Conversation
(cherry picked from commit 5362caf)
Deploy RC 160.1 to Prod
Deploy RC 161 to Prod
* schedule GPO cron job to run before 6AM Eastern time in both DST and Standard * more specific file name * raise error after sending error to new relic * Update config/initializers/job_configurations.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
Deploy RC 161.1 to Prod
Resolves LG-5273 This was causing our config seeders to fail due to an edge case where an integration was moved to a different account.
* fix header size on account reset request page * Update app/views/account_reset/request/show.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Deploy RC 162 to Prod
…lack Disable smoke tests slack (for prod branch)
* simple version of continuing to SP after recovering with personal key * Update app/views/accounts/_personal_key.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * fix specs * fix erblint * add spec * move sp continue into own partial * add translations Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* smoke testing test * Update spec/support/monitor/monitor_email_helper.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * lint * fix * remove old environment variable usage * remove gmail * re-enable smoke test alerts Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> (cherry picked from commit 9f8aa76)
- Also remove now-outdated comment
Deploy RC 163 to Prod
- Avoid logging PII
Deploy RC 163.1 to prod
Deploy RC 164
Deploy RC 165 to Prod
Deploy RC 166 to prod
This reverts commit cc507d0.
Deploy RC 167 to Production
Deploy RC 168 to Production
(cherry picked from commit bbf4f4b)
Deploy RC 168.1 to Production
**Why**: Index took too long to create, timed out and left partial index in production (cherry picked from commit 808e45b)
Deploy RC 207
* Refactor step indicator as ViewComponent component (#6910) **Why**: - All the standard benefits of ViewComponent (better separation of view and logic, testability, performance, etc) - Toward a consistent reusable UI component library - Remove more unused "pending" status logic [skip changelog] * LG-7305 Make sure ThreatMetrix failure disables profile Part 2 (#6925) * LG-6497: Create and use new Memorable Date component in State ID step of IPP flow (#6713) * date strings in en * add uswds memorable date component to ruby components * wip on wrapper * LG-6497: Allow DateTime input to accept labels for each part of the date * error highlight showing for component * get inputs from memorable date fields * change input padding so numbers show * memorable date component spec * check date input by user is in the past * update textContent of err class with err message * display error message and state when date is in future or today * remove unused strings * move error msg to strings * refactor js file to ts * LG-6497: Update memorable date component to include validation * LG-6497: Improve validation and cover additional scenarios for memorable date component * LG-6497: Allow memorable date validation with multiple ranges * LG-6497: Add missing error messages; change error message without changing selected field * LG-6497: Integrate memorable date component into IPP state ID form * LG-6497: Correct lint errors * changelog: Upcoming Features, In-person proofing, Replace State ID date input with Memorable Date component * LG-6497: Work on internationalization and test fixes * LG-6497: Fix i18n errors and add component documentation * LG-6497: Write tests covering memorable date component rendering * LG-6497: Update InPersonHelper so tests use memorable date DOB component correctly * LG-6497: Remove extra line in memorable-date package.json Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * LG-6497: More semantically represent error message lookup filtering Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * LG-6497: Use more common idiom for filtering out null/empty values for memorable date inputs Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Lg-6497: Remove unnecessary array type check Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * LG-6497: Simplify JS logic, ERB formatting, and CSS class for memorable date component * LG-6497: Get min/max attributes for memorable date using new Date() instead of Date.parse() * LG-6497: Prevent built-in errors from overriding custom errors * LG-6497: Follow JS lower camel case standard for naming error message fields * LG-6497: Allow conversion of additional