Merged
Conversation
davemcorwin
changed the title
davemcorwin
added
status - ready for review
and removed
status - work in progress
labels
| end | ||
|
|
||
| def failure_url(reason) | ||
| idv_jurisdiction_failure_url(reason) |
Contributor
There was a problem hiding this comment.
Doesn't look like we have cases that need a failure_url?
Contributor
There was a problem hiding this comment.
This is used by a few of the IdV concerns:
|
|
||
| def create | ||
| result = idv_form.submit(step_params) | ||
| @idv_form = idv_form |
Contributor
There was a problem hiding this comment.
Why the use of @idv_form and @_idv_form (line 76)? I'd just use idv_form everywhere.
|
|
||
| def create | ||
| result = idv_form.submit(profile_params) | ||
| @idv_form = idv_form |
Contributor
There was a problem hiding this comment.
Similar comment as above. idv_form (line 99) uses an instance variable @_idv_form to store this. If you do need @idv_form, then perhaps change @_idv_form to @idv_form and then use idv_form here to make sure it's defined (in case you want it in a view).
| def process_success | ||
| redirect_to idv_session_success_url | ||
| def process_form_failure | ||
| redirect_to idv_session_failure_url(:dupe_ssn) and return if @idv_form.duplicate_ssn? |
Contributor
There was a problem hiding this comment.
Just use idv_form to get the form. No need for the instance variable.
|
|
||
| def sp_alert_name | ||
| sp_alert? ? SP_ALERTS[sp_name][:i18n_name] : nil | ||
| SP_ALERTS.dig(sp_name, :i18n_name) || nil |
Contributor
There was a problem hiding this comment.
If SP_ALERTS[sp_name][:i18n_name] doesn't exist, it'll return nil anyway, so || nil isn't really necessary.
| 'https://login.gov/help/privacy-and-security/how-does-logingov-protect-my-data/' | ||
|
|
||
| = simple_form_for(@view_model.idv_form, url: idv_session_path, | ||
| = simple_form_for(@idv_form, url: idv_session_path, |
Contributor
There was a problem hiding this comment.
One of the patterns I'm playing with in the 2fa modularization effort is making the form a property of the presenter object. This is helpful especially when parts of the presenter might depend on information in the form, such as error states. But in that case, I'd make things like the dob (line 22 below) a property of the presenter, and have the presenter figure out how to get it from the form.
Contributor
There was a problem hiding this comment.
Since we're focusing on adding fail states to the IdV flow here, I'd call refactoring the form / presenter object relationship for this kind of out of scope. We can come back and investigate though.
Contributor
|
@jgsmith-usds: worked through this w/ @mryenq, wanna take another look? |
jmhooper
reviewed
Jul 11, 2018
| @@ -0,0 +1,5 @@ | |||
| = render 'shared/failure', presenter: presenter | |||
Contributor
There was a problem hiding this comment.
One change we want to make before merging is rename this idv_failure since this view is specific to idv failures
davemcorwin
commented
Jul 16, 2018
Contributor
Author
davemcorwin
left a comment
davemcorwin
left a comment
There was a problem hiding this comment.
@jmhooper Your changes LGTM, just made one small syntax change.
