Deploy RC 353 to Production#10046
Merged
mitchellhenke merged 25 commits intostages/prodfrom Feb 6, 2024
Merged
Conversation
… portrait matching (#9976) * init add selfie to failed images * rebase merge conflict resolved * remove comments * rebase merge conflict resolved * resolve failing tests * happy linting changelog: Upcoming Features, Document Authentication, Store fingerprint of failed selfie images and prevent user from reusing same image * add selfie to mocked response * test #store_failed_auth_data with selfie * remove guar dto store back/front fingerprints if doc auth is successful b/ failure could be doc_pii * remove irrelavant test * add feature test for resubmitting same failed selfie during doc auth * update comment * add sleep to allow warning to appear * fail selie validation to test selfie resubmisssion * feature test doc auth vs portrait match pass/fail scenarios and ability to reload a failed image * add liveness_enabled * remove unneeded comment * test storing failed images when pii validation fails * remove selfie status helper function * remove selfie_status_from_response helper * DocAuthResponse instance double to stub selfie_status * remove comma typo
changelog: User-Facing Improvements, In-Person Proofing, Change error messages when selfie upload fails.
* LG-12117 Condense Reuse Rate Report changelog: Internal, Reporting, Condensing Reuse Rate Report rows
* Silently ignore invalid params for FormSteps changelog: Internal, Document Capture, Refactor handling for invalid URL steps * Remove skipnav bypass for FormSteps interop
…ie check (#9983) * convert DocumentCaputureSessionResult selfie_check_performed from an attribute to a method * remove selfie_check_performed constructur argument for DocAuth Response * ResultResponse get results calls * rename selfie_check_performed method in document session result * update selfie_check_performed mocks * remove selfie_check_performed arg * fix selfie_check_performed method name * document capture spec to use image with liveness * analytics selfie spec to mock selfie_status * hybrid feature spec to use images with liveness data * remove commented lines * refactor selfie check performed into selfie concern * selfie_check_performed must remain for 50/50 * use liveness yaml test file * update state checked * liveness success yml to use same pii as mock default * update spec to use the mock default pii also used in the yml test file * Internal, Document Authentication, Refactor selfie_check_performed to reflect result from vendor * changelog: Internal, Document Authentication, Refactor selfie_check_performed to reflect result from vendor
changelog: Internal, RISC, Send RISC password reset to confirmed emails
* Load error tracking script asynchronously changelog: Internal, Performance, Improve performance of JavaScript loading for error tracking * Generalize attributes in favor of named keywords
changelog: Internal, Code Quality, Remove unused WebAuthn deletion routes
* Reformat testing function so I can add arguments more easily * Add failing test for selfie and add missing check to failed doc type tests * Fix duplicate attempts warning * Update spec/javascript/packages/document-capture/components/document-capture-warning-spec.jsx Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Remove type: This is a jsx file and converting feels like too much * changelog: Internal, In-Person Proofing, fix duplicate display of attempts remaining header (problem is behind selfie feature flag) --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* make 24 hour configuration a config variable * add config in `identity_config` * add `account_deletion_period_hours` to config changelog: Internal, account deletion, make account deletion period a variable * change from 24 hour wait period text to be a variable * use interval for account deletion period * use interval for pending period * refactor for account reset, standardize identity config value * reinstate changes * fix everything * make changes in yml files * refactor in account resete cancel link and account_reset_request * fix devise setting, add test * update test, fix test in yml file * remove hours/horas/hours * lint * add `DateHelper` * restore `Devise.confirm_within` * spelling error * fix interpolation * remove unused config * fix test, remove config from application.yml * fix test, lintfix * address code review comment about interpolation not working * interpolate '24' in '24 hour' * fix interpolation value * add values to interpolate, update tests * lintfix * remove interpolation * Update config/locales/two_factor_authentication/fr.yml Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * normalize yaml * change `interval` -> `hours` * refactor name and variable * change `confirmation_period` what it actually means * fix missing interpolation error * lint yml * clean up test * change test variable * make sure correct variable is in place * fix `confirmation period` interpolation * reset `confirmation_period` * normalize yaml * code review comments: change link expiration period notice and interval for sms text * use `account_reset_token_valid_for_days` for link validity * add test for footer * change to `confirmation_period` * clean up * use `account_reset_deletion_period_interval` * change 24 hours to pending confirmation text --------- Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com>
changelog: Internal, TypeScript, Port JavaScript to TypeScript
* add selfie image metadata * check selfie source when liveness checking is req'd * rebase with main * check image source when selfie is submitted * only pass selfie params during liveness when defined * changelog: Upcoming Features, Document Authentication, Process selfie image data for analytics logging and identifying correct doc auth vendor workflow. * fix typo in spec description
* revert zipcode pii validation refactor * changelog: Internal, DocAuth, revert refactor to zipcode pii validation
* changelog: Internal, Doc Auth, Rename attempt properties in analytics for clarity
* Rename:
- image_added + opened event attrs
- image_submitted + validated attrs
- These values permeated through a lot of the code, so this ended up having a lot of ripple effects.
