Merged
Conversation
changelog: Analytics, Events, update events #16
[skip changelog]
**Why**: - Because the implemented layout should conform to design specifications - Updating to use common page footer component allows for single point of update for future revisions changelog: Improvements, Layout, Adjust page footer spacing to match layout design specs
**Why**: So that React is not included in bundles which are expecting to use only the native custom element implementation. changelog: Improvements, Performance, Reduce download size of compiled JavaScript
* lg-6202 - accordion for the password confirm page
…#6284) * Add setup router * delete authenticator service * LG-5988: work on routing for multiple selections * LG-5988: remove uneeded helper * changelog: New Feature, Allow Users to add more than one MFA method on account creation, LG-5988 * LG-5988: spec * LG-5988: address comments * rubocop * Refactor how were doing user updating otp method * rubocop * LG-5988: change method name * redirect fix * update routing * LG-5988: use index * use dig to reduce errors * rubocop * check phone * Ensure next url * LG-6086: check to see if next available * LG-5988: rubocop * LG-6086: add translations for language * LG-5988: use shift for now * LG-6086: route to interstatial * LG-6086: rubocop * move params call to own method * LG-6086: have show visible * totp fix * Normalize yaml * LG-6086: routes * changelog: add interstitial page between page * LG-6086: use account url * rubocop issue * multipel mfa signup fix * multiple mfa signup featuere test fix * ensure you add a final path * Use url * LG-6086: refactor to support going back * LG-6086: interstitial fixup tests * check backup choice * fix render issue * make sure to add params * rubocop * make sure to click properly * feature test fix * LG-6086 clear session properly * update show * fix html * otp verification * mfa confirmations controller logic fix * LG-6086: remove ordanilize * update show presenter * LG-6086: update presenter * LG-6086: fix missing keys * normalize yaml * next setup choice * refactor two factor options to use partial, create mfa setup path * LG-6208: add interstitial * LG-6086: update to fix tests * fix locales * LG-7208: sad path requires more guidance for users * clean up index * rename name * spec * mfa cta spec * refactor two factor options to use partial, create mfa setup path * refactor mfa setup screen using partials and pass through path * Fix tests and add title to mfa setup screen changelog: Upcoming feature, multi-factor-authentication, complete sad path * LG-6208: update to allow going through skipping flow * address lint errors * fix tests again * move mfa setup path behind a the mfa selection feature flag * fix tests again * change redirect to use confirmation path * remove unneedef presenter * LG-6208: mfa confirmation allow for additional text * WIP: add test for mfa selection controller * fix indentation * WIP: change tests for mfa selection controller * write get test for mfa selection controller * fix lint error * update controller action * LG-6208: move webauthn logic around * LG-6208: refactor language for text * change action, update test * pre merge * otp verification rubocop * fix count * mfa * changelog: Upcoming Feature, Provide users with multiple attempts to add multiple MFA options, LG-6208 * address style comments for spec * Update spec/controllers/users/mfa_selection_controller_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * undo removal of analytics test * reconcile changes with force selecting mfa option * fix test for reconciled partial * LG-6208: fix initial issues * rename in mfa * fix rubocop issues * support analytics events * LG-6208: interstitial * ensure analytics event works * fix how mfa selection operates * LG-6208: add additional testing so it properly redirects * LG-6208: check if user has options first * LG-6028: ensure can select multiple mfas Co-authored-by: Jessica Dembe <jessica.dembe@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
This commit adds some initial tooling for the IRS attempts API. This includes: 1. A tool for tracking events to be used within controllers (see the `Tracker` class) 2. A client for managing events in Redis 3. A service for generate JWEs representing events The Attempts API will keep events in Redis. Future changes will add an API so that the IRS can poll for events and then ACK and delete events from the store by JTI. Additional future changes will integrate the tracker into the controller and track events when during appropriate actions.
