNexis::Ddp::ResponseRedacter + .redact(sample_hash) end describe 'self.redact' do diff --git a/spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb b/spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb index 4e541595f69..d6b1b4ad106 100644 --- a/spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb +++ b/spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb @@ -32,10 +32,10 @@ end before do - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_policy). - and_return('test-policy') - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_authentication_policy). - and_return('test-authentication-policy') + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_policy) + .and_return('test-policy') + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_authentication_policy) + .and_return('test-authentication-policy') end describe '#body' do diff --git a/spec/services/proofing/lexis_nexis/phone_finder/proofing_spec.rb b/spec/services/proofing/lexis_nexis/phone_finder/proofing_spec.rb index 43b9225d5b5..d2dd5609fcd 100644 --- a/spec/services/proofing/lexis_nexis/phone_finder/proofing_spec.rb +++ b/spec/services/proofing/lexis_nexis/phone_finder/proofing_spec.rb @@ -29,8 +29,8 @@ describe '#proof' do context 'when the response is a success' do it 'is a successful rdp1 result' do - stub_request(:post, verification_request.url). - to_return(body: LexisNexisFixtures.phone_finder_rdp1_success_response_json, status: 200) + stub_request(:post, verification_request.url) + .to_return(body: LexisNexisFixtures.phone_finder_rdp1_success_response_json, status: 200) result = subject.proof(applicant) @@ -42,8 +42,8 @@ end it 'is a successful rdp2 result' do - stub_request(:post, verification_request.url). - to_return(body: LexisNexisFixtures.phone_finder_rdp2_success_response_json, status: 200) + stub_request(:post, verification_request.url) + .to_return(body: LexisNexisFixtures.phone_finder_rdp2_success_response_json, status: 200) result = subject.proof(applicant) @@ -83,8 +83,8 @@ context 'when the rdp2 response is a failure' do it 'is a failure result' do - stub_request(:post, verification_request.url). - to_return(body: LexisNexisFixtures.phone_finder_rdp2_fail_response_json, status: 200) + stub_request(:post, verification_request.url) + .to_return(body: LexisNexisFixtures.phone_finder_rdp2_fail_response_json, status: 200) result = subject.proof(applicant) result_json_hash = result.errors[:PhoneFinder].first diff --git a/spec/services/proofing/mock/device_profiling_backend_spec.rb b/spec/services/proofing/mock/device_profiling_backend_spec.rb index e4c64f09538..ef206058638 100644 --- a/spec/services/proofing/mock/device_profiling_backend_spec.rb +++ b/spec/services/proofing/mock/device_profiling_backend_spec.rb @@ -12,8 +12,8 @@ describe '#record_profiling_result' do it 'raises with unknown result' do - expect { backend.record_profiling_result(session_id: session_id, result: 'aaa') }. - to raise_error(ArgumentError) + expect { backend.record_profiling_result(session_id: session_id, result: 'aaa') } + .to raise_error(ArgumentError) end it 'sets the value in redis' do diff --git a/spec/services/proofing/resolution/plugins/aamva_plugin_spec.rb b/spec/services/proofing/resolution/plugins/aamva_plugin_spec.rb index f23c51056c4..5e47a42589c 100644 --- a/spec/services/proofing/resolution/plugins/aamva_plugin_spec.rb +++ b/spec/services/proofing/resolution/plugins/aamva_plugin_spec.rb @@ -74,8 +74,8 @@ def sp_cost_count_with_transaction_id it 'tracks an SP cost for AAMVA' do expect { call }.to( - change { sp_cost_count_with_transaction_id }. - to(1), + change { sp_cost_count_with_transaction_id } + .to(1), ) end @@ -111,10 +111,10 @@ def sp_cost_count_with_transaction_id end it 'tracks an SP cost for AAMVA' do - expect { call }. - to( - change { sp_cost_count_with_transaction_id }. - to(1), + expect { call } + .to( + change { sp_cost_count_with_transaction_id } + .to(1), ) end end @@ -323,8 +323,8 @@ def sp_cost_count_with_transaction_id end before do - allow(IdentityConfig.store).to receive(:aamva_supported_jurisdictions). - and_return(aamva_supported_jurisdictions) + allow(IdentityConfig.store).to receive(:aamva_supported_jurisdictions) + .and_return(aamva_supported_jurisdictions) end context 'when jurisdiction is supported' do diff --git a/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb b/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb index de3ed2161bc..0bf9f5da8ec 100644 --- a/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb +++ b/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb @@ -64,9 +64,9 @@ end it 'passes state id address to proofer' do - expect(plugin.proofer). - to receive(:proof). - with(hash_including(state_id_address)) + expect(plugin.proofer) + .to receive(:proof) + .with(hash_including(state_id_address)) call end @@ -77,13 +77,13 @@ end it 'records correct SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end @@ -102,13 +102,13 @@ end it 'records a LexisNexis SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end @@ -127,13 +127,13 @@ end it 'records a LexisNexis SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end end @@ -147,8 +147,8 @@ end it 'does not add a new LexisNexis SP cost (since residential address result was reused)' do - expect { call }. - not_to change { + expect { call } + .not_to change { SpCost.where( cost_type: :lexis_nexis_resolution, issuer: current_sp.issuer, @@ -193,13 +193,13 @@ end it 'records a LexisNexis SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end @@ -218,13 +218,13 @@ end it 'records a LexisNexis SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end @@ -243,13 +243,13 @@ end it 'records a LexisNexis SP cost' do - expect { call }. - to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - }.to(1) + expect { call } + .to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + }.to(1) end end @@ -269,13 +269,13 @@ end it 'does not record an additional LexisNexis SP cost' do - expect { call }. - not_to change { - SpCost.where( - cost_type: :lexis_nexis_resolution, - issuer: current_sp.issuer, - ).count - } + expect { call } + .not_to change { + SpCost.where( + cost_type: :lexis_nexis_resolution, + issuer: current_sp.issuer, + ).count + } end it 'returns a ResolutionCannotPass result' do diff --git a/spec/services/proofing/resolution/plugins/threatmetrix_plugin_spec.rb b/spec/services/proofing/resolution/plugins/threatmetrix_plugin_spec.rb index 210a4497696..e0135620dad 100644 --- a/spec/services/proofing/resolution/plugins/threatmetrix_plugin_spec.rb +++ b/spec/services/proofing/resolution/plugins/threatmetrix_plugin_spec.rb @@ -15,8 +15,8 @@ end before do - allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:lexisnexis_threatmetrix_mock_enabled) + .and_return(false) allow(plugin.proofer).to receive(:proof).and_return(proofer_result) end @@ -38,8 +38,8 @@ def sp_cost_count context 'ThreatMetrix is enabled' do before do - allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?). - and_return(true) + allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?) + .and_return(true) end it 'calls the ThreatMetrix proofer' do @@ -93,8 +93,8 @@ def sp_cost_count context 'ThreatMetrix is disabled' do before do - allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?). - and_return(false) + allow(FeatureManagement).to receive(:proofing_device_profiling_collecting_enabled?) + .and_return(false) end it 'returns a disabled result' do diff --git a/spec/services/proofing/resolution/progressive_proofer_spec.rb b/spec/services/proofing/resolution/progressive_proofer_spec.rb index 5b7eab4a20a..12b31d71a00 100644 --- a/spec/services/proofing/resolution/progressive_proofer_spec.rb +++ b/spec/services/proofing/resolution/progressive_proofer_spec.rb @@ -86,14 +86,14 @@ before do allow(resolution_proofer).to receive(:proof).and_return(*resolution_proofing_results) - allow(progressive_proofer).to receive(:create_proofer). - and_return(resolution_proofer) + allow(progressive_proofer).to receive(:create_proofer) + .and_return(resolution_proofer) - allow(progressive_proofer.threatmetrix_plugin).to receive(:proofer). - and_return(threatmetrix_proofer) + allow(progressive_proofer.threatmetrix_plugin).to receive(:proofer) + .and_return(threatmetrix_proofer) - allow(progressive_proofer.aamva_plugin).to receive(:proofer). - and_return(aamva_proofer) + allow(progressive_proofer.aamva_plugin).to receive(:proofer) + .and_return(aamva_proofer) end context 'remote unsupervised proofing' do @@ -339,12 +339,12 @@ subject(:proofing_vendor) { progressive_proofer.proofing_vendor } before do - allow(IdentityConfig.store).to receive(:idv_resolution_default_vendor). - and_return(idv_resolution_default_vendor) - allow(IdentityConfig.store).to receive(:idv_resolution_alternate_vendor). - and_return(idv_resolution_alternate_vendor) - allow(IdentityConfig.store).to receive(:idv_resolution_alternate_vendor_percent). - and_return(idv_resolution_alternate_vendor_percent) + allow(IdentityConfig.store).to receive(:idv_resolution_default_vendor) + .and_return(idv_resolution_default_vendor) + allow(IdentityConfig.store).to receive(:idv_resolution_alternate_vendor) + .and_return(idv_resolution_alternate_vendor) + allow(IdentityConfig.store).to receive(:idv_resolution_alternate_vendor_percent) + .and_return(idv_resolution_alternate_vendor_percent) end context 'when default is set to 100%' do diff --git a/spec/services/proofing/socure/id_plus/proofer_spec.rb b/spec/services/proofing/socure/id_plus/proofer_spec.rb index a95c06893e9..469610514be 100644 --- a/spec/services/proofing/socure/id_plus/proofer_spec.rb +++ b/spec/services/proofing/socure/id_plus/proofer_spec.rb @@ -58,8 +58,8 @@ before do using_json = !response_body.is_a?(String) - stub_request(:post, URI.join(base_url, '/api/3.0/EmailAuthScore').to_s). - to_return( + stub_request(:post, URI.join(base_url, '/api/3.0/EmailAuthScore').to_s) + .to_return( status: response_status, headers: { 'Content-Type' => using_json ? @@ -185,8 +185,8 @@ context 'when request times out' do before do - stub_request(:post, URI.join(base_url, '/api/3.0/EmailAuthScore').to_s). - to_timeout + stub_request(:post, URI.join(base_url, '/api/3.0/EmailAuthScore').to_s) + .to_timeout end describe 'the result' do diff --git a/spec/services/proofing/socure/id_plus/request_spec.rb b/spec/services/proofing/socure/id_plus/request_spec.rb index 333ee26285d..69b4b87032b 100644 --- a/spec/services/proofing/socure/id_plus/request_spec.rb +++ b/spec/services/proofing/socure/id_plus/request_spec.rb @@ -68,8 +68,8 @@ describe '#send_request' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_return( headers: { 'Content-Type' => 'application/json', }, @@ -129,8 +129,8 @@ context 'when service returns an HTTP 400 response' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_return( status: 400, headers: { 'Content-Type' => 'application/json', @@ -170,8 +170,8 @@ context 'when service returns an HTTP 401 reponse' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_return( status: 401, headers: { 'Content-Type' => 'application/json', @@ -198,8 +198,8 @@ context 'when service returns weird HTTP 500 response' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_return( + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_return( status: 500, body: 'It works!', ) @@ -214,8 +214,8 @@ context 'when request times out' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_timeout + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_timeout end it 'raises a ProofingTimeoutError' do @@ -225,8 +225,8 @@ context 'when connection is reset' do before do - stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore'). - to_raise(Errno::ECONNRESET) + stub_request(:post, 'https://example.org/api/3.0/EmailAuthScore') + .to_raise(Errno::ECONNRESET) end it 'raises a Request::Error' do diff --git a/spec/services/proofing/socure/reason_codes/importer_spec.rb b/spec/services/proofing/socure/reason_codes/importer_spec.rb index f14ef0ac5af..2f8e4dddbfd 100644 --- a/spec/services/proofing/socure/reason_codes/importer_spec.rb +++ b/spec/services/proofing/socure/reason_codes/importer_spec.rb @@ -15,8 +15,8 @@ end it 'adds reason codes that do not exist', :freeze_time do - allow(subject.api_client).to receive(:download_reason_codes). - and_return(downloaded_reason_codes) + allow(subject.api_client).to receive(:download_reason_codes) + .and_return(downloaded_reason_codes) result = subject.synchronize @@ -42,8 +42,8 @@ added_at: 1.day.ago, ) - allow(subject.api_client).to receive(:download_reason_codes). - and_return(downloaded_reason_codes) + allow(subject.api_client).to receive(:download_reason_codes) + .and_return(downloaded_reason_codes) result = subject.synchronize expect(result.to_h[:deactivated_reason_codes]).to eq( @@ -58,8 +58,8 @@ context 'the downloaded reason codes are malformed' do it 'returns an unsuccessful response' do - allow(subject.api_client).to receive(:download_reason_codes). - and_return('malformed response') + allow(subject.api_client).to receive(:download_reason_codes) + .and_return('malformed response') result = subject.synchronize diff --git a/spec/services/push_notification/http_push_spec.rb b/spec/services/push_notification/http_push_spec.rb index 1cd1e71bb13..b6b0288a695 100644 --- a/spec/services/push_notification/http_push_spec.rb +++ b/spec/services/push_notification/http_push_spec.rb @@ -29,8 +29,8 @@ before do ActiveJob::Base.queue_adapter = :test allow(Identity::Hostdata).to receive(:env).and_return('dev') - allow(IdentityConfig.store).to receive(:push_notifications_enabled). - and_return(push_notifications_enabled) + allow(IdentityConfig.store).to receive(:push_notifications_enabled) + .and_return(push_notifications_enabled) end describe '#deliver' do @@ -48,14 +48,14 @@ jwt_payload, headers = JWT.decode( args[:jwt], - AppArtifacts.store.oidc_public_key, + Rails.application.config.oidc_public_key, true, algorithm: 'RS256', - kid: JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid, + kid: JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid, ) expect(headers['typ']).to eq('secevent+jwt') - expect(headers['kid']).to eq(JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid) + expect(headers['kid']).to eq(JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid) expect(jwt_payload['iss']).to eq(root_url) expect(jwt_payload['iat']).to eq(now.to_i) @@ -82,10 +82,10 @@ expect { deliver }.to have_enqueued_job(RiscDeliveryJob).with { |args| jwt_payload, _headers = JWT.decode( args[:jwt], - AppArtifacts.store.oidc_public_key, + Rails.application.config.oidc_public_key, true, algorithm: 'RS256', - kid: JWT::JWK.new(AppArtifacts.store.oidc_private_key).kid, + kid: JWT::JWK.new(AppArtifacts.store.oidc_primary_private_key).kid, ) expect(jwt_payload['events'][event.event_type]['subject']['sub']).to eq(agency_uuid) } diff --git a/spec/services/random_phrase_spec.rb b/spec/services/random_phrase_spec.rb index d9b3aab9c22..e94be65b36f 100644 --- a/spec/services/random_phrase_spec.rb +++ b/spec/services/random_phrase_spec.rb @@ -6,8 +6,8 @@ profane = Base32::Crockford.decode('FART') not_profane = Base32::Crockford.decode('ABCD') - expect(SecureRandom).to receive(:random_number). - and_return(profane, not_profane) + expect(SecureRandom).to receive(:random_number) + .and_return(profane, not_profane) phrase = RandomPhrase.new(num_words: 1) diff --git a/spec/services/rate_limiter_spec.rb b/spec/services/rate_limiter_spec.rb index a4b8fc619bf..f3184ac60f3 100644 --- a/spec/services/rate_limiter_spec.rb +++ b/spec/services/rate_limiter_spec.rb @@ -6,8 +6,8 @@ let(:attempt_window) { 10 } before(:each) do allow(IdentityConfig.store).to receive(:doc_auth_max_attempts).and_return(max_attempts) - allow(IdentityConfig.store).to receive(:doc_auth_attempt_window_in_minutes). - and_return(attempt_window) + allow(IdentityConfig.store).to receive(:doc_auth_attempt_window_in_minutes) + .and_return(attempt_window) end describe '.new' do @@ -16,31 +16,31 @@ context 'target is not a string' do it 'raises an error' do - expect { RateLimiter.new(target: 3, rate_limit_type: rate_limit_type) }. - to raise_error(ArgumentError) + expect { RateLimiter.new(target: 3, rate_limit_type: rate_limit_type) } + .to raise_error(ArgumentError) end end end it 'throws an error when neither user nor target are provided' do - expect { RateLimiter.new(rate_limit_type: rate_limit_type) }. - to raise_error( + expect { RateLimiter.new(rate_limit_type: rate_limit_type) } + .to raise_error( ArgumentError, 'RateLimiter must have a user or a target, but neither were provided', ) end it 'throws an error when both user and target are provided' do - expect { RateLimiter.new(rate_limit_type: rate_limit_type) }. - to raise_error( + expect { RateLimiter.new(rate_limit_type: rate_limit_type) } + .to raise_error( ArgumentError, 'RateLimiter must have a user or a target, but neither were provided', ) end it 'throws an error for an invalid rate_limit_type' do - expect { RateLimiter.new(rate_limit_type: :abc_123, target: '1') }. - to raise_error( + expect { RateLimiter.new(rate_limit_type: :abc_123, target: '1') } + .to raise_error( ArgumentError, 'rate_limit_type is not valid', ) @@ -141,8 +141,8 @@ rate_limiter.increment! travel_to(rate_limiter.attempted_at + 3.days) do - expect(rate_limiter.expires_at).to be_within(1.second). - of(rate_limiter.attempted_at + attempt_window.minutes) + expect(rate_limiter.expires_at).to be_within(1.second) + .of(rate_limiter.attempted_at + attempt_window.minutes) end end @@ -166,8 +166,8 @@ it 'returns expiration time' do freeze_time do rate_limiter.increment! - expect(rate_limiter.expires_at).to be_within(1.second). - of(rate_limiter.attempted_at + attempt_window.minutes) + expect(rate_limiter.expires_at).to be_within(1.second) + .of(rate_limiter.attempted_at + attempt_window.minutes) end end end diff --git a/spec/services/recaptcha_annotator_spec.rb b/spec/services/recaptcha_annotator_spec.rb index 10c6a5a1e0b..d6c0d79e3fd 100644 --- a/spec/services/recaptcha_annotator_spec.rb +++ b/spec/services/recaptcha_annotator_spec.rb @@ -48,19 +48,19 @@ context 'with recaptcha enterprise' do before do allow(FeatureManagement).to receive(:recaptcha_enterprise?).and_return(true) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id). - and_return(recaptcha_enterprise_project_id) - allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key). - and_return(recaptcha_enterprise_api_key) - stub_request(:post, annotation_url). - with do |req| + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_project_id) + .and_return(recaptcha_enterprise_project_id) + allow(IdentityConfig.store).to receive(:recaptcha_enterprise_api_key) + .and_return(recaptcha_enterprise_api_key) + stub_request(:post, annotation_url) + .with do |req| parsed_body = JSON.parse(req.body) next if reason && parsed_body['reasons'] != [reason.to_s] next if !reason && parsed_body.key?('reasons') next if annotation && parsed_body['annotation'] != annotation.to_s true - end. - to_return(headers: { 'Content-Type': 'application/json' }, body: '{}') + end + .to_return(headers: { 'Content-Type': 'application/json' }, body: '{}') end it 'submits annotation' do @@ -86,8 +86,8 @@ it 'submits only what is provided' do annotate - expect(WebMock).to have_requested(:post, annotation_url). - with(body: { reasons: [reason] }.to_json) + expect(WebMock).to have_requested(:post, annotation_url) + .with(body: { reasons: [reason] }.to_json) end it 'returns a hash describing annotation' do diff --git a/spec/services/redis_rate_limiter_spec.rb b/spec/services/redis_rate_limiter_spec.rb index dd3aa0d6a48..ce4394c722a 100644 --- a/spec/services/redis_rate_limiter_spec.rb +++ b/spec/services/redis_rate_limiter_spec.rb @@ -85,8 +85,8 @@ context 'when the key does not exist in redis' do it 'sets the value to 1 when' do expect { rate_limiter.increment(now) }.to( - change { REDIS_THROTTLE_POOL.with { |r| r.get(rate_limiter.build_key(now)) } }. - from(nil).to('1'), + change { REDIS_THROTTLE_POOL.with { |r| r.get(rate_limiter.build_key(now)) } } + .from(nil).to('1'), ) end end diff --git a/spec/services/reporting/agency_and_sp_report_spec.rb b/spec/services/reporting/agency_and_sp_report_spec.rb index 7ed81700074..f4eced11e50 100644 --- a/spec/services/reporting/agency_and_sp_report_spec.rb +++ b/spec/services/reporting/agency_and_sp_report_spec.rb @@ -164,8 +164,8 @@ end before do - allow_any_instance_of(Reporting::AgencyAndSpReport).to receive(:facial_match_issuers). - and_return([idv_facial_match_sp.issuer]) + allow_any_instance_of(Reporting::AgencyAndSpReport).to receive(:facial_match_issuers) + .and_return([idv_facial_match_sp.issuer]) end it 'counts the SP and its Agency as IDV' do @@ -175,8 +175,8 @@ context 'when a query times out' do before do - expect(ServiceProvider).to receive(:where). - and_raise(ActiveRecord::QueryCanceled, 'query took too long') + expect(ServiceProvider).to receive(:where) + .and_raise(ActiveRecord::QueryCanceled, 'query took too long') end it 'rescues the error and shows a warning' do diff --git a/spec/services/request_password_reset_spec.rb b/spec/services/request_password_reset_spec.rb index 8b079c9b6bd..7bec877a0d9 100644 --- a/spec/services/request_password_reset_spec.rb +++ b/spec/services/request_password_reset_spec.rb @@ -30,20 +30,20 @@ end before do - allow(UserMailer).to receive(:reset_password_instructions). - and_wrap_original do |impl, user, email, options| + allow(UserMailer).to receive(:reset_password_instructions) + .and_wrap_original do |impl, user, email, options| token = options.fetch(:token) expect(token).to be_present - expect(Devise.token_generator.digest(User, :reset_password_token, token)). - to eq(user.reset_password_token) + expect(Devise.token_generator.digest(User, :reset_password_token, token)) + .to eq(user.reset_password_token) impl.call(user, email, **options) end end it 'sets password reset token' do - expect { subject }. - to(change { user.reload.reset_password_token }) + expect { subject } + .to(change { user.reload.reset_password_token }) end it 'sends the correct email to the user' do @@ -57,8 +57,8 @@ end it 'sends a recovery activated push event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryActivatedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryActivatedEvent.new(user: user)) subject end @@ -71,17 +71,17 @@ before do user.suspend! - allow(UserMailer).to receive(:reset_password_instructions). - and_wrap_original do |impl, user, email, options| + allow(UserMailer).to receive(:reset_password_instructions) + .and_wrap_original do |impl, user, email, options| token = options.fetch(:token) expect(token).to be_present - expect(Devise.token_generator.digest(User, :reset_password_token, token)). - to eq(user.reset_password_token) + expect(Devise.token_generator.digest(User, :reset_password_token, token)) + .to eq(user.reset_password_token) impl.call(user, email, **options) end - allow(UserMailer).to receive(:suspended_reset_password). - and_wrap_original do |impl, user, email, options| + allow(UserMailer).to receive(:suspended_reset_password) + .and_wrap_original do |impl, user, email, options| token = options.fetch(:token) expect(token).not_to be_present @@ -90,8 +90,8 @@ end it 'does not set a password reset token' do - expect { subject }. - not_to(change { user.reload.reset_password_token }) + expect { subject } + .not_to(change { user.reload.reset_password_token }) end it 'sends an email to the suspended user' do @@ -105,8 +105,8 @@ end it 'does not send a recovery activated push event' do - expect(PushNotification::HttpPush).not_to receive(:deliver). - with(PushNotification::RecoveryActivatedEvent.new(user: user)) + expect(PushNotification::HttpPush).not_to receive(:deliver) + .with(PushNotification::RecoveryActivatedEvent.new(user: user)) subject end @@ -114,20 +114,20 @@ context 'when the user is found, not privileged, and not yet confirmed' do it 'sends password reset instructions' do - allow(UserMailer).to receive(:reset_password_instructions). - and_wrap_original do |impl, user, email, options| + allow(UserMailer).to receive(:reset_password_instructions) + .and_wrap_original do |impl, user, email, options| token = options.fetch(:token) expect(token).to be_present - expect(Devise.token_generator.digest(User, :reset_password_token, token)). - to eq(user.reset_password_token) + expect(Devise.token_generator.digest(User, :reset_password_token, token)) + .to eq(user.reset_password_token) impl.call(user, email, **options) end expect do RequestPasswordReset.new(email:).perform - end. - to(change { user.reload.reset_password_token }) + end + .to(change { user.reload.reset_password_token }) end end @@ -180,8 +180,8 @@ email: email, analytics: analytics, ).perform - end. - to(change { user.reload.reset_password_token }) + end + .to(change { user.reload.reset_password_token }) end # extra time, rate limited @@ -190,8 +190,8 @@ email: email, analytics: analytics, ).perform - end. - to_not(change { user.reload.reset_password_token }) + end + .to_not(change { user.reload.reset_password_token }) expect(analytics).to have_logged_event( 'Rate Limit Reached', @@ -202,9 +202,9 @@ it 'only sends a push notification when the attempts have not been rate limited' do max_attempts = IdentityConfig.store.reset_password_email_max_attempts - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryActivatedEvent.new(user: user)). - exactly(max_attempts - 1).times + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryActivatedEvent.new(user: user)) + .exactly(max_attempts - 1).times (max_attempts - 1).times do expect do @@ -212,8 +212,8 @@ email: email, analytics: analytics, ).perform - end. - to(change { user.reload.reset_password_token }) + end + .to(change { user.reload.reset_password_token }) end # extra time, rate limited @@ -222,8 +222,8 @@ email: email, analytics: analytics, ).perform - end. - to_not(change { user.reload.reset_password_token }) + end + .to_not(change { user.reload.reset_password_token }) end end end diff --git a/spec/services/reset_user_password_spec.rb b/spec/services/reset_user_password_spec.rb index f0017af9340..cd34047c356 100644 --- a/spec/services/reset_user_password_spec.rb +++ b/spec/services/reset_user_password_spec.rb @@ -15,22 +15,22 @@ end it 'creates a password_invalidated user event' do - expect { call }. - to(change { user.events.password_invalidated.size }.from(0).to(1)) + expect { call } + .to(change { user.events.password_invalidated.size }.from(0).to(1)) end it 'notifies the user via email to each of their confirmed email addresses' do create(:email_address, user:, email: Faker::Internet.email, confirmed_at: nil) - expect { call }. - to(change { ActionMailer::Base.deliveries.count }.by(2)) + expect { call } + .to(change { ActionMailer::Base.deliveries.count }.by(2)) mails = ActionMailer::Base.deliveries.last(2) expect(mails.map(&:to).flatten).to match_array(user.confirmed_email_addresses.map(&:email)) end it 'clears all remembered browsers by updating the remember_device_revoked_at timestamp' do - expect { call }. - to(change { user.reload.remember_device_revoked_at.to_i }.to(now.to_i)) + expect { call } + .to(change { user.reload.remember_device_revoked_at.to_i }.to(now.to_i)) end end end diff --git a/spec/services/revoke_service_provider_consent_spec.rb b/spec/services/revoke_service_provider_consent_spec.rb index c9e2042b6af..5a7b03872db 100644 --- a/spec/services/revoke_service_provider_consent_spec.rb +++ b/spec/services/revoke_service_provider_consent_spec.rb @@ -11,15 +11,15 @@ end it 'sets the deleted_at' do - expect { service.call }. - to change { identity.reload.deleted_at&.to_i }. - from(nil).to(now.to_i) + expect { service.call } + .to change { identity.reload.deleted_at&.to_i } + .from(nil).to(now.to_i) end it 'clears the verified attributes' do - expect { service.call }. - to change { identity.reload.verified_attributes }. - from(['email']).to(nil) + expect { service.call } + .to change { identity.reload.verified_attributes } + .from(['email']).to(nil) end end end diff --git a/spec/services/saml_request_validator_spec.rb b/spec/services/saml_request_validator_spec.rb index 5aac4b99285..5d16379edbd 100644 --- a/spec/services/saml_request_validator_spec.rb +++ b/spec/services/saml_request_validator_spec.rb @@ -311,8 +311,8 @@ context 'when the service provider is allowed to use facial match ials' do before do sp.update(ial: 2) - allow_any_instance_of(ServiceProvider).to receive(:facial_match_ial_allowed?). - and_return(true) + allow_any_instance_of(ServiceProvider).to receive(:facial_match_ial_allowed?) + .and_return(true) end it 'returns a successful response' do @@ -326,8 +326,8 @@ context 'when the service provider is not allowed to use facial match ials' do before do - allow_any_instance_of(ServiceProvider).to receive(:facial_match_ial_allowed?). - and_return(false) + allow_any_instance_of(ServiceProvider).to receive(:facial_match_ial_allowed?) + .and_return(false) end it 'fails with an unauthorized error' do diff --git a/spec/services/service_provider_request_proxy_spec.rb b/spec/services/service_provider_request_proxy_spec.rb index c6511a8062d..239e8478dc1 100644 --- a/spec/services/service_provider_request_proxy_spec.rb +++ b/spec/services/service_provider_request_proxy_spec.rb @@ -19,35 +19,35 @@ context 'when the record does not exist' do it 'returns an instance of NullServiceProviderRequest' do - expect(ServiceProviderRequestProxy.from_uuid('123')). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid('123')) + .to be_an_instance_of NullServiceProviderRequest end end context 'bad input' do it 'handles a null byte in the uuid' do - expect(ServiceProviderRequestProxy.from_uuid("\0")). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid("\0")) + .to be_an_instance_of NullServiceProviderRequest end it 'handles nil' do - expect(ServiceProviderRequestProxy.from_uuid(nil)). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid(nil)) + .to be_an_instance_of NullServiceProviderRequest end it 'handles empty string' do - expect(ServiceProviderRequestProxy.from_uuid('')). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid('')) + .to be_an_instance_of NullServiceProviderRequest end it 'handles hashes' do - expect(ServiceProviderRequestProxy.from_uuid({})). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid({})) + .to be_an_instance_of NullServiceProviderRequest end it 'handles arrays' do - expect(ServiceProviderRequestProxy.from_uuid([])). - to be_an_instance_of NullServiceProviderRequest + expect(ServiceProviderRequestProxy.from_uuid([])) + .to be_an_instance_of NullServiceProviderRequest end end end diff --git a/spec/services/service_provider_seeder_spec.rb b/spec/services/service_provider_seeder_spec.rb index 3151b056fd9..11972757385 100644 --- a/spec/services/service_provider_seeder_spec.rb +++ b/spec/services/service_provider_seeder_spec.rb @@ -67,10 +67,10 @@ it 'updates the attributes based on the current value of the yml file' do expect { run }.to( - change { ServiceProvider.find_by(issuer: 'http://test.host').acs_url }. - to('http://test.host/test/saml/decode_assertion').and( - change { ServiceProvider.find_by(issuer: 'http://test.host').certs }. - to([Rails.root.join('certs', 'sp', 'saml_test_sp.crt').read]), + change { ServiceProvider.find_by(issuer: 'http://test.host').acs_url } + .to('http://test.host/test/saml/decode_assertion').and( + change { ServiceProvider.find_by(issuer: 'http://test.host').certs } + .to([Rails.root.join('certs', 'sp', 'saml_test_sp.crt').read]), ), ) end diff --git a/spec/services/service_provider_updater_spec.rb b/spec/services/service_provider_updater_spec.rb index b398c92d381..480c72e7ce6 100644 --- a/spec/services/service_provider_updater_spec.rb +++ b/spec/services/service_provider_updater_spec.rb @@ -105,12 +105,12 @@ expect(sp.updated_at).to_not eq friendly_sp[:updated_at] expect(sp.created_at).to_not eq friendly_sp[:created_at] expect(sp.approved).to eq true - expect(sp.help_text['sign_in']).to eq friendly_sp[:help_text][:sign_in]. - stringify_keys - expect(sp.help_text['sign_up']).to eq friendly_sp[:help_text][:sign_up]. - stringify_keys - expect(sp.help_text['forgot_password']).to eq friendly_sp[:help_text][:forgot_password]. - stringify_keys + expect(sp.help_text['sign_in']).to eq friendly_sp[:help_text][:sign_in] + .stringify_keys + expect(sp.help_text['sign_up']).to eq friendly_sp[:help_text][:sign_up] + .stringify_keys + expect(sp.help_text['forgot_password']).to eq friendly_sp[:help_text][:forgot_password] + .stringify_keys end it 'updates existing dashboard-provided Service Providers' do @@ -128,12 +128,12 @@ expect(sp.updated_at).to_not eq friendly_sp[:updated_at] expect(sp.created_at).to_not eq friendly_sp[:created_at] expect(sp.approved).to eq true - expect(sp.help_text['sign_in']).to eq friendly_sp[:help_text][:sign_in]. - stringify_keys - expect(sp.help_text['sign_up']).to eq friendly_sp[:help_text][:sign_up]. - stringify_keys - expect(sp.help_text['forgot_password']).to eq friendly_sp[:help_text][:forgot_password]. - stringify_keys + expect(sp.help_text['sign_in']).to eq friendly_sp[:help_text][:sign_in] + .stringify_keys + expect(sp.help_text['sign_up']).to eq friendly_sp[:help_text][:sign_up] + .stringify_keys + expect(sp.help_text['forgot_password']).to eq friendly_sp[:help_text][:forgot_password] + .stringify_keys end it 'removes inactive Service Providers' do @@ -161,8 +161,8 @@ end it 'updates certs (plural)' do - expect { subject.run }. - to(change { ServiceProvider.find_by(issuer: oidc_issuer)&.ssl_certs&.size }.to(2)) + expect { subject.run } + .to(change { ServiceProvider.find_by(issuer: oidc_issuer)&.ssl_certs&.size }.to(2)) end end @@ -175,8 +175,8 @@ subject.run - expect(Rails.logger).to have_received(:error). - with("Failed to parse response from #{fake_dashboard_url}: ") + expect(Rails.logger).to have_received(:error) + .with("Failed to parse response from #{fake_dashboard_url}: ") expect(ServiceProvider.count).to eq before_count end end @@ -243,8 +243,8 @@ subject.run - expect(Rails.logger).to have_received(:error). - with("Failed to contact #{fake_dashboard_url}") + expect(Rails.logger).to have_received(:error) + .with("Failed to contact #{fake_dashboard_url}") expect(ServiceProvider.count).to eq before_count end end diff --git a/spec/services/sp_handoff_bouncer_spec.rb b/spec/services/sp_handoff_bouncer_spec.rb index 358cb3fcbda..9f590174b9d 100644 --- a/spec/services/sp_handoff_bouncer_spec.rb +++ b/spec/services/sp_handoff_bouncer_spec.rb @@ -7,8 +7,8 @@ describe '#add_handoff_time!' do it 'sets the handoff time in the session' do - expect { bouncer.add_handoff_time!(now) }. - to(change { sp_session[:sp_handoff_start_time] }.to(now)) + expect { bouncer.add_handoff_time!(now) } + .to(change { sp_session[:sp_handoff_start_time] }.to(now)) end end diff --git a/spec/services/sp_return_url_resolver_spec.rb b/spec/services/sp_return_url_resolver_spec.rb index 3181cb88723..bd556eeb16d 100644 --- a/spec/services/sp_return_url_resolver_spec.rb +++ b/spec/services/sp_return_url_resolver_spec.rb @@ -170,5 +170,13 @@ it { expect(post_idv_follow_up_url).to eq(sp_post_idv_follow_up_url) } end + + context 'with a template param in the URL' do + let(:sp_post_idv_follow_up_url) { 'https://sp.gov/follow_up?locale=%{locale}' } + + it 'interpolates the appropriate value' do + expect(post_idv_follow_up_url).to eq('https://sp.gov/follow_up?locale=en') + end + end end end diff --git a/spec/services/string_redacter_spec.rb b/spec/services/string_redacter_spec.rb index 5c90b2ab1f8..489f297f74e 100644 --- a/spec/services/string_redacter_spec.rb +++ b/spec/services/string_redacter_spec.rb @@ -3,8 +3,8 @@ RSpec.describe 'StringRedacter' do describe '#redact_alphanumeric' do it 'leaves in punctuation and spaces, but removes letters and numbers' do - expect(StringRedacter.redact_alphanumeric('+11 (555) DEF-1234')). - to eq('+## (###) XXX-####') + expect(StringRedacter.redact_alphanumeric('+11 (555) DEF-1234')) + .to eq('+## (###) XXX-####') end end end diff --git a/spec/services/update_user_phone_configuration_spec.rb b/spec/services/update_user_phone_configuration_spec.rb index 5b1d7817cec..1ba36b660c3 100644 --- a/spec/services/update_user_phone_configuration_spec.rb +++ b/spec/services/update_user_phone_configuration_spec.rb @@ -42,8 +42,8 @@ end it 'sends a recovery information changed event' do - expect(PushNotification::HttpPush).to receive(:deliver). - with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) + expect(PushNotification::HttpPush).to receive(:deliver) + .with(PushNotification::RecoveryInformationChangedEvent.new(user: user)) confirmed_at = 1.day.ago.change(usec: 0) attributes = { otp_delivery_preference: 'voice', @@ -123,8 +123,8 @@ phone_configuration.update(made_default_at: original_made_default_at) UpdateUserPhoneConfiguration.new(user: user, attributes: attributes).call phone_configuration.reload - expect(phone_configuration.made_default_at). - to be_within(1.second).of original_made_default_at + expect(phone_configuration.made_default_at) + .to be_within(1.second).of original_made_default_at end end diff --git a/spec/services/user_alerts/alert_user_about_new_device_spec.rb b/spec/services/user_alerts/alert_user_about_new_device_spec.rb index 7c295e605f1..32ae02d62ef 100644 --- a/spec/services/user_alerts/alert_user_about_new_device_spec.rb +++ b/spec/services/user_alerts/alert_user_about_new_device_spec.rb @@ -10,9 +10,9 @@ subject(:result) { described_class.schedule_alert(event:) } it 'sets the user sign_in_new_device_at value to time of the given event' do - expect { result }.to change { user.reload.sign_in_new_device_at&.change(usec: 0) }. - from(nil). - to(event.created_at.change(usec: 0)) + expect { result }.to change { user.reload.sign_in_new_device_at&.change(usec: 0) } + .from(nil) + .to(event.created_at.change(usec: 0)) end end @@ -36,9 +36,9 @@ end it 'unsets sign_in_new_device_at on the user' do - expect { result }.to change { user.reload.sign_in_new_device_at&.change(usec: 0) }. - from(sign_in_new_device_at.change(usec: 0)). - to(nil) + expect { result }.to change { user.reload.sign_in_new_device_at&.change(usec: 0) } + .from(sign_in_new_device_at.change(usec: 0)) + .to(nil) end context 'with sign in notification expired disavowal event' do diff --git a/spec/services/user_alerts/alert_user_about_personal_key_sign_in_spec.rb b/spec/services/user_alerts/alert_user_about_personal_key_sign_in_spec.rb index ebd57cbdbd7..514bb1ce6f0 100644 --- a/spec/services/user_alerts/alert_user_about_personal_key_sign_in_spec.rb +++ b/spec/services/user_alerts/alert_user_about_personal_key_sign_in_spec.rb @@ -17,10 +17,10 @@ response = described_class.call(user, disavowal_token) - expect(Telephony).to have_received(:send_personal_key_sign_in_notice). - with(to: phone_configurations[0].phone, country_code: 'US') - expect(Telephony).to have_received(:send_personal_key_sign_in_notice). - with(to: phone_configurations[1].phone, country_code: 'US') + expect(Telephony).to have_received(:send_personal_key_sign_in_notice) + .with(to: phone_configurations[0].phone, country_code: 'US') + expect(Telephony).to have_received(:send_personal_key_sign_in_notice) + .with(to: phone_configurations[1].phone, country_code: 'US') expect(response.to_h[:emails]).to eq(2) expect(response.to_h[:sms_message_ids].size).to eq(2) diff --git a/spec/services/user_event_creator_spec.rb b/spec/services/user_event_creator_spec.rb index 30686caa949..5ddc4e8e062 100644 --- a/spec/services/user_event_creator_spec.rb +++ b/spec/services/user_event_creator_spec.rb @@ -87,9 +87,9 @@ end it 'saves the cookie permanently' do - expect { subject.create_user_event(event_type, user) }.to change { cookie_jar[:device] }. - from(nil). - to(lambda { |value| value == Device.last.cookie_uuid }) + expect { subject.create_user_event(event_type, user) }.to change { cookie_jar[:device] } + .from(nil) + .to(lambda { |value| value == Device.last.cookie_uuid }) end end end @@ -99,8 +99,8 @@ it 'creates a device with a disavowal' do event, disavowal_token = subject.create_user_event_with_disavowal(event_type, user) - expect(event.disavowal_token_fingerprint). - to eq(Pii::Fingerprinter.fingerprint(disavowal_token)) + expect(event.disavowal_token_fingerprint) + .to eq(Pii::Fingerprinter.fingerprint(disavowal_token)) end end diff --git a/spec/services/usps_in_person_proofing/enrollment_helper_spec.rb b/spec/services/usps_in_person_proofing/enrollment_helper_spec.rb index cb549770d51..a0aee910a79 100644 --- a/spec/services/usps_in_person_proofing/enrollment_helper_spec.rb +++ b/spec/services/usps_in_person_proofing/enrollment_helper_spec.rb @@ -9,9 +9,9 @@ let(:current_address_matches_id) { false } let(:pii) do Pii::Attributes.new_from_hash( - Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_PHONE. - merge(same_address_as_id: current_address_matches_id ? 