LG-460 Display fake banner in lower environments.#2418
Conversation
|
Thanks for your first PR! This looks great so far. I have a few comments:
def self.no_pii_mode?
Rails.env.production? && Figaro.env.domain_name != 'secure.login.gov'
end
|
app/views/layouts/base.html.slim
Outdated
| = render 'shared/no_pii_banner' if FeatureManagement.no_pii_mode? | ||
| = render 'shared/usa_banner' | ||
| = render 'shared/fake_banner' if FeatureManagement.no_pii_mode? | ||
| = render 'shared/usa_banner' if !(FeatureManagement.no_pii_mode?) |
There was a problem hiding this comment.
What do you think about combining these conditionals? Maybe something like this:
- if FeatureManagement.no_pii_mode?
= render 'shared/no_pii_banner'
= render 'shared/fake_banner'
- else
= render 'shared/usa_banner'And then going a step further, what do you think about combining the no_pii_banner into the fake_banner by taking the contents of the former and adding it to the latter, then deleting the former, since those 2 will always be shown together? And finally, perhaps renaming no_pii_mode? to fake_mode? or fake_banner_mode??
config/locales/idv/fr.yml
Outdated
| no_pii: N'utilisez pas de véritables données personnelles (il s'agit d'une | ||
| démonstration seulement) | ||
| no_pii: FAKE N'utilisez pas de véritables données personnelles (il s'agit | ||
| d'une FAKE démonstration seulement) |
There was a problem hiding this comment.
I think the french word we want is TRUQUÉ, and the second instance should come after the closing parenthesis.
config/locales/shared/fr.yml
Outdated
| fr: | ||
| shared: | ||
| fake_banner: | ||
| fake_site: Un site FAKE du gouvernement des États-Unis |
lib/feature_management.rb
Outdated
| def self.no_pii_mode? | ||
| enable_identity_verification? && Figaro.env.profile_proofing_vendor == :mock | ||
| def self.fake_banner_mode? | ||
| Rails.env.production? == false && Figaro.env.domain_name != 'secure.login.gov' |
There was a problem hiding this comment.
Thanks for the updates. This looks great. I failed to clarify this earlier: what we mean by "the banner should show up on all servers except for production" is that the logic is based on the server host, which is defined in Figaro.env.domain_name. The Rails environment is production on all of those servers. When I suggested we use Rails.env.production? as the first condition, I meant the banner should not show up when developing the app locally and in the test environment.
So, what we want is Rails.env.production?, not Rails.env.production? == false.
spec/lib/feature_management_spec.rb
Outdated
| let(:enable_identity_verification) { false } | ||
|
|
||
| it { expect(no_pii_mode?).to eq(false) } | ||
| it { expect(fake_banner_mode?).to eq(true) } |
There was a problem hiding this comment.
Can we please update all of these tests to match the new conditions? These old scenarios don't apply anymore.
spec/features/users/sign_in_spec.rb
Outdated
|
|
||
| expect(page).to have_content 'FAKE' | ||
| end | ||
|
|
There was a problem hiding this comment.
What do you think about using a view spec instead, in spec/views/layouts/application.html.slim_spec.rb? That way, we know this will work on all pages as opposed to just the sign in page.
config/locales/idv/fr.yml
Outdated
| no_pii: N'utilisez pas de véritables données personnelles (il s'agit d'une | ||
| démonstration seulement) | ||
| no_pii: TRUQUÉ N'utilisez pas de véritables données personnelles (il s'agit | ||
| d'une TRUQUÉ démonstration seulement) |
There was a problem hiding this comment.
Can we move the second TRUQUÉ to the end of the string, after the closing parenthesis?
There was a problem hiding this comment.
Looks like the second TRUQUÉ is still not at the end of the string. It should be like this:
no_pii: TRUQUÉ N'utilisez pas de véritables données personnelles (il s'agit
d'une démonstration seulement) TRUQUÉ 
|
Please review again. I believe I have fixed all concerns. |
|
There is one issue that the CI finds: This is not due to my changes so I am not sure if I should fix it as it may have been addressed elsewhere |
spec/lib/feature_management_spec.rb
Outdated
|
|
||
| it { expect(no_pii_mode?).to eq(false) } | ||
| context 'fake banner mode in production' do | ||
| it 'returns true' do |
There was a problem hiding this comment.
I think you meant it 'returns false'? Also, what do you think of a more descriptive test title, such as:
context 'when on secure.login.gov' do
it 'does not display the fake banner' do
spec/lib/feature_management_spec.rb
Outdated
|
|
||
| it { expect(no_pii_mode?).to eq(false) } | ||
| end | ||
| context 'fake Banner mode in test' |
There was a problem hiding this comment.
