Merged
Conversation
added 2 commits
April 17, 2023 14:43
changelog: Bug Fixes, Email Confirmation, Use strong parameters in email confirmation controller to fix 500 error
mitchellhenke
force-pushed
the
mitchellhenke/fix-email-confirmation-500
branch
from
9df9b18 to
2c2d27b
Compare
jmdembe
added a commit
that referenced
this pull request
Apr 18, 2023
* Remove unused configuration redis_throttle_alternate_url and redis_throttle_alternate_pool_write_enabled configurations (#8211) changelog: Internal, Configuration, Remove unused Redis migration configuration * Override tag style to leave case unchanged and make text bold (#8212) * Override tag style to leave case unchanged and make text bold Per Andrew Duthie the Login style for tags is Title case and bold, but the design system is still all caps, so override it for idp for now. changelog: User-facing Improvements, Design, change 'tag' style to be bold and preserve case * LG-9333 Preserve the SSN when returning to the SSN controller (#8197) The SSN controller allows a user to enter or update their SSN. Prior to this commit the previous value of the SSN was not maintained when the user was updating their SSN. This commit attempts to fix that by making use of the SSN form that is used in the controller. The template is changed to eventually read the SSN from the form. Additionally, the form is used in a pattern that better matches the pattern you expect a form object to be used in. This was not the case before because of constraints that the flow state machine placed on HTML forms. changelog: Improvements, Proofing workflow, The user's SSN is preserved for users who enter and SSN then continue to the verify step but return to the SSN in the unsupervised remote proofing flow. * LG-8714 Remove UserDecorator (#8204) * Moving UserDecorator methods to User * Updating all references to user.decorate Also: - Move UserDecorator specs to User spec (with adjustments) - Delete old UserDecorator class and spe Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Jskinne3 lg 9361 mobile local md (#8217) * Transfer mobile guide from old branch * Link to mobile docs from other docs * Check spelling * [skip changelog] * Auto-generate README * Soften USB hub wording becase it works for some people * Seperate mobile device and VM instructions * Configure the DDP mock client to respond with a failed result on `no_result` (#8214) In a previous commit we changed the DDP proofer to respond with an exception result when the result from DDP included an unexpected status (ref: #8149). This includes when the result is nil. This commit changes the DDP mock's behavior to align with the DDP proofer's behavior. [skip changelog] * LG-9034 Log TrueID decision product status (#8195) * LG-9034 Log TrueID decision product status Capture decision product status for TrueID responses Decision product status contains the result of TrueID after decisioning. Prior to this change, product status was only being captured for @productType='TrueID' and ignoring product status for @productType='TrueID_Decision' * [skip changelog] * successful if TrueID_Decision product does not exist * refactor obtaining decision_product for reuse * happy linting * Update spec/services/doc_auth/lexis_nexis/responses/true_id_response_spec.rb Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> * remove unnecessary expect statements since the check is done a few lines below * remove line no longer used in test --------- Co-authored-by: AmirReavis-Bey <amirreavis-bey@fcoh2j-wyp9w9mv.localdomain> Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> * LG-9488: Entry controller for hybrid mobile document capture flow (#8209) * Add placeholder CaptureDocController * Add controller to handle entry into hybrid flow Controller looks at `document-capture-session` and does a "light login" to enable the user to start document capture. changelog: Internal, Flow state machine removal, Add controller for entry into hybrid mobile document capture * Refactor feature flag check out to HybridMobileConcern * Add tests around the 'Doc Auth' event * Send links to new hybrid mobile experience Going with /verify/documents?document-capture-session=xxxxx as a temporary url for now * CaptureDocController -> DocumentCaptureController * Tweak doc capture entry url naming & add comment * idv_hybrid_mobile_document_capture_entry_url -> idv_hybrid_mobile_entry_url * Refactor EntryController not to use before_action * Move HybridMobileConcern into Idv::HybridMobile namespace * WHOOPS need to see why this wasn't breaking any tests * Remove extra redirect Rails doesn't preserve the querystring when redirecting routes, and this is just an unnecessary extra step anyway * Add feature spec for mobile hybrid flow entry * Tweaks to capture complete step spec Ultimately we'll merge this with a doc capture step, presumably * Fix email confirmation 500 (#8224) * add failing spec * Use strong parameters in email confirmation controller to fix 500 error changelog: Bug Fixes, Email Confirmation, Use strong parameters in email confirmation controller to fix 500 error * LG-9321: New field on Enrollment Outcomes for GetUspsProofingResultsJob Summary (#8216) * LG-9321 Add data to usps proof results job * LG-9321 Added one more test * LG-9321 Fix lint issues * changelog: Internal, In-person-proofing, new metric on enrollment outcomes summary for GetUspsProofingResultsJob * LG-9321 Add arg to round() for precision * LG-9321 Update round to have more precision Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> * LG-9321 Remove initial unnecessary assignment Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> --------- Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com> --------- Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov> Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Eric Gade <105373963+eric-gade@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: John Skiles Skinner <john.skinner@gsa.gov> Co-authored-by: Amir Reavis-Bey <1261794+amirbey@users.noreply.github.com> Co-authored-by: AmirReavis-Bey <amirreavis-bey@fcoh2j-wyp9w9mv.localdomain> Co-authored-by: Matt Hinz <matt.hinz@gsa.gov> Co-authored-by: gina-yamada <125507397+gina-yamada@users.noreply.github.com> Co-authored-by: Tim Bradley <90272033+NavaTim@users.noreply.github.com>
jc-gsa
pushed a commit
that referenced
this pull request
Apr 19, 2023
* add failing spec * Use strong parameters in email confirmation controller to fix 500 error changelog: Bug Fixes, Email Confirmation, Use strong parameters in email confirmation controller to fix 500 error
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🛠 Summary of changes
Not validating that the parameters are the shape we expect can lead to 500s for malformed requests (NewRelic). This PR adds a failing spec and patch to fix it.