Deploy RC 168 to Production#5649
Merged
mitchellhenke merged 22 commits intostages/prodfrom Dec 2, 2021
Merged
Conversation
* Fix support for nested ViewComponent scripts **Why**: Because it's expected that a component with "sidecar" JavaScript files will load those files, regardless whether the component is rendered as nested within another component. Upgrades `view_component` gem from 2.40.0 to latest (2.43.1) to fix related bug where `helpers` reference was not consistent ([see v2.42.0 release notes](https://viewcomponent.org/CHANGELOG.html#2420)). * Rename render_component_script to enqueue_component_scripts
**Why**: - Because if the phone number is used in a PhoneInputComponent (in LG-5333, and after LG-5399), the intl-tel-input library could have trouble parsing the country of an arbitrary, user-entered number value, resulting in a scenario where the flag dropdown appears as an empty gray box. - Because presumably it is easier to read a nicely-formatted phone number than a string of 6-14 numbers.
…5626) **Why**: - For improved consistency of presentation of error messages in the application - Favoring design system over redundant, ad-hoc implementations - Unblocking new behaviors in #5619 where form-level `has-error` class error styling would take precedence over field-level validity state styling
* LG-4924: attempt at fixing * LG-4924: update to allow update values * LG-4924: change the binding for OTP * Linting fix * fi xlinting issue * hidden tag * Session helper fix * LG-4924: add no js option for now * LG-4924: autofill insert html instead * update to insert html instead * fix lint * visible false * LG-4924: set value instead of using fill_in * Class reference * LG-4924: update to fill with code * remove unneeded if check * LG-4924: add test to ensure it triggers call for passing input * polyfill custom events * Add test to ensure syncing works * move method call out of constructor * LG-4924: remove id to visible unit * LG-4934: randomize code page * update tests * LG-4924: update to use page
Currently, an external POST request to the IdP will not have access to an existing session since the cookie is blocked due to `SameSite=Lax`. This results in users with an active session having to sign in again if sent back to the IdP with a POST SAML request. However, if the POST request comes _from_ the IdP the session will be available in that request. Therefore, this commit inserts a new action within our SAML POST handling that captures the SAML parameters of the original POST request, populates a form with them (with appropriate CSRF handling), and then submits that form with JS to create an "internal" POST request with access to the session. This new action skips session handling so it does not override an existing IdP session cookie.
* Form Validation: Limit custom validation reset to own validation **Why**: To avoid conflicts between form-validation custom validation and other custom validation which may apply to an input (e.g. a component implementation). * Render phone forms as validated form **Why**: Consistency of form rendering and validation (e.g. required field messaging) * Remove unused SSN pattern type matching **Why**: It is now handled by adjacent inline text element as of #5468
- Follow-up to #5594
There was a styling bug in the TroubleShooting react component. So after a quick discussion added the missing style class and the ability to customize the header tag in the component.
- Ran `bin/rails g good_job:update --database worker_jobs`
Currently, when a user authenticates with an active Login.gov session, they are taken to an account selection screen as per the OIDC spec. In order to provide a more seamless "step-up" flow from IAL1 to IAL2, we are going to only take a user to that screen on their first visit to a given SP, and skip it on subsequent visits.
* Only allow SSNs in the 900 group to proof with the mock proofer **Why**: So only real data i.e. not PII can be used in the int environment * update tests for idv agent * only check prefix * update regex * fix specs * skip incorrect tests * reference local variable instead of constant * remove duplicate ssn feature tests * allow certain configured SSNs in mock proofer * add test and comment Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
LG-5372 Follow on minor update to action button top and bottom white space.
…isabled (#5619) * LG-5333: Use PhoneInputComponent on IAL2 address verification **Why**: Phone input fields should use consistent styling and validation behavior. This requires additional handling to constrain the input to support only specific countries, since the address verification only supports U.S. phone numbers. * Restore no-cond-assign enforcement with except-parens See: #5619 (comment) * Validate allowed_countries against actual codes * Revert OTP delivery preference validation changes Save for LG-5362 * Use self-assignment operator Per Rubocop. TIL! * Revert "Revert OTP delivery preference validation changes" This reverts commit a0c29c96d7ce22e8dcf307c1a14be691e6f08d10. * Remove default CSS class, support custom class * Add ValidatedFieldComponent for independent field validation * Add US-constrained phone number translations * Validate non-US single country option * Add customized phone required messaging * Update invalid phone number messaging * Update unsupported phone numbers translations * WIP: Toggle error on undeliverable countries * WIP: Try to constrain width of error message to match input * Add inline code document for new otp-delivery-preference methods * Update spec for revised phone required error text * Simplify single country styling intl-tel-input already applies a class to key off for dropdown vs. no-dropdown * Resolve console error on attempted hidden field focus * Add more inline code commments * Add more specs for add_phone_spec Coverage for different combinations of changing values, and hidden delivery preferences panel * Move deliverability validation into PhoneInput implementation **Why**: Because we need this validation on the IAL2 hybrid step, which doesn't offer choices for delivery method * PhoneInput: Expand test coverage to include constrained delivery methods * PhoneInputComponent: Show delivery method-specific messaging * Update SignInSpec for always-enabled submit button * PhoneInput: Add spec for phone country switch formatting * Remove unused translations * Restart build * Fix spec for updated SMS deliverable method message * Expand test coverage to include voice constraint * Update unsupported delivery method error texts
* Add job to schedule
* stylelint Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * fix stylelint errors Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * remove scss_lint and ruby-sass * update doc Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
The SAML specification (section 3.4.1) includes an attribute `ForceAuthn` for the `AuthnRequest` element that can be used by an SP to require that a user be authenticated again, rather than relying on a previous security context. This change allows the IdP to respect that attribute and force authentication when an SP includes `ForceAuthn='true'` in the SAML request.
**Why**: The configuration was intended to allow the Capybara "page.find_by_id" method within feature specs. However, this wasn't working correctly for several reasons: - "Include" should have been "Exclude", to exempt feature specs while still enforcing elsewhere. - "AllowedMethods" is still called "Whitelist" in the version of Rubocop we use, so it was emitting a warning about invalid configuration. - The "Include" path was wrong, since we have our tests in "spec", not "tests" The result of these is that the rule was not being applied _anywhere_, since it was only including files that don't actually exist in the project.
mitchellhenke
requested review from
aduth,
amathews-fs,
jmdembe,
mdiarra3,
orenyk,
stevegsa and
zachmargolis
Contributor
|
|
Contributor
|
@mitchellhenke might need to pull out #5637 due to a partner concern... stay tuned. |
stevegsa
approved these changes
Dec 1, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.