* goes to new component with are you sure page * navigating back and to reset password url (still needs request_id) * add email to session in verify controller to allow redirect to reset password * add image and hide step indicator * fix i18n to allow for arrays of strings * fix lint errors * Add changelog changelog: Upcoming Features, FSMv2, Forgot Password Flow (LG-6205) * Update app/javascript/packages/verify-flow/steps/password-confirm/forgot-password.tsx Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/javascript/packages/verify-flow/steps/password-confirm/forgot-password.tsx Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * create verify flow context, add reset_password_url back to verify controller (oops) and add forgot_password to routes.rb * Update app/controllers/verify_controller.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * fix forgot password text to use translate function * fix basePath to correct value * update password confirm to use onPageTransition when redirecting to forgot password for accesibility * fix lint errors * fix lingering lints * Update app/javascript/packages/verify-flow/steps/password-confirm/password-confirm-step.tsx Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/javascript/packages/verify-flow/steps/password-confirm/forgot-password.tsx Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/javascript/packages/verify-flow/steps/password-confirm/forgot-password.tsx Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * merge verify-flow-context into flow-context * lint errors * fix lints Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
**Why**: For feature parity with the existing password confirmation step, we should show a success alert message for users who have just confirmed their address by phone verification. changelog: Upcoming Features, Identity Verification, Add password confirmation step
**Why**: - So that the list is an accurate reflection of used keys - So that all translation data is expected to be used in the application - To minimize use of this override in favor of inline configuration changelog: Internal, Code Quality, Remove unused translation data
* add alt text to yml locales * missed one yml file * update alt tags * normalize yaml * Add changelog changelog: Accessibility, Alt Tags, updating empty alt tags (LG-6120)
* Refactor React object memoization using custom hook **Why**: - More concise - Less error-prone in case of forgotten dependency key - May encourage memoization of objects when appropriate, by making it less tedious to accomplish changelog: Internal, Performance, Create helper utility for front-end object memoization * Fix lint errors * Clarify key ordering requirement See: #6363 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
* Migrate MULTI_FACTOR_AUTH_ENTER_PIV_CAC event * Migrate MULTI_FACTOR_AUTH_ENTER_TOTP_VISIT event * Migrate MULTI_FACTOR_AUTH_ENTER_PERSONAL_KEY_VISIT event * Migrate MULTI_FACTOR_AUTH_ENTER_BACKUP_CODE_VISIT event * Migrate MULTI_FACTOR_AUTH_ENTER_WEBAUTHN_VISIT event changelog: Internal, Documentation, Document additional analytics events Co-authored-by: Tomas Apodaca <thomas.apodaca@gsa.gov>
changelog: Internal, Continuous Integration, Fix Redis connection URLs in GitLab CI
* changelog: improvements, mfa selection page shows previously configured methods as selected and disabled, LG-6230/6231 * update icon svgs without white backgrounds * update style guide Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
…-5981) (#6373) * Clear the verified attributes when a user disconnects from an app (LG-5981) * lints changelog: Bug Fixes, Account management, Fixed an issue where disconnecting from an IAL2 application doesn't reset consent on IAL2 attributes
[skip changelog]
) * LG-6205: Add endpoint, button to trigger password reset (IdV app) **Why**: So that a user will receive an email to reset their password after confirming to do password reset during identity proofing. changelog: Upcoming Features, Identity Verification, Add password confirmation step * Remove unnecessary demo code * Handle outline spinner button styles with wrapper class **Why**: Since a ButtonComponent could be nested content (e.g. button_to), finding the adjacent sibling of a button to apply spinner dot coloring is not reliable. Instead, since we have access to the button properties, determine if it's an outline button and apply a modifier class on the wrapper element. * Define window navigation as component prop **Why**: Simplify tests to avoid stubbing window global
* Bump nokogiri from 1.13.4 to 1.13.5 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.4...v1.13.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Add changelog changelog: Internal, Dependencies, Update dependencies to resolve security advisories Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
