Deploy RC 62 to staging#2334
Merged
jgsmith-usds merged 55 commits intostages/stagingfrom Jul 18, 2018
Merged
Conversation
**Why**: To follow industry standards. **How**: Add a new webhook for Twilio reply messages.
**Why**: We want tests to adhere to our style guides.
LG-312 Add SMS opt-out
Deploy stages/rc-2018-07-05 to int
**Why**: The controller calls it with that argument. I overlooked this when working on #2280
Define locale argument for VoiceOtpSenderJob
Fix Voice OTP bug in RC 61
…ons API endpoint **Why**: The endpoint is already protected by an auth token **How**: skip_before_action :verify_authenticity_token
…account-reset-notifications-api LG-438 Remove csrf protection on account reset delayed notifications endpoint
Remove CSRF protection from SendNotificationsController
**Why**: Example IDV phone verification step page isn't rendering button at full-width at smaller screen sizes. Most of our views are similar. **How**: Adjust button (and input, in the case of our phone input control) styling on these pages to be responsive at full-width and smaller screen sizes (our main break point presently occurs at 40em/640px). Tested in Firefox and Chrome were the following flows: - sign-up - sign-in - password reset - IDV process - etc.
**Why**: They don't belong in the code. History has shown that once they are added, they are rarely removed or acted upon. If something is important enough, an issue should be opened so it can be tracked.
**Why**: A spec that was testing that the uploader would run on a federal workday is failing at the time of this writing because it is already July 4 in Circle CI. The test was not stubbing the date, and therefore this test would always fail on any federal workday.
Remove TODOs from codebase
Fix USPS Uploader spec
Allow Code Climate to analyze the spec folder
Fix attribute_encryption_key_queue in example yml
**Why**: Twilio's Verify service cannot send SMS to Canada out of the box. It requires purchasing a separate option. **How**: Make the list of countries that should use Programmable SMS configurable, and add Canada to that list.
**Why**: To simplify the page, per a design review. **How**: Modify the text and layout of the screen, add new content and link. Since the result is similar to the existing OTP screen in the main 2FA flow, the same messaging (labels/translations) from that page is now shared.
…bile LG-365 Make CTA full width on mobile for certain screens
Make Programmable SMS countries configurable
LG-447 Fix typo on account reset page
**Why**: So users don't get 500 errors when signing in. This is a follow up to the previous commit which adds the following: - Rescue Twilio errors when signing in and display the OTP verification page with an error message, allowing the user to try the phone call option, or signing in with their personal key - Capture the country code and context along with Twilio errors so we can more easily see which countries are affected - Don't change the user's OTP delivery preference if the last preference they used resulted in a Twilio error. For example, if a user normally uses voice, but for some reason didn't get the phone call, and then tries to send an SMS to a landline, resulting in an error message, we should leave their preference as voice so they won't get an error the next time they sign in. - Add the phone number country to the Exception Notification emails
LG-393 Redesign IDV verification OTP delivery method template
LG-451 Remove duplicate SMS sent with account reset delayed notification
Handle Twilio errors more gracefully
**Why**: The control wraps prematurely on smaller screen widths. **How**: Make full width of its parent.
LG-410 Adjust checkbox spacing on OTP verification template
**Why**: We are no longer using these columns in favor of `encrypted_password_digest`
**Why**: tsp.move.mil has complete integration testing and is ready to be promoted to production. **How**: Update service_providers.yml
LG-462 Add tsp.move.mil service provider
**Why**: We want to slowly roll out piv/cac use so we can make sure the users to whom we show the option are most likely to find it useful and usable. **How**: Add NGA and EOP as supported agencies for their respective SPs.
**Why**: Moving assets to be served from Cloudfront as opposed to nginx will reduce the load on our servers, and will make the site faster for users across the globe. On the Rails app side, this is a trivial change. The tricky part is setting up the Cloudfront distribution and making sure to select `Whitelist` from the `Cache Based on Selected Request Headers` dropdown, and add the `Origin` header to the `Whitelist Headers`. Then, add the following headers to the nginx config for fonts: `Access-Control-Allow-Origin` set to the current server domain name, including the protocol, such as `https://secure.login.gov`, and `Access-Control-Allow-Methods` set to `GET`.
**Why**: There is a bug in Devise where if you visit the sign in page with a `user` param set to a String, it will raise an exception. The bug has been fixed and merged into master, but hasn't been released to Rubygems yet. We could either point our gem to Devise's master branch, or temporarily add some code to prevent the bug until the fix is released. I opted for the latter because I don't know how stable the master branch is and what kind of changes are in it.
…roups Add NGA and EOP as agencies which allow piv/cac
LG-439 Don't raise error for invalid user params
LG-268 Serve assets from Cloudfront CDN
Why: The script halts if there is an encryption exception with a single account How: Put an EncryptionError rescue block in the rake task
…n-errors-in-rake-task LG-464 Update attribute encryption rake task to log errors and continue
**Why**: We need the ability to select from multiple two factor methods in a streamlined manner. **How**: Create a new 2fa selection screen upon login which will display 2fa options currently configured for the user. Add a new configure additional 2fa methods screen prior to the redirect back to the SP (or accounts page) which will present 2fa options not yet configured for the user so they can add additional second factors to their accounts as they become available. Standardize and simplify all the 2fa screens with a single layout with clear instructions for each 2fa including a remember browser option as well as options to select a different 2fa or cancel. Provide an account reset option (or pending cancel) as a last resort. Finally, this PR DRYs up the code somewhat. However, a subsequent PR will refactor both the creation and login process into a more service based architecture.
LG-428 Build 2FA selection at sign in
**Why**: Agency request **How**: Update service_providers.yml
Why: Other than our event log and db there is no forensic evidence of a cancellation and an attacker controlling one of the factors can cancel the deletion. How: Add an SMS and email to the cancel controller
…d-notify-both-factors LG-449 - Cancelling account deletion should notify both factors
LG-482 Add a new redirect uri to DOT portal SP
**Why**: The old deployed code does not realize the columns have been dropped, so it breaks when it tries to load them into the model.
jgsmith-usds
requested review from
jmhooper and
monfresh
and removed request for
monfresh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.