Resolves merge conflict

app/controllers/concerns/vet360/writeable.rb

@@ -20,11 +20,9 @@ module Writeable
     # @return [Response] Normal controller `render json:` response with a response.body, .status, etc.
     #
     def write_to_vet360_and_render_transaction!(type, params, http_verb: 'post')
-      output_rails_logs = Flipper.enabled?(:va_v3_contact_information_service, @current_user)
       record = build_record(type, params)
       validate!(record)
       response = write_valid_record!(http_verb, type, record)
-      Rails.logger.info('CI V2') if output_rails_logs
       render_new_transaction!(type, response)
     end
 
@@ -40,11 +38,13 @@ def invalidate_cache
 
     def build_record(type, params)
       # This needs to be refactored after V2 upgrade is complete
-      model = if type == 'address' && Flipper.enabled?(:va_v3_contact_information_service, @current_user)
-                'VAProfile::Models::V3::Address'
-              else
-                "VAProfile::Models::#{type.capitalize}"
-              end
+      if type == 'address' && Flipper.enabled?(:va_v3_contact_information_service, @current_user)
+        model = 'VAProfile::Models::V3::Address'
+        # Ensures the address_pou is valid
+        params[:address_pou] = 'RESIDENCE' if params[:address_pou] == 'RESIDENCE/CHOICE'
+      else
+        model = "VAProfile::Models::#{type.capitalize}"
+      end
       model.constantize
            .new(params)
            .set_defaults(@current_user)

app/controllers/v1/sessions_controller.rb

@@ -28,13 +28,20 @@ class SessionsController < ApplicationController
     STATSD_LOGIN_LATENCY = 'api.auth.latency'
     VERSION_TAG = 'version:v1'
     FIM_INVALID_MESSAGE_TIMESTAMP = 'invalid_message_timestamp'
+    OPERATION_TYPES = [AUTHORIZE = 'authorize',
+                       INTERSTITIAL_VERIFY = 'interstitial_verify',
+                       INTERSTITIAL_SIGNUP = 'interstitial_signup'].freeze
 
     # Collection Action: auth is required for certain types of requests
     # @type is set automatically by the routes in config/routes.rb
     # For more details see SAML::SSOeSettingsService and SAML::URLService
+    # rubocop:disable Metrics/MethodLength
     def new
       type = params[:type]
       client_id = params[:application] || 'vaweb'
+      operation = params[:operation] || 'authorize'
+
+      validate_operation_params(operation)
 
       # As a temporary measure while we have the ability to authenticate either through SessionsController
       # or through SignInController, we will delete all SignInController cookies when authenticating with SSOe
@@ -60,8 +67,9 @@ def new
       else
         render_login(type)
       end
-      new_stats(type, client_id)
+      new_stats(type, client_id, operation)
     end
+    # rubocop:enable Metrics/MethodLength
 
     def ssoe_slo_callback
       Rails.logger.info("SessionsController version:v1 ssoe_slo_callback, user_uuid=#{@current_user&.uuid}")
@@ -306,8 +314,9 @@ def user_logout(saml_response)
       end
     end
 
-    def new_stats(type, client_id)
-      tags = ["type:#{type}", VERSION_TAG, "client_id:#{client_id}"]
+    def new_stats(type, client_id, operation)
+      tags = ["type:#{type}", VERSION_TAG, "client_id:#{client_id}", "operation:#{operation}"]
+
       StatsD.increment(STATSD_SSO_NEW_KEY, tags:)
       Rails.logger.info("SSO_NEW_KEY, tags: #{tags}")
     end
@@ -441,5 +450,9 @@ def url_service(force_authn = true)
                                                 params:,
                                                 loa3_context: LOA::IDME_LOA3)
     end
+
+    def validate_operation_params(operation)
+      raise Common::Exceptions::InvalidFieldValue.new('operation', operation) unless OPERATION_TYPES.include?(operation)
+    end
   end
 end

app/services/sign_in/constants/auth.rb

@@ -26,7 +26,10 @@ module Auth
       CLIENT_STATE_MINIMUM_LENGTH = 22
       CODE_CHALLENGE_METHOD = 'S256'
       CSP_TYPES = [IDME = 'idme', LOGINGOV = 'logingov', DSLOGON = 'dslogon', MHV = 'mhv'].freeze
-      OPERATION_TYPES = [SIGN_UP = 'sign_up', AUTHORIZE = 'authorize'].freeze
+      OPERATION_TYPES = [SIGN_UP = 'sign_up',
+                         AUTHORIZE = 'authorize',
+                         INTERSTITIAL_VERIFY = 'interstitial_verify',
+                         INTERSTITIAL_SIGNUP = 'interstitial_signup'].freeze
       GRANT_TYPES = [AUTH_CODE_GRANT = 'authorization_code',
                      JWT_BEARER_GRANT = Urn::JWT_BEARER_GRANT_TYPE,
                      TOKEN_EXCHANGE_GRANT = Urn::TOKEN_EXCHANGE_GRANT_TYPE].freeze

