Merged
Conversation
changelog: Internal, Code Quality, Remove unused variant for phone input component
* changelog: Upcoming Features, reCAPTCHA, Add reCAPTCHA disclaimer text to sign-in page * add specific key for sign_in page translation * include new_tab_link support * remove extra stub and fix indentation * fix erb formatting * remove debugging * add test that disclaimer not show when sign_in recaptcha disabled * rename translation key * replace missing updated translation key
Currently we log PII or redacted PII related to the resolution proofing job in the `IdV: doc auth verify proofing results` event. This primarily includes state ID information which is added to the logs in `VerifyInfoConcern#idv_result_to_form_response`. This commit adds this information to the result that is returned from `ResultAdjudicator`. This has a few advantages: 1. We have a consistent result since the information is added before bing written to Redis. This will allows the `SocureShadowModeProofingJob` to pick it up and log it. 2. It provides an overview of what PII and redacted PII is logged in one place. 3. It ensures that PII is logged consistently even if vendors or stages change in the future Finally, this commit adds the year of birth to the logs to address LG-14371. [skip changelog]
* changelog: Internal, Webauthn Setup, move aaguid call in webauthn setup form * remove aaguid * do rescue for aaguid * rescue authenticator data format * change to standard erorr
The `RECAPTCHA_SIGN_IN` A/B test has a discriminator block that does the following: 1. Return `nil` if captcha was not performed 2. Return the user's UUID if the user is present 3. Return a random value if no user is present with the intent of sorting them into a bucket The implementation of `AbTest#bucket` checks if the discriminator resolved by this discriminator block is blank and returns `nil` if it is ([ref](https://github.com/18F/identity-idp/blob/983e21648dc7695f11c37e3eff7997ef4bd90f1e/lib/ab_test.rb#L46)). The `blank?` method has a special implementation for `String` ([ref](https://github.com/rails/rails/blob/dfd1e951aa1aeef06c39fffb2994db8a8fa1914f/activesupport/lib/active_support/core_ext/object/blank.rb#L141-L163)) that returns `true` if the string consists of only whitespace. The random value here was generated using `SecureRandom.gen_random`. This value was then used in the `AbTest#bucket` to randomly sort unidentified users into AB test buckets. `SecureRandom.gen_random` returns a string of random bytes which can include `" "`, `"\n"`, `"\r"`, etc. The combination of the above meant that the discriminator could generate a value that caused the `AbTest#bucket` to return `nil` for `RECAPTCHA_SIGN_IN` when it was intended to return a bucket. This lead to a flaky test ([this spec](https://github.com/18F/identity-idp/blob/983e21648dc7695f11c37e3eff7997ef4bd90f1e/spec/config/initializers/ab_tests_spec.rb#L197-L203) tests that the bucket is not nil; it is nil in the case where `SecureRandom.gen_random` returns a blank string). This commit changes the call to `SecureRandom` so that it only ever generates alphanumeric strings which will never be blank. [skip changelog]
…h that matches other address field validations (#11224)
The welcome controller had a test that checked that something matched a timestamp. This test failed when the clock advanced before we ran our expectation. This commit changes the test to expect the value to not change which is what we really intend to test. [skip changelog]
This commit removes the birth year from the logged biographical info in the proofing results. We are walking this back while we do some additional work with privacy to describe this. [skip changelog]
* LG-14382: Update intl-tel-input to latest version changelog: Internal, Dependencies, Update dependency to latest version * Remove unnecessary screen reader text assignment Now handled internally in intl-tel-input with a11y-text element. Test coverage already exists here for expected value (see modification) * Remove unnecessary aria-owns removal Removed upstream in jackocnr/intl-tel-input#1421 * Use i18n option to customize aria-label Available as of jackocnr/intl-tel-input@fc0fc06 * Remove unnecessary duplicate removal logic Latest version has "countryOrder" rather than "preferredCountries", no longer outputs duplicate iitems
…e capture heading to selfie step in for split doc auth (#11241)
* Require threatmetrix_session_id be present in idv_session for Verify Info screen If the user does not have a session ID, redirect them back to the SSN step so that they get one. changelog: Internal, Identity verification, Prevent errors during verify info step due to missing session id. * Update ThreatMetrix session ID generation logic - If the user is updating their SSN but their is no session id present, generate a new one * Add an analytics event when missing tmx session id
…nt (#11236) * changelog: Internal, Account Management, Include identity-verified status in account reset delete event * make identity assignment more succinct and no longer side effect * leverage user factory traits for setup * remove pending states from deleting accounts * log proofing_components on delete * gets proofing component off of active profile * trying to set confirmed-at to troubleshoot twitchy spec time handling * add proofing components to user factories * add an active_profile? stub to AnonymousUser * abbreviate variable assignment * log profile idv level * remove spec for verified by mail
changelog: Internal, Protocols, Update saml_idp gem version
changelog: Internal, Dependencies, Update Puma
#11245) * changelog: User-Facing Improvments, doc auth, split doc auth content and visual changes * Adding flags for docker testing * Resolving PR comments * Adding change to force selfie prompt for easier testing, NEEDS TO BE REVERTED * Fixing lint * Reverted back logic
* changelog: Internal, Dependencies, Update google-protobuf * update pg_query
We are considering using a different hash algorithm for the `AbTest#bucket` method. We expect a different hashing algorithm to give us better performance which could be a meaningful bump considering how much we call the `#bucket` method every request. This commit lays some groundwork by adding method tracers to the impacted methods. This will allow us to assess the impact this change could have. [skip changelog]
[skip changelog]
zachmargolis
approved these changes
Sep 24, 2024
Contributor
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
Should we remove the "revert" line and whatever it was that reverted from the changelog?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features