What do you think of a more descriptive test title, such as:
context 'when the host is not secure.login.gov and the Rails env is production' do
it 'displays the fake banner' do
spec/lib/feature_management_spec.rb
Outdated
| and_return('test.login.gov') | ||
| allow(Rails.env).to receive(:production?). | ||
| and_return(true) | ||
| expect(FeatureManagement.fake_banner_mode?).to eq(true) |
There was a problem hiding this comment.
Can we also please add a third test for this scenario?
context 'when the host is not secure.login.gov and Rails env is not production' do
it 'does not display the fake banner' do
spec/lib/feature_management_spec.rb
Outdated
| context 'with identity verification disabled' do | ||
| let(:enable_identity_verification) { false } | ||
| describe '.fake_banner_mode?' do | ||
| subject(:fake_banner_mode?) { FeatureManagement.fake_banner_mode? } |
There was a problem hiding this comment.
This subject doesn't seem to be used. Can we remove it?
| render | ||
| expect(rendered).to have_content('FAKE') | ||
| end | ||
| end |
There was a problem hiding this comment.
What do you think about stubbing FeatureManagement here, since that is what the layout is calling, and it is already unit tested separately? Something like this:
context 'when FeatureManagement.fake_banner_mode? is true' do
it 'displays the fake banner' do
allow(FeatureManagement).to receive(:fake_banner_mode?).and_return(true)
render
expect(rendered).to have_content('FAKE')
end
endand then the negative test as well:
context 'when FeatureManagement.fake_banner_mode? is false' do
it 'does not display the fake banner' do
allow(FeatureManagement).to receive(:fake_banner_mode?).and_return(false)
render
expect(rendered).to_not have_content('FAKE')
end
end
|
Please review and see if you approve. Thanks. GC |
spec/lib/feature_management_spec.rb
Outdated
| and_return('test.login.gov') | ||
| allow(Rails.env).to receive(:production?). | ||
| and_return(false) | ||
| expect(FeatureManagement.fake_banner_mode?).to eq(true) |
There was a problem hiding this comment.
This should be false. If you click on the "Details" link next to ci/circleci at the bottom of the PR, you can see that this test failed.
spec/lib/feature_management_spec.rb
Outdated
|
|
||
| it { expect(no_pii_mode?).to eq(false) } | ||
| context 'when the host is not secure.login.gov and the Rails env is not in production' do | ||
| it 'displays the fake banner' do |
There was a problem hiding this comment.
this should say it 'does not display the fake banner'
There was a problem hiding this comment.
Done.... I apologize. I did these in a hurry this morning and missed it. Should be okay now.
|
The latest changes look good. Thanks! Just a couple of things to fix: The French translation still needs to be updated to this: no_pii: TRUQUÉ N'utilisez pas de véritables données personnelles (il s'agit
d'une démonstration seulement) TRUQUÉ and the test that is failing. |
|
Please take a look now. |
monfresh
left a comment
monfresh
left a comment
There was a problem hiding this comment.
Looks great, thanks! Please squash your commits and update the final commit message to follow our guidelines. Thanks!
**Why**: Our lower environment websites (dev, int, qa, staging, etc.) are public, and sometimes people visit them without realizing they are not on secure.login.gov. When that happens, we want to make sure they know they are not on the production site by displaying a banner at the top of the site that says this is a FAKE site.
monfresh
force-pushed
the
gregc-LG460-create-more-visible-banner
branch
from
46f8a0c to
66ee7b6
Compare
monfresh
changed the title
2 participants
Why: Our lower environment websites (dev, int, qa, staging, etc.)
are public, and sometimes people visit them without realizing they are
not on secure.login.gov. When that happens, we want to make sure they
know they are not on the production site by displaying a banner at the
top of the site that says this is a FAKE site.
Hi! Before submitting your PR for review, and/or before merging it, please
go through the checklists below. These represent the more critical elements
of our code quality guidelines. The rest of the list can be found in
CONTRIBUTING.md
Controllers
authenticated, make sure to add
before_action :confirm_two_factor_authenticatedas the first callback.
Database
Unsafe migrations are implemented over several PRs and over several
deploys to avoid production errors. The strong_migrations gem
will warn you about unsafe migrations and has great step-by-step instructions
for various scenarios.
Indexes were added if necessary. This article provides a good overview
of indexes in Rails.
Verified that the changes don't affect other apps (such as the dashboard)
When relevant, a rake task is created to populate the necessary DB columns
in the various environments right before deploying, taking into account the users
who might not have interacted with this column yet (such as users who have not
set a password yet)
Migrations against existing tables have been tested against a copy of the
production database. See LG-228 Make migrations safer and more resilient #2127 for an example when a migration caused deployment
issues. In that case, all the migration did was add a new column and an index to
the Users table, which might seem innocuous.
Encryption
Routes
state or result in destructive behavior).
Session
user_sessionhelperinstead of the
sessionhelper so the data does not persist beyond the user'ssession.
Testing
and invalid inputs.