Merge branch 'main' into george/FFS-1425-spanish-dates

.github/workflows/owasp-scan.yml

@@ -41,7 +41,7 @@ jobs:
           database_url: ${{ steps.setup.outputs.database_url }}
 
       - name: Run OWASP Full Scan
-        uses: zaproxy/action-full-scan@v0.10.0
+        uses: zaproxy/action-full-scan@v0.11.0
         with:
           target: 'http://localhost:3000/'
           fail_action: true

README.md

@@ -3,7 +3,7 @@ Income Verification: Consent-Based Verification (Payroll)
 
 # About the Project
 
-Consent-Based Verification (CBV) is an approach to allow benefit applicants to opt to verify their income via products that pull directly from payroll providers. This repository implements a product to demonstrate this technology for testing and validation purposes.
+Consent-Based Verification (CBV) is a prototype that allows benefit applicants to verify their income directly using payroll providers. It is currently being piloted for testing and validation purposes.
 
 # Development and Software Delivery Lifecycle
 
@@ -12,41 +12,45 @@ guide for an introduction to the framework.
 
 ## Setup
 
-* All of these steps need to be run within the `app` directory
-* Install Xcode Command Line Tools
-* Install homebrew dependencies: `brew bundle`
-  * rbenv
-  * nodenv
-  * [redis]()
-  * [jq](https://stedolan.github.io/jq/)
-  * [PostgreSQL](https://www.postgresql.org/)
-  * [Dockerize](https://github.com/jwilder/dockerize)
-  * [ADR Tools](https://github.com/npryce/adr-tools)
-  * [Graphviz](https://voormedia.github.io/rails-erd/install.html): brew install graphviz
-  * [Chromedriver](https://sites.google.com/chromium.org/driver/)
-    * Chromedriver must be allowed to run. You can either do that by:
-      * The command line: `xattr -d com.apple.quarantine $(which chromedriver)` (this is the only option if you are on Big Sur)
-      * Manually: clicking "allow" when you run the integration tests for the first time and a dialogue opens up
-  * [Ngrok](https://ngrok.com/download): brew install ngrok/ngrok/ngrok
-    * Sign up for an account: https://dashboard.ngrok.com/signup
-    * run `ngrok config add-authtoken {token goes here}`
-* Set up rbenv and nodenv:
-  * `echo 'if which nodenv >/dev/null 2>/dev/null; then eval "$(nodenv init -)"; fi' >> ~/.zshrc`
-  * `echo 'if which rbenv >/dev/null 2>/dev/null; then eval "$(rbenv init -)"; fi' >> ~/.zshrc`
-  * Close & re-open your terminal
-* Install Ruby: `rbenv install`
-* Install NodeJS `nodenv install`
-* Install Ruby dependencies: `bundle install`
-* Install JS dependencies
-  * `nodenv rehash`
-* Start postgres & redis:
-  * `brew services start postgresql@12`
-  * `brew services start redis`
-* Get development credentials from 1Password, search for "CBV Rails Secrets" and copy its ".env.development.local" section into a file called that in the "app" directory.
-* Create database: `bin/rails db:create`
-* Run migrations: `bin/rails db:migrate`
-* Run the development server: `bin/dev`
-* Visit the site: http://localhost:3000
+1. Install Xcode Command Line Tools: ```xcode-select --install```
+1. Install homebrew dependencies: `brew bundle`
+   * rbenv
+   * nodenv
+   * [redis]()
+   * [jq](https://stedolan.github.io/jq/)
+   * [PostgreSQL](https://www.postgresql.org/)
+   * [Dockerize](https://github.com/jwilder/dockerize)
+   * [ADR Tools](https://github.com/npryce/adr-tools)
+   * [Graphviz](https://voormedia.github.io/rails-erd/install.html): brew install graphviz
+   * [Chromedriver](https://sites.google.com/chromium.org/driver/)
+     * Chromedriver must be allowed to run. You can either do that by:
+       * The command line: `xattr -d com.apple.quarantine $(which chromedriver)` (this is the only option if you are on Big Sur)
+       * Manually: clicking "allow" when you run the integration tests for the first time and a dialogue opens up
+   * [Ngrok](https://ngrok.com/download): brew install ngrok/ngrok/ngrok
+     * Sign up for an account: https://dashboard.ngrok.com/signup
+     * run `ngrok config add-authtoken {token goes here}`
+1. Set up rbenv and nodenv:
+   * `echo 'if which nodenv >/dev/null 2>/dev/null; then eval "$(nodenv init -)"; fi' >> ~/.zshrc`
+   * `echo 'if which rbenv >/dev/null 2>/dev/null; then eval "$(rbenv init -)"; fi' >> ~/.zshrc`
+   * Close & re-open your terminal
+
+**The following commands must be run in the app directory**
+1. Install Ruby: `rbenv install`
+1. Install NodeJS `nodenv install`
+1. Install Ruby dependencies: `bundle install`
+   * If you get an error from debase, run this command: ```gem install debase -v0.2.5.beta2 -- --with-cflags="-Wno-incompatible-function-pointer-types"```
+   * Also we should probably fix this (TODO)
+1. Install JS dependencies
+   * `nodenv rehash`
+   * `npm install`
+1. Start postgres & redis:
+   * `brew services start postgresql@12`
+   * `brew services start redis`
+1. Get development credentials from 1Password: search for "CBV Rails Secrets" and copy its ".env.development.local" section into a file called that in the app directory.
+1. Create database: `bin/rails db:create`
+1. Run migrations: `bin/rails db:migrate`
+1. Run the development server: `bin/dev`
+1. Visit the site: http://localhost:3000
 
