Merged
Conversation
…entity Proofing Process (1 of n) (#7124) * Create concern to render 404 if The IdentityConfig.store.inherited_proofing_enabled returns false in preparation for use in the Inherited Proofing (IP) cancellations controller that needs to be created. Eventually, this code may get thrown away once IP goes live; however, this makes for less lines of code that need to be removed once/if it does. changelog: Improvements, Upcoming Features, LG-7446 Create Inherited Proofing Cancellation Links and Process * Add skeleton InheritedProofingCancellationsController Specs to be added in subsequent PR when controller actions are fleshed out. * Add InheritedProofingCancellationsController views and i18n * Add routes for InheritedProofingCancellationsController actions * Satisfy Brakeman violations Specifically, the "Render path contains parameter value" violation. This commit whitelists the flow steps expected and raises an error if params[:step] is not found in the whitelist. Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path contains parameter value Code: render(action => ButtonComponent.new(:action => (lambda do button_to(idv_inherited_proofing_cancel_path(:step => params[:step]), { **tag_options }, &block) end), :method => :put, :big => true, :wide => true, :outline => true).with_content(t("inherited_proofing.cancel.actions.keep_going")), {}) File: app/views/idv/inherited_proofing_cancellations/new.html.erb Line: 23 Confidence: Weak Category: Dynamic Render Path Check: Render Message: Render path contains parameter value Code: render(action => SpinnerButtonComponent.new(:action => (lambda do button_to(idv_inherited_proofing_cancel_path(:step => params[:step], :location => "cancel"), { **tag_options }, &block) end), :method => :delete, :big => true, :wide => true, :outline => true, :form => ({ :data => ({ :form_steps_wait => "" }) })) .with_content(CancellationsPresenter.new(:sp_name => decorated_session.sp_name, :url_options => url_options).exit_action_text), {}) File: app/views/idv/inherited_proofing_cancellations/new.html.erb Line: 44
changelog: Internal, Analytics, Remove unused analytics events
changelog: Internal, Build Tooling, Remove redundant JavaScript optimization step
changelog: Internal, Analytics, Remove unused feature support in frontend logger Last usages removed in #7110
#7106) * Ensure all UserMailer emails have matching User and EmailAddress parameters and plaintext emails are not used as parameters changelog: Internal, Email, Ensure all UserMailer emails have matching User and EmailAddress parameters and plaintext emails are not used as parameters Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * fix mailer previews Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
- Make registration_logs.submitted_at nullable, stop writing it - Ignore other columns changelog: Internal, Logging, Stop writing extra registration_logs timestamps
…#6894) * Update SAML SP request flow to POST internally instead of GET * Add route for internal SAML auth POST requests * changelog: Improvements, Service Provider Authentication, Update SAML Authentication Flow * Add feature flag for SAML internal POST update, tests for the flag
**Why**: Clicking "Continue" from the "prepare" step will wait for a client-side logging event before continuing to the "State ID" step, which often cannot complete before the 0.5 second tolerance allowed by default in local development environments. changelog: Internal, Automated Testing, Improve reliability of feature specs
…7125) * LG-7702: record the issuer of the SP requesting idv in the profile. changelog: Internal, Identity Verification, Track the agency requesting identity verification. * record the initiating sp as an association * use the issuer as the foreign key
…french and spanish (#7139)
…entity Proofing Process (2 of n) (#7144) * Segregate Inherited Proofing routes changelog: Improvements, Upcoming Features, LG-7446 Create Inherited Proofing Cancellation Links and Process * Rename concern to avoid whitelist in naming - Flow step whitelist should be compared as strings so this was changed as well. - ...not Symbols, because they will be compared against params[:step] which will be a String value. - Remove unnecessary code * Add InheritedProofingCancellationsController specs
changelog: Internal, Code Quality, Remove unused code
* Remove unreachable reference to secure_headers gem changelog: Internal, Code Quality, Remove unreachable code * Re-expand map block Avoid nested inline blocks, simplify diff
changelog: Internal, Logging, Remove unused database columns
…e for all environments (#7127) * set va_inherited_proofing_mock_enabled to false for all environments * changelog: Feature Toggles,InheritedProofing,DisableMockDefaultToggleValue * changelog: Upcoming Features,InheritedProofing,DisableMockDefaultToggleValue
* Fix typo for user mailer validation error class changelog: Bug Fixes, Mailers, Resolve unhandled errors by correcting error class name * Add spec
**Why**: in production, running one rake task causes them all to be loaded so this puts statement got executed from an unrelated task, because it was at the class level [skip changelog]
* email analytics sent for success and failure emails * log email event for success version * log event exists for failed email * check email analytics are logged * update time param so tests pass * Internal, Analytics, add email analytics * fix lint issues * change email version to type * remove wait time * remove redundant email type