types to ISO formats for min/max dates Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-6497: Update min/max docs to show additional types can be used Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-6497: Support date-like values for i18n conversion; update comments and docblock * LG-6497: Update comments * LG-6497: CSS code style fixes * LG-6497: Write tests for MemorableDateElement; refine regex for day to ensure valid day range is enforced * LG-6497: Rename parameter in forEach for clarity * LG-6497: Rename additional arrow function params for clarity * LG-6497: Prevent ValidatedFieldElement from changing focus away from inputs with errors * LG-6497: Ensure lg-validated-field selects correct error element * LG-6497: Add listeners to memorable date instead of child inputs * LG-6497: Update test to cover error message element selection via aria-describedby in lg-validated-field * LG-6497: Fix test lint issues * LG-6497: Start with error message element hidden to avoid inconsistent field spacing * LG-6497: Use tag_options; correct created error element ID; fix Safari issue; code cleanup * LG-6497: Update pattern in memorable date JS test * LG-6497: Update phone test to correctly use aria-describedby for find_by_id * LG-6497: Update send link test to correctly use aria-describedby for find_by_id Co-authored-by: Shannon Alexander <shannonalexander@Shannons-MBP.fios-router.home> Co-authored-by: Tim Bradley <timothy.bradley@gsa.gov> Co-authored-by: Shannon Alexander <shannonalexander@Shannons-MacBook-Pro.local> Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-6497: Minor style/doc fixes related to memorable date change (#6929) * LG-6497: Minor style/doc fixes * [skip changelog] * LG-7109 Add Event: IDV verification rate limited (#6928) * LG-7109 Add Event: IDV verification rate limited changelog: Internal, Attempts API, Track additional events * alphabetic order change * Enable Rubocop Style/MethodDefParentheses (#6930) **Why**: For consistency, and to reduce toil in code review. changelog: Internal, Linting, Enable new rules for Rubocop static analysis * LG-7429 | Login rate limit event (#6926) Trigger an AttemptEvent when a user is locked out for too many login attempts that fail. changelog: Internal, Attempts API, Login rate limit event * LG-7205: Add logging for initial in-person step visits, submissions (#6918) * Add missing flow_path parameter for API::DocumentCaptureController So that it's logged correctly in analytics * LG-7205: Add logging for initial step visits, submissions **Why**: So that we have better insight into the user's journey through the in-person proofing flow. changelog: Upcoming Features, In-person proofing, Improve analytics for in-person proofing actions * Remove parameters Appease linter * Manage step visit, submit events as part of AnalyticsContext To centralize storage of step metadata Reverts to string step names (for now) to avoid dependency cycle between analytics context and steps * Fix children type for AnalyticsProvider props * Add specs for InPersonLocationStep * Add specs for AnalyticsContextProvider * Resolve TypeScript errors for context value shape Use provider wrapper to handle creation of full context value * Absorb thrown network error in trackEvent * Add reference to spec * Use SpinnerButton for prepare step submission **Why**: - Prevent multiple event logging if user were to click multiple times in quick succession - Present feedback to user for pending network request before navigation * Avoid unnecessary variable assignment * LG-7396 Confirm connection to Lexis Nexis (#6931) * Add scripts to test call to lexis nexis Refactor scripts that call VA to get user's PII, so that it can also be used in the script to test Lexis Nexis Phone Finder call. changelog: Internal, Upcoming Features, Confirm Connection to Lexis Nexis (LG-7396) Add force failure switches Fix rubocop violations * Fix rubocop violations * LG-7194 Add Event: Account purged (#6934) changelog: Internal, Attempts API, Track additional events * LG-6497: Revert Memorable Date Changes (#6940) * Revert "LG-6497: Minor style/doc fixes related to memorable date change (#6929)" This reverts commit e0e8ad4. * Revert "LG-6497: Create and use new Memorable Date component in State ID step of IPP flow (#6713)" This reverts commit cead2c1. * [skip changelog] Co-authored-by: Steve Urciuoli <steve.urciuoli@gsa.gov> Co-authored-by: Shannon A <20867088+svalexander@users.noreply.github.com> Co-authored-by: Shannon Alexander <shannonalexander@Shannons-MBP.fios-router.home> Co-authored-by: Tim Bradley <timothy.bradley@gsa.gov> Co-authored-by: Shannon Alexander <shannonalexander@Shannons-MacBook-Pro.local> Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: olatifflexion <109746710+olatifflexion@users.noreply.github.com> Co-authored-by: Matt Wagner <mattwagner@navapbc.com> Co-authored-by: Gene M. Angelo, Jr <web.gma@gmail.com>