'true' : 'false'). - transform_keys(&:to_s), + Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_PHONE + .merge(same_address_as_id: current_address_matches_id ? 'true' : 'false') + .transform_keys(&:to_s), ) end subject(:subject) { described_class } @@ -30,16 +30,16 @@ stub_request_token stub_request_enroll allow(IdentityConfig.store).to receive(:usps_mock_fallback).and_return(usps_mock_fallback) - allow(IdentityConfig.store).to receive(:usps_ipp_enrollment_status_update_email_address). - and_return(usps_ipp_enrollment_status_update_email_address) + allow(IdentityConfig.store).to receive(:usps_ipp_enrollment_status_update_email_address) + .and_return(usps_ipp_enrollment_status_update_email_address) allow(subject).to receive(:transliterator).and_return(transliterator) - allow(transliterator).to receive(:transliterate). - with(anything) do |val| + allow(transliterator).to receive(:transliterate) + .with(anything) do |val| transliterated_without_change(val) end allow(subject).to receive(:analytics).and_return(subject_analytics) - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(usps_ipp_transliteration_enabled) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(usps_ipp_transliteration_enabled) allow(IdentityConfig.store).to receive(:usps_ipp_sponsor_id).and_return(usps_ipp_sponsor_id) end @@ -118,10 +118,10 @@ context 'same address as id is false' do let(:pii) do Pii::Attributes.new_from_hash( - Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE. - merge(same_address_as_id: current_address_matches_id ? 'true' : 'false'). - merge(Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS). - transform_keys(&:to_s), + Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE + .merge(same_address_as_id: current_address_matches_id ? 'true' : 'false') + .merge(Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS) + .transform_keys(&:to_s), ) end @@ -155,14 +155,14 @@ address = Idp::Constants::MOCK_IDV_APPLICANT[:address1] city = Idp::Constants::MOCK_IDV_APPLICANT[:city] - expect(transliterator).to receive(:transliterate). - with(first_name).and_return(transliterated_without_change(first_name)) - expect(transliterator).to receive(:transliterate). - with(last_name).and_return(transliterated(last_name)) - expect(transliterator).to receive(:transliterate). - with(address).and_return(transliterated_with_failure(address)) - expect(transliterator).to receive(:transliterate). - with(city).and_return(transliterated(city)) + expect(transliterator).to receive(:transliterate) + .with(first_name).and_return(transliterated_without_change(first_name)) + expect(transliterator).to receive(:transliterate) + .with(last_name).and_return(transliterated(last_name)) + expect(transliterator).to receive(:transliterate) + .with(address).and_return(transliterated_with_failure(address)) + expect(transliterator).to receive(:transliterate) + .with(city).and_return(transliterated(city)) expect(proofer).to receive(:request_enroll) do |applicant| expect(applicant.first_name).to eq(first_name) @@ -352,8 +352,8 @@ ) end before do - allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id). - and_return(usps_eipp_sponsor_id) + allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id) + .and_return(usps_eipp_sponsor_id) allow(UspsInPersonProofing::Mock::Proofer).to receive(:new).and_return(proofer) allow(proofer).to receive(:request_enroll).and_call_original end diff --git a/spec/services/usps_in_person_proofing/proofer_spec.rb b/spec/services/usps_in_person_proofing/proofer_spec.rb index eae18260f75..f4e4763d005 100644 --- a/spec/services/usps_in_person_proofing/proofer_spec.rb +++ b/spec/services/usps_in_person_proofing/proofer_spec.rb @@ -36,19 +36,19 @@ password = 'test password' client_id = 'test client id' - expect(IdentityConfig.store).to receive(:usps_ipp_root_url). - and_return(root_url) - expect(IdentityConfig.store).to receive(:usps_ipp_username). - and_return(username) - expect(IdentityConfig.store).to receive(:usps_ipp_password). - and_return(password) - expect(IdentityConfig.store).to receive(:usps_ipp_client_id). - and_return(client_id) + expect(IdentityConfig.store).to receive(:usps_ipp_root_url) + .and_return(root_url) + expect(IdentityConfig.store).to receive(:usps_ipp_username) + .and_return(username) + expect(IdentityConfig.store).to receive(:usps_ipp_password) + .and_return(password) + expect(IdentityConfig.store).to receive(:usps_ipp_client_id) + .and_return(client_id) subject.retrieve_token! - expect(WebMock).to have_requested(:post, "#{root_url}/oauth/authenticate"). - with( + expect(WebMock).to have_requested(:post, "#{root_url}/oauth/authenticate") + .with( body: hash_including( { 'username' => username, @@ -169,8 +169,8 @@ stub_request_facilities subject.request_facilities(location, is_enhanced_ipp) - expect(WebMock).to have_requested(:post, request_url). - with( + expect(WebMock).to have_requested(:post, request_url) + .with( body: hash_including( { sponsorID: usps_ipp_sponsor_id, @@ -212,15 +212,15 @@ let(:usps_eipp_sponsor_id) { '314159265359' } let(:is_enhanced_ipp) { true } before do - allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id). - and_return(usps_eipp_sponsor_id) + allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id) + .and_return(usps_eipp_sponsor_id) end it 'uses the usps_eipp_sponsor_id in calls to the USPS API' do stub_request_enhanced_ipp_facilities subject.request_facilities(location, is_enhanced_ipp) - expect(WebMock).to have_requested(:post, request_url). - with( + expect(WebMock).to have_requested(:post, request_url) + .with( body: hash_including( { sponsorID: usps_eipp_sponsor_id.to_i, @@ -289,8 +289,8 @@ before do stub_request_token - allow(IdentityConfig.store).to receive(:usps_ipp_sponsor_id). - and_return(usps_ipp_sponsor_id) + allow(IdentityConfig.store).to receive(:usps_ipp_sponsor_id) + .and_return(usps_ipp_sponsor_id) end it 'returns enrollment information' do @@ -305,8 +305,8 @@ stub_request_enroll_bad_request_response expect { subject.request_enroll(applicant, is_enhanced_ipp) }.to raise_error( - an_instance_of(Faraday::BadRequestError). - and(having_attributes( + an_instance_of(Faraday::BadRequestError) + .and(having_attributes( response: include( body: include( 'responseMessage' => 'Sponsor for sponsorID 5 not found', @@ -320,8 +320,8 @@ stub_request_enroll_internal_server_error_response expect { subject.request_enroll(applicant, is_enhanced_ipp) }.to raise_error( - an_instance_of(Faraday::ServerError). - and(having_attributes( + an_instance_of(Faraday::ServerError) + .and(having_attributes( response: include( body: include( 'responseMessage' => 'An internal error occurred processing the request', @@ -335,8 +335,8 @@ stub_request_enroll subject.request_enroll(applicant, is_enhanced_ipp) - expect(WebMock).to have_requested(:post, request_url). - with( + expect(WebMock).to have_requested(:post, request_url) + .with( body: hash_including( { sponsorID: usps_ipp_sponsor_id.to_i, @@ -378,15 +378,15 @@ let(:ipp_assurance_level) { '2.0' } let(:is_enhanced_ipp) { true } before do - allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id). - and_return(usps_eipp_sponsor_id) + allow(IdentityConfig.store).to receive(:usps_eipp_sponsor_id) + .and_return(usps_eipp_sponsor_id) end it 'uses the enhanced ipp usps_eipp_sponsor_id & IPPAssuranceLevel in calls to USPS API' do stub_request_enroll subject.request_enroll(applicant, is_enhanced_ipp) - expect(WebMock).to have_requested(:post, request_url). - with( + expect(WebMock).to have_requested(:post, request_url) + .with( body: hash_including( { sponsorID: usps_eipp_sponsor_id.to_i, @@ -457,8 +457,8 @@ expect do subject.request_proofing_results(applicant) end.to raise_error( - an_instance_of(Faraday::BadRequestError). - and(having_attributes( + an_instance_of(Faraday::BadRequestError) + .and(having_attributes( response: include( body: include( 'responseMessage' => 'Customer has not been to a post office to complete IPP', diff --git a/spec/services/usps_in_person_proofing/transliterable_validator_spec.rb b/spec/services/usps_in_person_proofing/transliterable_validator_spec.rb index cb016ac3027..51ac5f95f3a 100644 --- a/spec/services/usps_in_person_proofing/transliterable_validator_spec.rb +++ b/spec/services/usps_in_person_proofing/transliterable_validator_spec.rb @@ -29,8 +29,8 @@ end before do - allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled). - and_return(usps_ipp_transliteration_enabled) + allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) + .and_return(usps_ipp_transliteration_enabled) end subject(:validator) { described_class.new(options) } @@ -111,8 +111,8 @@ before do allow(validator).to receive(:analytics).and_return(analytics) - allow(validator.transliterator).to receive(:transliterate).with('def'). - and_return( + allow(validator.transliterator).to receive(:transliterate).with('def') + .and_return( UspsInPersonProofing::Transliterator::TransliterationResult.new( changed?: true, original: 'def', @@ -156,8 +156,8 @@ let(:transliterated_value_returned) { '1234' } let(:invalid_field) { 'def' } before do - allow(validator.transliterator).to receive(:transliterate).with('def'). - and_return( + allow(validator.transliterator).to receive(:transliterate).with('def') + .and_return( UspsInPersonProofing::Transliterator::TransliterationResult.new( changed?: true, original: 'def', diff --git a/spec/services/usps_in_person_proofing/transliterator_spec.rb b/spec/services/usps_in_person_proofing/transliterator_spec.rb index 85aaa971ffa..dd114eccad8 100644 --- a/spec/services/usps_in_person_proofing/transliterator_spec.rb +++ b/spec/services/usps_in_person_proofing/transliterator_spec.rb @@ -27,9 +27,9 @@ expect(result.unsupported_chars).to include('И', 'Љ') end it 'transliterates using English locale' do - expect(I18n).to receive(:transliterate). - with(duck_type(:to_s), locale: :en). - and_call_original.at_least(:once) + expect(I18n).to receive(:transliterate) + .with(duck_type(:to_s), locale: :en) + .and_call_original.at_least(:once) result end it 'does not count question marks as unsupported characters by default' do diff --git a/spec/services/vot/parser_spec.rb b/spec/services/vot/parser_spec.rb index 6065776e08b..4ec977cb0ff 100644 --- a/spec/services/vot/parser_spec.rb +++ b/spec/services/vot/parser_spec.rb @@ -4,8 +4,11 @@ describe '#parse' do context 'when neither a VtR nor ACR values are provided' do it 'raises an error' do - expect { Vot::Parser.new(vector_of_trust: nil, acr_values: nil).parse }. - to raise_error(Vot::Parser::ParseException, 'VoT parser called without VoT or ACR values') + expect { Vot::Parser.new(vector_of_trust: nil, acr_values: nil).parse } + .to raise_error( + Vot::Parser::ParseException, + 'VoT parser called without VoT or ACR values', + ) end end diff --git a/spec/simplecov_helper.rb b/spec/simplecov_helper.rb index 3a327d3a971..fac68152203 100644 --- a/spec/simplecov_helper.rb +++ b/spec/simplecov_helper.rb @@ -20,9 +20,9 @@ def self.configure # by using the job name. Folders end up being coverage/specs-1-5, coverage/specs-2-5, etc. # This is not necessarily folder name friendly, so non-alphabetic/numeric characters are # removed. - job_name = ENV['CI_JOB_NAME'].downcase. - gsub(/[^a-z0-9]/, '-')[0..62]. - gsub(/(\A-+|-+\z)/, '') + job_name = ENV['CI_JOB_NAME'].downcase + .gsub(/[^a-z0-9]/, '-')[0..62] + .gsub(/(\A-+|-+\z)/, '') command_name job_name coverage_dir "coverage/#{job_name}" end diff --git a/spec/support/aamva_fixtures.rb b/spec/support/aamva_fixtures.rb index 745382a673c..21600dae4bb 100644 --- a/spec/support/aamva_fixtures.rb +++ b/spec/support/aamva_fixtures.rb @@ -48,10 +48,10 @@ def self.aamva_test_data end def self.authentication_token_request - read_fixture_file('proofing/aamva/requests/authentication_token_request.xml'). - gsub(/^\s+/, ''). - gsub(/\s+$/, ''). - delete("\n") + "\n" + read_fixture_file('proofing/aamva/requests/authentication_token_request.xml') + .gsub(/^\s+/, '') + .gsub(/\s+$/, '') + .delete("\n") + "\n" end def self.authentication_token_response @@ -59,10 +59,10 @@ def self.authentication_token_response end def self.security_token_request - read_fixture_file('proofing/aamva/requests/security_token_request.xml'). - gsub(/^\s+/, ''). - gsub(/\s+$/, ''). - delete("\n") + "\n" + read_fixture_file('proofing/aamva/requests/security_token_request.xml') + .gsub(/^\s+/, '') + .gsub(/\s+$/, '') + .delete("\n") + "\n" end def self.security_token_response diff --git a/spec/support/controller_helper.rb b/spec/support/controller_helper.rb index 7e8b1f15d10..d03875df7cf 100644 --- a/spec/support/controller_helper.rb +++ b/spec/support/controller_helper.rb @@ -55,8 +55,8 @@ def stub_verify_steps_one_and_two( def stub_user_with_pending_profile(user) allow(user).to receive(:pending_profile).and_return(pending_profile) - allow(user).to receive(:gpo_verification_pending_profile?). - and_return(has_pending_profile) + allow(user).to receive(:gpo_verification_pending_profile?) + .and_return(has_pending_profile) user end diff --git a/spec/support/deprecated_classes.rb b/spec/support/deprecated_classes.rb index 16e595e48e1..8cc98e12a85 100644 --- a/spec/support/deprecated_classes.rb +++ b/spec/support/deprecated_classes.rb @@ -1,10 +1,10 @@ class ActionView::Helpers::TagHelper::TagBuilder def self.deprecated_classes @deprecated_classes ||= begin - YAML.safe_load(File.read(File.expand_path('../../../.erb_lint.yml', __FILE__))). - dig('linters', 'DeprecatedClasses', 'rule_set'). - flat_map { |rule| rule['deprecated'] }. - map { |regex_str| Regexp.new "^#{regex_str}$" } + YAML.safe_load(File.read(File.expand_path('../../../.erb_lint.yml', __FILE__))) + .dig('linters', 'DeprecatedClasses', 'rule_set') + .flat_map { |rule| rule['deprecated'] } + .map { |regex_str| Regexp.new "^#{regex_str}$" } end end diff --git a/spec/support/diff_helper.rb b/spec/support/diff_helper.rb index be56abc0a99..162cdc2344d 100644 --- a/spec/support/diff_helper.rb +++ b/spec/support/diff_helper.rb @@ -6,9 +6,9 @@ def assert_error_messages_equal(err, expected) end def normalize_error_message(message) - message. - gsub(/\x1b\[[0-9;]*m/, ''). # Strip ANSI control characters used for color - gsub(/:0x[0-9a-f]{16}/, ':'). - strip + message + .gsub(/\x1b\[[0-9;]*m/, '') # Strip ANSI control characters used for color + .gsub(/:0x[0-9a-f]{16}/, ':') + .strip end end diff --git a/spec/support/fake_analytics.rb b/spec/support/fake_analytics.rb index 6f43aaa06e7..ce3ee4b6170 100644 --- a/spec/support/fake_analytics.rb +++ b/spec/support/fake_analytics.rb @@ -71,26 +71,24 @@ def track_event(event, original_attributes = {}) UndocumentedParams = Class.new(StandardError).freeze module UndocumentedParamsChecker - mattr_accessor :allowed_extra_analytics - mattr_accessor :checked_extra_analytics mattr_accessor :asts mattr_accessor :docstrings def track_event(event, original_attributes = {}) - method_name = caller. - grep(/analytics_events\.rb/)&. - first&. - match(/:in `(?[^']+)'/)&. - [](:method_name)&. - to_sym + method_name = caller + .grep(/analytics_events\.rb/) + &.first + &.match(/:in `(?[^']+)'/) + &.[](:method_name) + &.to_sym if method_name analytics_method = AnalyticsEvents.instance_method(method_name) - param_names = analytics_method. - parameters. - select { |type, _name| [:keyreq, :key].include?(type) }. - map(&:last) + param_names = analytics_method + .parameters + .select { |type, _name| [:keyreq, :key].include?(type) } + .map(&:last) extra_keywords = original_attributes.keys \ - [:pii_like_keypaths, :user_id] \ @@ -98,16 +96,9 @@ def track_event(event, original_attributes = {}) - option_param_names(analytics_method) if extra_keywords.present? - @@checked_extra_analytics = checked_extra_analytics.to_a.concat(extra_keywords) - - extra_keywords -= Array(allowed_extra_analytics) - - if extra_keywords.present? && !allowed_extra_analytics.include?(:*) - raise UndocumentedParams, <<~ERROR - event :#{method_name} called with undocumented params #{extra_keywords.inspect} - (if these params are for specs only, use :allowed_extra_analytics metadata) - ERROR - end + raise UndocumentedParams, <<~ERROR + event :#{method_name} called with undocumented params #{extra_keywords.inspect} + ERROR end end @@ -127,9 +118,9 @@ def option_param_names(instance_method) file = instance_method.source_location.first ast = self.asts[file] ||= begin - YARD::Parser::Ruby::RubyParser.new(File.read(file), file). - parse. - ast + YARD::Parser::Ruby::RubyParser.new(File.read(file), file) + .parse + .ast end docstring = self.docstrings[instance_method.name] ||= begin @@ -140,8 +131,8 @@ def option_param_names(instance_method) YARD::DocstringParser.new.parse(node.docstring).to_docstring end - docstring.tags.select { |tag| tag.tag_name == 'option' }. - map { |tag| tag.pair.name.tr(%('"), '') } + docstring.tags.select { |tag| tag.tag_name == 'option' } + .map { |tag| tag.pair.name.tr(%('"), '') } end end @@ -176,47 +167,3 @@ def reset! @events = Hash.new end end - -RSpec.configure do |c| - groups = [] - - c.around do |ex| - keys = Array(ex.metadata[:allowed_extra_analytics]) - FakeAnalytics::UndocumentedParamsChecker.allowed_extra_analytics = keys - ex.run - - if keys.present? - group = ex.example_group - group = group.superclass until [nil, RSpec::Core::ExampleGroup].include?(group.superclass) - groups << [group, FakeAnalytics::UndocumentedParamsChecker.checked_extra_analytics.to_a] - end - ensure - FakeAnalytics::UndocumentedParamsChecker.allowed_extra_analytics = [] - FakeAnalytics::UndocumentedParamsChecker.checked_extra_analytics = [] - end - - c.after(:all) do |_ex| - next if c.world.all_examples.count != c.world.example_count - - groups.group_by(&:first).each do |group, pairs| - allowed_extra_analytics = group.metadata[:allowed_extra_analytics] - next if allowed_extra_analytics.blank? - all_checked_extra_analytics = pairs.map(&:last).flatten.uniq - if allowed_extra_analytics.include?(:*) - expect(all_checked_extra_analytics).to( - be_present, - "Unnecessary allowed_extra_analytics on example group #{group} (in #{group.id})", - ) - else - unchecked_extra_analytics = allowed_extra_analytics - all_checked_extra_analytics - expect(unchecked_extra_analytics).to( - be_blank, - "Unnecessary allowed_extra_analytics keywords on example group #{group}: " \ - "#{unchecked_extra_analytics} (in #{group.id})", - ) - end - end - ensure - groups = [] - end -end diff --git a/spec/support/fake_analytics_spec.rb b/spec/support/fake_analytics_spec.rb index e1b9291ea28..aacd56fbdcf 100644 --- a/spec/support/fake_analytics_spec.rb +++ b/spec/support/fake_analytics_spec.rb @@ -9,8 +9,8 @@ let(:code_under_test) { -> { expect(analytics).to have_logged_event } } it 'raises if event was not logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event nil @@ -22,16 +22,16 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end end @@ -40,8 +40,8 @@ let(:code_under_test) { -> { expect(analytics).to have_logged_event(:my_event) } } it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event @@ -54,8 +54,8 @@ it 'raises if another type of event has been logged' do analytics.track_event(:my_other_event) - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event @@ -67,24 +67,24 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end describe '.once' do let(:code_under_test) { -> { expect(analytics).to have_logged_event(:my_event).once } } it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event once but it was received 0 times @@ -96,16 +96,16 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'raises if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event once but it was received twice @@ -129,8 +129,8 @@ let(:code_under_test) { -> { expect(analytics).to have_logged_event(:my_event, arg1: 42) } } it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event with {:arg1=>42} @@ -144,8 +144,8 @@ it 'raises if another type of event has been logged' do track_other_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event with {:arg1=>42} @@ -159,8 +159,8 @@ it 'raises if only a non-matching event of the same type has been logged' do track_event_with_different_args.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event expected: {:arg1=>42} @@ -177,8 +177,8 @@ it 'raises if an event that matches but has additional args has been logged' do track_event_with_extra_args.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event expected: {:arg1=>42} @@ -196,28 +196,28 @@ track_event.call track_event_with_different_args.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end describe '.once' do @@ -228,8 +228,8 @@ end it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event once but it was received 0 times with {:arg1=>42} @@ -242,16 +242,16 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'raises if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received event :my_event once but it was received twice with {:arg1=>42} @@ -280,8 +280,8 @@ end it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event with include(arg1: 42) @@ -295,8 +295,8 @@ it 'raises if another type of event has been logged' do track_other_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event with include(arg1: 42) @@ -310,8 +310,8 @@ it 'raises if only a non-matching event of the same type has been logged' do track_event_with_different_args.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event expected: include(arg1: 42) @@ -329,28 +329,28 @@ track_event.call track_event_with_different_args.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end describe '.once' do @@ -361,8 +361,8 @@ end it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event once but it was received 0 times with include(arg1: 42) @@ -375,16 +375,16 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'raises if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event once but it was received twice with include(arg1: 42) @@ -413,8 +413,8 @@ end it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event with hash_including(arg1: 42) @@ -428,8 +428,8 @@ it 'raises if another type of event has been logged' do track_other_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event with hash_including(arg1: 42) @@ -443,8 +443,8 @@ it 'raises if only a non-matching event of the same type has been logged' do track_event_with_different_args.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event expected: hash_including(arg1: 42) @@ -462,28 +462,28 @@ track_event.call track_event_with_different_args.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'does not raise if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end describe '.once' do @@ -494,8 +494,8 @@ end it 'raises if no event has been logged' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event once but it was received 0 times with hash_including(arg1: 42) @@ -508,16 +508,16 @@ it 'does not raise if event was logged 1x' do track_event.call - expect(&code_under_test). - not_to raise_error(RSpec::Expectations::ExpectationNotMetError) + expect(&code_under_test) + .not_to raise_error(RSpec::Expectations::ExpectationNotMetError) end it 'raises if event was logged 2x' do track_event.call track_event.call - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Expected that FakeAnalytics would have received matching event :my_event once but it was received twice with hash_including(arg1: 42) @@ -535,8 +535,8 @@ subject(:analytics) { nil } it 'raises with message explaining that analytics needs to be stubbed' do - expect(&code_under_test). - to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| + expect(&code_under_test) + .to raise_error(RSpec::Expectations::ExpectationNotMetError) do |err| assert_error_messages_equal(err, <<~MESSAGE) Matching expected logged events requires analytics to be stubbed. @@ -551,20 +551,20 @@ it 'throws an error when pii is passed in' do expect { analytics.track_event('Trackable Event') }.to_not raise_error - expect { analytics.track_event('Trackable Event', first_name: 'Bobby') }. - to raise_error(FakeAnalytics::PiiDetected) + expect { analytics.track_event('Trackable Event', first_name: 'Bobby') } + .to raise_error(FakeAnalytics::PiiDetected) expect do analytics.track_event('Trackable Event', nested: [{ value: { first_name: 'Bobby' } }]) end.to raise_error(FakeAnalytics::PiiDetected) - expect { analytics.track_event('Trackable Event', decrypted_pii: '{"first_name":"Bobby"}') }. - to raise_error(FakeAnalytics::PiiDetected) + expect { analytics.track_event('Trackable Event', decrypted_pii: '{"first_name":"Bobby"}') } + .to raise_error(FakeAnalytics::PiiDetected) end it 'throws an error when it detects sample PII in the payload' do - expect { analytics.track_event('Trackable Event', some_benign_key: 'FAKEY MCFAKERSON') }. - to raise_error(FakeAnalytics::PiiDetected) + expect { analytics.track_event('Trackable Event', some_benign_key: 'FAKEY MCFAKERSON') } + .to raise_error(FakeAnalytics::PiiDetected) end end @@ -585,45 +585,6 @@ end.to raise_error(FakeAnalytics::UndocumentedParams, /some_new_undocumented_keyword/) end - it 'does not error when undocumented params are allowed', - allowed_extra_analytics: [:fun_level] do - analytics.idv_phone_confirmation_otp_submitted( - success: true, - errors: true, - code_expired: true, - code_matches: true, - otp_delivery_preference: :sms, - second_factor_attempts_count: true, - second_factor_locked_at: true, - proofing_components: true, - fun_level: 1000, - ) - - expect(analytics).to have_logged_event( - 'IdV: phone confirmation otp submitted', - hash_including(:fun_level), - ) - end - - it 'does not error when undocumented params are allowed via *', allowed_extra_analytics: [:*] do - analytics.idv_phone_confirmation_otp_submitted( - success: true, - errors: true, - code_expired: true, - code_matches: true, - otp_delivery_preference: :sms, - second_factor_attempts_count: true, - second_factor_locked_at: true, - proofing_components: true, - fun_level: 1000, - ) - - expect(analytics).to have_logged_event( - 'IdV: phone confirmation otp submitted', - hash_including(:fun_level), - ) - end - it 'does not error when string tags are documented as options' do analytics.idv_doc_auth_submitted_image_upload_vendor( success: nil, diff --git a/spec/support/features/document_capture_step_helper.rb b/spec/support/features/document_capture_step_helper.rb index 72c40807522..d92eb073a1a 100644 --- a/spec/support/features/document_capture_step_helper.rb +++ b/spec/support/features/document_capture_step_helper.rb @@ -117,9 +117,9 @@ def stub_docv_verification_data(docv_transaction_token:, body:) docvTransactionToken: docv_transaction_token, } - stub_request(:post, "#{IdentityConfig.store.socure_idplus_base_url}/api/3.0/EmailAuthScore"). - with(body: request_body.to_json). - to_return( + stub_request(:post, "#{IdentityConfig.store.socure_idplus_base_url}/api/3.0/EmailAuthScore") + .with(body: request_body.to_json) + .to_return( headers: { 'Content-Type' => 'application/json', }, @@ -143,8 +143,8 @@ def stub_docv_document_request( }, } - stub_request(:post, IdentityConfig.store.socure_docv_document_request_endpoint). - to_return( + stub_request(:post, IdentityConfig.store.socure_docv_document_request_endpoint) + .to_return( status:, body: body.to_json, ) diff --git a/spec/support/features/push_notifications_helper.rb b/spec/support/features/push_notifications_helper.rb index f4fc3ede131..b6dfd1c9330 100644 --- a/spec/support/features/push_notifications_helper.rb +++ b/spec/support/features/push_notifications_helper.rb @@ -3,7 +3,7 @@ def stub_push_notification_request(sp_push_notification_endpoint:, event_type:, stub_request(:post, sp_push_notification_endpoint).with do |request| parsed_jwt, _jwt_headers = JWT.decode( request.body, - AppArtifacts.store.oidc_public_key, + Rails.application.config.oidc_public_key, true, algorithm: 'RS256', ) diff --git a/spec/support/features/session_helper.rb b/spec/support/features/session_helper.rb index 9c9ba9f72d5..897f117a3f0 100644 --- a/spec/support/features/session_helper.rb +++ b/spec/support/features/session_helper.rb @@ -79,8 +79,8 @@ def signin_with_bad_piv end def fill_in_piv_cac_credentials_and_submit(user, - uuid = user. - piv_cac_configurations&.first&.x509_dn_uuid) + uuid = user + .piv_cac_configurations&.first&.x509_dn_uuid) allow(FeatureManagement).to receive(:development_and_identity_pki_disabled?).and_return(false) stub_piv_cac_service(uuid:) @@ -544,8 +544,8 @@ def sign_in_via_branded_page(user) def stub_piv_cac_service(error: nil, uuid: Random.uuid) allow(IdentityConfig.store).to receive(:identity_pki_disabled).and_return(false) - allow(IdentityConfig.store).to receive(:piv_cac_service_url). - and_return('http://piv.example.com/') + allow(IdentityConfig.store).to receive(:piv_cac_service_url) + .and_return('http://piv.example.com/') allow(IdentityConfig.store).to receive(:piv_cac_verify_token_url).and_return('http://piv.example.com/') stub_request(:post, 'piv.example.com').to_return do |request| { @@ -554,9 +554,9 @@ def stub_piv_cac_service(error: nil, uuid: Random.uuid) } end - stub_request(:post, 'piv.example.com'). - with(query: hash_including('nonce', 'redirect_uri')). - to_return do |request| + stub_request(:post, 'piv.example.com') + .with(query: hash_including('nonce', 'redirect_uri')) + .to_return do |request| query = UriService.params(request.uri) { status: 302, diff --git a/spec/support/idv_examples/sp_handoff.rb b/spec/support/idv_examples/sp_handoff.rb index 282910ce4bd..868f999ad5a 100644 --- a/spec/support/idv_examples/sp_handoff.rb +++ b/spec/support/idv_examples/sp_handoff.rb @@ -130,8 +130,8 @@ def expect_csp_headers_to_be_present # Selenium driver does not support response header inspection, but we should be able to expect # that the browser itself would respect CSP and refuse invalid form targets. return if javascript_enabled? - expect(page.response_headers['Content-Security-Policy']). - to(include('form-action \'self\' http://localhost:7654')) + expect(page.response_headers['Content-Security-Policy']) + .to(include('form-action \'self\' http://localhost:7654')) end def expect_successful_oidc_handoff diff --git a/spec/support/idv_examples/sp_requested_attributes.rb b/spec/support/idv_examples/sp_requested_attributes.rb index d2ee8560579..ac7641780bb 100644 --- a/spec/support/idv_examples/sp_requested_attributes.rb +++ b/spec/support/idv_examples/sp_requested_attributes.rb @@ -67,7 +67,7 @@ expect(current_url).to include('http://localhost:7654/auth/result') elsif sp == :saml if javascript_enabled? - expect(current_path).to eq(test_saml_decode_assertion_path) + expect(page).to have_current_path(test_saml_decode_assertion_path) else expect(current_url).to include(api_saml_auth_url(path_year: PATH_YEAR)) end diff --git a/spec/support/key_rotation_helper.rb b/spec/support/key_rotation_helper.rb index cad9145f53a..4481c65b985 100644 --- a/spec/support/key_rotation_helper.rb +++ b/spec/support/key_rotation_helper.rb @@ -15,8 +15,8 @@ def rotate_attribute_encryption_key(new_key = '4' * 32) current_queue = IdentityConfig.store.attribute_encryption_key_queue current_queue = [{ 'key' => old_key }] + current_queue - allow(IdentityConfig.store).to receive(:attribute_encryption_key_queue). - and_return(current_queue) + allow(IdentityConfig.store).to receive(:attribute_encryption_key_queue) + .and_return(current_queue) end def rotate_all_keys diff --git a/spec/support/matchers/accessibility.rb b/spec/support/matchers/accessibility.rb index 5221025ff52..6442e593eb4 100644 --- a/spec/support/matchers/accessibility.rb +++ b/spec/support/matchers/accessibility.rb @@ -91,8 +91,8 @@ def page_html page.driver.browser.set_cookie "_identity_idp_session=#{session_value}" if session_value page.driver.get(original_path_with_params) allow(IdentityConfig.store).to receive(:domain_name).and_return(domain_name) - allow(Rails.application.routes).to receive(:default_url_options). - and_return(default_url_options) + allow(Rails.application.routes).to receive(:default_url_options) + .and_return(default_url_options) page.html end else @@ -118,9 +118,9 @@ def page_markup_syntax_errors RSpec::Matchers.define :have_description do |description| def descriptors(element) - element['aria-describedby']&. - split(' ')&. - map { |descriptor_id| page.find("##{descriptor_id}")&.text } + element['aria-describedby'] + &.split(' ') + &.map { |descriptor_id| page.find("##{descriptor_id}")&.text } end match do |element| @@ -213,9 +213,9 @@ def decorative_svgs(page) end failure_message do |page| - img_tags = decorative_svgs(page).select { |img| img[:'aria-hidden'].nil? }. - map { |img| %(#{img[:alt]}) }. - join("\n") + img_tags = decorative_svgs(page).select { |img| img[:'aria-hidden'].nil? } + .map { |img| %(#{img[:alt]}) } + .join("\n") <<~STR Expect all decorative SVGs to have aria-hidden, but found ones without: @@ -269,10 +269,10 @@ def aria_labelledby_name(element) # "if computing a name, and the current node has an aria-labelledby attribute that contains at # least one valid IDREF, and the current node is not already part of an aria-labelledby # traversal, process its IDREFs in the order they occur" - valid_labels = element['aria-labelledby']&. - split(' ')&. - map { |label_id| page.find("##{label_id}")&.text }&. - compact + valid_labels = element['aria-labelledby'] + &.split(' ') + &.map { |label_id| page.find("##{label_id}")&.text } + &.compact valid_labels.join('') if valid_labels.present? end diff --git a/spec/support/oidc_auth_helper.rb b/spec/support/oidc_auth_helper.rb index acfcfb75f79..347d53b0135 100644 --- a/spec/support/oidc_auth_helper.rb +++ b/spec/support/oidc_auth_helper.rb @@ -207,7 +207,7 @@ def oidc_decoded_token def oidc_decoded_id_token @oidc_decoded_id_token ||= JWT.decode( oidc_decoded_token[:id_token], - AppArtifacts.store.oidc_public_key, + Rails.application.config.oidc_public_key, true, algorithm: 'RS256', ).first.with_indifferent_access diff --git a/spec/support/private_key_file_helper.rb b/spec/support/private_key_file_helper.rb index 3d9d99e2f4e..b623efaaae4 100644 --- a/spec/support/private_key_file_helper.rb +++ b/spec/support/private_key_file_helper.rb @@ -1,5 +1,5 @@ module PrivateKeyFileHelper - # Returns the private key in AppArtifacts.store.oidc_private_key if + # Returns the private key in AppArtifacts.store.oidc_primary_private_key if # Identity::Hostdata.in_datacenter? or if the private key file does # not exist; otherwise, the private key from the file is returned. def private_key_from_store_or(file_name:) @@ -12,7 +12,7 @@ def private_key_from_store_or(file_name:) if File.exist?(file_name) OpenSSL::PKey::RSA.new(File.read(file_name)) else - return AppArtifacts.store.oidc_private_key + return AppArtifacts.store.oidc_primary_private_key end end diff --git a/spec/support/saml_response_doc.rb b/spec/support/saml_response_doc.rb index a45ebe25e21..802212a0b90 100644 --- a/spec/support/saml_response_doc.rb +++ b/spec/support/saml_response_doc.rb @@ -210,13 +210,13 @@ def organization_nodeset end def organization_name - organization_nodeset[0]. - xpath('./ds:OrganizationName', ds: Saml::XML::Namespaces::METADATA)[0].content + organization_nodeset[0] + .xpath('./ds:OrganizationName', ds: Saml::XML::Namespaces::METADATA)[0].content end def organization_display_name - organization_nodeset[0]. - xpath( + organization_nodeset[0] + .xpath( './ds:OrganizationDisplayName', ds: Saml::XML::Namespaces::METADATA, ).first.content @@ -230,13 +230,13 @@ def attribute_authority_organization_nodeset end def attribute_authority_organization_name - attribute_authority_organization_nodeset[0]. - xpath('./ds:OrganizationName', ds: Saml::XML::Namespaces::METADATA)[0].content + attribute_authority_organization_nodeset[0] + .xpath('./ds:OrganizationName', ds: Saml::XML::Namespaces::METADATA)[0].content end def attribute_authority_organization_display_name - attribute_authority_organization_nodeset[0]. - xpath( + attribute_authority_organization_nodeset[0] + .xpath( './ds:OrganizationDisplayName', ds: Saml::XML::Namespaces::METADATA, ).first.content diff --git a/spec/support/shared_examples/lexis_nexis.rb b/spec/support/shared_examples/lexis_nexis.rb index ae54d21dca9..01523549962 100644 --- a/spec/support/shared_examples/lexis_nexis.rb +++ b/spec/support/shared_examples/lexis_nexis.rb @@ -15,9 +15,9 @@ allow(response).to receive(:product_list).and_return([]) allow(verification_request).to receive(:send_request).and_return(response) - allow(verification_request.class).to receive(:new). - with(applicant: applicant, config: kind_of(Proofing::LexisNexis::Config)). - and_return(verification_request) + allow(verification_request.class).to receive(:new) + .with(applicant: applicant, config: kind_of(Proofing::LexisNexis::Config)) + .and_return(verification_request) end describe '#proof' do @@ -66,19 +66,19 @@ credentials = Base64.strict_encode64('test_username:test_password') expected_value = "Basic #{credentials}" - stub_request(:post, subject.url). - to_return(status: 200, body: response_body) + stub_request(:post, subject.url) + .to_return(status: 200, body: response_body) subject.send_request - expect(a_request(:post, subject.url).with(headers: { 'Authorization' => expected_value })). - to have_been_requested + expect(a_request(:post, subject.url).with(headers: { 'Authorization' => expected_value })) + .to have_been_requested end end it 'returns a response object initialized with the http response' do - stub_request(:post, subject.url). - to_return(status: 200, body: response_body) + stub_request(:post, subject.url) + .to_return(status: 200, body: response_body) ln_response = subject.send_request expect(ln_response).to be_a(Proofing::LexisNexis::Response) diff --git a/spec/support/shared_examples/phone/rate_limiting.rb b/spec/support/shared_examples/phone/rate_limiting.rb index 455ce898365..fdc50481233 100644 --- a/spec/support/shared_examples/phone/rate_limiting.rb +++ b/spec/support/shared_examples/phone/rate_limiting.rb @@ -4,12 +4,12 @@ let(:min_attempts) { 2 } before do - allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts). - and_return(max_confirmation_attempts) - allow(IdentityConfig.store).to receive(:otp_delivery_blocklist_maxretry). - and_return(max_otp_sends) - allow(IdentityConfig.store).to receive(:otp_min_attempts_remaining_warning_count). - and_return(min_attempts) + allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts) + .and_return(max_confirmation_attempts) + allow(IdentityConfig.store).to receive(:otp_delivery_blocklist_maxretry) + .and_return(max_otp_sends) + allow(IdentityConfig.store).to receive(:otp_min_attempts_remaining_warning_count) + .and_return(min_attempts) end it 'limits the number of times the user can resend an OTP' do diff --git a/spec/support/shared_examples/remember_device.rb b/spec/support/shared_examples/remember_device.rb index 8cadc69f64f..3bf6c9dcf25 100644 --- a/spec/support/shared_examples/remember_device.rb +++ b/spec/support/shared_examples/remember_device.rb @@ -10,8 +10,8 @@ it 'requires 2FA on sign in after expiration' do user = remember_device_and_sign_out_user - days_to_travel = (IdentityConfig.store.remember_device_expiration_hours_aal_1 + 1). - hours.from_now + days_to_travel = (IdentityConfig.store.remember_device_expiration_hours_aal_1 + 1) + .hours.from_now travel_to(days_to_travel) sign_in_user(user) diff --git a/spec/support/shared_examples/sign_in.rb b/spec/support/shared_examples/sign_in.rb index 8136ec3cbc2..b84aa6054e9 100644 --- a/spec/support/shared_examples/sign_in.rb +++ b/spec/support/shared_examples/sign_in.rb @@ -99,8 +99,8 @@ fill_in_credentials_and_submit(user.email, user.password) click_link t('two_factor_authentication.login_options_link_text') - expect(page). - to_not have_selector("label[for='two_factor_options_form_selection_ personal_key']") + expect(page) + .to_not have_selector("label[for='two_factor_options_form_selection_ personal_key']") end end @@ -196,8 +196,8 @@ fill_in_credentials_and_submit('test@test.com', 'foo') link_url = new_user_password_url(locale: 'es', request_id: sp_request_id) - expect(page). - to have_link t('devise.failure.not_found_in_database_link_text', href: link_url) + expect(page) + .to have_link t('devise.failure.not_found_in_database_link_text', href: link_url) end end @@ -211,8 +211,8 @@ fill_in_credentials_and_submit(user.email, 'password') link_url = new_user_password_url(locale: 'es', request_id: sp_request_id) - expect(page). - to have_link t('devise.failure.invalid_link_text', href: link_url) + expect(page) + .to have_link t('devise.failure.invalid_link_text', href: link_url) end end end @@ -222,10 +222,10 @@ let(:window_end) { 1.day.ago } before do - allow(IdentityConfig.store).to receive(:broken_personal_key_window_start). - and_return(window_start) - allow(IdentityConfig.store).to receive(:broken_personal_key_window_finish). - and_return(window_end) + allow(IdentityConfig.store).to receive(:broken_personal_key_window_start) + .and_return(window_start) + allow(IdentityConfig.store).to receive(:broken_personal_key_window_finish) + .and_return(window_end) end def user_with_broken_personal_key(scenario) @@ -322,8 +322,8 @@ def user_with_broken_personal_key(scenario) asserted_expected_user = false fake_analytics = FakeAnalytics.new - allow_any_instance_of(ApplicationController).to receive(:analytics). - and_wrap_original do |original| + allow_any_instance_of(ApplicationController).to receive(:analytics) + .and_wrap_original do |original| if original.receiver.instance_of?(Users::SessionsController) && original.receiver.action_name == 'create' expect(original.call.user).to eq(user) diff --git a/spec/support/shared_examples/webauthn_setup.rb b/spec/support/shared_examples/webauthn_setup.rb index db9f254e10a..229153b4564 100644 --- a/spec/support/shared_examples/webauthn_setup.rb +++ b/spec/support/shared_examples/webauthn_setup.rb @@ -44,9 +44,9 @@ let(:fake_analytics) { FakeAnalytics.new } before do - allow(IdentityConfig.store). - to receive(:show_unsupported_passkey_platform_authentication_setup). - and_return(true) + allow(IdentityConfig.store) + .to receive(:show_unsupported_passkey_platform_authentication_setup) + .and_return(true) allow(WebauthnVerificationForm).to receive(:domain_name).and_return('localhost:3000') allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) mock_webauthn_setup_challenge diff --git a/spec/support/shared_examples_for_email_validation.rb b/spec/support/shared_examples_for_email_validation.rb index 88ae7c8583c..c324f4dca54 100644 --- a/spec/support/shared_examples_for_email_validation.rb +++ b/spec/support/shared_examples_for_email_validation.rb @@ -1,9 +1,9 @@ RSpec.shared_examples 'email validation' do it 'uses the valid_email gem with mx and ban_disposable options' do - email_validator = subject._validators.values.flatten. - find { |v| v.instance_of?(EmailValidator) } + email_validator = subject._validators.values.flatten + .find { |v| v.instance_of?(EmailValidator) } - expect(email_validator.options). - to eq(mx_with_fallback: true, ban_disposable_email: true, partial: true) + expect(email_validator.options) + .to eq(mx_with_fallback: true, ban_disposable_email: true, partial: true) end end diff --git a/spec/support/shared_examples_for_otp_delivery_preference_validation.rb b/spec/support/shared_examples_for_otp_delivery_preference_validation.rb index 17e8434aaab..a459e23203f 100644 --- a/spec/support/shared_examples_for_otp_delivery_preference_validation.rb +++ b/spec/support/shared_examples_for_otp_delivery_preference_validation.rb @@ -10,8 +10,8 @@ context 'voice' do it 'is valid when supported for the phone' do - expect(UpdateUserPhoneConfiguration).to receive(:update!). - with(user: user, attributes: { otp_delivery_preference: 'voice' }) + expect(UpdateUserPhoneConfiguration).to receive(:update!) + .with(user: user, attributes: { otp_delivery_preference: 'voice' }) capabilities = spy(PhoneNumberCapabilities) allow(PhoneNumberCapabilities).to receive(:new).with(phone).and_return(capabilities) diff --git a/spec/support/shared_examples_for_password_validation.rb b/spec/support/shared_examples_for_password_validation.rb index a4872571118..674c22c34f1 100644 --- a/spec/support/shared_examples_for_password_validation.rb +++ b/spec/support/shared_examples_for_password_validation.rb @@ -4,8 +4,8 @@ end it do - is_expected.to validate_length_of(:password). - is_at_least(Devise.password_length.first).is_at_most(Devise.password_length.last) + is_expected.to validate_length_of(:password) + .is_at_least(Devise.password_length.first).is_at_most(Devise.password_length.last) end it do diff --git a/spec/support/sp_auth_helper.rb b/spec/support/sp_auth_helper.rb index 809205724d8..e36369a218e 100644 --- a/spec/support/sp_auth_helper.rb +++ b/spec/support/sp_auth_helper.rb @@ -13,8 +13,8 @@ def create_ial1_account_go_back_to_sp_and_sign_out(sp) def create_in_person_ial2_account_go_back_to_sp_and_sign_out(sp) user = user_with_totp_2fa - ServiceProvider.find_by(issuer: service_provider_issuer(sp)). - update(in_person_proofing_enabled: true) + ServiceProvider.find_by(issuer: service_provider_issuer(sp)) + .update(in_person_proofing_enabled: true) visit_idp_from_sp_with_ial2(sp) sign_in_user(user) diff --git a/spec/support/usps_ipp_helper.rb b/spec/support/usps_ipp_helper.rb index 93dd0d6826f..f7dffc104f4 100644 --- a/spec/support/usps_ipp_helper.rb +++ b/spec/support/usps_ipp_helper.rb @@ -174,8 +174,8 @@ def stub_request_unexpected_expired_proofing_results def request_unexpected_expired_proofing_results_args { status: 400, - body: UspsInPersonProofing::Mock::Fixtures. - request_unexpected_expired_proofing_results_response, + body: UspsInPersonProofing::Mock::Fixtures + .request_unexpected_expired_proofing_results_response, headers: { 'content-type' => 'application/json' }, } end @@ -194,8 +194,8 @@ def stub_request_unexpected_invalid_applicant(response_body_overrides = {}) def request_unexpected_invalid_applicant_args { status: 400, - body: UspsInPersonProofing::Mock::Fixtures. - request_unexpected_invalid_applicant_response, + body: UspsInPersonProofing::Mock::Fixtures + .request_unexpected_invalid_applicant_response, headers: { 'content-type' => 'application/json' }, } end @@ -215,8 +215,8 @@ def stub_request_unexpected_invalid_enrollment_code(response_body_overrides = {} def request_unexpected_invalid_enrollment_code_args { status: 400, - body: UspsInPersonProofing::Mock::Fixtures. - request_unexpected_invalid_enrollment_code_response, + body: UspsInPersonProofing::Mock::Fixtures + .request_unexpected_invalid_enrollment_code_response, headers: { 'content-type' => 'application/json' }, } end diff --git a/spec/views/accounts/connected_accounts/show.html.erb_spec.rb b/spec/views/accounts/connected_accounts/show.html.erb_spec.rb index 718d656dd5d..9a18c8cbb00 100644 --- a/spec/views/accounts/connected_accounts/show.html.erb_spec.rb +++ b/spec/views/accounts/connected_accounts/show.html.erb_spec.rb @@ -6,8 +6,8 @@ before do allow(view).to receive(:current_user).and_return(user) - allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled). - and_return(feature_select_email_to_share_enabled) + allow(IdentityConfig.store).to receive(:feature_select_email_to_share_enabled) + .and_return(feature_select_email_to_share_enabled) assign( :presenter, AccountShowPresenter.new( diff --git a/spec/views/devise/passwords/new.html.erb_spec.rb b/spec/views/devise/passwords/new.html.erb_spec.rb index c3d8ca7c831..7fe0374391c 100644 --- a/spec/views/devise/passwords/new.html.erb_spec.rb +++ b/spec/views/devise/passwords/new.html.erb_spec.rb @@ -11,12 +11,12 @@ before do @password_reset_email_form = PasswordResetEmailForm.new('') view_context = ActionController::Base.new.view_context - allow(view_context).to receive(:new_user_session_url). - and_return('https://www.example.com/') - allow(view_context).to receive(:sign_up_email_path). - and_return('/sign_up/enter_email') - allow_any_instance_of(ActionController::TestRequest).to receive(:path). - and_return('/users/password/new') + allow(view_context).to receive(:new_user_session_url) + .and_return('https://www.example.com/') + allow(view_context).to receive(:sign_up_email_path) + .and_return('/sign_up/enter_email') + allow_any_instance_of(ActionController::TestRequest).to receive(:path) + .and_return('/users/password/new') @decorated_sp_session = ServiceProviderSessionCreator.new( sp: sp, diff --git a/spec/views/devise/sessions/new.html.erb_spec.rb b/spec/views/devise/sessions/new.html.erb_spec.rb index d184de347df..db514243ac6 100644 --- a/spec/views/devise/sessions/new.html.erb_spec.rb +++ b/spec/views/devise/sessions/new.html.erb_spec.rb @@ -10,8 +10,8 @@ allow(view).to receive(:devise_mapping).and_return(Devise.mappings[:user]) allow(view).to receive(:controller_name).and_return('sessions') allow(view).to receive(:decorated_sp_session).and_return(NullServiceProviderSession.new) - allow_any_instance_of(ActionController::TestRequest).to receive(:path). - and_return('/') + allow_any_instance_of(ActionController::TestRequest).to receive(:path) + .and_return('/') end it 'sets autocomplete attribute off' do @@ -89,8 +89,8 @@ service_provider_request: ServiceProviderRequest.new, ).create_session allow(view).to receive(:decorated_sp_session).and_return(@decorated_sp_session) - allow(view_context).to receive(:sign_up_email_path). - and_return('/sign_up/enter_email') + allow(view_context).to receive(:sign_up_email_path) + .and_return('/sign_up/enter_email') end it 'displays a custom header' do @@ -182,8 +182,8 @@ it 'does not render DAP analytics' do allow(view).to receive(:javascript_packs_tag_once) - expect(view).not_to receive(:javascript_packs_tag_once). - with(a_string_matching('https://dap.digitalgov.gov/'), defer: true, id: '_fed_an_ua_tag') + expect(view).not_to receive(:javascript_packs_tag_once) + .with(a_string_matching('https://dap.digitalgov.gov/'), defer: true, id: '_fed_an_ua_tag') render end @@ -214,10 +214,10 @@ subject(:rendered) { render } before do - allow(FeatureManagement).to receive(:sign_in_recaptcha_enabled?). - and_return(sign_in_recaptcha_enabled) - allow(IdentityConfig.store).to receive(:recaptcha_mock_validator). - and_return(recaptcha_mock_validator) + allow(FeatureManagement).to receive(:sign_in_recaptcha_enabled?) + .and_return(sign_in_recaptcha_enabled) + allow(IdentityConfig.store).to receive(:recaptcha_mock_validator) + .and_return(recaptcha_mock_validator) end context 'recaptcha at sign in is disabled' do diff --git a/spec/views/forgot_password/show.html.erb_spec.rb b/spec/views/forgot_password/show.html.erb_spec.rb index efe18e77a21..3b7603ade4b 100644 --- a/spec/views/forgot_password/show.html.erb_spec.rb +++ b/spec/views/forgot_password/show.html.erb_spec.rb @@ -25,10 +25,10 @@ render expect(rendered).to have_button(t('links.resend')) - expect(rendered). - to have_xpath("//form[@action='#{user_password_path}']") - expect(rendered). - to have_xpath("//form[@method='post']") + expect(rendered) + .to have_xpath("//form[@action='#{user_password_path}']") + expect(rendered) + .to