Merged
Conversation
When a user enters a code during GPO there usually is not a service provider present in the SP session. This is because the letter we send instructs users to go directly to Login.gov to enter the code. As a result it is difficult to collect verification events for service providers in the out-of-band case since we cannot group events by `properties.service_provider`. This commit adds the initiating service provider to the logged analytics event when a user enters a GPO code. The issuer is already logged on in-person and fraud review so this change allows us to group all out-of-band verification events by service provider. changelog: Internal, Analytics, Initiating SP issuer is logged on verify-by-mail code entry
* LG-15187: Update Socure Idv A/B test logic, pt.1 Adds a new parameter to ResolutionProofingJob prior to implementation, so that the new signature method can be used once all job queues are running the same code. [skip changelog] * LG-15187: Attempting to use pass proofing components to ResolutionProofingJob [wip] * Refactor Idv::Agent spec Update this spec to use more let and subject blocks ahead of adding new tests to it. [skip changelog] * Update Idv::Agent spec Assert we're actually passing proofing components into ResolutionProofingJob * Update ResolutionProofingJob spec Handle logic around shadow mode enabled / disabled globally, shadow mode enabled for docv users, and shadow mode a/b test for non-docv users. * Don't try and set vendor on doc capture session result * Aggressively reload A/B tests during spec runs Tests can get stuck with mocked configs, leading to flakiness. [skip changelog] * Remove user_session from VerifyInfoConcern * Update 'spec/controllers/idv/in_person/verify_info_controller_spec.rb' * Minor cleanup and rewording * Update app/jobs/resolution_proofing_job.rb Co-authored-by: Matt Wagner <matt.wagner@gsa.gov> --------- Co-authored-by: Lauren George <lauren.george@gsa.gov> Co-authored-by: Matt Wagner <matt.wagner@gsa.gov>
* Drop proofing_components table Since #11564 we've stopped writing to this table, so now is the time to drop it. This table was previously used as a temporary datastore for proofing component values as a user moves through IdV. We now dynamically derive those values from the Idv::Session, so this table is not needed any longer. [skip changelog] * Update db/primary_migrate/20250106232958_drop_proofing_components_table.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Internal, Identity Verification, Update maintenance windows for states
Bumps [phonelib](https://github.com/daddyz/phonelib) from 0.9.1 to 0.10.3. - [Release notes](https://github.com/daddyz/phonelib/releases) - [Changelog](https://github.com/daddyz/phonelib/blob/master/CHANGELOG.md) - [Commits](daddyz/phonelib@v0.9.1...v0.10.3) --- updated-dependencies: - dependency-name: phonelib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.11.4 to 1.11.17. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.11.4...v1.11.17) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove fallback to LexisNexis In #11674 we added a fallback in the case resolution_vendor was not set in IdV::Session to account for the 50/50 state. Here we remove it, since that's been deployed. [skip changelog] * Remove another unneeded 50/50 state test
* Initial cloudwatch query script to summarize events * Query cloudwatch and get user events * add timestamp remove limit * [Hackathon] Allow sourcing events from stdin (#11619) * Allow sourcing events from stdin It may be useful sometimes to take a local cache of cloudwatch events and pipe them into this command. [skip changelog] * Add 'limit: 10000' to CW query This is required for `complete` to work * [Hackathon] Add ExampleMatcher (#11622) * Add ExampleMatcher Add an example matcher that just counts events and outputs how many it saw. [skip changelog] * Remove excess whitespace * Add frozen_string_literal: true * use optparse to allow command options/defaults (#11627) * [HACKATHON] Initial crack at an IdV matcher (#11624) * Initial crack at an IdV matcher Matcher is a state machine that collects IDV "attempts" as they happen and tries to suss out interesting things about them. [skip changelog] * removed unused method --------- Co-authored-by: Douglas Price <douglas.price@gsa.gov> * [HACKATHON] Output formatting tweaks (#11635) * Normalize @timestamp to UTC for each event Pre-parse it in the script so that matchers don't have to worry about it * Slightly improve output - Include timestamps where possible [skip changelog] * [HACKATHON] Minor tweaks (#11637) * Don't crash if no events found * Tweak handling