Promote RC 39 to staging#1673
Merged
zachmargolis merged 47 commits intostages/stagingfrom Sep 14, 2017
Merged
Conversation
**Why**: So that the input is wide enough to display 10 alpha-numeric characters
**Why**: So that a database write does not happen as the side-effect of a service class's initializer
Don't create Profile in ProfileMaker#new
Increase width of USPS confirmation code input
**Why**: Travis CI is no longer supported/allowed by 18F.
Replace Travis CI with Circle CI
Remove style-guide dependency (again)
Retain language preference when cancelling sign up
Adjust spacing of cancel link
Translate HTML5 required input message
**Why**: It has been disabled for a while now, we moved critical parts like SMS rate limiting to app code.
**Why**: So we can check the database health
Remove Rack::Attack
**Why**: cron (leader host) is not compatible with autoscaling groups Now, when our load balancer hits the worker health check endpoint (which it already does) we will enqueue dummy jobs so make sure we're healthy
Remove cron dependency for worker health checker
Add /api/health/database endpoint
**Why**: To increase visibility
Also notify NewRelic when DB health check fails
**Why**: Conflicts with current up-to-date information
**Why**: Error in production due to "request.protocol" being nil, using the asset_url helper in the view should provide access to the request
Move _tag helpers into the template
Remove out-of-date documentation
**Why**: The idv.message.session.success translation had its `pii_message` interpolation argument translated for the Spanish locales. This caused errors during idv with the locale set to Spanish
**Why**: To allow the pentesters to complete creating an LOA3 account. They don't have access to a US mailing address or phone number.
Allow USPS code prefill on PT
Fix translated pii_message interpolation argument
**Why**: The rake_test_desktop driver does not support the `screenshot_and_save_page` function. Using the rack test driver allows us to save screenshot and save pages for the user flows. Use valid phone in phone form during user flows **Why**: Faker::PhoneNumber does not always produce valid phone numbers, which leads to flickering specs. This change loops until a valid phone number is generated Add idv_job metadata to LOA3 user flow specs **Why**: Setting `idv_job` to true is necessary for LOA3 specs to simulate the background jobs running to verify the user's identity.
Fix user flows
**Why**: We were creating a profile in the verify/review#create method. That method redirects to verify/confirmations#show which then calls `#complete_session`. This means that the profile exists in quasi complete state between these requests. This commit makes a small change so the profile is created and completed in one step. Additionally, this commit cleans up the confirmations controller specs.
Complete session in verify review controller
**Why**: Increased visibility
Update config to raise errors for email delivery fails
**Why**: After a user fails to verify based on supplied info the user is redirected to help pages if logging in directly on the app. If coming from an SP, they are instructed to visit the SP for more help.
**Why**: So that we can make sure that all of our translations are being interpolated correctly.
…ments Check for missing interpolation args in i18n spec
**Why**: To pick up the latest changes that resolve issues we discovered while testing in staging.
Update equifax gem to latest commit
**Why**: So we can translate the app
**Why**: Previously, we allowed unlimited OTP guesses when confirming a phone number because we didn't think this posed any security risks. In hindsight this was a poor decision since it can portray our app as being insecure and affects our reputation and confidence in the system. We should be defaulting to safe everywhere. **How**: Remove any conditional logic that determines whether or not guesses should be limited. Everyone will now be limited to 3 OTP guesses regardless of context.
Update verify hard fail screens
**Why**: 1. They were being serialized incorrectly 2. They could potentially contain sensitive data
Don't log headers
Limit OTP guesses to 3 in all contexts
jmhooper
approved these changes
Sep 14, 2017
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.