Merged
Conversation
…ates (#10996) * Add png and svg for Ready to Verify view and email * Add content for Ready to verify in all languages * Add Real ID and tag content on ReadyToVerify View * Add Real ID and Tag on EIPP ReadyToVerify Email * Fix linter errors * Reorder specs for Ready to Verify * Reorder specs in Ready To Verify Email Specs * Style updates in Ready To Verify Email * Fix linter error by optimizing assests * changelog: Upcoming Features, Enhanced In-person Proofing, Update Ready to Verify View and Email template to include Tag and Real ID Content * Remove comment
…behavior (#11011) * Update AcuantPassiveLiveness.js to 508 version * add es fr and zh translations * fixed some js tests changelog: User-Facing Improvements,508 compliance,updated Acuant SDK for better selfie capture experience with screen readers. Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: Doug Price <douglas.price@gsa.gov>
* Ensure that image is mostly read-only to the app user * make sure keys are readable by the app user * Make it so that build-essentials is not installed (smaller image, less tooling for attackers to work with) * Make sure puma knows what xff header to use * Ensure that service_providers.yml and related files are copied into the image --------- Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
* Support exponential factor for rate limit expiration * Simplify spec example * Clarify assertion expectations * More clarification of assertion expectations * Add initial implementation of rate limiter * Log event for rate limited on authentication attempt * Add test coverage for sign-in controller * Add changelog changelog: Internal, Rate Limiting, Enforce additional user IP rate-limiting on sign-in * Adjust cached attempts before calculating new expiration * Update spec expectations for auth event * Shuffle code into consistent result "handlers" * Rename process_locked_out_session to process_rate_limited In the future, may incrementally move toward removing session-based limiting in favor of the new rate limiter * Call class methods on RateLimiter See: #10982 (comment) Co-Authored-By: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com> * Use minutes instead of days for max attempt window Finer control See: #10982 (comment) * Handle transaction increment in Lua script Co-Authored-By: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com> * Convert to evalsha, load script on demand Co-Authored-By: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com> * Evaluate script to cache See: #10982 (comment) Co-Authored-By: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com> * Fix units conversion between minutes and seconds * Only use Redis Lua script for exponential increment It's not quite as performant and the primary use-case doesn't require it, so only use if needed * Clarify and avoid redundant condition for exponential increment * Round to avoid incompatible decimal for expiration --------- Co-authored-by: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com>
changelog: Internal, SAML, Updates to saml_idp version that reduces complexity
* Update knapsack report changelog: Internal, Maintenance, Update knapsack report * remove unnecessary allowed extra analytics
* Update rexml to 3.3.4 to resolve security advisory changelog: Internal, Dependencies, Update dependency to resolve security advisory * Update malformed XML expected error message See: https://gsa-tts.slack.com/archives/C0NGESUN5/p1722603246138259?thread_ts=1722600392.405239&cid=C0NGESUN5
changelog: Internal, CI, Update formatting for messages to Slack
* change cert bundle to the new global bundle * update review app too, though I don't think it needs it since it is going to a containerized postgres * changelog: Internal, kubernetes support, Update RDS CA bundle to support new encryption policy
changelog: Upcoming Features, IdV with Biometric Comparison, Supporting biometric acr in SAML 1. Updated AttributeAsserter to send correct ial 3. Renamed AuthnContextResolver#resolve to AuthnContextResolver#result and memoized it 3. Moved asserted_ial_value from OpenidConnectUserInfoPresenter to AuthnContextResolver 4. Used common asserted_ial_acr method from both AttributeAsserter and OpenidConnectUserInfoPresenter
…11025) * Remove OIDC form-action CSP assertions from account creation specs changelog: Internal, Automated Testing, Remove OIDC form-action CSP assertions from account creation specs * Remove PIV/CAC sign-up CSP assertions
* changelog: Internal, In-person proofing, Remove deprecated address routes * feat: lintfix
* batch all changes * change text on piv cac log in * add error for "your piv cac did not work" * change `instructions.mfa.piv_cac.sign_in_html` to `instructions.mfa.piv_cac.sign_in` * run `normalize_yaml` * changelog: User-facing Improvements, PIV/CAC, standardize PIV/CAC language * Change to "Add your government employee ID" * Change to "Insert PIV/CAC", polish not connected messaging" * add button for go back and sign in * fix bolding, remove cancel link * remove cancel/choose another option link * Add "Try again" text, update error view * lint fixes * Update app/views/users/piv_cac_login/error.html.erb Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * Update app/views/users/piv_cac_authentication_setup/error.html.erb Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * Update config/locales/en.yml Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * normalize and rename all yaml keys, * clean up button * margin change * add `wide` property --------- Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com>
* Limit analytics CSP revisions to necessary entries changelog: Internal, Analytics, Limit analytics CSP revisions to necessary entries See: https://github.com/digital-analytics-program/gov-wide-code#content-security-policy * Temporary: Enable DAP in review applications * Revert "Temporary: Enable DAP in review applications" This reverts commit 5e2c65a.
…_enrollments non-nullable (#11015) Co-authored-by: Will Birdsall <wbirdsall@fearless.tech>
* validate ID is not expired * state ID expiration validation tests * add state_id_expiration tests for image uploader * remove comment * minor updates form PR feedback * changelog: User-Facing Improvements, Document Authentication, Vaidate state ID expiration date * pii is valid when state_id_expiration is not present
changelog: Bug Fixes, Page Layout, Fix spacing on PIV/CAC login screen
* changelog: User-Facing Improvements, Account Deletion, User Mailer changed to be clearer * remiove unneeded css class
mitchellhenke
approved these changes
Aug 6, 2024
aduth
approved these changes
Aug 6, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features