**Why**: The image uploads controller does not have a current user, so by default the logs won't include the UUID we use to lookup events for a user.

* refactor proofing document capture session result

* async phone proofing calls

* fix step specs

* fix controller specs

* fix bad translation reference

* use lambda runner for address proofing

* add timed_out test

* add retries gem

* use lambda

* temporary lambda ref update

* lint

* use Agent in lambda controller spec

* add in progress spec

* strong parameters

* lint

* do not return idv result in lambda callback

* use constants for magic phone numbers

* remove retries from Gemfile

* move job class logic into proofer

* update lambda version

* reorder spec expectations

**Why**: As a user, I expect that I can click anywhere within a visual button to trigger the button's behavior, so that I can proceed with the action I intended and expected.

**Why**: Ensure tests pass consistently

* Remove unused Webpack loaders

**Why**: Build performance, improved compatibility with future Webpacker v6 release, improved interoperability with future addition of loaders e.g. source-map-loader

* Upgrade focus-trap from 6.1.0 to 6.1.3

**Why**: Fix syntax errors in Internet Explorer

* Add source-map-loader to Webpack configuration

**Why**: Improved debuggability of vendor dependencies by respecting any available sourcemaps provided (for example, `identity-style-guide`).

* Configure devtool as eval-source-map in development

**Why** Improved sourcemap respect

* LG-3423: Refactor doc capture (hybrid) polling to own endpoint

**Why**: Isolate standalone polling behavior for easier disambiguation of controller as exclusively responding to JSON, improved ability to implement test specs for controller in isolation.

* Revert capture doc status URL to original path

See: #4293 (comment)

* Use existing user helper value for stubbed sign in

* make recovery flow use async proofing

* remove unused method

* securely compare all pii on recovery

)

* Add 18f/identity-es5-safe package

* Add es5-safe script

* Configure CircleCI to check ES5 safeness

* Add JSDoc type annotations

* Cast stream file value to string

* Remove unnecessary eslint-disable

Configured in eslintrc

* Bump Mocha to latest version

**Why**: ESM compat

* Add test specs for identity-es5-safe

#4295)

**Why**: Higher-quality images in a format more aligned with how selfies are generated by Acuant SDK in mobile contexts.

**Why**: Appears to cause issues with Yarn integrity, and not strictly necessary

… an endless loop (LG-3520) (#4301)

**Why**: Consistency with USWDS, eliminate redundant (duplicate) button controls, reduce localization string maintenance overhead, eliminate jQuery dependency from application JavaScript pack

* convert idv phone new template to erb

* convert idv address template to erb

* convert piv cac login error template to erb

* convert saml_test decode response template to erb

* normalize yaml

* Update app/views/idv/address/new.html.erb

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

…ntent, and translations. (#4302)

LG-3576 Update the piv/cac chooser page with new graphics, layout, content, and translations.

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

**Why**:
- 2FA code field does not sugguest the code received via SMS
in Safari browser both on mobile and on desktop. This is to fix
the issue by adding the recommended autocomplete attribute.

**How**:
- Setting autocomplete to one-time-code as recommended on Apple's website
https://developer.apple.com/documentation/security/password_autofill/enabling_password_autofill_on_an_html_input_element and on Mozilla https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete

With the async work being done there was a file dependency added to the gemfile. Bundle install is run in the container before the directory tree is copied into the container.

* add wait step to cac flow

* add async to cac proofing flow

* refactor how verify steps use document capture by consolidating

* remove old comments

* fix bad method call

* fix bad method call

* lint

* add specs

* lint

* add wait step to cac flow

* add async to cac proofing flow

* refactor how verify steps use document capture by consolidating

* remove old comments

* fix bad method call

* fix bad method call

* lint

* add specs

* lint

* convert usps to async proofing

* add meta refresh

* remove comments

* use pii method

* clear uuid on done

* add wait step to cac flow

* add async to cac proofing flow

* refactor how verify steps use document capture by consolidating

* remove old comments

* fix bad method call

* fix bad method call

* lint

* add specs

* lint

* convert usps to async proofing

* add meta refresh

* remove comments

* use pii method

* clear uuid on done

* track exception on lambda callback

* replace VendorProofJob with lambda call

* update lambda version

* convert cac verify step to lambda

* use lambdas for usps resolution proofing

* analytics on optional show steps

* use better text on waiting pages

* add meta refresh tags

* do not enqueue if already in document capture session

* delete proofer mocks

* Update app/services/flow/flow_state_machine.rb

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

* Update spec/controllers/lambda_callback/resolution_proof_result_controller_spec.rb

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

* remove unused methods

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

* convert backup code setup create template to erb

* convert two factor auth options index template to erb

* convert reactivate account index template to erb

* Update app/views/two_factor_authentication/options/index.html.erb

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

* Set aria-invalid based on input validity in form-validation.js

* Disable restricted syntax ESLint rule

**Why**: Used by AirBnB ruleset to forbid use of awaited loops due to need for regenerator-runtime. We already use regenerator-runtime, so its addition is not unwarranted or unexpected.

* Await promise payload values in submission

* LG-3419: Add background upload for images in document capture

**Why**: In anticipation to support async upload to S3, use presigned URLs (if available) to upload images at time of value change. Submission will only occur once all images have completed uploading, and will error appropriately if async upload fails.

* Omit undefined values from upload toFormData

**Why**: If promise form data resolves to undefined, expect to not be included in upload payload.

* Resolve background upload to undefined

**Why**: Avoid including in submission payload

* Add test spec for withBackgroundEncryptedUpload

* Implement submission series utility as variadic function

See: #4314 (comment)

* List supported MIME types for Acuant accept pattern

**Why**: As a user, I expect that if I attempt to upload a file (image or otherwise) that will not be supported by the proofing vendor, that I am made aware of this as soon as possible. I also expect that the types of files accepted by the file input match those which are described in the line above, so that the types of files which are accepted are exactly the same as those expected to be allowed to be accepted (no more, no fewer).

* Fix test spec typo on JPG MIME type

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types

* Show improved error message for unexpected file type

**Why**: Per text recommendation in LG-3589. Selfie text is not entirely accurate, both verbiage and semantics. Also easier to port FileInput to reusable component as standalone string.

* Add additional used strings from doc auth gem

* Remove unused selfie string from JS configuration

…led (#4318)

* convert registration pii accordion to erb and add new window warning to external link

* convert users emails show template to erb and add new window warning to external links

* update translations

* add new window warning to external links

* use partial for rendering links that open new window

* automatically apply external link icon

* helper function and CSS update

* indenting

* link helper

* set target=_blank

* Update styles to not conflict

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

* comment

* support block form in new_window_link_to

* use new link helper

* fix a couple bugs

* Update app/views/idv/doc_auth/overview.html.erb

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

* Update app/views/sign_up/registrations/new.html.erb

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

* Update app/views/sign_up/registrations/new.html.erb

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

* lint

* update helper to behave more like link_to

* remove convert_options_to_data_attributes

* maintain footer colors

* fix double footer link spec

Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>

* Bump identity-idp-functions

**Why**: Removes eager ENV.fetch that caused issues for
inline job execution

* Update Gemfile.lock too