Promote stages/rc-2017-10-02 to staging#1701
Merged
zachmargolis merged 35 commits intostages/stagingfrom Sep 28, 2017
Merged
Conversation
**Why**: To prevent requests from taking forever
Add rack-timeout
**Why**: The values are untrusted
**Why**: For consistency
**Why**: Remove PII
Filter headers via Middleware
**Why**: So that when a user resends a letter, it does not invalidate the USPS confirmation code in preceding letters. This means that if a user resends a letter before receiving their first letter, the code in the first letter can still be used to verify their account. **How**: This commit adds a new model named `UspsConfirmationCode`. This model is associated with a profile and has an asymmetrically encrypted OTP. When the user enters an OTP, the record with the matching OTP fingerprint is found. This is used to determine whether the entered OTP is valid for verifying their account.
…attributes Allow multiple USPS confirmation codes
Redact more phone numbers in error messages
Keep locale when cancelling SP-initiated signup
…ithout-cron Revert "Remove cron dependency for worker health checker"
**Why**: To make sure the correct class is called each time. Otherwise, a class that was set by a previous spec will still be in effect for the next test, but might be the wrong class for that test.
Specify telephony service in specs
**Why**: - Those gems are not required to allow people outside of 18F to run the app locally. In some cases, like the equifax gem, they are preventing those folks from running the app.
Ignore production and deploy gems for local dev
**Why**: It looks like we may need to move away from Mailchimp for compliance reasons. SES is an email service we can buy from AWS to fill the gap.
Change prod emails from mailchimp to SES
**Why**: Malformed host headers cause exceptions
Remove HTTP Host header entirely
**Why**: Bad input should not cause us to throw exceptions
Gracefully handle unknown formats
**Why**: Rack encodes headers into 8 bit ASCII which results in encoding compadibility errors futher down the stack when the app tries to manipulate them. This commit encodes the headers and replaces incompatible characters with `?` characters so the headers do not cause the app to respond with 500s.
Sanitize UTF8 characters from headers
Change the .ruby-version file to use `2.3` rather than `2.3.3`. This may require users to create an alias in their ruby version config to specify a particular point release. For example, in rbenv you would create a symlink from `2.3` to `2.3.5`. If you're using ruby-build and have rbenv-aliases installed, this will happen automatically when you install new versions of ruby. - https://github.com/tpope/rbenv-aliases Also update the version in the Dockerfile and CircleCI config to not pin to a specific point release. This has no impact on login.gov servers, which don't use the .ruby-version file. The Gemfile already allows any 2.3.* release after 2.3.3.
**Why**: Migrations must be versioned as of Rails 5. http://blog.bigbinary.com/2016/03/01/migrations-are-versioned-in-rails-5.html Fixes: https://github.com/18F/identity-private/issues/2354
Set all existing migrations as being from Rails 4.
Allow running any Ruby 2.3 version, upgrade to latest.
**Why**: For a better user experience.
Update personal key UI
jmhooper
approved these changes
Sep 28, 2017
Contributor
jmhooper
left a comment
jmhooper
left a comment
There was a problem hiding this comment.
Looks good, but do we want to add the commits to disable international voice calling?
Contributor
Author
|
@jmhooper which PRs are those? I can consider cherry-picking those on I guess :/ |
Contributor
Contributor
Author
|
@jmhooper I cherry-picked those two PRs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.