 ## Local Development
 
@@ -150,6 +154,20 @@ prefix ends with `_html`.
 
 Run everything: `bundle exec rake`
 
+## Manual Testing
+If you're new to CBV, here's a summary of how to get started navigating the app.
+1. First, contact someone on the team to get you set up to log in.
+1. Follow the instructions in the Setup section to run locally, then go to `localhost:3000/sandbox/sso`
+1. The beginning of the workflow is to act as a caseworker to create an invitation. Start by signing in with your Nava credentials.
+1. Create an invitation for an applicant to start using the app (use any email, and don't worry -- it won't really send!)
+1. In your terminal session, navigate to the /app directory and run `rails c` to enter the irb prompt.
+1. At the irb prompt, run `CbvFlowInvitation.last.to_url`.
+1. Click the resulting link. Now you're ready to start acting as an applicant!
+1. Search for your employer. When you select one, the local page will show you some fake credentials at the very bottom of the screen. Use these to sign in.
+1. Finally, you should be able to complete the applicant flow, including looking at the PDF.
+1. To complete the caseworker flow, add `?is_caseworker=true` to the /cbv/summary.pdf path to see the PDF that gets sent (it's different from the one we send the applicant!)
+1. Note: You can switch to a different pilot partner (state) by going to the irb prompt and running `CbvFlow.last.update(site_id: 'ma')`. Right now you can only pass it `ma` or `nyc`.
+
 ## Pa11y Scan
 
 When new pages are added to the application, ensure they are added to `./.pa11yci` so that they can be scanned.
@@ -164,6 +182,7 @@ GitHub actions are used to run all tests and scans as part of pull requests.
 
 Security scans are also run on a scheduled basis. Weekly for static code scans, and daily for dependency scans.
 
+
 # Deployment
 
 TK
@@ -227,7 +246,7 @@ The CBV team is taking a community-first and open source approach to the product
 
 We know that we can learn from a wide variety of communities, including those who will use or will be impacted by the tool, who are experts in technology, or who have experience with similar technologies deployed in other spaces. We are dedicated to creating forums for continuous conversation and feedback to help shape the design and development of the tool.
 
-We also recognize capacity building as a key part of involving a diverse open source community. We are doing our best to use accessible language, provide technical and process documents, and offer support to community members with a wide variety of backgrounds and skillsets. 
+We also recognize capacity building as a key part of involving a diverse open source community. We are doing our best to use accessible language, provide technical and process documents, and offer support to community members with a wide variety of backgrounds and skillsets.
 
 ## Community Guidelines
 See [COMMUNITY_GUIDELINES.md](./COMMUNITY_GUIDELINES.md).

app/db/migrate/20240422000000_add_pgcrypto_extension.rb

@@ -0,0 +1,5 @@
+class AddPgcryptoExtension < ActiveRecord::Migration[7.1]
+  def change
+    enable_extension "pgcrypto"
+  end
+end

app/db/schema.rb

@@ -12,6 +12,7 @@
 
 ActiveRecord::Schema[7.1].define(version: 2024_09_27_190555) do
   # These are extensions that must be enabled in order to support this database
+  enable_extension "pgcrypto"
   enable_extension "plpgsql"
 
   create_table "applicants", force: :cascade do |t|
@@ -52,8 +53,8 @@
     t.string "site_id"
     t.string "confirmation_code"
     t.datetime "transmitted_at"
-    t.datetime "redacted_at"
     t.datetime "consented_to_authorized_use_at"
+    t.datetime "redacted_at"
     t.index ["cbv_flow_invitation_id"], name: "index_cbv_flows_on_cbv_flow_invitation_id"
   end