of --end-date - Use a dash rather than underscore - Make sure we respect it if it's passed in * Sort events on stdin before processing Events from Cloudwatch queries will be sorted, but stdin is not guaranteed. Processing unsorted events can lead to weird, weird, outcomes * report on TrueID success/failure (#11638) * Try to identify IDV abandonment (#11639) If the user: - Has not completed the initial workflow and - Does not have an idv-related event new that 1 hour Call their attempt abandoned * Login hackathon 2024 user narrative account deletion (#11629) * include timestamp * add account deletion narrative matcher * remove unneeded matcher requirement * add deletion matcher * lint * rename account deletion * read events from file without changing stdin * remove ipp from gpo code submission event * update example documentation in script * Update lib/event_summarizer/vendor_result_evaluators/aamva.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Start writing a spec * Tidy up logic in IV result evaluator * Set event['name'] if not already set * Fix typo * Use Eastern time zone by default * Update pluralization code + add spec * Start on spec for summarize-user-events command * Protect rubocop's delicate sensibilities * Add more specs Add some specs around option parsing, time parsing, and actually running the program * Look at banner michael --------- Co-authored-by: Malick Diarra <malick.diarra@gsa.gov> Co-authored-by: Doug Price <douglas.price@gsa.gov> Co-authored-by: Eileen <eileenmcfarland@navapbc.com> Co-authored-by: eileen-nava <80347702+eileen-nava@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Internal, Dependencies, Update outdated package version pinning Previously added to pin to versions of subdependencies with fixed security advisories where direct dependencies were using an older version. Direct dependencies now reference fixed versions and the pinned resolutions are no longer necessary. Indirectly resolves an outstanding security advisory in nanoid, using latest version valid by direct dependency using it (postcss). Co-authored-by: lamcodeofpwnosec <lamcodeofpwnosec@users.noreply.github.com>
…be clearer for users in french and simplified chinese (#11729)
… id ipp (#11687) * Content updates to Ready to Verify view/email * changelog: User-Facing Improvements, In-person proofing, Content and translation changes to Ready to Verify View and Email * Fix linter errors and add missing tag * Content updates for Ready to Verify Email/View * Restore translations * Add punctuation to translations
See https://gsa-tts.slack.com/archives/C0NGESUN5/p1734552195424489 etc. OpenSSL 1.1 is obsolete and unavailable. It also does not need to be in the Brewfile at all; removing it causes no problems. changelog: Internal, Developer Experience, Don't require obsolete openssl-1.1
* changelog: Upcoming Features, Doc Escrow, Add encryption and storage pieces --------- Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
… drag and drop functionality if selfie required (#11728)
- "Email and Password Authentication" description was wrong - Similar to #11640 * AnalyticsEventDocumenter will error when description starts with lowercase * Add --no-progress to yard CLI so that it does not mess up my terminal * Update AnalyticsEventDocumenter to ignore rubocop directives in descriptions * Fix remaining documentation errors * Update error message analytics events changelog: Internal, Documentation, Fix documentation formatting
The regex we used to read the height from a TrueID response did not account for a space that may appear between feet and inches. As a result height values like `5' 11"` were not read. This commit updates the regex to fix that. changelog: Internal, TrueID, Regex to parse the height from documents was adjusted
* LG-15453: Fix issue formating heights for AAMVA DLDV From the AAMVA DLDV guide regarding formatting the height: > Height data should be 3 characters (i.e. 5 foot 7 inches is submitted as 507) We were not previously zero-padding the inches. [skip changelog] * Update spec to match aamva docs + add another test Test the "inches >= 10" and "inches < 10" cases
…r sign in (#11703) * changelog: Bug Fixes, Sign in, bug fix for recaptcha failure not incrementing failed sign-in rate limiter * rename session labeling * fix yaml ordering and reset bad_password spec * add test to validate excessive recaptcha failures * fix typos and paste errors
jmdembe
approved these changes
Jan 14, 2025
jmhooper
added a commit
that referenced
this pull request
Jan 14, 2025
…14"" This reverts commit 7ea655c.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features