* Use class members instead of instance members * Refresh token if it has less than 1 second left * Initialize class member variables * Revert "Refresh token if it has less than 1 second left" This reverts commit 248de40. * changelog: Upcoming Features, In-person proofing, Cache usps api token better * Use mattr_reader so members are readable in spec * Update app/services/usps_in_person_proofing/proofer.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/services/usps_in_person_proofing/proofer.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/services/usps_in_person_proofing/proofer.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* LG-7353 - Removed body copy under H1 - Removed H2 "Your personal key" - Updated caption copy to read "Your personal key was generated..." - Removed the previous "Save it. Keep it safe." block from this section - Added new copy - Moved personal key links into _key partial and un-styled them. - Added "What is a personal key?" accordian - Added acknowledgement checkbox and text - Widened continue - Moved strings out to new locale file entries. - Removed personal key confirmation dialog feature flag (the dialog is gone and the flag is now unused). Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
…il (#7164) * Ensure email belongs to account when resending email confirmation email changelog: Bug Fixes, Emails, Ensure email belongs to account when resending email confirmation email * add analytics
…entity Proofing Process (3 of n) (#7148) * Create a partial to with Cancel link for use in IP views changelog: Upcoming Features, Inherited Proofing, LG-7446 Create "Cancel" Links and Supporting Cancellation Code for Identity Proofing Process (3 of n) * Add Cancel link to Agreement step UI * Add Cancel link to Getting Started step UI * Add Cancel link to Verify Info step UI - Remove extra line. * Add feature spec tests for :agreement and :get_started steps
…ater visibility (#7138)
* LG-7582: Add proofing components to IdV analytics events changelog: Internal, Analytics, Add common properties to identity verification events Handle absent user proofing components Refactor IdV analytics as decorator It behaves as one, and resolves naming collision of base analytics class Refactor IdV analytics initializer as concern more composable, prefer consistency of single application controller Symbolize analytics keys consistent analytics argument shape, simplified/consistent spec expected values Add idv_final to decorated analytics methods Add proofing_components as explicit parameter to analytics methods So they're documented, and so that it's enforced as required parameter Add idv_personal_key_visited to decorated analytics Add idv_personal_key_submitted to analytics decorator Add specs for AnalyticsDecorator Simplify decorator interface by making readers private Add extra parameter to IdV analytics methods Add idv_review_info_visited to decorated analytics methods Add idv_phone_confirmation_otp_submitted to decorated analytics methods Add idv_phone_confirmation_otp_visit to decorated analytics methods Sync expected methods Reference user via analytics instance Override base analytics method in Idv::AnalyticsConcern Add idv_phone_confirmation_otp_sent to decorated methods Add idv_phone_otp_delivery_selection_submitted to decorated methods Add analytics concern to OtpDeliveryMethodController So that analytics override occurs as expected Make FakeAnalytics user parameter optional Add idv_cancellation_visited as decorated event Implement decorated methods as method_missing Discussion: #7111 (comment) At least for now, to simplify including new methods, can be broken back out later Still explicitly lists every method, so may address concerns with magic? Add all cancellation events as decorated Add GPO come back later event as decorated Allow optional user for proofing_components Not really expected, but simplifies existing tests support Add forgot password events to decorated events Freeze decorated methods Try fixing memoized outdated user proofing components Previously, address_check: 'gpo_letter' was not being shown as included in the logs, but was present in proofing components only after `user.reload`. Operating theory is that because the user is sticky across all request analytics instances, it doesn't behave the same as in real world with per-request initialization Add GPO letter events to decorated methods Add personal key frontend events to decorated methods Not currently working (proofing_components is nil). Maybe user not correctly set? Refactor proofing components keys as struct More clarity in analytics method documentation Rework FrontendLogger to send on analytics instance Since otherwise the decorated events are not called, since the analytics_method is a reference to the base method in AnalyticsEvent class spec coverage tbd Remove analytics concern in favor of baking in decorated analytics Implement ProofingComponentsLogging custom to_h as sliced model Accuracy of documented parameter in AnalyticsEvents See: #7111 (comment) Add idv_in_person_ready_to_verify_visit as decorated method Add IdV phone events to decorated methods Add proofing components expectations for happy path Fix analytics decorator spec Revise analytics decorator spec to sample single method Since all methods should behave the same via define_method implementation, this helps speed up the test Make proofing_components nillable in analytics events Too many specs run in isolation without expectation of decorated analytics Add missing event documentation Update controller spec analytics assertions Add idv_setup_errors_visited to decorated methods Fix specs Update ApplicationController specs Handle anonymous analytics user in analytics decorator Add additional expected properties for IdV phone events Swap create_or_find_by to find_or_create_by 1. Likely the more optimal query, since at this point it should be expected that a proofing component would already exist 2. Fixes a behavior where user proofing record relation had nil values (proofing component record treated as new/unsaved?) Refactor analytics decorator as built-in to base Analytics class #7111 (comment) Remove lingering reference to decorate method Normalize asserted events as JSON in FakeAnalytics Match real-world logging behavior Log proofing components via as_json method See: #7111 (comment) Update specs for nil logged proofing_component These specs stub analytics without an associated user / proofing component, so proofing components would be expected to be empty Previously the nil value would have been converted to an empty hash via `to_h`. This is a more desirable result anyways * Convert asserted time to UTC Odd that it suddenly starts failing? * Remove nil proofing_components from compacted events The analytics method calls Hash#compact * Move FakeAnalytics JSON conversion to avoid matcher conflict * Revert changes to ApplicationController spec No longer decorating