**Why:** With the introduction of IALMAX to SAML using the Comparison attribute, it is now impossible to filter "SP Redirect Initiated" log events by the actual IAL that was sent back, since the IALContext returns an IAL of zero by default. This change adds an additional attribute to SP Redirect Initiated events for SAML and OIDC requests to track the actual billable IAL (based on whether or not the user has proofed). This also adds some more comprehensive controller specs for IALMAX behavior for OIDC. changelog: Improvements, Authentication, Track billable "IAL" in the event log for successful requests
* Auto-generate changelog for dependabot commits **Why**: To avoid the added delay and effort of adding a changelog commit to a dependency bump for security-related package updates, and to ensure consistent messaging for these changes in release notes. changelog: Internal, Changelog, Improve changelog script to infer messages for automated dependency updates * Use consistent variable names
* LG-6202: Fix date formatting for password confirm PII summary **Why**: So that the visible date matches the user's date-of-birth, irrespective of their current timezone. * Add changelog changelog: Upcoming Features, Identity Verification, Add password confirmation step
* LG-6205: Fix forgot password "Try Again" URL **Why**: So that a user can refresh the page after returning from "Forgot Password" to "Confirm Password" step. changelog: Upcoming Features, Identity Verification, Add password confirmation step * Ensure teardown for stubbed getComputedStyle So that it doesn't impact other tests (e.g. tests using testing-library's role queries, which rely on getComputedStyle via dom-accessibility-api package)
* changelog: Upcoming Features, Authentication, update routes to make more sense to users LG-6043 * change to update
* i18n: Detect array keys for Webpack string extraction **Why**: In order for array key support implemented in #6328 to appear as translated, the keys must be extracted, which means we need additional support in the Webpack plugin to detect and extract array keys. changelog: Internal, Localization, Improve browser localization to support array of messages * Fix lint error * Fix extra transpilation cases with mid-string interpolation * Use array syntax for idv forgot password warnings This previously wasn't able to use array syntax because string extraction wasn't implemented, and now it is
* Add link component For external, new-tab link behavior required in password confirm step * Support className for PasswordToggle wrapper Collapse extra div * IdV app: Add password confirm text content **Why**: For parity with the existing screen, we should include all existing content which explains the reason for the user to enter their password. changelog: Upcoming Features, Identity Verification, Add password confirmation step * TypeScript-ify BlockLink * Refactor BlockLink to use Link component **Why**: Avoid duplicated logic * Update specs for auto-external detection
changelog: Internal, Security, Only decrypt PII bundle when needed and limit usage of KMS encryption to needed use cases
**Why**: To match the existing screen. changelog: Upcoming Features, Identity Verification, Add password confirmation step
* Move clipboard polyfill to base test setup **Why**: So that specs which render components using it (namely ClipboardButtonElement) don't need to rely on other specs to set up the polyfill to pass in isolation. * Render status alert as plain content of step **Why**: Avoid extra complexity around dealing with edge cases with alerts (e.g. warning subpages like with "Forgot Password" screen) * Add changelog changelog: Upcoming Features, Identity Verification, Add password confirmation step
* Run integration specs for feature-flagged password confirm step **Why**: So that we can be aware of potential issues sooner than later, we should re-run existing feature specs for IdV screens on the feature-flagged implementations. changelog: Upcoming Features, Identity Verification, Add password confirmation step * Add trailing slash for "go back" path This is how client-side behaves (currently)
Add translated country code names to telephone input component changelog: Improvements, Phone Input, Show translated text labels for phone dropdowns Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Revise password confirmation "Forgot Password" as link **Why**: Because it looks and behaves like a link, it should carry semantics of a link, supporting native behavior such as opening in a new tab. changelog: Upcoming Features, Identity Verification, Add password confirmation step * Update password confirm specs * Sync history hook across instances by re-retrieving from path **Why**: So we don't have to deal with distinctness by basePath, and for better guarantees that getStepParam and getParamURL behaves as expected as a result of setting. * Add comment explaining purpose of HistoryLink See: #6387 (comment) * Use ParamValue for HistoryLink step prop type Support undefined step value * Omit href from HistoryLinkProps Avoid extra confusion, since it's meant to be assigned by the component implementation * Add support for rendering HistoryLink with button appearance So we can render "Go Back" as a link as well * Render forgot password "Go Back" as link Because, similarly, it has a navigable destination * Add specs for HistoryLink * Add spec to verify forwarded link props * Remove now-unnecessary trailing slash Previously, client-side routing would append trailing slash * Update Capybara actions to reflect link clicks