* LG-6497: Revert Memorable Date Changes (#6940) * Revert "LG-6497: Minor style/doc fixes related to memorable date change (#6929)" This reverts commit e0e8ad4. * Revert "LG-6497: Create and use new Memorable Date component in State ID step of IPP flow (#6713)" This reverts commit cead2c1. * [skip changelog] * Build frontend analytics method parameters from method signature (#6927) * Build frontend analytics method parameters from method signature **Why**: - To avoid confusion where a developer would expect analytics method parameters to be fulfilled from the frontend payload (#6791) - To ensure that all of the analytics methods are explicit and documented in the parameters they're expecting See: #6918 (comment) changelog: Internal, Analytics, Improve frontend analytics payload documentation * Fix YARDoc parameter name documentation * Restore flow path parameter to front-end mapped events * Add flow_path handling to specs * Destructure, use compact for kwarg aggregation * Extract hash_from_method_kwargs to service class See: #6927 (comment) * Extract FrontendLogger service class from FrontendLogController See: #6927 (comment) * Remove leftover code from earlier iterations * Collapse MethodSignatureHashBuilder to FrontendLogger See: #6927 (comment) * LG-6497: Reintroduce Memorable Date on IPP State ID Page (#6943) * Revert "LG-6497: Revert Memorable Date Changes (#6940)" This reverts commit d2500a8. * [skip changelog] * Try to fix intermittent failure for in-person feature spec (#6933) **Why**: So that our builds pass reliably. changelog: Internal, Automated Testing, Reduce intermittent failures in automated testing * LG-7431 Logged In User Change Password (#6948) * LG-7431 Logged In User Change Password changelog: Internal, Attempts API, Track additional events * Qualify script rails executable properly with bin/ (#6951) changelog: Internal, Upcoming Features, Qualify script rails executable properly with bin/ * LG-6497: Workaround New Relic addEventListener bug and improve error styles (#6938) * LG-6497: Circumvent New Relic event bug * LG-6497: Ensure memorable date correctly assigns errors for error styling * [skip changelog] * Update app/javascript/packages/memorable-date/index.spec.ts Co-authored-by: Sheldon Bachstein <sheldon.bachstein@gsa.gov> * Revert "LG-6497: Revert Memorable Date Changes (#6940)" This reverts commit d2500a8. * [skip changelog] * Update app/javascript/packages/memorable-date/index.ts Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Sheldon Bachstein <sheldon.bachstein@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Refactor PhoneFinder (#6920) This commit refactors the PhoneFinder proofer client so that it does not user the `Proofer::Base` super class any more. It converts the PhoneFinder proofer into a plain old ruby object with its own result object. [skip changelog] Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> * ThreatMetrix JS verification (LG-7518) (#6937) * Add ThreatMetrix code signing cert to config Cert includes public key used to verify signature on ThreatMetrix Javascript * Add job to verify ThreatMetrix javascript Periodically request TMX JS and validate the signature at the end of the file * Remove stale job stuff * Don't hardcode test certs Generate keys / certs so we don't have scary-looking private keys in repo * Minor tweak to session_id arg changelog: Upcoming Features, ThreatMetrix, Periodically check signature on ThreatMetrix Javascript * Use pack to do hex-to-binary conversion * how do you spell Javascript * Fail if signing certificate is expired * Run ThreatMetrixJsVerificationJob on 1h intervals * Remove cert from application.default.yml will be in config, just not going to include in code * Lint * Trigger devops on merges to main. (#6944) * Trigger devops on merges to main. * typo * testing [skip changelog] * Only run on main * Update total-monthly-auths report to pull from the raw table (#6952) **Why**: We've found some discrepancies with the aggregated monthly table so this helps us have more precise reports changelog: Internal, Reporting, Update billing reports to be more accurate * Log digest of OIDC "code" param (LG-7440) (#6942) * Log digest of OIDC "code" param (LG-7440) **Why**: to assist with debugging requests from partners * Work around nil code **How**: By submitting the form a second time after the identity has been linked, because we need the session uuid from that linkage for the code, for the param. Somehow it was getting into the success_redirect_uri before changelog: Internal, Logging, Log hash of OpenID Connect "code" param Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * update ready to verify presenter to use enrollment_established_at (#6950) * update ready to verify presenter to use enrollment_established_at * [skip changelog] * refactor * fix lint errors * added new event for idv phone send link rate limit (#6958) changelog: Internal, Attempts API, Track additional events * Lg 7545 password change reauth (#6954) * LG-7545 Password Change Reauth Submit changelog: Internal, Attempts API, Track additional events * LG-7411 Analytics event for TM Proofing Failure Page (#6953) * added setup errors visited * Add redirect tracking to contact url on sorry page * add changelog changelog: Internal, Analytics, Add analytics to sorry for proofing page * add tracker method for contact page analytics * LG-6497: Set min date for State ID page to January 1, 1900 (#6960) * LG-6497: Set min date for State ID page to January 1, 1900; remove leading zero from day * [skip changelog] * LG-7203: Use DB for service provider IPP feature enablement (#6945) * LG-7203: Add in_person_proofing_enabled field to service_providers; update feature check to use new field * LG-7203: Replace use of hardcoded IPP issuer config and update tests * changelog: Upcoming Features, In-person proofing, Use DB for configuring service providers * LG-7203: Switch to leaner query query clear expected value for in_person_proofing_enabled * LG-7547-Password-Change-Reauthentication-Rate-Limit (#6955) * LG-7547-Password-Change-Reauthentication-Rate-Limit changelog: Internal, Attempts API, Track additional events * LG-7195 | Adds reproof completed event (#6957) changelog: Internal, Attempts API, Adds reproofing complete event * Update Password Change to Profile Change (#6962) changelog: Internal, Attempts API, Track additional events * Enforce YARD parameter documentation for tracker_events.rb, fix errors (#6964) [skip changelog] Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> Co-authored-by: Luis H. Matos <ThatSpaceGuy@users.noreply.github.com> Co-authored-by: Gene M. Angelo, Jr <web.gma@gmail.com> Co-authored-by: Sheldon Bachstein <sheldon.bachstein@gsa.gov> Co-authored-by: Kimball Bighorse <kimball.bighorse@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Matt Hinz <matthinz@gmail.com> Co-authored-by: Alex Kritikos <alex.kritikos@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Shannon A <20867088+svalexander@users.noreply.github.com> Co-authored-by: Rwolfe-Nava <87499456+Rwolfe-Nava@users.noreply.github.com> Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: Matt Wagner <mattwagner@navapbc.com>
Deploy RC 210 to Production
* Replace id_token_hint with client_id in OIDC Logout (#6936) Resolves LG-7433 **Why:** We don't want partners sending us ID tokens as query parameters. We initially permit both client_id and id_token_hint, but also include two feature flags so that we can extend the rollout of both support for client_id as well as the deprecation of id_token_hint through the sandbox. changelog: Bug Fixes, Authentication, Replace id_token_hint with client_id in OIDC logout * Fix a typo in the step indicator constants for inherited proofing (#6985) [skip changelog] * Implement basic Please Verify page UI for Inherited Proofing (#6988) Why: Inherited Proofing users will need to verify that the information we receive from the partner organization is correct changelog: Internal, Inherited Proofing, Adding basic Please Verify UI * LG-7152: A/B testing native camera only (#6915) * LG-7152: Setting up A/B testing for native camera vs Acuant SDK changelog: Internal, Document Capture, Set up A/B testing for native camera vs Acuant SDK * include a feature flag to enable/disable test completely * first cut at AbTestBucket * flesh out AbTestBucket * apply the AbTestBucket to the DocumentCaptureStep * Pull the specifics around this A/B test into its own class. * Log the bucket in the image upload vendor submitted event. * use a fully deterministic spec to test bucket distribution * check for nativeCameraOnly as part of shouldStartAcuantCapture * adds the name of the experiment to the percent generator * better logic on when to block SDK for A/B test * adds a spec for the native camera A/B test * LG-7123 Normalize arguments for enrollments (#6987) **Why:** - We were sometimes passing Pii::Attribute structs and other times passing hashes to this function. While it wasn't causing a problem now it is confusing changelog: Upcoming Features, In-person proofing, Normalize arguments for creating an enrollment * LG-7195 | log_reproof_event is now reachable (#6982) changelog: Internal, Attempts API, Fixes log_reproof_event * Scope the NativeCameraABTest to the Idv module (#6989) [skip changelog] * LG-7364 Return specific attributes that fail from LexisNexis proofer (#6956) * LG-7364 Return specific attributes that fail from LexisNexis proofer This commit aims to refactor the LexisNexis proofer to user a plain old ruby object and to have it return specifically which attributes fail if only certain attributes fail * i can't even write psuedocode * still cannot code * add failing specs for the proofer * put resolution job back the way we found it for now * [skip changelog] * make the lexisnexis proofer look like the phonefinder one * get started on the mock proofer * get mock proofer resolution client passing * start mapping checks to attributes * User proofer_result directly * Punt on merging with state_id_proofer result * Punt on mutating the callback_log_data result * Punt on context field and other proofer results * Group transaction_id and reference with other fields and mark TODO field * Test expected fields in turn * Group fields and mark TODO context field * Test fields in turn * Group and mark TODO * Group and mark TODO * Test fields in turn * Test fields in turn * Consolidate different result hash logic * use match instead of eq * some things passing and some things failing * example of how to fix nomethoderror * Defer when resolution result is only a proofer result * Implement methods on proofing result class * Test result fields in turn * Rename local variable name * Rename threatmetrix entities * Add back resolution tests * Test result fields in turn * Test expected value directly * Test threatmetrix disabled * Test lexisnexis failure response * Restore threatmetrix nil response test * Consolidate logic * Improve format * Improve format * Test against result hash methods * delint * spec cleanup * state id result is not quite ready * clean up agent spec * Define first_name on pii test object * delint Co-authored-by: Kimball Bighorse <kbighorse@yahoo.com> * Log timing info for TMX inside ResolutionProofingJob (#6991) [skip changelog] * LG-7469 Standardize naming conventions (#6992) changelog: Internal, Attempts API, Standardize events name * Allow logging of emailage fields including confidence scores (#6993) * Allow logging of emailage fields including confidence scores * changelog: Internal, ThreatMetrix API, allow non-PII fields * Only fetch all email addresses when requested for OIDC user info (#6999) changelog: Internal, Performance, Only fetch all email addresses when requested for OIDC user info * Add ESLint enforcement of awaited userEvent interaction (#6995) * Add ESLint enforcement of awaited userEvent **Why**: Avoid developer confusion associated with race conditions caused by not properly awaiting the completion of a userEvent interaction. changelog: Internal, Automated Testing, Improve developer experience for writing interaction tests * Refactor password reset button spec to avoid Mocha "done" API * Refactor PasswordResetButton spec to use Chai promise helprs * Clean up some AB Test bucket code (#6994) - Move to initializer so we're not constantly re-allocating and checking - Remove ActiveModel::Model, it was only half-used - Update DocAuthRouter to use buckets * Update document_capture_step spec and create new FakeAbTestBucket [skip changelog] Co-authored-by: Doug Price <douglas.price@gsa.gov> * Update Rails (#7000) * Update Rails changelog: Internal, Dependencies, Update Rails * Fix patched behavior for redirects and unsafe redirects * Cache phone_configuration queries during OTP authentication (#6998) changelog: Internal, Performance, Cache phone_configuration queries during OTP authentication * Handle zip+0 at GPO verification letter export (#6970) * Handle zip+0 at GPO verification letter export [skip changelog] * Fix short-circuiting in OTP confirmation (#7002) [skip changelog] * Revert strscan version upgrade (#7003) [skip changelog] Co-authored-by: Oren Kanner <oren.kanner@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Melissa Miller <melissa.miller@gsa.gov> Co-authored-by: Doug Price <douglas.price@gsa.gov> Co-authored-by: Sheldon Bachstein <sheldon.bachstein@gsa.gov> Co-authored-by: Matt Wagner <mattwagner@navapbc.com> Co-authored-by: Kimball Bighorse <kbighorse@yahoo.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: olatifflexion <109746710+olatifflexion@users.noreply.github.com> Co-authored-by: John Skiles Skinner <john.skinner@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: John Maxwell <john.maxwell@gsa.gov>
…irming new email address for existing account (#7019)
Deploy RC 211.1 to Production
* Include U.S. territories in allowed countries for IdV phone changelog: Bug Fixes, Identity Verification, Allow U.S. territory numbers for IdV phone step * Use form instance for allowed countries * Only validate unsupported delivery methods if all unsupported * limit delivery options to phone number capabilities * Add regression coverage for "valid_phone_for_allowed_countries?" fix * Add test coverage for updated all-method-unsupported logic * Add test coverage for conditional field visibility * Check confirmed phones for PhoneNumberCapabilities initializer * Remove unnecessary memoization Conflicting variable name in "#new", not necessary anyways since we use it once in assignment, and helps collapse lines * Update spec expected error message for unsupported country * Fix OTP delivery method re-render on invalid create * Validate region regardless of number of supported countries We now support multiple. "valid country" should apply based on the selected country code regardless of how many countries are supported * Update server-side logic for U.S. number constraint error message * Fix empty errors value in spec assertion * Add phone analytics to phone finder * rename address proofing country codes constant and make it configurable * fix specs * JavaScript this.isConnected fix Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
Deploy RC 211.2 to Production
Deploy RC 212 to Prod
Deploy RC 213 to Prod
**Why**: The job uses the passed date for the reporting range, so it should correspond to the date used in stubbing data, like what's done in other test cases in the file. [skip changelog]
Deploy RC 214 to Prod
Deploy RC 214.1 to prod
Deploy RC 215 to prod
Deploy RC 216 to Prod
Deploy RC 217 to Prod
* LG-7446 Create "Cancel" Links and Supporting Cancellation Code for Identity Proofing Process (1 of n) (#7124) * Create concern to render 404 if The IdentityConfig.store.inherited_proofing_enabled returns false in preparation for use in the Inherited Proofing (IP) cancellations controller that needs to be created. Eventually, this code may get thrown away once IP goes live; however, this makes for less lines of code that need to be removed once/if it does. changelog: Improvements, Upcoming Features, LG-7446 Create Inherited Proofing Cancellation Links and Process * Add skeleton InheritedProofingCancellationsController Specs to be added in subsequent PR when controller actions are fleshed out. * Add InheritedProofingCancellationsController views and i18n * Add routes for InheritedProofingCancellationsController actions * Satisfy Brakeman violations Specifically, the "Render path contains parameter value" violation. This commit whitelists the flow steps expected and raises an error if params[:step] is not found in the whitelist. Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path contains parameter value Code: render(action => ButtonComponent.new(:action => (lambda do button_to(idv_inherited_proofing_cancel_path(:step => params[:step]), { **tag_options }, &block) end), :method => :put, :big => true, :wide => true, :outline => true).with_content(t("inherited_proofing.cancel.actions.keep_going")), {}) File: app/views/idv/inherited_proofing_cancellations/new.html.erb Line: 23 Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path contains parameter value Code: render(action => SpinnerButtonComponent.new(:action => (lambda do button_to(idv_inherited_proofing_cancel_path(:step => params[:step], :location => "cancel"), { **tag_options }, &block) end), :method => :delete, :big => true, :wide => true, :outline => true, :form => ({ :data => ({ :form_steps_wait => "" }) })) .with_content(CancellationsPresenter.new(:sp_name => decorated_session.sp_name, :url_options => url_options).exit_action_text), {}) File: app/views/idv/inherited_proofing_cancellations/new.html.erb Line: 44 * Remove unused analytics events (#7142) changelog: Internal, Analytics, Remove unused analytics events * Remove JavaScript optimization from asset pipeline (#7136) changelog: Internal, Build Tooling, Remove redundant JavaScript optimization step * Remove unused support for proc methods in frontend logger (#7143) changelog: Internal, Analytics, Remove unused feature support in frontend logger Last usages removed in #7110 * Ensure all UserMailer emails do not use plaintext emails as parameters (#7106) * Ensure all UserMailer emails have matching User and EmailAddress parameters and plaintext emails are not used as parameters changelog: Internal, Email, Ensure all UserMailer emails have matching User and EmailAddress parameters and plaintext emails are not used as parameters Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * fix mailer previews Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Prepare to drop unused registration_logs columns (LG-6317) (#7131) - Make registration_logs.submitted_at nullable, stop writing it - Ignore other columns changelog: Internal, Logging, Stop writing extra registration_logs timestamps * LG-7251 Update SAML SP request flow to POST internally instead of GET (#6894) * Update SAML SP request flow to POST internally instead of GET * Add route for internal SAML auth POST requests * changelog: Improvements, Service Provider Authentication, Update SAML Authentication Flow * Add feature flag for SAML internal POST update, tests for the flag * Allow longer wait delay for in-person feature specs (#7145) **Why**: Clicking "Continue" from the "prepare" step will wait for a client-side logging event before continuing to the "State ID" step, which often cannot complete before the 0.5 second tolerance allowed by default in local development environments. changelog: Internal, Automated Testing, Improve reliability of feature specs * LG-7702: record the issuer of the SP requesting idv in the profile. (#7125) * LG-7702: record the issuer of the SP requesting idv in the profile. changelog: Internal, Identity Verification, Track the agency requesting identity verification. * record the initiating sp as an association * use the issuer as the foreign key * changelog: Improvements, In-Person Proofing, updates translations in french and spanish (#7139) * LG-7446 Create "Cancel" Links and Supporting Cancellation Code for Identity Proofing Process (2 of n) (#7144) * Segregate Inherited Proofing routes changelog: Improvements, Upcoming Features, LG-7446 Create Inherited Proofing Cancellation Links and Process * Rename concern to avoid whitelist in naming - Flow step whitelist should be compared as strings so this was changed as well. - ...not Symbols, because they will be compared against params[:step] which will be a String value. - Remove unnecessary code * Add InheritedProofingCancellationsController specs Co-authored-by: Gene M. Angelo, Jr <web.gma@gmail.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Julia Allen <51330839+julialeague@users.noreply.github.com> Co-authored-by: Doug Price <douglas.price@gsa.gov> Co-authored-by: Matt Gardner <wilburnforce@gmail.com>
* Fix typo for user mailer validation error class changelog: Bug Fixes, Mailers, Resolve unhandled errors by correcting error class name * Add spec
Deploy RC 218.1 to Prod
…il (#7164) * Ensure email belongs to account when resending email confirmation email changelog: Bug Fixes, Emails, Ensure email belongs to account when resending email confirmation email * add analytics
Deploy RC 218.2 to Production
…) (#7175) * Add info for American Samoa, edit info for Northern Mariana Islands changelog: Internal, API improvements, add and update information for American Samoa and Northern Mariana Islands * fix lint error * update information for Japan * revert `supports_sms` value for MP and AS * revert based on discussion * Revert "revert based on discussion" This reverts commit 2e696f8. Co-authored-by: Jessica Dembe <jessica.dembe@gsa.gov>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improvements
Bug Fixes
Internal
Upcoming Features