Merged
Conversation
* squash local bug w/o yet implementing token refresh * attempt to use protected method to check local token expires_at * Manipulate usps api token expiry to refresh early * Refactor to modify expires_in * Clean up logic * Add specs for #token * Update specs to not rely on cache implementation * Finish cleaning up specs changelog: Internal, In-person proofing, Preemptively refresh usps auth tokens and fix local cache bug * Rename variable for clarity * Use expires_at and remove redis ttl work-around * Update spec to use expires_in --------- Co-authored-by: Eileen McFarland <eileenmcfarland@navapbc.com>
changelog: Interal, Reporting, Add weekly Cloudwatch reports
changelog: Internal, Development, Remove parallel usage in setup and test commands
…er (#8060) * add invalid auth token to error reporter * changelog: Internal, In-Person Proofing, Do not return HTTP 500 for CSRF token failures in Address Search Controller
* Refactor PhoneController test * Break some phone_step_spec tests Moving throttle to .submit out of .async_state_done * Move throttle check to PhoneStep::submit * Wire up throttling analytics * Move throttle analytics call into PhoneStep Move it closer to the source, next to the attempts API call. * Check for success before throttling It's possible, on the user's last available attempt, for them to succeed, but leave the throttle tripped. So check for success before checking for a throttled state. * Removed unneeded throttle reset * changelog: Internal, Identity verification, Move phone verification rate limiting check from view to submission * Don't return nil from PhoneStep::failure_reason This nil return stood out like a sore thumb.
* Update AddressSearchController, UspsLocationsController to use case/when **Why**: It will catch subclasses as well changelog: Internal, Source code, Update error checking to allow subclasses --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
changelog: User-Facing Improvements, Partner Content, Improve styling of partner alert content
changelog: Internal, Redis, Use existing Redis pool for Rack::Attack rate limiting
…er (#8063) * Fix Content Security Policy errors when redirecting to service provider changelog: Bug Fixes, Authentication, Fix Content Security Policy errors when redirecting to service provider * add failing spec
* Intitial commit of vendor outage controller / view changelog: User-Facing Improvements, Vendor outage warnings, Pinpoint vendor outage screen 1. Updated header locales 2. Added session checking to controller for vendor_status 3. Added continue button 4. Updated the working test for page display * Updating view and localizations * Skipping upload/hybrid-handoff during phone outage * Pass to verify-info/gpo on phone outage * If no SP, use APP_NAME * Correct link to status page * Handle with/out current SP. Update locales. * allow feature_idv_force_gpo_verification_enabled to force skip phone finder * adds feature_idv_hybrid_flow_enabled flag (default: true) * show a cancel link on gpo page if skipping phone finder * renamed ial2 vendors to idv * specs for feature flags * Updating locales to use app_name * removing unused locales * Refactoring predicate methods for redirecting * rename VendorStatus to OutageStatus * renamed VendorOutageController to OutageController * Updating to StatusPageComponent and fixing Exit button 1. Updated the Outage show view to use the StatusPageComponent, for better uniformity; 2. Added a controller helper to determine which url to link to in the "Exit" button. In the case where there is an SP present and it has a valid return_to_sp_url set, the exit button will navigate to that URL. In all other cases it will return the user to the account page. NOTE: We had to change the yml configuration for local testing SPs so that it had a correct return_to_sp_url that we could actually test against. * Update app/controllers/idv/outage_controller.rb * Update app/views/idv/outage/show.html.erb * Adding hybrid flow availability check to FeatureManagement * renamed enable_gpo_verification? to gpo_verification_enabled? * use FeatureManagement.idv_gpo_only? for control * if GPO verification is not enabled, redirect to vendor outage blocking page. * rename OutageController to GpoOnlyWarningController * Re-show the mail only page if the user starts over * remove spec on obsolete config doc_auth_ssn_controller_enabled --------- Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov>