have_xpath("//form[@method='post']") end it 'provides an explanation to the user' do diff --git a/spec/views/idv/enter_password/new.html.erb_spec.rb b/spec/views/idv/enter_password/new.html.erb_spec.rb index faf0034e1e0..3947b5ec513 100644 --- a/spec/views/idv/enter_password/new.html.erb_spec.rb +++ b/spec/views/idv/enter_password/new.html.erb_spec.rb @@ -9,8 +9,8 @@ before do user = build_stubbed(:user, :fully_registered) allow(view).to receive(:current_user).and_return(user) - allow(view).to receive(:step_indicator_steps). - and_return(Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS) + allow(view).to receive(:step_indicator_steps) + .and_return(Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS) allow(view).to receive(:step_indicator_step).and_return(:re_enter_password) end diff --git a/spec/views/idv/in_person/ready_to_verify/show.html.erb_spec.rb b/spec/views/idv/in_person/ready_to_verify/show.html.erb_spec.rb index 400994814d5..152365c4d20 100644 --- a/spec/views/idv/in_person/ready_to_verify/show.html.erb_spec.rb +++ b/spec/views/idv/in_person/ready_to_verify/show.html.erb_spec.rb @@ -112,8 +112,8 @@ context 'outage alert' do context 'when the outage message flag is enabled' do before do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true) + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true) end context 'when the outage dates are included' do @@ -122,12 +122,12 @@ let(:in_person_outage_expected_update_date) { 'October 31, 2023' } before do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date). - and_return(in_person_outage_emailed_by_date) - allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date). - and_return(in_person_outage_expected_update_date) + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date) + .and_return(in_person_outage_emailed_by_date) + allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date) + .and_return(in_person_outage_expected_update_date) end it 'renders the outage alert' do @@ -144,12 +144,12 @@ context 'when the outage dates are not included' do before do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(true) - allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date). - and_return('') - allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date). - and_return('') + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(true) + allow(IdentityConfig.store).to receive(:in_person_outage_emailed_by_date) + .and_return('') + allow(IdentityConfig.store).to receive(:in_person_outage_expected_update_date) + .and_return('') end it 'does not render a warning' do @@ -164,8 +164,8 @@ context 'when the outage message flag is disabled' do before do - allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled). - and_return(false) + allow(IdentityConfig.store).to receive(:in_person_outage_message_enabled) + .and_return(false) end it 'does not render the outage alert' do diff --git a/spec/views/idv/please_call/show.html.erb_spec.rb b/spec/views/idv/please_call/show.html.erb_spec.rb index 2b1df4f41b3..bc97fd358e2 100644 --- a/spec/views/idv/please_call/show.html.erb_spec.rb +++ b/spec/views/idv/please_call/show.html.erb_spec.rb @@ -6,8 +6,8 @@ before do @call_by_date = Date.new(2023, 10, 13) @in_person = in_person - allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). - and_return(in_person_proofing_enabled) + allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) + .and_return(in_person_proofing_enabled) render end diff --git a/spec/views/idv/shared/ssn.html.erb_spec.rb b/spec/views/idv/shared/ssn.html.erb_spec.rb index 989dbdca74c..c951b33ba9f 100644 --- a/spec/views/idv/shared/ssn.html.erb_spec.rb +++ b/spec/views/idv/shared/ssn.html.erb_spec.rb @@ -21,10 +21,10 @@ before :each do allow(view).to receive(:url_for).and_return('https://example.com/') - allow(IdentityConfig.store).to receive(:proofing_device_profiling). - and_return(threatmetrix_enabled ? :enabled : :disabled) - allow(IdentityConfig.store). - to receive(:lexisnexis_threatmetrix_org_id).and_return(lexisnexis_threatmetrix_org_id) + allow(IdentityConfig.store).to receive(:proofing_device_profiling) + .and_return(threatmetrix_enabled ? :enabled : :disabled) + allow(IdentityConfig.store) + .to receive(:lexisnexis_threatmetrix_org_id).and_return(lexisnexis_threatmetrix_org_id) assign( :ssn_presenter, @@ -110,8 +110,8 @@ def expect_noscript_tag_rendered end def expect_session_id_input_rendered - expect(rendered). - to have_css( + expect(rendered) + .to have_css( "input[type=hidden][name='doc_auth[threatmetrix_session_id]'][value='#{session_id}']", visible: false, ) @@ -126,7 +126,7 @@ def expect_noscript_tag_not_rendered end def expect_session_id_input_not_rendered - expect(rendered). - not_to have_css('input[name="doc_auth[threatmetrix_session_id]"]', visible: false) + expect(rendered) + .not_to have_css('input[name="doc_auth[threatmetrix_session_id]"]', visible: false) end end diff --git a/spec/views/sign_up/completions/show.html.erb_spec.rb b/spec/views/sign_up/completions/show.html.erb_spec.rb index 352e3e293e1..a6ac0d96a0e 100644 --- a/spec/views/sign_up/completions/show.html.erb_spec.rb +++ b/spec/views/sign_up/completions/show.html.erb_spec.rb @@ -68,38 +68,18 @@ ).and_return(false) end - it 'does not show a link to select different email' do - create(:email_address, user: user) - user.reload - render - - expect(rendered).to_not include(t('help_text.requested_attributes.change_email_link')) - expect(rendered).to_not include(t('account.index.email_add')) - end - - it 'does not show a link to add another email' do + it 'does not show change link' do render expect(rendered).to_not include(t('help_text.requested_attributes.change_email_link')) - expect(rendered).to_not include(t('account.index.email_add')) end end context 'select email to send to partner' do - it 'does not show a link to select different email' do - create(:email_address, user: user) - user.reload + it 'shows email change link' do render expect(rendered).to include(t('help_text.requested_attributes.change_email_link')) - expect(rendered).to_not include(t('account.index.email_add')) - end - - it 'does not show a link to add another email' do - render - - expect(rendered).to_not include(t('help_text.requested_attributes.change_email_link')) - expect(rendered).to include(t('account.index.email_add')) end end diff --git a/spec/views/sign_up/emails/show.html.erb_spec.rb b/spec/views/sign_up/emails/show.html.erb_spec.rb index b8f2e9f22d7..86a8a620d0e 100644 --- a/spec/views/sign_up/emails/show.html.erb_spec.rb +++ b/spec/views/sign_up/emails/show.html.erb_spec.rb @@ -24,8 +24,8 @@ expect(rendered).to have_selector('lg-form-link') expect(rendered).to have_link(href: '#', class: ['usa-link', 'block-link']) - expect(rendered). - to have_button(t('notices.signed_up_but_unconfirmed.resend_confirmation_email')) + expect(rendered) + .to have_button(t('notices.signed_up_but_unconfirmed.resend_confirmation_email')) expect(rendered).to have_css("form[action='#{sign_up_register_path}']") end diff --git a/spec/views/sign_up/registrations/new.html.erb_spec.rb b/spec/views/sign_up/registrations/new.html.erb_spec.rb index 97a2c1f0e45..8e3006e4559 100644 --- a/spec/views/sign_up/registrations/new.html.erb_spec.rb +++ b/spec/views/sign_up/registrations/new.html.erb_spec.rb @@ -15,12 +15,12 @@ analytics: FakeAnalytics.new, ) view_context = ActionController::Base.new.view_context - allow(view_context).to receive(:new_user_session_url). - and_return('https://www.example.com/') - allow(view_context).to receive(:sign_up_email_path). - and_return('/sign_up/enter_email') - allow_any_instance_of(ActionView::Base).to receive(:request_id). - and_return(nil) + allow(view_context).to receive(:new_user_session_url) + .and_return('https://www.example.com/') + allow(view_context).to receive(:sign_up_email_path) + .and_return('/sign_up/enter_email') + allow_any_instance_of(ActionView::Base).to receive(:request_id) + .and_return(nil) @decorated_sp_session = ServiceProviderSessionCreator.new( sp: sp, diff --git a/spec/views/two_factor_authentication/personal_key_verification/show.html.erb_spec.rb b/spec/views/two_factor_authentication/personal_key_verification/show.html.erb_spec.rb index ae22211f294..409574b6560 100644 --- a/spec/views/two_factor_authentication/personal_key_verification/show.html.erb_spec.rb +++ b/spec/views/two_factor_authentication/personal_key_verification/show.html.erb_spec.rb @@ -20,24 +20,24 @@ it 'has a localized heading' do render - expect(rendered). - to have_content t('two_factor_authentication.personal_key_header_text') + expect(rendered) + .to have_content t('two_factor_authentication.personal_key_header_text') end it 'prompts the user to enter their personal key' do render - expect(rendered). - to have_content t('two_factor_authentication.personal_key_prompt') + expect(rendered) + .to have_content t('two_factor_authentication.personal_key_prompt') end it 'contains a form to submit the personal key' do render expect(rendered).to have_button(t('forms.buttons.submit.default')) - expect(rendered). - to have_xpath("//form[@action='#{login_two_factor_personal_key_path}']") - expect(rendered). - to have_xpath("//form[@method='post']") + expect(rendered) + .to have_xpath("//form[@action='#{login_two_factor_personal_key_path}']") + expect(rendered) + .to have_xpath("//form[@method='post']") end end diff --git a/spec/views/users/backup_code_setup/create.html.erb_spec.rb b/spec/views/users/backup_code_setup/create.html.erb_spec.rb index c0fa8c23e3d..09c11ae8986 100644 --- a/spec/views/users/backup_code_setup/create.html.erb_spec.rb +++ b/spec/views/users/backup_code_setup/create.html.erb_spec.rb @@ -49,10 +49,10 @@ it 'contains form post to backup_code_continue_path' do render - expect(rendered). - to have_xpath("//form[@action='#{backup_code_continue_path}']") - expect(rendered). - to have_xpath("//form[@method='post']") + expect(rendered) + .to have_xpath("//form[@action='#{backup_code_continue_path}']") + expect(rendered) + .to have_xpath("//form[@method='post']") end it 'has continue button' do diff --git a/spec/views/users/delete/show.html.erb_spec.rb b/spec/views/users/delete/show.html.erb_spec.rb index 022074309f5..7a932f2680c 100644 --- a/spec/views/users/delete/show.html.erb_spec.rb +++ b/spec/views/users/delete/show.html.erb_spec.rb @@ -25,14 +25,14 @@ it 'displays bullets for loa1' do allow(user).to receive(:identity_verified?).and_return(false) - expect(user.delete_account_bullet_key). - to eq t('users.delete.bullet_2_basic', app_name: APP_NAME) + expect(user.delete_account_bullet_key) + .to eq t('users.delete.bullet_2_basic', app_name: APP_NAME) end it 'displays bullets for loa1' do allow(user).to receive(:identity_verified?).and_return(true) - expect(user.delete_account_bullet_key). - to eq t('users.delete.bullet_2_verified', app_name: APP_NAME) + expect(user.delete_account_bullet_key) + .to eq t('users.delete.bullet_2_verified', app_name: APP_NAME) end it 'contains link to delete account button' do diff --git a/spec/views/users/two_factor_authentication_setup/index.html.erb_spec.rb b/spec/views/users/two_factor_authentication_setup/index.html.erb_spec.rb index 40cc2e3bfd3..0bcac8fc504 100644 --- a/spec/views/users/two_factor_authentication_setup/index.html.erb_spec.rb +++ b/spec/views/users/two_factor_authentication_setup/index.html.erb_spec.rb @@ -61,8 +61,8 @@ context 'all phone vendor outage' do before do - allow_any_instance_of(OutageStatus).to receive(:all_vendor_outage?). - with(OutageStatus::PHONE_VENDORS).and_return(true) + allow_any_instance_of(OutageStatus).to receive(:all_vendor_outage?) + .with(OutageStatus::PHONE_VENDORS).and_return(true) end it 'renders alert banner' do diff --git a/yarn.lock b/yarn.lock index 1111af3e87b..ec103eca0b4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1462,12 +1462,12 @@ resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.0.tgz#3d9018c575f0e3f7386c1de80ee66cc21fbb7a52" integrity sha512-rADY+HtTOA52l9VZWtgQfn4p+UDVM2eDVkMZT1I6syp0YKxW2F9v+0pbRZLsvskhQv/vMb6ZfCay81GHbz5SHg== -"@types/node@*", "@types/node@^20.2.5": - version "20.14.7" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.7.tgz#342cada27f97509eb8eb2dbc003edf21ce8ab5a8" - integrity sha512-uTr2m2IbJJucF3KUxgnGOZvYbN0QgkGyWxG6973HCpMYFy2KfcgYuIwkJQMQkt1VbBMlvWRbpshFTLxnxCZjKQ== +"@types/node@*", "@types/node@^22.10.1": + version "22.10.1" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.1.tgz#41ffeee127b8975a05f8c4f83fb89bcb2987d766" + integrity sha512-qKgsUwfHZV2WCWLAnVP1JqnpE6Im6h3Y0+fYgMTasNQ7V++CBX5OT1as0g0f+OyubbFqhf6XVNIsmN4IIhEgGQ== dependencies: - undici-types "~5.26.4" + undici-types "~6.20.0" "@types/prop-types@*": version "15.7.3" @@ -5927,10 +5927,10 @@ unbox-primitive@^1.0.2: has-symbols "^1.0.3" which-boxed-primitive "^1.0.2" -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== +undici-types@~6.20.0: + version "6.20.0" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.20.0.tgz#8171bf22c1f588d1554d55bf204bc624af388433" + integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg== unicode-canonical-property-names-ecmascript@^1.0.4: version "1.0.4"