- IdV: warning shown event attr
- idv_doc_auth_warning_visited attrs
- idv_doc_auth_exception_visited attrs
- idv_session_error_visited attrs
- idv_verify_by_mail_enter_code_submitted attrs
- A little unsure if this should be "code entry attempts" or something instead...but the definition of this attribute seems to be from the same areas I have renamed submit attempts, so that's why I chose that.
- idv_phone_error_visited attrs
- The controller did have a method that was `remaining_step`, but as it was defined the exact same way as others named `remaining_attempt`, I changed it to be consistent.
- I tried creating a private method in the controller so that the method could be used as the definition, instead of the same code 3x. But I found doing so broke tests in an off-by-one sort of way - I think somehow the private method held onto the value and was not updated the same way as when it's defined each time.
* Apply suggestions from code review
---------
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* add email ui and preview * send email in usps job * bold number and code * add strings and remove activate profile * add transations * add compressed icon * delete larger file * rename image and use app_name * fix email not sending * update analytics event * add specs * update analytics event * changelog: User-Facing Improvements, Please call email, send email when user in review passes usps check * lint fix for please call view * updates to analytics event and spec * change method name
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.54 to 1.10.55. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.54...v1.10.55) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…metric (#10010) * Allow passing biometric_comparison_required to visit_idp_from_sp_with_ial2 * Let users repeat IdV if they need a selfie changelog: User-Facing Improvements, Identity verification, Allow previously verified users to repeat idv to get selfie verification. * Update IdvController spec * Actually run through all of remote unsupervised auth (Need to clean up the document capture step) * Add with_selfie: to various doc auth helper methods Allow specifying that you want it to complete doc auth with a selfie image * Use complete_proofing_steps for feature spec * Clean up confirm_idv_needed a little
#9993) In #9991 the `vtr` property is added to the `ServiceProviderRequest`. Since the `vtr` property is introduced there it is unsafe to create a `ServiceProviderRequest` record with `vtr` during a deploy since some instances may have code that is unaware of the `vtr` property and will result in an `ArgumentError` when creating a `ServiceProviderRequest` Once the changes in #9991 are deployed it should be safe to create records with the `vtr` property. This commit does that in the `ServiceProviderRequestProxy`. [skip changelog]
changelog: Bug Fixes, In Person Proofing, Opt-in is now only offered to participating SPs Co-authored-by: gina-yamada <gina.yamada@gsa.gov>
[skip changelog]
* Update Nokogiri Name: nokogiri Version: 1.16.0 GHSA: GHSA-xc9x-jj77-9p9j Criticality: Unknown URL: GHSA-xc9x-jj77-9p9j Title: Improper Handling of Unexpected Data Type in Nokogiri Solution: upgrade to '>= 1.16.2' * changelog: Internal, Dependencies, Update Nokogiri
LG-12190 Store vtr and acr_values in sp_session This commit adds code to the `OpenidConnectAuthorizeForm` to consume a `vtr` param. This param validated and then added to the `ServiceProviderRequest` and eventually added to the `sp_session` by the `StoreSpMetadataInSession` service. This `vtr` param will eventually be used along with the new `AuthnContextResolver` tooling to determine what features need to be in place for an authentication and identity proofing transaction. [skip changelog] Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: John Maxwell <john.maxwell@gsa.gov>
…ocument check results (#10041) * LG-12039: consider all document related for doc_auth_success? changelog: Internal, Doc Auth, Doc auth TrueID doc_auth_success? should consider all document business logic. * LG-12039: minor refactor and test. * LG-12039: pull in changes from main * LG-12039: it's questionable to use concern to reduce code complexity. More appropriate to user helper module. changelog: Internal, Doc Auth, New doc_auth_success? should include business decision.
…10037) * Update monitoring length to 3 days * changelog: Internal, Doc Auth, Update docs for 3 day monitoring length on SDK upgrade
mitchellhenke
requested review from
ThatSpaceGuy,
aduth,
charleyf,
jmdembe and
night-jellyfish
mitchellhenke
force-pushed
the
stages/rc-2024-02-06
branch
from
5e85ddd to
04361ce
Compare
zachmargolis
approved these changes
Feb 6, 2024
Contributor
Author
|
Merging with an acknowledgement that the test failure is due to an issue being fixed here |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features