app/sidekiq/evss/disability_compensation_form/submit_form526.rb

@@ -98,7 +98,7 @@ def perform(submission_id)
             send_post_evss_notifications(submission, true)
           rescue => e
             send_post_evss_notifications(submission, false)
-            conditionally_handle_errors(e)
+            handle_errors(submission, e)
           end
         end
       end
@@ -114,14 +114,6 @@ def choose_service_provider(submission, service)
         end
       end
 
-      def conditionally_handle_errors(e)
-        if submission.claims_api?
-          handle_lighthouse_errors(submission, e)
-        else
-          handle_errors(submission, e)
-        end
-      end
-
       def service_provider
         submission.claims_api? ? 'lighthouse' : 'evss'
       end
@@ -191,11 +183,20 @@ def send_post_evss_notifications(submission, send_notifications)
       end
 
       def handle_errors(submission, error)
+        error = retries_will_fail_error(error)
         raise error
       rescue Common::Exceptions::BackendServiceException,
-             Common::Exceptions::GatewayTimeout,
-             Breakers::OutageException,
-             EVSS::DisabilityCompensationForm::ServiceUnavailableException => e
+             Common::Exceptions::Unauthorized, # 401 (UnauthorizedError?)
+             # 422 (UpstreamUnprocessableEntity, i.e. EVSS container validation)
+             Common::Exceptions::UpstreamUnprocessableEntity,
+             Common::Exceptions::TooManyRequests, # 429
+             Common::Exceptions::ClientDisconnected, # 499
+             Common::Exceptions::ExternalServerInternalServerError, # 500
+             Common::Exceptions::NotImplemented, # 501
+             Common::Exceptions::BadGateway, # 502
+             Common::Exceptions::ServiceUnavailable, # 503 (ServiceUnavailableException)
+             Common::Exceptions::GatewayTimeout, # 504
+             Breakers::OutageException => e
         retryable_error_handler(submission, e)
       rescue EVSS::DisabilityCompensationForm::ServiceException => e
         # retry submitting the form for specific upstream errors
@@ -204,7 +205,8 @@ def handle_errors(submission, error)
         non_retryable_error_handler(submission, e)
       end
 
-      def handle_lighthouse_errors(submission, error) # rubocop:disable Metrics/MethodLength
+      # check if this error from the provider will fail retires
+      def retries_will_fail_error(error)
         if error.instance_of?(Common::Exceptions::UnprocessableEntity)
           error_clone = error.deep_dup
           upstream_error = error_clone.errors.first.stringify_keys
@@ -213,25 +215,7 @@ def handle_lighthouse_errors(submission, error) # rubocop:disable Metrics/Method
             error = Common::Exceptions::UpstreamUnprocessableEntity.new(errors: error.errors)
           end
         end
-        raise error
-      rescue Common::Exceptions::BackendServiceException,
-             Common::Exceptions::Unauthorized, # 401 (UnauthorizedError?)
-             # 422 (UpstreamUnprocessableEntity, i.e. EVSS container validation)
-             Common::Exceptions::UpstreamUnprocessableEntity,
-             Common::Exceptions::TooManyRequests, # 429
-             Common::Exceptions::ClientDisconnected, # 499
-             Common::Exceptions::ExternalServerInternalServerError, # 500
-             Common::Exceptions::NotImplemented, # 501
-             Common::Exceptions::BadGateway, # 502
-             Common::Exceptions::ServiceUnavailable, # 503 (ServiceUnavailableException?)
-             Common::Exceptions::GatewayTimeout, # 504 (already here)
-             Breakers::OutageException => e
-        retryable_error_handler(submission, e)
-      rescue EVSS::DisabilityCompensationForm::ServiceException => e
-        # retry submitting the form for specific upstream errors
-        retry_form526_error_handler!(submission, e)
-      rescue => e
-        non_retryable_error_handler(submission, e)
+        error
       end
 
       def retryable_error_handler(_submission, error)

config/settings.yml

@@ -1840,7 +1840,10 @@ vaos:
     base_path: "care-navigation/v1"
     scopes: "care-nav"
 
