Deploy RC 425 to Production#11392
Merged
mitchellhenke merged 15 commits intostages/prodfrom Oct 24, 2024
Merged
Conversation
* delete state id step files changelog: Internal, In-person proofing, delete state id FSM step files Co-authored-by: svalexander <shannon.alexander-navarro@gsa.gov>
changelog: User-Facing Improvements, Integration Experience, Allowing and ignoring unknown authn_context values
…ess_search_endabled variable usage (#11370) Merging this today but updating the s3 variables on dev and prod on thursday
If a user is in fraud review for over 30 days they are automatically rejected by the `FraudRejectionDailyJob`. Prior to this commit the analytics service was initialized with an anonymous user. As a result the event was not logged for the fraud review rejected user. This commit fixes that issue so these events will appear associated with the rejected user. [skip changelog]
**Why** While authoring a different feature, it became apparent that we do not store multiple variants of asset "just in case". We can re-export from our authoring tools (i.e., Figma) if need be. This adds a note why we do not do this for developers from the future. [skip changelog]
* Update Rails to 7.2.1.1 * Migrate deprecation removal preview_path assignment https://guides.rubyonrails.org/7_2_release_notes.html#action-mailer-removals * Migrate deprecated usage of check_pending https://guides.rubyonrails.org/7_1_release_notes.html#active-record-deprecations https://guides.rubyonrails.org/7_2_release_notes.html#active-record-removals * Update rspec-rails to latest Fixes deprecated/removed usage of ActionMailler preview_path= rspec/rspec-rails#2703 * Update version references to Rails 7.1 * Fix PG::SyntaxError on IS NOT with nil value rails/rails#52643 * Add changelog changelog: Internal, Dependencies, Update to Rails 7.2 * Lintfix worker schema file * Update DataPull specs to expect date type See: https://blog.saeloun.com/2024/05/30/rails-7-2-pg-adapter-to-type-cast-date/
… preview (#11382) We expect that most users who receive the `account_verified` email will have proofed with a service provider that has a `return_to_sp_url` and thus a `homepage_url`. This commit updates the mailer preview to replicate that situation so the email is displayed as expected. [skip changelog]
changelog: Internal, Browser Support, Update browserslist database
* Update DIVR to do fraud stats for SPs Several fraud-related analytics events do not have SP information associated with them. Filtering by SP for ther DIVR will therefore exclude those events. This PR updates the DIVR to pull all fraud-related events for the given period for comparison. [skip changelog] * Try to be better * Update passed_fraud_review_users logic When filtering by SP, only count users we know can be attributed to the SP, either because: 1. They have a final resolution event in the dataset attributed to the SP or 2. The profile review passed event includes a matching service_provider For a while, we will have some fraud events augmented with service_provider and some without. * Apply SP logic to did_not_pass_fraud_review_users * Guard against nil issuers array * Address linting issues * Pull all GPO verification events in the period We need these events returned so that we can attribute fraud events that are lacking SP data. * Pull all IPP events in time period Similar to GPO, we need the IPP events even if they are fraud review pending so that we can attribute fraud-related events that are lacking SP data. * Add a user who bounced on the welcome screen * Remove unused constant * Remove unused SP event tracking * Clean up sp_key a little * Ensure we filter in service_provider service_provider is normalized using `coalesce` whereas properties.service_provider is not * Clean up diff a little hopefully * Refine how we normalize fraud_review_pending - use coalesce() + OR to ensure we get rid of all null values * Remove fraud_pending_reason consideration fraud_pending_reason is sourced from the Profile for Idv: final resolution and may have a value set even if the profile is not currently in the fraud review queue (e.g. for GPO). * Revert "Remove fraud_pending_reason consideration" Actually, we want to consider this--the only way to identity gpo / fraud pending is by looking at fraud pending reason This reverts commit 9dc9663. * Add a comment about fraud_review_pending usage * delint * Update lib/reporting/identity_verification_report.rb Co-authored-by: Matt Wagner <matt.wagner@gsa.gov> * Handle case where multiple issuers are specified First build a list of all unique users for the specified issuers, then intersect that list with the list of users who passed fraud review. This way we are allowing for users that interacted with _any_ of the issuers rather than _all_ of them. * Learn how each_with_object works It's not like reduce, you have to modify the accumulator * Add test for multiple issuer usecase Test that, if results are returned for multiple issuers, we correctly count successfully passed users --------- Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Matt Wagner <matt.wagner@gsa.gov>
changelog: Bug Fixes, Database, Fix migration check method call arguments
* changelog: Internal, MFA setup, Add attempt count to MFA setup analytics event * add piv attempts, use common name in analytics * add logging to otp and totp setup * reset attempts count on success * add totp reset and refactor reset on webauthn * update otp specs * update totp specs * update piv_cac_setup specs * add otp spec that confirms incremented mfa_attempts analytics log * add specs for piv and totp * refactor slightly session key setter * add testing for attempts on webauthn setup * refactor pulling commonly use function into mfa setup concern * move mfa attempts to 2fa methods concern, change to user_session * equip otp with mfa attempt logging at authentication * update spec because of session token change, add attempt count to webauthn verification * add mfa attempt count for totp authentication * add mfa count for piv authentication * clear user_session token when changing mfa after a failed attempt * add params to piv analytics event * fix piv verification spec. reset mfa account for setup failure * express auth attempts as a hash consisting of attempt count and method * group all attempts into a hash * sync rspec up with changes made * add mfa attempt to event expectation * add mfa attempt to event expectation * fixes specs to catch missing events * fix webauthn spec to correct user flow * fix mfa label in spec * remove private_key gsub * leverage symbols for mfa methods, remove no longer needed method from prev iteration * revise spec to use symbol * address keypath warnings from spec * fix how otp verification controller generates the attempts count, update specs to sync with that * gsub personal_key for mfa_attempts * convert to sym * convert key to sym with correct method * rename incrementing method param. repair rspec to correct exptected mfa * fix rspec expected mfa types * place gsub behind a conditional * set up a programmatic way of protecting pii keys in sessions * refactor increment verb * fix broken logic * put expected attempt key back * add testing for change to session_encryptor * change to more sensitive session detection approach * revise specs with change to attempt log structure * follow up on remaining specs * reorder check for method changeup * restructure analytics for attempts and update tests * make webauthn setup count more accurate, remove previously added spec, improve method count helper * increment webauthn setup also at confirm * utilize constant values for mfa methods * select phone/voice and webauthn/_platform submethods * use webauth_auth_method function
* LG-14455: Improved messaging for PIV/CAC mismatch changelog: User-Facing Improvements, PIV/CAC, Add PIV/CAC replacement workflow for mismatched PIV authentication * Remove "user uses incorrect PIV/CAC as their second factor" These behaviors now described in piv_cac_sign_in_spec.rb
… table (#11389) * changelog: Internal, add db column, adding socure capture app url to db * Adding schema to PR to resolve failed migration test
aduth
approved these changes
Oct 24, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal