Merged
Conversation
* LG-7131 - Implementation improve messaging for users. * Updating forgot password mailer and layout / locales -- What This commit updates the mailer template to better match the designs. It also adds conditionals to the parent layout template so that if there is a letter pending a different header will be ignored (the subject of the email) changelog: Improvements, Styling, Updating mailer format * Adding spec for password reset gpo mailer changelog: Improvements, Email, adding tests for password reset mailer * Fixing localization yaml formatting changelog: Improvements, Emails, localization formatting * Removing unused locales changelog Improvements, Email, updating locales * Adding updated version of the letter-warning svg changelog: Improvements, Emails, updating svg for mailer * Update app/views/user_mailer/reset_password_instructions.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Updaing spacing changelog: Improvements, Email Notifications, updating password reset mailer * Altering use of variables in mailer layout/reset view * Fixing reset mailer template to conditionally render header changelog: Improvements, Email, updating reset email header * Update app/views/user_mailer/reset_password_instructions.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: eric-gade <eric.gade@gsa.gov> Co-authored-by: Eric Gade <105373963+eric-gade@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Minor formatting tweaks to SSN steps Try to get IDV / IPP SSN steps a little closer in formatting * Add threatmetrix_session_id to IPP SSN step * Re-enable ThreatMetrix on IPP flow changelog: Upcoming Features, ThreatMetrix, Add ThreatMetrix to In-Person Proofing flow * Remove trailing whitespace * Refer to threatmetrix_session_id directly This value is generated in `extra_view_variables` and stored in `flow_session`. Since the variable need to be there, let's have the view refer to it.
* Use upcase_first to capitalize changelog subcategory **Why**: Avoids affecting intentional capitalization elsewhere in the changelog (e.g. "API" -> "api") * Sort changelog by subcategory **Why**: So that subcategories entries are grouped together in the output. changelog: Internal, Changelog Tool, Improve changelog tool sorting and capitalization * Add ActiveSupport#inflector required gem support * Use shorthand syntax for sort_by block * Remove upcase formatting from changelog script See: - #6880 (comment) - #6880 (comment)
* Use a single analytics event for pass and fail * Begin logging stats about job outcomes * Add per-enrollment timing attribute logging * Fix lint failures; clean up todo comment * Reorganize job logic to facilitate timing metrics * Refactor polling job specs * Add more specs * Use shorter methods * Fix order of statements * Update enrollment model specs * Get rid if unnecessary after blocks * Use rails helpers instead of doing math myself * Use eq instead of be * changelog: Upcoming Features, In-person proofing, expand polling job analytics * Relax timestamp comparisons a bit * Clarify rubydoc comments * Use nil for fraud_suspected when job expires * Update status before getting enrollment attrs * Revert "Update status before getting enrollment attrs" This reverts commit 8e5667d. * Use keyword-argument for clarity * Fix analytics even formatting * Clarify method name * Simplify timing specs by using freeze_time * Log duration of polling job * Use duration in seconds not minutes * retrigger gitlab
…ts are not stored in plaintext (#6887)
* changelog: Internal, Attempts Api, Log events when user enters in GPO letter code received * add confirm gpo event failure
Gitlab 15.0 removed the `cobertura` keyword in favor of a new syntax. Detail: https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report [skip changelog]
* Allow using mock TMX proofer when TMX JS disabled To support scenarios where `proofing_device_profiling_collecting_enabled` is `false` but `proofing_device_profiling_decisioning_enabled` is `true`, ensure we're generating `session_id` values for ThreatMetrix, even if we don't end up embedding the TMX javascript. changelog: Upcoming Features, ThreatMetrix, Allow using mock TMX proofer when TMX JS disabled * Update tests * Update more tests mark 2
* Updating mailer image from svg to png for Google -- What Google proxies images that are sent in html emails that it receives in any of its clients. However, Google does _not_ support SVG images in html emails. This caused us some problems when attempting to send a mailer with an SVG image included, which worked in local testing (mailcatcher) but failed in a broader integration test environment (INT), 404'ing on Googles cached version of the image link. This commit provides a plain png rendering of the original svg and updates the relevant mailer template to display the png version. This should get us past the Google problem. * Commit for changelog changelog: Bug Fixes, Asset Hosting, fixing svg image asset in mailer for Google proxying
* Upgrade Node.js to v16 **Why**: To catch up with latest LTS, and improve compatibility for developers running M1 Mac. * Update Node.js version reference in README.md * Add changelog changelog: Internal, Build Tooling, Upgrade Node.js to v16 * Update GitLab CI image to one built with Node 16 * Try to fix hanging process
* Remove unused letter-warning SVG * Optimize PNG file **Why**: Improve end-user and git clone performance * Move letter-warning.png to email directory **Why:** The directory exists for email assets like this, separate as a way to disincentivize their use outside email templates * Expand rationale for vector images * Add changelog changelog: Improvements, Email Notifications, Update Forgot Password message to include warning for pending identity verification
**Why**: caused a few 500s in production changelog: Bug fixes, Account reset, Fixed exception on account reset Co-authored-by: Tomas Apodaca <thomas.apodaca@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
changelog: Internal, Logging, Log service provider and IAL for userinfo access token
* Include account_drivers_license_type, alternate way to get state * Don't fall back to state * Internal, ThreatMetrix API, hardcode account_drivers_license_type * changelog: Internal, ThreatMetrix API, hardcode account_drivers_license_type
…unconfirmed accounts (#6897) changelog: Bug Fixes, Email Confirmation, Do not allow confirming email addresses via add email controller for unconfirmed accounts
This is a follow-on to #6877, just ensuring that CSP headers are set properly on the SSN page for the In-Person Proofing flow to allow the ThreatMetrix javascript to run (when enabled). [skip changelog]
* LG-7098 Add phone-upload-link-used event changelog: Internal, Attempts API, Track additional events
* guard against non-hash arg input * Add tests for logging redactor * changelog: Internal, ThreatMetrix API, redacted logging tests * Remove misnamed file * Lint * Document nil as an expected value with YARD * Style suggestions in spec file * Add regression spec for redaction in ResolutionProofingJob (#6905) * Add regression spec for redaction in ResolutionProofingJob * Add constructor to clarify nil response_body Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Configure prefer-const ESLint rule to allow non-const destructure It's not always straight-forward to split const/let assignments for a destructure, and since the idea with preferring const is largely around developer experience and communicating intent, the readability benefits of allowing a single destructured "let" assignment outweigh that of enforcing const. * LG-6307: Remove pending steps from step indicator **Why**: As a user, I want to see a step indicator at the top of the page that shows me moving forward in the flow, so that it's easy to understand that I'm making progress and what I still need to do. changelog: Improvements, Identity Verification, Remove pending steps from step indicator * Remove pending steps supports It's now unused. YAGNI! * Restore previous config for ignoreReadBeforeAssign https://github.com/airbnb/javascript/blob/5155aa5fc1ea9bb2c6493a06ddbd5c7a05414c86/packages/eslint-config-airbnb-base/rules/es6.js#L115-L119 * Update specs
This commit updates the InstantVerify fixtures so they reflect the latest response structures we get from LexisNexis I also added some fixtures here for DOB and Address failures which will come in handy when we start needing to determine from a response which attributes failed [skip changelog] Co-authored-by: Kimball Bighorse <kbighorse@yahoo.com>
* LG-7098 Remove unnecessary attributes from phone_upload_link_sent changelog: Internal, Attempts API, Track additional events
* LG-6308: Show correct step indicator steps in in-person flow **Why**: As a user going through in-person proofing, I want to see a step indicator at the top of the page that shows me moving forward in the flow, so that it's easy to understand that I'm making progress and what I still need to do. changelog: Upcoming Features, In-person proofing, Show correct step indicator at each step * Implement step indicator concerns as Rails concern Helper method for step_indicator_steps * Restore more original implementation Clean up, simplify diff * Stronger assertions of GPO + IPP step indicator * Stub view helper in specs * Remove step indicator assignment assertions from controller specs This is now the responsibility of the helper * Gracefully handle step indicator missing step * Fix step indicator current step for GPO resend * Fix renamed method * Make in_person_enrollment method non-private Since it's accessed outside the class * Stub view step_indicator_steps * Add specs for StepIndicatorConcern * Remove unnecessary nil-safe operator nil.as_json.to_h == nil.to_h * Update specs for VerifyFlowStepIndicator GPO + IPP * Add specs for Idv::Session#in_person_enrollment? Now a public method * Revert support for FSMv2 See LG-7386 * Sync with aduth-lg-6307-step-indicator-pending * Add specs for GpoController#step_indicator_current_step
* changelog: Improvements, Template Rendering, Improve rendering speed of phone input component * add translated international codes cache * Update app/services/phone_number_capabilities.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * fix specs * simplify non-caching in development Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
**Why**: Consistency changelog: Internal, Linting, Enable new rules for Rubocop static analysis
* Upgrade TypeScript from 4.5 to 4.8 **Why**: Take advantage of the latest features and bug fixes. changelog: Internal, Dependencies, Update dependencies to latest version * Convert document-capture pack to TypeScript * Upgrade TypeScript ESLint parser TypeScript 4.8 compat
* LG-7205: Log click on in-person troubleshooting option **Why**: To have better insight into the user's journey through in-person proofing. changelog: Upcoming Features, In-person proofing, Improve analytics for in-person proofing actions * Update specs to reflect option rendered as link * Update specs to reflect option rendered as link
* Generate a unique ID when creating enrollments * Add extra line to discern arrange/assert/act steps * Keep any missing unique_ids backwards-compatible * Generate enrollment unique ID upon creation * Remove unnecessary if condition * Clean up formatting * changelog: Upcoming features, In-person proofing, use more secure unique ID generation scheme * Make enrollment helper use enrollment.unique_id * Readability and comment
* LG-6959 IDV verify redirects to inherited proofing When a VA user completes authorization through openid_connect, they are redirected to inherited proofing verification. changelog: Upcoming Features, Inherited proofing, verification step redirects to inherited proofing * remove spec dependency upon inherited proofing concern
* changelog: Internal, Attempts Api tracking events, Add Personal Key submitted check * rubocop * app services
* changelog: Internal, Irs Attempts api tracker, add additional event * Add logging events
* LG-7100 IDV verification submitted event tracking changelog: Internal, Attempts API, Track additional events * LG-7100: Specs updated for IDV verification submitted event * added extra field. * test cases fixes * test cases fixes
* do some performance testing * Improve speed of VerifySpAttributesConcern changelog: Internal, Performance, Improve speed of VerifySpAttributesConcern
* Allow fields that I think are non-PII * Remove profiled_domain * changelog: Internal, ThreatMetrix API, allow non-PII fields * Redact http_referer and http_referer_url to be safe
Add IRS tracking method idv_phone_otp_sent_rate_limited changelog: Internal, Attempts API, Track event idv_phone_otp_sent_rate_limited (LG-7111)
Add tracker event idv_phone_otp_submitted_rate_limited changelog: Internal, Attempts API, Track additional events
Add IRS tracker event idv_password_entered changelog: Internal, Attempts API, Track event idv_password_entered (LG-7106)
* Add tracking event idv_phone_submitted changelog: Internal, Attempts API, Track event idv_phone_submitted (LG-7101)
* Updating check for mobile with special case for iPad -- What As of iOS 12 / the newest iPadOS versions, sites are by default rendered with "full web" view mode, which causes the Safari on the devices to report the incorrect user agent (in this case, a Macintosh). This prevents normal methods for checking whether or not the device is an iPad. As a proxy, we check for an apple user agent and then see whether or not the device has `maxTouchPoints` of 5, which indicates an iPad. changelog: Improvements, Tablet Compatibility, updating iPad checks * Updating upload steps mobile check to include frontend info -- What For some mobile devices -- iPad in particular -- we need explicit information from the frontend about the client browser's capabilities in order to properly determine if it is mobile and camera-ready. However, on the Rails backend, we've been performing server-side checking to determine whether or not a device is mobile. This check is more or less a user agent check, which will respond false for newer iPadOS devices. In this commit, we add to our device_mobile? method to also check for flow_session state that has been set from a hidden input on the frontend. The input and session state setting were already occurring -- this is not new code. What's new is checking for the presence of the skip_upload_step property in the session, which only get set on the frontend if the device is mobile. * Switching from "not" to bang "!" changelog: Improvements, Tablet Compatibility, enabling Acuant capture for ipads * Fixing lint errors changelog: Improvements, Tablet Compatibility, enabling acuant capture for ipad * Simplifying mobile_device? check in upload step changelog: Improvements, Tablet Compatibility, adding Acuant for iPad * Fixing email_sent_step_spec to force new method of mobile checking -- What Previously, this test relied on the Browser module's reading of the User Agent, which was mocked to imitate an older mobile device. With recent changes we are instead using the flow_session's :skip_upload_step -- set indirectly by javascript on the frontend -- in the upload step's mobile_device? method. Here we simply stub that method in this particular test suite. * Update app/javascript/packages/device/index.js Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Updating tests to mock new session based mobile check changelog: Improvements, Tablet Compatibility, enabling Acuant SDK for ipads * Empty commit for CI changelog: Improvements, Tablet Compatibility, adding iPad for Acuant SDK * Fixing tests and lints changelog: Improvements, Tablet Compatibility, assing Acuant for iPad * Adding some signposting in upload step's params check changelog: Improvements, Tablet Compatibility, adding Acuant for iPad * Fixing spec lint changelog: Improvements, Tablet Compatibility, adding Acuant for iPad * Empty commit for CI changelog: Improvements, Tablet Compatibility, adding Acuant for iPad * Updating frontend mobile check spec changelog: Improvements, Tablet Compatibility, Updating mobile checks on frontend * Updating frontend mobile check tests changelog: Improvements, Tablet Compatibility, updating tests for frontend platform checks * Fixing broken tests -- What Mocha evidently has some difficulty changing the writability of properties in before() functions when we are using the useDefineProperty helper. This fixes that by just declaring the properties we are concerned about as being writable at the top of the file. changelog: Improvements, Tablet Compatibility, updating frontend platform check tests * Removing use of useDefineProperty in these tests changelog: Improvements, Tablet Compatibility, updating platform check tests Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Add Spanish locale file (es) changelog: Upcoming Features, Accessibility, LG-7244 Translate the getting started page * Add French locale file (fr) * Add specs to cover I18n Specifically, locale-specific rendered view content (:en, :fr, :es).
**Why**: no longer used as of #2732 **Note**: 18f/identity-idp-config#1024 needs to be merged first, otherwise this will break during deploys [skip changelog]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improvements
Bug Fixes
Internal
Upcoming Features