**Why**: We can avoid creating extra methods via alias_method, avoid a few dynamic #send as well [skip changelog]
- It always logs something after each run, so that we can get better info on why it bails early, if it does [skip changelog] Co-authored-by: Andrew Duthie <aduth@users.noreply.github.com>
* Restore README change from abandoned prior branch * Add increased file descriptor .plist to README * Move error item into error section of README * Include sassc-rails gem to resolve intermitten test errors * Remove sassc-rails per Michelle Henke's advice it's no longer used * Remove sassc-rails from Gemfile.lock * changelog: Added, README, increase file descriptor limit * changelog: Added, README, increase file descriptor limit * [skip changelog] * Include nano command to edit .plist file in README * remove capybara-selenium Why? The capybara-selenium gem was last updated on 12/20/2014. The functionality of that gem has been replaced by the webdrivers gem. Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov>
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.8 to 1.13.9. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.9/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.8...v1.13.9) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Create DownloadButtonComponent for download button changelog: Bug Fixes, Backup Codes, Fix backup code download for Internet Explorer * Change "data" argument to "file_data" Allow use of data-* attributes passed as "data" hash * Add specs for DownloadButtonComponent * Simplify to use Uin8Array map argument See: #7146 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Restore customized download label for personal key Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
* Introduce "Click Observer" component for click event logging **Why**: - Avoids the need for ad hoc scripts - Fewer JavaScript packs - Establishes common pattern - Avoids complicated testing for custom packs with side effects - Easier to implement new click logging - Makes event logging more discoverable by colocating component rendering with the element being observed changelog: Internal, Analytics, Refactor UI click analytics tracking * Restore analytics methods to index (for now) sinon stubbing of ES6 modules is... not straight-forward. may need to find an alternate approach (dependency injection?). * Add context-aware properties to click observer * Fix double event logging for checkbox label click
* Split design system navigation JavaScript to own pack changelog: Internal, Performance, Reduce JavaScript bundle size in critical paths * Port navigation.js to TypeScript
changelog: Internal, Inherited Proofing, Turn va_inherited_proofing_mock_enabled true for development environments This is so that developers do not have to specifically enable this switch - we should not be attempting to make live calls in our development environments by default.
…7155) * Log Emails Sent changelog: Internal, Logging, Log Emails Sent * check for pii * ensure report mails are delivered now * track in new relic * mailer move * use prepend instead of alias_method
**Why**: Some environments don't have signatures configured, so it's not an error we need to alert on [skip changelog]
* Add info for American Samoa, edit info for Northern Mariana Islands changelog: Internal, API improvements, add and update information for American Samoa and Northern Mariana Islands * fix lint error * update information for Japan * revert `supports_sms` value for MP and AS * revert based on discussion * Revert "revert based on discussion" This reverts commit 2e696f8.
* Remove FormSteps basePath option handling changelog: Internal, Performance, Reduce JavaScript bundle size in critical paths * Restore i18n dropdown initialization Previous condition ran `setUp` except in test environment. Since JavaScript tests applying to this file for URL sync have been removed, always run initialization at top-level scope
…s from resolution (#7177) Previous commits made the State ID Proofer (AAMVA) and the Resolution Proofer (LexisNexis InstantVerify) aware of specific attributes that passed and failed. The purpose of this work was to allow attributes that failed during resolution (namely dob and address) to be covered by attributes verified by the State ID Proofer. This commit makes a number of changes to that effect: 1. A request is sent to the state ID proofer even if the resolution proofer fails 2. If the attributes that failed the resolution proofer check pass the state ID proofer checks that is considered a pass A new adjudicator class was created to house this logic. [skip changelog]
…ion is received from API call. (#7161) * LG-7449 Add first error page for inherited proofing when there is no response from VA for any reason * changelog: Upcoming Features,InheritedProofing,AddFirstErrorPage * fix lint and normalize yml * add placeholder method, before filter and remove h2 * remove unsed translations
* LG-7703: Force a user to re-verify their identity for IRS. If a user proofed their identity with a non-IRS SP, then visits an IRS SP, they will be forced to reproof. changelog: Improvements, Identity Verification, Require users to re-proof on first IRS visit. * working on the SAML side
**Why**: This was implicitly the default already, and making it explicit helps clarify that this is asymmetric encryption (because the enc: is symmetric) [skip changelog]
mitchellhenke
approved these changes
Oct 20, 2022
jmdembe
approved these changes
Oct 20, 2022
Contributor
|
(small request, can we update the PR title to be the RC number, 2XX or whatever?) |
Contributor
Author
|
Yup done! My bad |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improvements
Bug Fixes
Internal
Upcoming Features