aduth
added a commit
that referenced
this pull request
Sep 16, 2020
**Why**: #2259 replaced modal dialogs with dedicated alert screens, and this code is now unused.
This was referenced Sep 16, 2020
aduth
added a commit
that referenced
this pull request
Sep 16, 2020
**Why**: #2259 replaced modal dialogs with dedicated alert screens, and this code is now unused.
solipet
added a commit
that referenced
this pull request
Sep 23, 2020
* Notify via email when resetting password from RISC (LG-3120) (#4177) * Combine reset password classes * Remove rake task and script * Update email copy * Remove docker branch builds, leave "build-release-container" (#4181) * convert idv cac success template to erb * convert backup code setup confirm delete template to erb * convert backup code setup confirm edit template to erb * convert piv cac auth setup error template to erb * Add more randomness to Agency factories (#4186) **Why**: We have a unique index on agency name * fix: Gemfile & Gemfile.lock to reduce vulnerabilities (#4187) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-ACTIONVIEW-632514 * refactor account page a bit * placeholder * lint * rubocop * add redirect * fix backup codes spec * add translations to mobile menu * move two factor to own controller * move connected accounts to own controller * move history to own controller * fix indent * fix menu not showing on tablets * fix some specs * fix some specs * rubocop * fix greeting and header nav * fix more specs * double quotes in html attributes * update redirects for piv/cac setup * use USWDS breakpoints * convert navigation class method to being instantiated * rubocop * csscop * fix piv cac spec * remove semi-circle from user-access image * internationalization for new account banner * normalize yaml * update events page to align with new account page design * review changes * LG-3118 Fix bugs discovered while testing AAL3 flows (#4182) This commit fixes 2 bugs: 1.) The WebAuthn setup was not marking the session as AAL3, so the user was needed to interact with their token twice 2.) The "Don't have your <method>" text was appearing on the PIV/WebAuthn verification screen when the user did not have an option to change methods * LG-3334: Support failure testing for document capture in development environments (#4173) * Allow AcuantCapture to receive non-image files in non-production environments **Why**: As a developer, I expect that I can upload files which simulate expected failures which can occur during document capture, so that I can reliably test non-happy-path flows. * Return error from YAML in non-production image upload * rubocop * Fix client test specs * Pass mock client as detail to root upload context * Pass through non-image files to client implementation See: https://github.com/18F/identity-idp/pull/4173/files#r485970570 * Remove unused i18n keys * update user access svg to hide bottom corners * LG-3118 Update the webauthn verification headers (#4190) This was discovered during LG-3118. The headers on the WebAuthn verification screen are supposed to ask you to connect instead of present your key. * Separate links to Privacy Act Statement from Practices (LG-3467) (#4188) * update banner to for mobile design changes * LG-873 Add x509_issuer to piv/cac response data for OIDC (#4174) * Change "Sign in" to "Continue" on user authorization confirmation (#4189) This was found as part of LG-3118. The "Sign in" button on this page should say "Continue". While I was in there I noticed the rest of the text on the page was not translated so I went ahead and took care of that. * LG-3342: Rate limit image uploads during doc auth API response (#4185) * LG-3342: Rate limit image uploads during doc auth API response **Why:** As a legitimate user doing doc auth, I want the image uploads in the react flow to be uploaded, so that users attempting to steal an identity have a harder time proofing. * Pass image form status as argument to render_form_response * Memoize image upload form throttle increment to avoid duplicate counting * Increment throttle by submission See: #4185 (comment) * Assign fallback status at time of use See: #4185 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Create ImageUploadResponsePresenter to handle image upload response * Add test spec for ImageUploadResponsePresenter Co-authored-by: Zach Margolis <zbmargolis@gmail.com> * do not show account banner on mobile * Forget remembered browsers after RISC password reset (LG-3120) (#4195) * Update CSS style guide image path (#4198) * LG-3294 Replace raw NET::HTTP with Faraday equivalent. (#4197) LG-3294 Replace raw NET::HTTP with Faraday equivalent for the piv_cac_service. * Add maintenance window notification for Acuant (LG-3451) (#4202) Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * LG-3320 Prevent uploading selfie (#4199) * Use image-path CSS helper function to cache asset (#4203) * LG-3463: Rate limit image uploads during doc auth: Client response (#4193) * LG-3463: Rate limit image uploads during doc auth: Client response **Why**: As a user who has exceeded the allowable limit of doc auth attempts, I expect to be presented with a message explaining why I'm no longer able to submit my documents. With these changes, when the client detects there are no more attempts, the user is redirected to the error state. See: #4185 (LG-3342) * Return redirect URL in 429 response * Update test spec * Use ref callback to initialize FullScreen modal focus trap (#4200) **Why**: This may resolve an issue where focus trap's event handling is not removed after a FullScreen dialog is hidden, under the assumption that the previous implementation could leave potential for desync between modalRef and useEffect, or between the useEffect's unsubscribe behavior and trapRef.current.deactivate. * LG-3487: Remove file size validation for doc auth images (#4205) **Why**: As a user, I expect that even if my mobile device