Merged
Conversation
* Truncate large user agents when detecting browser changelog: Bug Fix, Logging, Fix 500 when parsing browser user-agent that is too long * Update app/services/browser_cache.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
- Lets us set log level to minimize STDOUT output from Identity::Hostdata (downloading files from S3, etc) [skip changelog]
* add check to see if platform is available * add alert * LG-5515: add redirect to error page * LG-5515: fix javascript error * LG-5515: put back method used for testing * LG-5515: platform auth normalize yaml and add tests * LG-5515: update rspec for webauthn * LG-5515: update javascript and remove unneeded logging * get rid of select call * LG-5515: update language * grab error from title * changelog: Improvements, Webauthn, Provide better error flow for users who may not be able to leverage webauthn (LG-5515 * LG-5515: rubocop error fix * LG-5515: simplify the webauthn method a little more * LG-5515: add a return * Only add "; Secure" to cookies served over HTTPS * Remove unused constants * LG-5515: webauthn authenticaate support safari * LG-5515: update language for platform auth * test fixes * fix linting, debug Co-authored-by: Jessica Dembe <jessica.dembe@gsa.gov> Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov>
changelog: Internal, Security, Upgrade Rails to patch vulnerability
* Migrate IDV_PHONE_CONFIRMATION_OTP_SUBMITTED event * Migrate IDV_PHONE_CONFIRMATION_OTP_VISIT event * Migrate IDV_PHONE_CONFIRMATION_OTP_VISIT event * Remove IDV_PHONE_ERROR_SUBMITTED, appears never to have been used * Migrate IDV_PHONE_OTP_DELIVERY_SELECTION_SUBMITTED event * [skip changelog]
changelog: Improvements, Proofing, Removed expired license allower Co-authored-by: Manish Shah <manishshah@Manishs-MBP.fios-router.home>
…ail address that has since been confirmed by another account (#6042) * Add failing test changelog: Bug Fixes, Reset Password, Fix 500 error when resetting password for account with email confirmed by another account * Return error on invalid account resetting password * Update app/forms/reset_password_form.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* allow path exceptions to ip rate limiting changelog: Improvements, Rate Limiting, Allow exceptions to IP-based rate-limiting rules * allow CIDR block exceptions to ip rate limiting * Update config/initializers/rack_attack.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update config/initializers/rack_attack.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Migrate ACCOUNT_VISIT analytics event * Migrate AUTHENTICATION_CONFIRMATION analytics event * Migrate AUTHENTICATION_CONFIRMATION_CONTINUE analytics event * Migrate AUTHENTICATION_CONFIRMATION_RESET analytics event * Migrate BANNED_USER_REDIRECT analytics event [skip changelog]
changelog: Internal, Security, Run JavaScript dependency audit in continuous integration tests
#6044) * changelog: Content Change, Update screen reader message to identify all options, LG-5857 * screen reader to read sr_message * explicit modal role
changelog: Bug Fixes, Account Reset, Fix error preventing account reset
changelog: Internal, Database, Modify autovacuum config for devices and users
changelog: Internal, Analytics, Use explicit configuration instead of "magic number" to set length limit on user-agent parsing Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
…6053) * remove unused methods * add spec for logging document error changelog: Internal, Testing, Improve test coverage
changelog: Internal, Background Jobs, Queue PhoneNumberOptOutSyncJob as long running
[skip changelog]
* Prepare v2.0.0 release of ESLint plugin * changelog: Internal, Packages, Publish v2.0.0 of ESLint shared configuration
* Create common interface for accessing PII bundle in session changelog: Internal, Data, Create common interface for accessing PII bundle in session * Update app/controllers/sign_up/completions_controller.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Add method to allow for checking of existence of PII bundle in session Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Avoid duplicated hot-path User and ServiceProvider queries changelog: Internal, Performance, Re-use existing database query results to avoid duplicative work * Update app/services/idv/session.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * rename identity linker provider to issuer Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Avoid duplicated ServiceProvider queries in IdentityLinker changelog: Internal, Performance, Re-use existing database query results to avoid duplicative work * rename current_service_provider to saml_request_service_provider in saml auth to better distinguish service providers
aduth
requested review from
SammySteiner,
gsa-manish,
jgrevich,
jmdembe,
mdiarra3,
mitchellhenke and
zachmargolis
mitchellhenke
approved these changes
Mar 15, 2022
Contributor
Author
Thanks for the heads-up! I'll remove them from the notes. Should the changelog script be excluding those if they're already on |
zachmargolis
approved these changes
Mar 15, 2022
Comment on lines
+23
to
+24
| // if platform auth is not supported on device, we should take user to the error screen if theres no additional methods. | ||
| // if platform auth is not supported on device, we should take user to the error screen if theres no additional methods. |
Contributor
There was a problem hiding this comment.
whoops, I bet a merge conflict resulted in us duplicating this line like this, luckily it's a comment so it's a no-op
Contributor
Author
There was a problem hiding this comment.
whoops, I bet a merge conflict resulted in us duplicating this line like this, luckily it's a comment so it's a no-op
👍 Related: #5976 (comment)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improvements
Bug Fixes
Internal