Conversation
**Why**: They don't belong in the code. History has shown that once they are added, they are rarely removed or acted upon. If something is important enough, an issue should be opened so it can be tracked.
monfresh
commented
Jul 4, 2018
| sub: client_id, verify_sub: true) | ||
| validate_aud_claim(payload) | ||
| rescue JWT::DecodeError => err | ||
| # TODO: i18n these JWT gem error messages |
Contributor
Author
There was a problem hiding this comment.
These are not user facing, where user = site visitor. I'm not sure it's worth localizing them. We don't localize other IdP-to-SP API error messages.
monfresh
commented
Jul 4, 2018
| end | ||
|
|
||
| def authenticate(token) | ||
| # TODO: make this secret required once we have everything deployed and configured |
monfresh
commented
Jul 4, 2018
| # TODO: remove empty/fake values from this block, which create the misleading | ||
| # impression that these values aren't used. In fact they will be used unless | ||
| # they are overriden by keys with the same name in the application.yml in the | ||
| # app secrets bucket. |
monfresh
commented
Jul 4, 2018
|
|
||
| # context 'when choosing to sign in' do | ||
| # TODO: duplicate scenarios from Create Account here | ||
| # end |
Contributor
Author
There was a problem hiding this comment.
We already have a scenario for signing in at the bottom of this file. Furthermore, it doesn't look like anyone is using this feature anymore because it hasn't been updated in a while and no one has complained about it being broken.
jgsmith-usds
approved these changes
Jul 5, 2018
Contributor
jgsmith-usds
left a comment
jgsmith-usds
left a comment
There was a problem hiding this comment.
TODOs that aren't done in the PR in which they are introduced should be made into Jira tickets, so this looks good to me.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why: They don't belong in the code. History has shown that once they
are added, they are rarely removed or acted upon. If something is
important enough, an issue should be opened so it can be tracked.
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.