captures photos with low quality, I will be allowed to submit them in case Acuant will still select them, so that I am not blocked from proofing. * LG-3473: Log analytics for the image upload API (#4201) * LG-3473: Log analytics for the image upload API **Why**: As a user, I want login.gov to log analytics for the doc auth image upload API, so that if I am having an issue the login.gov team can debug it * rubocop * Log analytics using analytics.track_event * Rename doc auth image upload analytics constants **Why**: Clarity * Omit braces in last hash arguments **Why**: See #4201 (comment) * Tweak PIV/CAC and WebAuthn verification controllers (#4191) This was a discovery during LG-3118. This commit has 2 fixes: 1. The presenters renders the help text for AAL3 only when the user could only use the current method. They should render the help text if an AAL3 sign in is required 2. Remove duplicate paragraph from the PIV/CAC screen * Remove redundant "Connect your key" header (#4204) **Why**: We changed the context of the header on the page, making this header duplicative * Remove unused "verify-modal" JavaScript pack (#4210) **Why**: #2259 replaced modal dialogs with dedicated alert screens, and this code is now unused. * LexisNexis doc_auth client now available for use (LG-3263) (#4184) * LexisNexis doc_auth client now available for use (LG-3263) Co-authored-by: amathews <amathews@fearsol.com> * LG-3476: Upgrade focus-trap from ^2.3.0 (2.4.6) to 6.0.1 (#4211) * Upgrade focus-trap from ^2.3.0 (2.4.6) to 6.0.1 * Simplify components index file **Why**: - Exports unused - TrapModal variable as pass-through is unnecessary, since direct access to Modal import is available * Remove proxyquire (#4212) **Why**: While occasionally useful to mock out the behavior of underlying modules, it can give a false sense of security that the behavior of a mocked implementation will match the experience and expectations of the user-facing behavior. * Fix mobile nav rendering (#4209) * make sure nav is rendered in a valid place * render mobile nav as child of body * Update app/views/layouts/base.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * add usa-overlay div * add title to new account pages Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Remove unused "if checked" JavaScript form validation (#4214) * Remove unused submit auto-enable form validation (#4216) **Why**: While some forms implement custom auto-enable behavior for submit buttons, they do so by bypassing the default auto-enable behavior. There does not appear to be any instances of forms which rely on this core behavior. * LG-3339: Extract submit-with-spinner pack from form-validation.js (#4219) * Extract submit-with-spinner pack from form-validation.js * Add comment for custom event dispatching * Define element-closest as dependency of polyfill package * Convert a few more templates to erb (#4220) * convert edit password templates to erb * convert event disavowal new template to erb * convert pii_review template to erb * convert idv review new template to erb * Update app/views/shared/_pii_review.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/views/shared/_pii_review.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/views/shared/_pii_review.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/views/shared/_pii_review.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * remove extra space * fix specs Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * update rubocop to 0.91.0 (#4218) * Convert some more slim templates (#4222) * remove unused code in layout * convert idv come back later template to erb * convert verify_personal_key template to erb * convert devise passwords new template to erb * convert page took too long template to erb * convert in person find usps template to erb * fix unnecessary space * Use Acuant SDK for selfie capture (#4224) * Use AcuantPassiveLiveness for mobile selfie capture * Cache image data blob * Fix test specs * LG-3339: Make functionality in form-validation.js opt-in (#4221) * LG-3339: Make functionality in form-validation.js opt-in **Why**: As a developer, I want the behavior of forms to be predictable and enable automatic validations only when intended, so that I'm not caught in a situation where automatic validations occur unexpectedly and break user behavior. * Pass through simple_form_for arguments as given * Rename idp_simple_form_for as validated_form_for * Print form validation script once with data attribute * Explicitly include Webpacker helper * Print javascript_pack_tag using variadic arguments * Add test spec for form-validation script * Add test spec for script helper * Rename print_javascript_pack_once_tags to render_javascript_pack_once_tags * Use validated_form_for globally * Preserve this reference in I18n calls * Substitute classlist.js with classlist-polyfill (#4225) * Pass fields used to check if liveness is enabled to the hybrid flow (LG-3471) (#4223) Pass fields used to check if liveness is enabled to the hybrid flow (LG-3471) * LG-3543 Update doc captures to avoid showing the selfie in the hybrid… (#4230) The selfie step currently appears in the hybrid flow even if SPs don't request it. This commit backports the changes from #4223 to the old doc captures table so this bug is fixed for the old liveness flow. Co-authored-by: Doug Price <dprice@fearless.tech> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Steve Urciuoli <steve.urciuoli@gsa.gov> Co-authored-by: Zach Margolis <zbmargolis@gmail.com> Co-authored-by: Shade L. Jenifer <shade.jenifer@gsa.gov> Co-authored-by: Alex Mathews <44584810+amathews-fs@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Apology
This PR got a little out of hand...
Description
Addresses part of LG362, specifically all of the failure screens a user may see during the verification (LOA3) process.
Notes:
Screenshots
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.