Merged
Conversation
* Use Redis for one-time passcode sending rate limits changelog: Internal, Rate Limiting, Use Redis for one-time passcode sending rate limits * Update app/services/otp_rate_limiter.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/services/otp_rate_limiter.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * fix specs * remove unused methods * remove OtpRequestsTracker --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* fix phone bug * changelog: Bug Fixes, Ready to verify email, get phone from selected_location_details * add test for phone number
* Fix some of the tests * changelog: Internal, Multi-Factor Authentication, Update IPP test to include PO Search
…7760) * user can't proceed past empty textbox, but no validation error displays and activeErrors is empty * disable search input field when user selects a location * clean up unneeded changes * changelog: Bug Fixes, In-person proofing, allow user to select USPS location when search box is empty * test that user can select location when search box is empty
) * Refactor NewPhoneForm user parameter as keyword argument [skip changelog] * Use conventional ivar assignment for NewPhoneForm * missed one * Update spec stub call expectation * Migrate attr_accessor to attr_reader Rewrites phone validation specs since they rely on the accessor, which isn't actually how the class validation would happen in the real-world
* LG-8577: Prefill mobile number for hybrid docauth If the user has a mobile number associated with their account, prefill that when showing the handoff screen for hybrid docauth. changelog: User-Facing Improvements, Identity Verification, Prefill mobile number for hybrid doc auth * Update spec/features/idv/doc_auth/send_link_step_spec.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/services/idv/steps/send_link_step.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * create_form -> build_form * Fix line length issue --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Internal, Console, Disable autocompleting in Rails console Co-authored-by: Tomas Apodaca <thomas.apodaca@gsa.gov>
* Make AesCipher test pass locally Check cipher name by calling library, because names can change. * Resolve classname collision in specs between ExampleAnalytics classes Use anonymous classes to avoid classname conflicts Co-authored-by: John Maxwell <john.maxwell@gsa.gov> Co-authored-by: Matt Hinz <matt.hinz@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> [skip changelog]
* switch from npx to yarn changelog: Internal, Documentation, Update documentation for IDP frontend Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* LG-8232 Update Event: IDV forget password email confirmed changelog: Internal, Attempts API, Passing request_id in the email link * test scenarios
* LG-8302: Log information required to detect enrollments that exceed their expiration date * [skip changelog] * Update app/services/analytics_events.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update spec/jobs/get_usps_proofing_results_job_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-8302: Add helper for ranges approximating a value --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* deduplicate post offices with the same address * changelog: Bug Fixes, In-person proofing, don't display the same post office multiple times
Resolves LG-8794 [skip changelog]
…greater flexibility (#7777) * changelog: Bug Fixes, In-person proofing, ArcGIS API: Use full URLs so they can be swapped for fallback services * Remove constants; use config directly * Scope the API token to hostname * Scope dynamic api token key name delimiter with colon
… is properly logged before a Rack Attack (#7757) changelog: Internal, Attempts Api, Bugfix
…ent (#7772) * Recursively add scripts for parent components * Use respond_to instead of direct class reference duck typing * [skip changelog]
* SpinnerButton: Clear timeout on disconnect The open timeout was causing test runner not to terminate cleanly * Add changelog changelog: Internal, Automated Testing, Improve reliability of JavaScript tests
* LG-8532 Shore up IDV Account Reactivation Events changelog: Internal, Attempts API, Standardize events
* Added titles to form steps and also augmented form step title. * Corrected title format var * Move titleFormat definition to props * Enable translations for page headings * Adding title to switch back step * changelog: User-facing improvements, In-person Proofing, addressing a11y concern match page titles to h1s * Get app name from meta element. * Use getConfigValue to grab the App Name * Add title to documents step as well.
* Update irbrc to avoid saving history changelog: Internal, Console, Disable autocompleting in Rails console * Allow history, add to gitignore
…fication page (#7694) * changelog: User-Facing Improvements, Authentication, Add authentication troubleshooting options to phone OTP verification page * add translations for spanish and french * add id to message call * add logic to market site * fix linting issue * fix linting issue * fix up phone delivery presenter
changelog: Internal, Cross-Origin Resource Sharing, Include protocol when checking internal domain for CORS
Delete :pii_from_doc (unsupervised proofing) as well as :pii_from_user (in person proofing) from the session after updating SSN. [skip changelog]
* changelog: User-facing improvements, In-person proofing, Addressing VPAT concerns around skip to main content link. * Removing doc-auth specific instead making global. * Remove unneccessary focus()
#7785) * Pre-calculate CORS domains in cache rather than calculating every time changelog: Internal, Cross-Origin Resource Sharing, Pre-calculate CORS domains in cache rather than calculating every time * Update config/application.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * underscore unused variable * Update config/application.rb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
…mpleted the verify info step (#7787) Currently we have some code in place to check that a user has completed the verify step in the review controller. This code supports us when both the FSM verify step and the new verify step are in place. It will be removed in this change request: #7747 After deploying the IDP with the feature flag enabled we discovered a bug in this code. This code calls `idv_session` in a before action that is added prior to adding the `IdvSession` concern. The `IdvSessnion` concern adds a before action to confirm the user is authenticated. This concern includes a before action to confirm the user is authenticated since calling `idv_session` with no user session results in a `NoMethodError`. Having the `confirm_verify_info_complete` prior to that before action is problematic since it calls `idv_session`. This commit works around the issue by guarding the before action with a check to confirm the user is authenticated. This is not the most elegant solution, but it should work and as stated previously will be removed in #7747. [skip changelog]
… AAL to the OIDC Response Token (#7791) Don’t show ial and aal for now, but leave everything else
DocAuthLog needs to be updated in controllers that are extracted from the Flow State Machine. Add the calls and tests to VerifyInfoController. [skip changelog]
changelog: User-Facing Improvements, IdV GPO Flow, Move Personal Key page to after a user has GPO verified * created feature flag for personal key after one time code flow * redirect to come_back_later if using gpo flow * updated come_back_later page with new translations and new design" * gpo_verify_controller redirects to personal key gpo_verify_controller redirects to personal key page if the new GPO flow is enabled * personal_key_controller redirect to sign_up_completed personal_key_controller redirects to sign_up_completed during the new GPO flow. * sanitize come_back_later_html * check for come_back_later in gpo flow * add changelog * fix lint * optimize svg * fix come_back_later/show test * remove unused i18n keys * fix more tests with gpo * fix clearing_and_restarting spec * change continue to exit in in_person_spec * add new test to check new gpo otp verification * access profile from idv_session or current_user.active profile * moved gpo after personal key feature test into gpo_otp_verification_step_spec * check personal key redirect after gpo verification * change reordering of gpo steps with feature flag
* Refactor CORS origin logic into class changelog: Internal, Cross Origin Resource Sharing, Refactor CORS origin logic into class * Update lib/identity_cors.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update lib/identity_cors.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * return false instead of nil * use stricter regex * fix spec * add specs --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
aduth
requested review from
JackRyan1989,
NavaTim,
Rwolfe-Nava,
ThatSpaceGuy,
allthesignals,
eileen-nava,
jmhooper,
matthinz,
mdiarra3,
mitchellhenke,
olatifflexion,
orenyk,
soniaconnolly,
svalexander and
tomas-nava
mdiarra3
approved these changes
Feb 9, 2023
NavaTim
approved these changes
Feb 9, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal