Merged
Conversation
… values (#10030) Updated StoreSpMetadataInSession to use the new VoT parser (which included backwards support for ACR values). changelog: Upcoming Features,VOT,Handle vector of trust in SP requestt
…ttp requests (#10061) * store reference in doc auth response extras for failed LN http requests * changelog: Internal, Document Authentication, LexisNexis invalid responses to log reference value sent in request
…meouts. (#10009) * Use absolute Redis timestamps instead of offsets. Several rate limiter tests were slightly flaky due to timestamp bobbles between Redis's clock and Ruby's. This change sets all rate limit expirations using the Ruby clock, rather than using offsets from the current (Redis) time. changelog: Internal,Rate Limiting,Use absolute timestamps in Redis for improved consistency.
* spec verifies ipp profile is rejected after 30 days in review * changelog: Internal, Threatmetrix, in person spec verifies profile rejected * update spec
[skip changelog] Co-authored-by: Amir Reavis-Bey <amir.reavis-bey@gsa.gov> Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com>
* document capture success status to check if pii exists [skip changelog] * happy linting
* LG-12332: fix mock client to pass when using real image. changelog: Internal, Doc Auth, Allow test to pass with selfie image. * LG-12332: update test. * LG-12332: strict checking, so it behaves like real use cases.
[skip changelog]
* Update output format of logs and data for OIG requests (LG-12335) - Before: one directory with 3 files per user - After: 3 files that each contain items by UUID * remove no-longer-needed mkdir, add io flushes for easier tail -f watching * Add phone_id too per request changelog: Internal, Reporting, Update format of OIG export reports
* changelog: Internal, Reporting, Adds an MFA Method on sign-in report
* Update base layout to be base-ier changelog: Bug Fixes, Page Layout, Improve consistency of common page layout features across site * Remove unused background_cls * Fix syntax error in flow_step template This is only for FSM-based IdV, which is currently only used for IPP * Update render_full_width to use application template * Extend base layout for FSM steps Avoid nesting appearance, preserve original behavior * Avoid redundant extend This is already being rendered into the application template * Update additional templates to use base layout * Fix error if block empty OIDC client-side redirect template * Remove duplicate "it" * Leverage extended layout meta_refresh * Fix body background on no_card template As with account_side_nav Previously, this template extended base directly, so didn't inherit the "tablet:bg-primary-lighter" from application template
This ivar is part of a conditional that is used to determine if the link to authenticate with a PIV or CAC is visible. It was added here: ccc40ed#diff-cd2d90708a775a9fc605178934b17b6cb5d14d4396b06b916a84c43b1b2abd88R37 The computation for this value looks like this: ```ruby def sp_session_ial sp_session[:ial].presence || 1 end ``` This will always have a truthy value. I believe this value was originally intended to require the user to enter a password if identity proofing was required. It appears this requirement changed but the ivar was left behind. This commit removes it. [skip changelog]
* Setting preconditions * edit controller preconditions and undo actions * update flow policy helper to respect how to verify page * Added spec for submission error case * update preconditions and add class method to handle nils and falses in hybrid * initial round of specs * lintfix * changelog: User facing changes, In-Person Proofing, prevent users from skipping how to verify opt in page * slightly changing 50/50 state specs * changelog: User facing changes, In-Person Proofing, prevent users from skipping how to verify opt in page * changelog: User-Facing improvements, In-Person Proofing, prevent users from skipping how to verify opt in page * adding spec for symmetry * Update app/controllers/idv/hybrid_handoff_controller.rb Co-authored-by: Matt Hinz <matt.hinz@gsa.gov> * Remove unecessary nilling in undo steps rename method * adding check for service provider opt in value and updating specs and linting * set opt in and ipp to false by default for hybrid handoff spec * added spec to confirm page renders when service provider does not have opt in enabled * lintfix * confirm redirection * addressing Matt's review --------- Co-authored-by: Matt Hinz <matt.hinz@gsa.gov>
changelog: Internal, Source code, Remove unused code
* Draft in `selfie_status` send to BE * Fix the naming of the liveness check * Add to mock proofer * Don't modify mock proofer * Fix fallback value * Add `?` to method name * changelog: Internal, In-Person Proofing, send selfie failure to the FE * Revert change to presenter * Add selfie_status to response * LG-12080: add a test where expecting correct structure. * Add liveness_checking_required to mock proofer --------- Co-authored-by: Dawei Wang <daweiwang@navapbc.com>
…tch (#10075) * remove all passed from TrueIDREsponse * [skip changelog] * add test for failing selfie with attention barcode * fix liveness_checking_enabled defn
* update fraud review concern * add contitional for use in displaying the progress bar * add fraud review concern as before action * update view to use conditional var * updating specs * trying to get please call view to conditionally hide step indicator * update concerns and checker * Confirm that the enrollment is passed in fraud review and confrim that a pending ipp enrollment exists for please call * get spec to passing * remove unneeded session info from spec * edits to please call controller * revising check for fraud review checker and spec * changelog: User-Facing Improvements, In Person Proofing, Display please call page when flagged for fraud review * changelog: User-Facing Improvements, In Person Proofing, Display please call page when flagged for fraud review * lintfix * ready to verify spec passing * refactor please call controller and add new user method add specs * updated translation html and specs * remove missing comment * remove errant octothorpe * normalize yaml * addressing Shannon's review * enforcing tmx flag for call to new user method to prevent issues in 50 50 state and adding spec * lintfix * call in_person_handle_pending_fraud_review initially and prevetn handle_pending_fraud_review on users with ipp enrollments * enforce redirection only for passing enrollments and refactor so usual case respects feature flag * refactor to be more explicit and to handle enrollment statuses properly when not in ipp * lintfix * use the right before action * fix before action and page rendering expectations
changelog: Internal, Rate Limiting, Use Warden lock mechanism for session lockout
aduth
approved these changes
Feb 15, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features