**Why**: To ensure smoother key rotations changelog: Bug Fixes, Attribute encryption, Update behavior for rotated keys for email
…3) (#6389) **Why**: This data exists at the IAA level in the report, but breaking it down by issuer helps with more complex agreements changelog: Internal, Reporting, Add additional fields to billing reporting data
**Why**: So that developers don't need to be aware of and expend the effort to run "yarn build" every time before running a JavaScript-enabled feature spec, in order to avoid CSP errors related to the external Webpack dev server host. changelog: Internal, Automated Testing, Improve developer ergonomics for running JavaScript-enabled integration specs
**Why**: So that we're taking advantage of the latest features and bug fixes, and to avoid potential conflicts if a developer (me) tries to run a system-installed Rubocop of a newer version which becomes irate at the now-removed "Lint/UselessElseWithoutRescue" lint. changelog: Internal, Dependencies, Update dependencies to the latest version
changelog: Upcoming feature, multi factor authentication, fix bug to add phone as second MFA option * write tests that mock two form submissions * change validation rule * refactor logic * write test for phone only selection on 1st screen * refactor with phone only mfa method * first iteration of test for bug * address PR comment; fix test * uncomment tests * Address PR comment
* Remove "backward compatible" script helper **Why**: Because it obscures its true purpose, which is to create a nonced script tag, already expressible in more concise terms using the default Rails APIs. * Remove unnecessary nonce from network-loaded script changelog: Internal, JavaScript, Remove unnecessary script helpers * Fix DAP script output javascript_tag seems to only be happy with block content. No need to overcomplicate? Just output the HTML tag since there's nothing dynamic here.
* add alt tag to ssn image same as image above * Add changelog changelog: Accessibility, alt tags, add ssn alt tag (acceptance for LG-5774)
* changelog: improvement, LG-6129, user cannot delete last non restricted mfa config * client side and server side disable delete
…oling (#6399) We've had issues with this script running into infinite recursion or large groups of related users. This commit prevents that by stopping at a certain depth instead of building a full map of shared devices. When we wrote this script, we did not have an index on the cookie_uuid column which mean that querying against cookie_uuids was slow and expensive. We now have that index so we can afford to take a more simple approach here. changelog: Internal, Data requests, The script for looking up users who share devices was changed to avoid infinite recursion.
…ackup codes, LG-6357 (#6400)
* Migrate PASSWORD_CHANGED event * Migrate PASSWORD_CREATION event * Migrate PASSWORD_MAX_ATTEMPTS event * Migrate PASSWORD_RESET_EMAIL event * Migrate PASSWORD_RESET_PASSWORD event changelog: Internal, Documentation, Document additional analytics events Co-authored-by: Steve Urciuoli <steve.urciuoli@gsa.gov>
This commit adds an API that allows for reading and acknowledging events from the IRS attempts API. This API is based losely on [RFC 8936](https://datatracker.ietf.org/doc/html/rfc8936). Currently it does not recognize the `returnImmediately` param and always returns immediately. changelog: Upcoming Features, IRS Attempts API, The ability to acknowledge IRS attempts API events was added
* Run feature specs prebuild with unset Webpack env **Why**: Avoid potential conflicts for... 1. Environment variables which can affect intended build output expecting Webpack dev server 2. False negatives for Make "nothing to do" if environment variable would impact build artifact Previously: #6392 changelog: Internal, Automated Testing, Improve developer ergonomics for running JavaScript-enabled integration specs * before all -> before suite So that it's run only once for all tests Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> Co-Authored-By: Sheldon Bachstein <bachsteinsk@gmail.com> * Use global to run webpack build once * Bundle CSS Co-authored-by: Zach Margolis <zbmargolis@gmail.com> Co-authored-by: Sheldon Bachstein <bachsteinsk@gmail.com>
* Enable Rubocop IndentationWidth cop **Why**: So that we can more easily ensure consistent indentation, improving readability. changelog: Internal, Code Quality, Apply and enforce consistent code indentation * Fix ERB lint errors * Fix indent * Move conditional assignment to next line To address indentation constraints Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Couple more conditional assignment -> next line Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.5 to 1.13.6. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.5...v1.13.6) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
**Why**: The use of this column was removed in fbe8c73
**Why**: So that the build passes changelog: Internal, Code Quality, Apply and enforce consistent code indentation
Contributor
|
Branch name should be |
aduth
approved these changes
May 25, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.