Merged
Conversation
We are working on retiring the FSM and have recently put work into moving users to a new controller for entering their SSN. This works follows up on that by removing the old SSN step and the code that directed users their. changelog: Improvements, FSM Retirements, The old FSM step was removed and supporting code was also removed now that all users should be sent to the newly built SSN controller. --------- Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
LG-8938 | Fix bug where we are only logging form validation errors Vendor responses were not being captured due to where we were calling the tracker.
We built out the inheritted proofing experience, but it is not currently enabled or supported. This commit removes it. changelog: Improvement, Inheritted proofing, The code for inheritted proofing was removed.
This method is not used at all, so I cleaned it up [skip changelog]
* Remove leftover OTP delivery redirect We recently consolidated the OTP delivery method controller and the phone controller in IdV. The old OTP delivery method controller is no more. I found a redirect to it and discovered it was still referenced in the routes. This commit cleans up both of those and removes an unused shared example I found in the process. changelog: Internal, Code cleanup, The following were removed: A redirect to an unused route; tests that tested the redirect to the unused route; a RSpec shared example that included a reference to this unused route but was not actually used in any specs; a template that was previously used by the removed controller; translations for the removed template.
Tell WebMock not to delay HTTP connections for this test Why: spec/features/idv/hybrid_flow_test.rb was failing locally with "too many file handles" error. With some experimenting and web searching we found this possible solution and it made the test succeed five times in a row. (We hope it's fixed.) Co-authored-by: John Maxwell <john.maxwell@gsa.gov> Co-authored-by: Douglas Price <douglas.price@gsa.gov> Co-authored-by: John Skinner <john.skinner@gsa.gov> Co-authored-by: Alexander Bradley <alexander.bradley@gsa.gov> Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> [skip changelog]
* LG-8749: IDV TMX Fraud check event tracking changelog: Internal, Attempts API, Track additional TMX fraud check event * Update app/services/idv/steps/threat_metrix_step_helper.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * linting fixes * feedback * added feature flag --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Added doc on how to fix OpenSSL error in tests [skip changelog] Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
…#7932) We added code to tell Webmock to allow net connect on HTTP start. This was done to prevent too many open files errors from occuring during hybrid flow tests. This setting stayed in place after the hybrid flow specs ran which could lead to problems with tests making external requests down the line. This commit makes it into an around action to make sure external connections get disabled after the hybrid specs run. [skip changelog]
The IdV step concern is intended to be used to make certain that previous IdV steps have been completed before allowing a user to complete a step. This commit start the process of implementing these steps by adding an available before action to ensure the address step is complete and using that in the review controller changelog: Internal, Improvements, A before action to verify that the user has completed the address step before allowing the user to complete steps that depend on the address step was added to IdV step concern so it is available to controllers that implement IdV steps.
…ling drop (#7934) In #7892 we made "Pass" the default option for the simulated device profiling tooling. Unfortunately the javascript there does not submit anything unless the user actually selects a value from the dropdown. This made sense in the world where "No Result" was the default. With pass as the default it causes the user to fail downstream. This commit makes 'pass' the default value if 'nil' is submitted. Nil will still be used as the TMx review status value if "no_result" is submitted. changelog: Improvements, Mock Device Profiling, The mock device profiling backend was changed to accept nil as a valid value in the cases where a user does not make a selection from the mock device profiling simulation javascript on the SSN step in the proofing flow.
* LG-8969 Added text to try again * LG-8969 Update error to display and test * changelog: User-Facing Improvements, In-person proofing, Content update for error on PO search * LG-8969 Update string key to be more specific * LG-8969 Alpha order * LG-8969 fix linter violations * LG-8969 remove space * LG-8969 fix lint issue
…#7888) * Hash shared secret before checking validity of IRS Attempts API token changelog: Internal, IRS Attempts API, Scrypt hash token before doing a strict string comparison against valid tokens Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov>
…#7909) * LG-8527: Limit NewRelic browser instrumentation to supported browsers changelog: Internal, Error Reporting, Track frontend errors from supported browsers * Cache result and handle load error * Update yarn.lock * Make BrowserSupport.browser_support_config private So I don't have to feel compelled to write specs for it * Leverage attr_reader for internal cache reference * Simplify stub value * Generate browsers.json as dependency of make run #7909 (comment) * Fix typo browsers.json * Define target dependencies for cachebusting * Remove extra check for browser Despite this being pulled from their documented example, this appears redundant, since the version check will already include an equivalent (duplicate) check for the browser See: https://github.com/browserslist/browserslist-useragent-ruby/blob/f17624b1c678a34d67038efcb17394b0175317ae/lib/browserslist_useragent/match.rb#L21 * Use shared matcher instance with ivar manipulation Performance optimization See: #7909 (comment) * Parse browserslist config and compare against parsed browser * Add spec for browsers.json supported keys * Name second part of split version See: #7909 (comment) * Limit `make browsers` to once per spec run See: #7909 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Define browsers.json as spec subject * Add comments for user agent strings For clarity See: #7909 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Avoid lingering cached class variables between specs * Test platform for platform-specific browserslist keys See: #7909 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Remove redundant transform_values See: #7909 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Add cache clearing method for use in tests See: #7909 (comment) * Reorder condition to always run BrowserSupport --------- Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
Make sure we get the correct information out of the XML when it's available. Specifit test for Aaamva 'timed out talking to state agency' responses, which is what kicked this off.
