Merge pull request #11726 from 18F/stages/rc-2025-01-08

Deploy RC 442.1 to Production
18F · Jan 8, 2025 · 6ece32f · 6ece32f
2 parents a082cb3 + 2eefd2e
commit 6ece32f
Show file tree

Hide file tree

Showing 26 changed files with 30 additions and 319 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -293,7 +293,7 @@ specs:
     - cp -a keys.example keys
     - cp -a certs.example certs
     - cp pwned_passwords/pwned_passwords.txt.sample pwned_passwords/pwned_passwords.txt
-    - "echo -e \"test:\n  redis_url: 'redis://db-redis:6379/0'\n  redis_throttle_url: 'redis://db-redis:6379/1'\n  redis_attempts_api_url: 'redis://db-redis:6379/2'\" > config/application.yml"
+    - "echo -e \"test:\n  redis_url: 'redis://db-redis:6379/0'\n  redis_throttle_url: 'redis://db-redis:6379/1'\" > config/application.yml"
     - bundle exec rake db:create db:migrate --trace
     - bundle exec rake db:seed
     - bundle exec rake knapsack:rspec["--format documentation --format RspecJunitFormatter --out rspec.xml --format json --out rspec_json/${CI_NODE_INDEX}.json"]

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -458,7 +458,7 @@ GEM
     net-smtp (0.5.0)
       net-protocol
     net-ssh (6.1.0)
-    newrelic_rpm (9.16.1)
+    newrelic_rpm (9.7.0)
     nio4r (2.7.4)
     nokogiri (1.16.8)
       mini_portile2 (~> 2.8.2)

diff --git a/app/controllers/idv/forgot_password_controller.rb b/app/controllers/idv/forgot_password_controller.rb
@@ -15,7 +15,7 @@ def new
     def update
       analytics.idv_forgot_password_confirmed
       request_id = sp_session[:request_id]
-      email = current_user.last_sign_in_email_address.email
+      email = current_user.confirmed_email_addresses.first.email
       reset_password(email, request_id)
     end
 

diff --git a/app/jobs/resolution_proofing_job.rb b/app/jobs/resolution_proofing_job.rb
@@ -131,7 +131,7 @@ def make_vendor_proofing_requests(
   end
 
   def user_email_for_proofing(user)
-    user.last_sign_in_email_address.email
+    user.confirmed_email_addresses.first.email
   end
 
   def log_threatmetrix_info(threatmetrix_result, user)

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -65,7 +65,7 @@ class User < ApplicationRecord
   attr_accessor :asserted_attributes, :email
 
   def confirmed_email_addresses
-    email_addresses.confirmed
+    email_addresses.confirmed.order('last_sign_in_at DESC NULLS LAST')
   end
 
   def fully_registered?

diff --git a/app/services/attempts_api/attempt_event.rb b/app/services/attempts_api/attempt_event.rb
diff --git a/app/services/attempts_api/redis_client.rb b/app/services/attempts_api/redis_client.rb
diff --git a/app/views/users/webauthn_setup/new.html.erb b/app/views/users/webauthn_setup/new.html.erb
@@ -27,7 +27,7 @@
       },
     ) do |f| %>
   <%= hidden_field_tag :user_id, current_user.id, id: 'user_id' %>
-  <%= hidden_field_tag :user_email, current_user.last_sign_in_email_address.email, id: 'user_email' %>
+  <%= hidden_field_tag :user_email, current_user.confirmed_email_addresses.first.email, id: 'user_email' %>
   <%= hidden_field_tag :user_challenge, user_session[:webauthn_challenge].to_json, id: 'user_challenge' %>
   <%= hidden_field_tag :exclude_credentials, @exclude_credentials&.join(','), id: 'exclude_credentials' %>
   <%= hidden_field_tag :webauthn_id, '', id: 'webauthn_id' %>

diff --git a/config/application.yml.default b/config/application.yml.default
@@ -40,7 +40,6 @@ allowed_verified_within_providers: '[]'
 asset_host: ''
 async_stale_job_timeout_seconds: 300
 async_wait_timeout_seconds: 60
-attempts_api_event_ttl_seconds: 3_600
 attribute_encryption_key:
 attribute_encryption_key_queue: '[]'
 available_locales: 'en,es,fr,zh'
@@ -323,8 +322,6 @@ recaptcha_site_key: ''
 recommend_webauthn_platform_for_sms_ab_test_account_creation_percent: 0
 recommend_webauthn_platform_for_sms_ab_test_authentication_percent: 0
 recovery_code_length: 4
-redis_attempts_api_pool_size: 1
-redis_attempts_api_url: redis://localhost:6379/2
 redis_pool_size: 10
 redis_throttle_pool_size: 5
 redis_throttle_url: redis://localhost:6379/1

diff --git a/config/initializers/01_redis.rb b/config/initializers/01_redis.rb
@@ -9,8 +9,3 @@
 REDIS_THROTTLE_POOL = ConnectionPool.new(size: IdentityConfig.store.redis_throttle_pool_size) do
   Redis.new(url: IdentityConfig.store.redis_throttle_url)
 end.freeze
-
-REDIS_ATTEMPTS_API_POOL =
-  ConnectionPool.new(size: IdentityConfig.store.redis_attempts_api_pool_size) do
-    Redis.new(url: IdentityConfig.store.redis_attempts_api_url)
-  end.freeze
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
@@ -58,7 +58,6 @@ def self.store
     config.add(:asset_host, type: :string)
     config.add(:async_stale_job_timeout_seconds, type: :integer)
     config.add(:async_wait_timeout_seconds, type: :integer)
-    config.add(:attempts_api_event_ttl_seconds, type: :integer)
     config.add(:attribute_encryption_key, type: :string)
     config.add(:attribute_encryption_key_queue, type: :json)
     config.add(:available_locales, type: :comma_separated_string_list)
@@ -357,8 +356,6 @@ def self.store
     config.add(:recaptcha_secret_key, type: :string)
     config.add(:recaptcha_site_key, type: :string)
     config.add(:recovery_code_length, type: :integer)
-    config.add(:redis_attempts_api_pool_size, type: :integer)
-    config.add(:redis_attempts_api_url, type: :string)
     config.add(:redis_pool_size, type: :integer)
     config.add(:redis_throttle_pool_size, type: :integer)
     config.add(:redis_throttle_url, type: :string)

diff --git a/spec/controllers/idv/by_mail/enter_code_controller_spec.rb b/spec/controllers/idv/by_mail/enter_code_controller_spec.rb
@@ -289,7 +289,7 @@
           it 'does not send the "Please Call" email' do
             action
             expect_email_not_delivered(
-              to: user.last_sign_in_email_address.email,
+              to: user.confirmed_email_addresses.first.email,
               subject: t('user_mailer.idv_please_call.subject', app_name: APP_NAME),
             )
           end
@@ -335,7 +335,7 @@
           it 'sends the "Please Call" email' do
             action
             expect_delivered_email(
-              to: user.last_sign_in_email_address.email,
+              to: user.confirmed_email_addresses.first.email,
               subject: t('user_mailer.idv_please_call.subject', app_name: APP_NAME),
             )
           end

diff --git a/spec/controllers/idv/enter_password_controller_spec.rb b/spec/controllers/idv/enter_password_controller_spec.rb
@@ -416,7 +416,7 @@ def show
         it 'sends the idv_please_call email' do
           put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
           expect_delivered_email(
-            to: user.last_sign_in_email_address.email,
+            to: user.confirmed_email_addresses.first.email,
             subject: t('user_mailer.idv_please_call.subject', app_name: APP_NAME),
           )
         end

diff --git a/spec/features/multiple_emails/email_management_spec.rb b/spec/features/multiple_emails/email_management_spec.rb
@@ -40,7 +40,7 @@
   context 'allows deletion of email address' do
     it 'does not allow last confirmed email to be deleted' do
       user = create(:user, :fully_registered, email: '[email protected] ')
-      confirmed_email = user.last_sign_in_email_address
+      confirmed_email = user.confirmed_email_addresses.first
       unconfirmed_email = create(:email_address, user: user, confirmed_at: nil)
       user.email_addresses.reload
 
@@ -56,7 +56,7 @@
 
     it 'Allows delete when more than one confirmed email exists' do
       user = create(:user, :fully_registered, email: '[email protected] ')
-      confirmed_email1 = user.last_sign_in_email_address
+      confirmed_email1 = user.confirmed_email_addresses.first
       confirmed_email2 = create(
         :email_address, user: user,
                         confirmed_at: Time.zone.now
@@ -74,7 +74,7 @@
 
     it 'sends notification to all confirmed emails when email address is deleted' do
       user = create(:user, :fully_registered, email: '[email protected] ')
-      confirmed_email1 = user.last_sign_in_email_address
+      confirmed_email1 = user.confirmed_email_addresses.first
       confirmed_email2 = create(:email_address, user: user, confirmed_at: Time.zone.now)
 
       sign_in_and_2fa_user(user)

diff --git a/spec/features/sp_cost_tracking_spec.rb b/spec/features/sp_cost_tracking_spec.rb
@@ -45,7 +45,7 @@
     user.active_profile.update!(verified_at: 60.days.ago)
 
     visit_idp_from_sp_with_ial2(:oidc, verified_within: '45d')
-    fill_in_credentials_and_submit(user.last_sign_in_email_address.email, password)
+    fill_in_credentials_and_submit(user.confirmed_email_addresses.first.email, password)
     fill_in_code_with_last_totp(user)
     click_submit_default
     complete_all_doc_auth_steps_before_password_step

diff --git a/spec/features/two_factor_authentication/sign_in_spec.rb b/spec/features/two_factor_authentication/sign_in_spec.rb
@@ -92,7 +92,7 @@
 
       scenario 'allows a user to recreate their account after account reset' do
         sign_in_before_2fa(user)
-        email = user.last_sign_in_email_address.email
+        email = user.confirmed_email_addresses.first.email
 
         expect(page).to have_content(t('two_factor_authentication.opt_in.title'))
 

diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
@@ -406,15 +406,15 @@
         create(:user, :fully_registered, email: email, password: password)
 
         user = User.find_with_email(email)
-        encrypted_email = user.last_sign_in_email_address.encrypted_email
+        encrypted_email = user.confirmed_email_addresses.first.encrypted_email
 
         rotate_attribute_encryption_key_with_invalid_queue
 
         expect { signin(email, password) }
           .to raise_error Encryption::EncryptionError, 'unable to decrypt attribute with any key'
 
         user = user.reload
-        expect(user.last_sign_in_email_address.encrypted_email).to eq encrypted_email
+        expect(user.confirmed_email_addresses.first.encrypted_email).to eq encrypted_email
       end
     end
 
@@ -426,14 +426,14 @@
         create(:user, :fully_registered, email: email, password: password)
 
         user = User.find_with_email(email)
-        encrypted_email = user.last_sign_in_email_address.encrypted_email
+        encrypted_email = user.confirmed_email_addresses.first.encrypted_email
 
         rotate_attribute_encryption_key_with_invalid_queue
 
         sign_in_user_with_piv(user)
 
         user = user.reload
-        expect(user.last_sign_in_email_address.encrypted_email).to eq encrypted_email
+        expect(user.confirmed_email_addresses.first.encrypted_email).to eq encrypted_email
       end
     end
   end

diff --git a/spec/jobs/get_usps_proofing_results_job_spec.rb b/spec/jobs/get_usps_proofing_results_job_spec.rb
@@ -130,7 +130,7 @@
           )
           allow(UserMailer).to receive(:with).with(
             user: enrollment.user,
-            email_address: enrollment.user.last_sign_in_email_address,
+            email_address: enrollment.user.confirmed_email_addresses.first,
           ).and_return(user_mailer)
           allow(mail_deliverer).to receive(:deliver_later)
           allow(InPerson::SendProofingNotificationJob).to receive(:set).and_return(
@@ -366,7 +366,7 @@
                       )
                       allow(UserMailer).to receive(:with).with(
                         user: enrollment.user,
-                        email_address: enrollment.user.last_sign_in_email_address,
+                        email_address: enrollment.user.confirmed_email_addresses.first,
                       ).and_raise(StandardError)
                       subject.perform(current_time)
                     end

diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -112,7 +112,6 @@ class Analytics
     Telephony::Test::Call.clear_calls
     PushNotification::LocalEventQueue.clear!
     REDIS_THROTTLE_POOL.with { |client| client.flushdb } if Identity::Hostdata.config
-    REDIS_ATTEMPTS_API_POOL.with { |client| client.flushdb } if Identity::Hostdata.config
   end
 
   config.before(:each) do