* Add automatic CSRF refresh on session keepalive changelog: Bug Fixes, Form Submission, Refresh form authenticity token when user's session is renewed with "Keep me signed in" * Rename include_csrf_token_header See: https://github.com/18F/identity-idp/pull/8067/files#r1146864875 Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Catch error in promise chain See: https://github.com/18F/identity-idp/pull/8067/files#r1146885936 * Simplify keepalive response handling "success" already deals with hiding the modal (as well as stopping countdowns) * Enhance feature spec to check for CSRF token change --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Internal, Performance, Avoid generating header for digested contents related to disabled cache
changelog: Internal, Error Logging, Avoid logging errors for missing or invalid request parameters
… exceptions (#8068) changelog: Bug Fixes, In-person Proofing, Rescue external server errors to avoid exceptions
* Make SpinnerButton form aware for invalid form submissions changelog: Internal, Spinner Button, Improve reliability of spinner button in validated form contexts * Update specs No longer calling form.submit directly, so observe form submission event * Remove now-redundant FormStepsWait invalid handling Now handled internal to SpinnerButton * Handle form within spinner button It's used this way when SpinnerButton is rendered with Rails button_to implementatino * Unbind events from form when disconnected * Removes redundant form validation error testing Handled in SpinnerButton * Unbind events from form when disconnected * Refactor tag construct See: https://github.com/18F/identity-idp/pull/7803/files#r1146420734
…password and second factor and require authentication for more account management actions (#8037) * Change re-authentication to only require a second factor rather than password and second factor and require authentication for more account management actions changelog: User-Facing Improvements, Authentication, Change re-authentication to only require a second factor rather than password and second factor and require authentication for more account management actions * add config * use 2fa reauthentication in existing reauthentication if enabled * use 2fa reauthentication in controllers that now require reauthentication if configured * fix specs * avoid duplicating before_action * do not store factor_to_change * ensure feature flag coverage is complete * remove helper that's only used once * add analytics * add before_action specs
* update address page to support DAV * WIP need to bypass address form validation * changelog: Upcoming Features, In-person proofing, update address page * fix build * LG-9139: Remove Puerto Rico hint text code for other story * LG-9139: Use enrollment-based feature flag; update tests * LG-9139: Update address line 2 French translation * LG-9139: Write test to verify same_address_as_id bug; fix bug * LG-9139: Fix analytics spec * Revert "LG-9139: Update address line 2 French translation" This reverts commit 99b3a86. * refactor method that returns a boolean to end w/ ? --------- Co-authored-by: Timothy Bradley <timothy.bradley@gsa.gov>
…ed (#8074) * Remove redundant #show context from controller spec * Add bare-bones update spec and make it pass * remove redundant acuant_sdk a/b test args * Add handle_stored_result and dependent methods to #update * Add analytics and Funnel logging * Add before action that checks if agreement step is complete Check for the step in flow_session. Later we can add a property and methods to Idv::Session. changelog: Internal, Flow State Machine replacement, Add update method to DocumentCapture step (feature flagged) * Add SP error and rate limiting feature tests * Add code that handles stored images after Submit * Make feature tests pass Add a method on Idv::Session to delete the applicant Reference current_user.id instead of user_id Include DocumentCaptureConcern to set Acuant Content Security Policy --------- Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Kimball Bighorse <kimball.bighorse@gsa.gov>
* Indicate `ruby` location for `rbenv` instructions * [skip changelog]
Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov> changelog: Internal, Scripts, Migrate and refactor script to query Cloudwatch
…for 2FA setup (#8076) * Update re-authentication logic when confirming user is authenticated for 2FA setup changelog: User-Facing Improvements, Authentication, Change re-authentication to only require a second factor rather than password and second factor and require authentication for more account management actions * fix specs
aduth
requested review from
Sgtpluck,
kbighorse,
matthinz,
mitchellhenke,
sheldon-b,
solipet,
soniaconnolly and
zachmargolis
mitchellhenke
approved these changes
Mar 27, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features