Merged
Conversation
Deploy stages/rc-2018-06-22 to int
**Why**: Devise depends on the authenticable salt method, namely for serializing a user into the session: https://github.com/plataformatec/devise/blob/master/lib/devise/models/authenticatable.rb#L233-L235 Credit to @monfresh for finding this bug.
Deploy stages/rc-2018-06-22 v2 to int
**Why**: So that we can measure how our password policies are affecting the stength of passwords people are creating **How**: We do not want the password metrics to be associated with the user records, so we create a new record, named `PasswordMetric` which captures the name of the metric we are calculating, value (e.g. the length of the password), and count (e.g. how many users have a password of a given length). The code then does an atomic insert any time a user sets, resets, or changes their password.
Why: We should properly capture error conditions in our code How: Rescue known error conditions and translate them into actionable errors and return an appropriate http status code
LG-409 Fix 500 errors in production
**Why**: The `phony_rails` gem doesn't support certain countries, such as Zambia. Also, we were using both `phony_rails` and `phonelib` for different purposes. They both do the same thing overall, so it's best to stick with one, and `phonelib` is the better one since it supports Zambia and Liberia.
LG-341 Replace phony_rails with phonelib
**Why**: Move.mil needs to know the subject of the piv/cac so they can link the user's account to resources in DoD. **How**: Add the subject of the cert to the attribute bundle provided via OIDC.
**Why**: To pick up a fix for a path traversion bug
**Why**: All of the contents of these columns have been moved into the `encrypted_password_digest` column.
[LG-324] Add piv/cac subject to attributes for move.mil
**Why**: So that we can continue the migration to recovery code digests that mirror password digests
**Why**: To remove unnecessary conditionals in the controller and to have one place to define the text that goes with each error. This will make it easier to implement Twilio Verify.
**Why**: They submitted a new logo **How**: Replace the previous logo
**Why**: Users that are unable to 2FA are forced to create a new account with a new email. **How**: Allow users to request to delete their account if they are unable to 2FA. After 24 hours they will receive a link which allows them to delete their account.
Use Hash to map Twilio errors to user-facing text
LG-419 Update USAID logo
**Why**: The help instructions aren't clear. **How**: Update them to make them simpler.
…ructions [LG-350] Update personal key instructions
Fix Rubocop offenses
…delete LG-382 Implement account reset via delayed delete
**Why**: If a user has configured their account with piv/cac, then we want to show that rather than sending them a text. They can still opt to receive a text if they aren't able to use their piv/cac. **How**: Swap the ordering so piv/cac is ahead of sms/voice.
Prioritize piv/cac during signin if configured
**Why**: It purports to be more reliable than the Twilio REST API. Another benefit is that they provide localized messages in a bunch of languages (whereas we only support English, French, and Spanish). By default, the Verify service uses their own generated code, but they also allow you to use your own code and validation, which is what I've done in this PR. The advantage of using Twilio's code is that it can be cheaper because once a user requests an SMS, it is valid for 10 minutes, and if the user requests another SMS while the first one is still valid, Twilio will resend the original code at no additional cost. The disadvantage is that we no longer retain control of how the code is generated, and how it is validated. It would also require a second API call to verify the code entered by the user. From the documentation, it seems that if we want to take advantage of the localization, we cannot use our own custom text. We are meeting with Twilio to get confirmation.
LG-340 Use Twilio Verify for international SMS
**Why**: KMS is not multi-region and KMS does not allow importing or exporting keys which ties us to AWS. **How**: Introduce an AesClient and allow the UserAccessKey to use that for attribute encryption. Refactor KmsClient to serve a single purpose of servicing encryption through KMS for scenarios that still require it.
LG-290 Move attribute encryption away from KMS
**Why**: MyCBP is ready for production **How**: Update service_providers.yml and assets dir with logo
LG-437 Create MyCBP service provider
**Why**: The controller calls it with that argument. I overlooked this when working on #2280
**Why**: A bug was found in RC 61, but shortly after the release branch was created, #2276 was merged into master with changes incompatible with RC 61. When I fixed the bug in RC 61, I didn't notice VoiceOtpSenderJob had changed. This PR uses the old code for #send_otp to allow tests in RC 61 to pass.
…ons API endpoint **Why**: The endpoint is already protected by an auth token **How**: skip_before_action :verify_authenticity_token
jgsmith-usds
approved these changes
Jul 5, 2018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:
For DB changes, check for missing indexes, check to see if the changes
affect other apps (such as the dashboard), make sure the DB columns in the
various environments are properly populated, coordinate with devops, plan
migrations in separate steps.
For route changes, make sure GET requests don't change state or result in
destructive behavior. GET requests should only result in information being
read, not written.
For encryption changes, make sure it is compatible with data that was
encrypted with the old code.
For secrets changes, make sure to update the S3 secrets bucket with the
new configs in all environments.
Do not disable Rubocop or Reek offenses unless you are absolutely sure
they are false positives. If you're not sure how to fix the offense, please
ask a teammate.
When reading data, write tests for nil values, empty strings,
and invalid formats.
When calling
redirect_toin a controller, use_url, not_path.When adding user data to the session, use the
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
When adding a new controller that requires the user to be fully
authenticated, make sure to add
before_action :confirm_two_factor_authenticated.