+accredited_representative_portal:
+  pilot_users_email_poa_codes: ~
+
 banners:
   drupal_username: banners_api
   drupal_password: test
-  drupal_url: https://test.cms.va.gov/
+  drupal_url: https://test.cms.va.gov/

config/settings/test.yml

@@ -418,7 +418,7 @@ claims_api:
     services:
       lighthouse:
         api_key: fake-xxxxxx-zzzz-aaaa-bbbb-cccccccc-xxxxxx-zzzz-aaaa-bbbb-cccccccc
-        
+
 ask_va:
   crm_api:
     auth_url: https://login.microsoftonline.us
@@ -449,3 +449,7 @@ travel_pay:
 va_notify:
   status_callback:
     bearer_token: 'va_notify_bearer_token'
+
+accredited_representative_portal:
+  pilot_user_email_poa_codes:
+    '[email protected]': ['123']

lib/va_profile/models/v3/address.rb

@@ -24,16 +24,25 @@ def in_json_v2
             addressPOU: @address_pou,
             addressType: @address_type.titleize,
             cityName: @city,
-            countryCodeISO2: @country_code_iso2,
-            countryCodeISO3: @country_code_iso3,
-            countryName: @country_name,
+            country: {
+              countryName: @country_name,
+              countryCodeFIPS: @country_code_fips,
+              countryCodeISO2: @country_code_iso2,
+              countryCodeISO3: @country_code_iso3
+            },
             county: {
               countyCode: @county_code,
               countyName: @county_name
             },
+            province: {
+              provinceName: @province,
+              provinceCode: @province_code
+            },
+            state: {
+              stateName: @state_name,
+              stateCode: @state_code
+            },
             intPostalCode: @international_postal_code,
-            provinceName: @province,
-            stateCode: @state_code,
             zipCode5: @zip_code,
             zipCode4: @zip_code_suffix,
             originatingSourceSystem: SOURCE_SYSTEM,
@@ -69,9 +78,10 @@ def self.build_from(body)
             address_type: body['address_type'].upcase,
             bad_address: body['bad_address'],
             city: body['city_name'],
-            country_name: body['country_name'],
-            country_code_iso2: body['country_code_iso2'],
-            country_code_iso3: body['country_code_iso3'],
+            country_name: body.dig('country', 'country_name'),
+            country_code_iso2: body.dig('country', 'iso_2_code'),
+            country_code_iso3: body.dig('country', 'country_code_iso3'),
+            fipsCode: body.dig('country', 'fips_code'),
             county_code: body.dig('county', 'county_code'),
             county_name: body.dig('county', 'county_name'),
             created_at: body['create_date'],

modules/accredited_representative_portal/app/policies/accredited_representative_portal/application_policy.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module AccreditedRepresentativePortal
+  class ApplicationPolicy
+    attr_reader :user, :record
+
+    def initialize(user, record)
+      @user = user
+      @record = record
+    end
+
+    def index?
+      override_warning
+      false
+    end
+
+    def show?
+      override_warning
+      false
+    end
+
+    def create?
+      override_warning
+      false
+    end
+
+    def new?
+      create?
+    end
+
+    def update?
+      override_warning
+      false
+    end
+
+    def edit?
+      update?
+    end
+
+    def destroy?
+      override_warning
+      false
+    end
+
+    private
+
+    def override_warning
+      Rails.logger.warn(
+        "#{self.class} is using the default ##{caller_locations(1, 1)[0].label} implementation. \
+ Consider overriding it."
+      )
+    end
+
+    class Scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+
+      def resolve
+        raise NoMethodError, "You must define #resolve in #{self.class}"
+      end
+
+      private
+
+      attr_reader :user, :scope
+    end
+  end
+end

modules/accredited_representative_portal/app/policies/accredited_representative_portal/power_of_attorney_requests_policy.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module AccreditedRepresentativePortal
+  class PowerOfAttorneyRequestsPolicy < ApplicationPolicy
+    def index?
+      authorize
+    end
+
+    def show?
+      authorize
+    end
+
+    private
+
+    def pilot_user_email_poa_codes
+      Settings
+        .accredited_representative_portal
+        .pilot_user_email_poa_codes.to_h
+        .stringify_keys!
+    end
+
+    def authorize
+      return false unless @user
+
+      pilot_user_poa_codes = Set.new(pilot_user_email_poa_codes[@user&.email])
+      poa_requests_poa_codes = Set.new(Array.wrap(@record), &:poa_code)
+
+      pilot_user_poa_codes >= poa_requests_poa_codes
+    end
+  end
+end