LG-322 Prompt PIV/CAC user to set up phone number#2244
Conversation
|
This PR allows PIV/CAC users to configure a backup phone number after setting up their PIV/CAC. It's missing a few more things that will come later today:
|
|
Here's a screenshot based on what @AvivaOskow posted in the issue: |
jgsmith-usds
left a comment
jgsmith-usds
left a comment
There was a problem hiding this comment.
This looks good to me. I haven't tried to support SAML since the SPs we're supporting don't use it, but adding the shared example at the bottom is a good step in that direction.
There was a problem hiding this comment.
I wondered if we'd rather have this be a test of multiple 2fa options, but this should be good for now since we only get here through the piv/cac setup. Longer term, this may be a good hook to prompt someone to have multiple 2fa options configured.
There was a problem hiding this comment.
Yeah, I wanted to keep it simple for now, and then expand later.
monfresh
force-pushed
the
mb-piv-cac-require-backup-phone
branch
3 times, most recently
from
fc7cd4a to
c7c989f
Compare
**Why**: PIV/CAC users are required to configure a backup phone number so that they can sign in/recover their account if they no longer have access to their PIV/CAC card.
monfresh
force-pushed
the
mb-piv-cac-require-backup-phone
branch
from
c7c989f to
34a938e
Compare
2 participants
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.