Merged
Conversation
**Why**: It has been replaced by combined-invoice-supplement-report-v2 changelog: Internal, Reporting, Remove older report for invoices * Remove extra_allowed_analytics
…ccount_verified` email (#11218) When a user completes verification we send them an `account_verified` email which contains the following information: - The date the verification occurred - The service provider for which the verification was performed This applies to all verifications except for verifications through in-person which have their own email. Prior to this commit the service provider was determined using the SP in the session. This means that when the user is verifying in an out-of-band flow (verify-by-mail or fraud review in this case) their email would likely not contain the name of the SP that triggered the verification. For verify-by-mail we tell the user to enter their code by going to “secure.login.gov”. In this case there is no SP in the session. For fraud review we made no effort to send an email with a named SP. This commit modifies the logic to use `Profile#initiating_service_provider` to determine which SP to name in the email. As a result the email should contain the name of the service provider for which the user was originally proofing. This will be true for the inline flow and the out-of-band flows. The `UserAlerts::AlertUserAboutAccountVerified` service is used to send these `account_verified` notifications. This commit changes this service to take a profile as its only argument since all of the information necessary for this email is accessible via the profile model. [skip changelog] Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Internal, Performance, Remove unused CSS styles
Renames the symbol `:submit_attempts_remaining` to `remaining_submit_attempts` for consistency with the rest of the codebase. [skip changelog]
* Document analytics properties exempted in controller specs changelog: Internal, Analytics, Document analytics properties * Remove unnecessary allowed_extra_analytics
* Improve accuracy of mock DocAuth vendor proofing result changelog: Internal, Mock Proofer, Improve accuracy of mocker proofer analytics * Document analytics event * Remove step_count logging from FSM * Unexempt allowed extra analytics * Remove unnecessary allowed_extra_analytics * Consistently symbolize classification_info * Sync spec expectations
) Pulled error message display checks out to a shared example group and created a bunch of methods to more clearly name the checks we're performing. The tests run faster and read much more clearly. New methods: `expect_rate_limited_header_not_present` `expect_review_issues_body_message` `expect_rate_limit_warning` `expect_resubmit_page_h1_copy` `expect_resubmit_page_body_copy` `expect_resubmit_page_inline_error_messages` `expect_resubmit_page_inline_selfie_error_message` `expect_to_try_again` `use_id_image` `use_selfie_image` changelog: Internal,Spec improvements,consolidated some feature specs for speed and reduced duplication. Co-authored-by: Doug Price <douglas.price@gsa.gov>
Add new semantic ACR values **Why**: - We need new service names to transition away from using the NIST SP 800-63 language - See: https://gitlab.login.gov/groups/lg-people/Melba/-/epics/5 **How**: - Adds the new values and supporting code to provide backwards compatibility with previous ACR values - Note: The only place we resolve the semantic IAL value is in the `AuthnContextResolver#resolve_acr` method as the resolver requires a ServiceProvider to inform us of whether we should use the semantic IAL values or not. Future work is planned to address this gap long-term. changelog: Upcoming Features, Authentication Context, Adds new values for service mapping migration ## 🎫 Ticket Link to the relevant ticket: https://gitlab.login.gov/lg-people/Melba/backlog-fy24/-/issues/96 - Also resolves: https://gitlab.login.gov/lg-people/Melba/backlog-fy24/-/issues/99
Document capture changed while I was working on the tests, resulting in breaking the tests after merge. This fixes the broken tests. [skip changelog]
* Remove ab_test_args stub analytics properties changelog: Internal, Analytics, Document analytics properties * Remove unnecessary allowed_extra_analytics * Document analytics properties * Document analytics properties * Remove unnecessary allowed_extra_analytics * Remove unnecessary allowed_extra_analytics * Document analytics properties * failed_image_fingerprints optional * Remove unnecessary allowed_extra_analytics
changelog: Internal, Dependencies, Update ruby-saml
Users are marked `fraud_review_pending` on the last step of the IdV process. For users who go through document capture and verify by phone that means that they are marked `fraud_review_pending` at enter password. However, users doing verify-by-mail or in-person-proofing are not marked `fraud_review_pending` until they complete those flows. This is done so that users do not get marked `fraud_review_pending` if we have disabled device profiling by the time they get to those later steps. This is an issue with logging at the enter-password step since those users in in-person and verify-by-mail that will eventually be marked fraud review pending are not when we log those properties. This is especially problematic since we use the `idv_final` event at the password step for the Identity Verification Report. If a user has a device profiling result that will lead them to be fraud-review pending we store that on the profile as `fraud_pending_reason` and use it downstream to make the determination to move verify-by-mail and in-person users into the fraud review flow. This commit logs the `fraud_pending_reason` value on the profile at enter-password so that we have visibility into users the will be eventually marked `fraud_review_pending`. It also uses this new property in the Identity Verification Report. [skip changelog]
mitchellhenke
approved these changes
Sep 12, 2024
zachmargolis
approved these changes
Sep 12, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Internal
Upcoming Features