Merged
Conversation
**Why**: Good security practice to avoid timing attacks [skip changelog]
* Add "toPreviousStep" feature to FormSteps **Why**: To allow step implementations to return the user to the previous step. * LG-6160: Implement personal key confirmation modal "Back" button **Why**: To allow the user to return to the personal key step to record their personal key, since they need it to be able to complete the confirmation step. changelog: Upcoming Features, Identity Verification, Add personal key step screen
* Remove custom camera icon implementation **Why**: As a simplification, since we can use it directly from the design system. * Update icon styling for selfie capture button **Why**: Per inline comment, because it's standalone icon * Add changelog changelog: Upcoming Features, Identity Verification, Add personal key step screen
* LG-6159:add and place images in personal key step * Add changelog changelog: Upcoming Featuers, Identity Verification, add images to personal key step screen * move asset path import in confirm step * fix lint errors * lint img format * one more alignment lint issue * flattening and consolidating classes on modal image * linting
* Disable space-before-function-paren ESLint rule Stylistic rules conflict with Prettier * Move useImmutableCallback hook to react-hooks package **Why**: To share * Move FullScreen to components package **Why**: To share * Allow optional label for FullScreen **Why**: To allow a "labelledby" additional feature * Support option to hide default close button for FullScreen * Add background color customization to FullScreen * Add labelledBy, describedBy props to FullScreen * LG-6158: Use FullScreen component for modal component **Why**: To reuse common accessibility behaviors, including inert background content, focus trap, autofocus, deactivation triggers (e.g. escape button). changelog: Upcoming Features, Identity Verification, Add personal key step screen * Wire Modal onRequestClose to toPreviousStep * Add spec for escape-to-close dialog
* Migrate IDV_CANCELLATION event * Migrate IDV_CANCELLATION_GO_BACK event * Migrate IDV_CANCELLATION_CONFIRMED event * Migrate IDV_COME_BACK_LATER_VISIT event * Migrate IDV_DOC_AUTH_EXCEPTION_VISITED event changelog: Internal, Documentation, Document analytics events
* Pin idp/ci to the current sha. [skip changelog] * Use an env var
**Why**: Since there are many improvements, bug fixes, and (importantly, for future reference) breaking changes. changelog: Internal, Dependencies, Update dependencies
* TypeScript-ify ValidatedField * Rename ValidatedField to ValidatedFieldElement * Move ValidatedFieldElement out of index * Auto-register ValidatedFieldElement custom element * Add ValidatedField React component * Enhance FormSteps to work with ValidatedFieldElement * LG-6160: Add personal key validation behavior **Why**: As a user, I expect feedback if I have incorrectly entered the personal key, so that I can correct my mistakes and continue with the proofing flow. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Type narrowing via typeof function * Use native checkValidity for setting custom validity * Add specs for ValidatedField React component * Combine checkValidity + reportValidity reportValidity is meant to be combination of (a) check validity and (b) report to user * Update spec stubbing * Add spec for PersonalKeyInput validation * Add spec for PersonalKeyConfirmStep validation * Submit FormSteps using context **Why**: For compatibility with portal'd content. While React does support event bubbling through portal boundaries, the DOM itself is a bit more picky, and will not fire the submit event if the submit button is not within the same DOM hierarchy as its form. see: https://codepen.io/aduth/pen/KKZEPER * Add failing spec for missing "Enter"-to-submit behavior * Add missing value to fake FormStepsContext * Shim fake form for modal input submission-by-enter * Remove unused import * Add (failling) regression spec for expected initial errors behavior Initial active errors should only clear individually for each field which is replaced * Restore initial active error handling, field-level error clearing * Handle submit bubbling via empty form tag * Restore FormStepsContext default value * Update specs for new version of testing-library/user-event
* LG-6199: Show current IdV app step as page title **Why**: - As a user, I expect that each page is uniquely titled, so that I can understand its purpose. - Feature parity with existing step implementation. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Clarify step interpolation #6232 (comment)
changelog: Internal, Maintenance, Remove unused database table
changelog: Internal, Maintenance, Skip querying unused database columns
* Enable Rubocop Layout/SpaceAroundOperators **Why**: So that developers needn't spend their team leaving stylistic review remarks for the conventionally-adopted style. changelog: Internal, Linting, Increase strictness of operator styling lints * oh erb, how could i forget about you * Enforce space around exponent * Fix lint issues
…s to add a second MFA (#6188) changelog: Improvements, Multi-factor authentication feature, Add call to action banner to add second MFA options Co-Authored-By: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Sub-events that were split out: - cancel - delete - request - cancel token validation - granted token valdiation - notifications * Migrate ACCOUNT_RESET_VISIT event changelog: Internal, Documentation, Document analytics events
* Add test specifically for config.ssl_options **Why**: Tests run without ActionDispatch::SSL middleware so we test it directly changelog: Internal, Dependencies, Remove secure_headers gem to leverage newer Rails features
* Include "personal_key" as alertable key in analytics PiiDetector **Why**: Since we don't want to be including this detail in any logs, as it is password-like. * Add changelog changelog: Internal, PII Detection, Improve coverage of PII logging detection
…ase32 (#6240) * LG-6160: Validate personal key value as case-insensitive changelog: Upcoming Features, Identity Verification, Add personal key step screen * Enhance feature spec for supportable, jumbled entry * Create standalone test case for personal key feature spec * Drop removed kwarg * Add Crockford Base32 normalization for PersonalKeyInput validation * get some i-coverage in there too
The verb `requested` was using the wrong tense in English. This commit fixes that. The other translations appear to be correct changelog: Bug Fixes, Content, A typo on the completions page was fixed
changelog: Internal, Maintenance, Drop unused doc_auths table
LG-5745 Can't use your phone? changelog: Improvements, Content, Change "Don't have access to your phone" to "Can't use your phone?"
…6239) * success alert for password * Add changelog changelog: Upcoming Features, Identity Verification, add sucess alert for password confirm * move alert to verify-flow index * lint error
…mail confirmation form (#6247) changelog: Bug Fixes, Authentication, Ensure validation of email confirmation tokens is consistent
changelog: Internal, Maintenance, Remove unused EmailNotifier code
* add failing spec * Ensure sp redirect_url exists before sending to completions page changelog: Bug Fixes, Authentication, Avoid 500 error by not incorrectly redirecting to service provider consent page * Update app/controllers/concerns/verify_sp_attributes_concern.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
**Why**: Security release. Reference: https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released changelog: Internal, Dependencies, Update dependencies to resolve security advisories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improvements
Bug Fixes
Internal
Upcoming Features