* Initial commit of skeleton document_capture_controller * Add doc_auth_document_capture_controller_enabled feature flag * Add controller specs, show template, route for DocumentCaptureController * Add feature spec for DocumentCaptureController#show changelog: Internal, refactoring Flow State Machine, add new DocumentCaptureController with show action for desktop flow (feature-flagged) --------- Co-authored-by: eric-gade <eric.gade@gsa.gov>
* VerifyInfo, show DOB with full month name * Better I18n of long-form birth date * Fix in_person spec DOB expectation changelog: User-Facing Improvements, Verifying your information, Show Date of Birth with full month name, localized
#7939) Add address_line2_present to IdV: doc auth verify proofing results analytics event when verify proofing completes. This will give us more data about how address line 2 is affecting proofing outcomes, and can be correlated with address_line2_present in IdV: doc auth image upload vendor submitted analytics event which shows whether address line2 was received from the vendor earlier in the flow. * Make address_line2_present expected in analytics spec changelog: Internal, Identity Verification, improved address line 2 logging
changelog: Bug Fixes, Accessibility, Fix heading order for personal key reactivation
This commit updates rack to resolve an issue found by bundle audit [skip changelog]
…7935) * LG-7832: Transliterate name, address, and city for USPS API (w/ FF) changelog: Improvements, In-Person Proofing, USPS API Transliteration * LG-7832: Remove bad auto-merged configs * LG-7832: Move TransliterationResult to location expected by Rails autoloader * Update Makefile Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/services/usps_in_person_proofing/transliterator.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/services/usps_in_person_proofing/transliterator.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-7832: Make test updates based on PR feedback * LG-7832: Lint fix * Update spec/services/usps_in_person_proofing/enrollment_helper_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/services/usps_in_person_proofing/enrollment_helper.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-7832: Remove incorrect usage of .class * LG-7832: Feature should only be enabled by default in dev environments --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
In the past we have not logged errors from the response on passed LexisNexis transaction. The assumption here was that if the transaciton passed there must not be any errors. Due to nuances in the configuration LexisNexis transacitons can pass if there are tolerable errors or errors that are not deemed risky enough to fail a transaction. These still contain useful information, however. This commit makes a change to always log the errors in LexisNexis transacitons, even if they are successful. changelog: Improvements, Error logging, Errors that occur while communicating with LexisNexis Risk Defense Platform services (i.e. InstantVerify and PhoneFinder) are now logged regardless of the verification status of the RDP transaction. Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
…ns (#7936) The changes to `base_flow.rb` help retain the form data when responding to a form submission by permitting reuse of the form (as an instance variable) both in validating the submission and in rendering the new page. The flow state machine instance that keeps a reference to the form steps (and therefore the form) is discarded and recreated on every request. The updates to `state_id_step.rb` and `address_step.rb` assign the form as an instance variable and merge the session data with form data when rendering the response to an invalid submission. They also permit the removal of misleading reuse of the `doc_auth` symbol for identifying these forms. * LG-7832: Preserve State ID and Address form data on invalid submissions changelog: Bug Fixes, In-Person Proofing, Retain State ID and Address on form re-render after invalid submissions * LG-7832: Fix address test * LG-7832: Fix state ID step test * Update app/services/idv/steps/in_person/address_step.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/services/idv/steps/in_person/state_id_step.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* changelog: User-Facing Improvements, Authentication, Simplify SMS phone page * update phone add form page * edit based on comments * remove bolded text
changelog: Internal, Code Quality, Reconcile routes for adding phone
With the retirment of the Flow State Machine we will be using the IdV step concern to confirm that steps are completed throughout the proofing flow. This commit adds a `#confirm_verify_info_step_complete` which can be used as a before action to confirm verify info is complete. If it is not complete it knows to redirect the user either to the remote verify info or in-person verify info depending on whether the user has a in-person enrollmemnt. changelog: Improvements, FSM Retirement, A before action that validates that the verify info step was completed was added for use in IdV controllers that render steps that require the verify step to have been completed.
* reverified * changelog: User-Facing Improvements, Authentication, Attribute SP consent screen * update spec and order for completion heading and info * change up language * add reverified after consent test and help text * rubocop
* make analytics methods private * make proofer & request delay instance variables * move individual enrollment check into a new method changelog: Internal, refactor, GetUspsProofingResultsJob refactor
* add in_person_capture_secondary_id_enabled feature flag * changelog: Upcoming Features, In-person proofing, add feature flag * make feature flag available in non-test enviros * move feature flag to be closer to other in_person flags
…id for in-person proofing API (#7950) changelog: Internal, In-Person Proofing, Do not return HTTP 500 when cross-site request forgery token is invalid
mitchellhenke
approved these changes
Mar 9, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features