Merged
Conversation
changelog: Internal, Logging, Add SAML authentication request attributes to logging metadata
* threatmetrix_failed_and_needs_review is determined from the idv session and no longer from the proofing component Co-authored-by: Eric Gade <eric.gade@gsa.gov> * set threatmatrix_review_status in idv_session * test profile correctly disables a profile based on threatmetrix_review_status in the idv session * [skip changelog] * testing w/ proofing_device_profiling disabled * change status from 'other' to 'review' --------- Co-authored-by: AmirReavis-Bey <amirreavis-bey@fcoh2j-wyp9w9mv.localdomain> Co-authored-by: Eric Gade <eric.gade@gsa.gov>
* LG-8115: Use HMAC authorization for InstantVerify and PhoneFinder If the new feature flag `lexisnexis_hmac_auth_enabled` is true, use a HMAC token for authorization with LexisNexis. If false (default) continue using basic auth. changelog: Internal, Identity Verification, Switch from basic auth to HMAC auth for LexisNexis APIs Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
Add password confirmation changelog: User-Facing Improvements, Registration, Add password confirmation
changelog: Upcoming Features, In-person proofing, Setting the 'same address as id' fields and buttons to false if residential address is changed * Set :same_address_as_id = false on update of residential address Ideally we'd fix this field to be false on the form submission, but the form doesn't have an `updating_address?` check. The easiest way to implement a fix is in `address_step#call`. We were previously skipping setting the `same_address_as_id` field because if it isn't skipped, `same_address_as_id` gets set to `nil`. * Use ? for methods that return booleans This is [a convention in Ruby](https://www.rubyguides.com/2019/06/ruby-method-definition). After discussing with Tomas, we decided it would be easier to change now while looking at the code. * Add tests for different cases We had to set `visible: false` in the feature test because [of this Capybara issue](https://stackoverflow.com/questions/50591415/capybara-not-matching-radio-buttons-in-rspec-test). As suggested by Tim and Gina, we added additional test cases for: - when a user initially enters the address form with `same_address_as_id` set to `false` - when a user enters the form by choosing to update their address, `same_address_as_id` should change from `true` to `false` Notes: - as Tomas pointed out, we will never enter the form with `same_address_as_id` initially set to `true`, so that case does not need a test. - moved `step.call` inside of the individual tests - had to do this in order to set `updating_address?` to true - previously it was in the `before each` block and would fire before we had a chance to update any values --------- Co-authored-by: Brittany Greaner <35475380+night-jellyfish@users.noreply.github.com>
* LG-9666 Add flag for attempt_api IDV events changelog: Internal, Attempts API, IDV event flag
…tex (#8330) changelog: Internal, AAMVA Proofing, Store AAMVA tokens in Rails.cache instead of behind an application mutex Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Use Redis 7 EXPIRETIME command for calculating rate limit state changelog: Internal, Rate Limiting, Use Redis 7 EXPIRETIME command for calculating rate limit state * use Redis 7.0 in CI * update Postgres version * update readme * reduce max attempts * more reliable times
Also switched over to using `User#fraud_review_pending_profile` to retrieve the relevant profile (we were using `profiles.last`) Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: John Skiles Skinner <john.skinner@gsa.gov> Co-authored-by: Kimball Bighorse<kimball.bighorse@gsa.gov>
* add failing spec * Do not show step indicator concern in hybrid flow changelog: Bug Fixes, Identity Verification, Do not show step indicator concern in hybrid flow
* LG-9424: Simplify MFA setup option labels changelog: User-Facing Improvements, Accessibility, Improve labels for MFA setup options * Update _mfa_selection.html.erb_spec.rb * Simplify computed name
* Upgrade to Login.gov Design System v7 changelog: Internal, Dependencies, Upgrade Login.gov Design System to v7 * Patch broken alerts * Update usage for package overrides * Remove unnecessary overrides * Use published beta * Optimize USWDS imports * Import missing core functions import Sass silently compiles missing functions as the verbatim original text * Restore subset of code styles Used for backup codes & TOTP setup * Refine USWDS component imports Add missing media-block, collection Pair down typography, helpers regex: usa-(?!(accordion|alert|banner|button|collection|form|header|icon-list|icon|layout-grid|modal|nav|process-list|sidenav|skipnav|step-indicator|tag|verification-badge|success-message|character-count|checkbox|combo-box|date-picker|error-message|fieldset|file-input|form-group|form|hint|input-prefix-suffix|input|input-mask|label|legend|memorable-date|radio|range|select|textarea|time-picker|prose|list|sr-only|link)) * Remove fix overrides * Fix mobile navigation * Fix singular / plural usage Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Improve display of mobile footer external link icon * Upgrade to final release of LGDS 7 * Bump LGDS to 7.0.1-beta.1 * Update to LGDS 7.0.1 stable --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Bugfixes, IALMax, Fixes bug that blocked oidc IALMax sign-in for non-verified users
* show hint when user chooses pr on forms * translation strings * show hint on update depending on path and add spec * changelog: User-Facing Improvements, State Id pg and Address pg, show hint text for pr state selection * update naming and remove binding.pry * update translation strings * replace selectionChange methods * change update selector to use class selector * use hint_html instead of hint_class * default class for hint changed to display none * fix lint issue * update test and refactor * add test for puerto rico guidance file * add address class selector and dont check for jurisdiction
…ement steps (#8342) * Add analytics to security & privacy link on agreement step changelog: Internal, Identity verification, Add analytics to clicks on security/privacy link early in the funnel. * Add analytics to Privacy & Security link on welcome page
…al changes only (#8308) * content updates, minor refactors and tests * Whacking with linter * changelog: User-facing improvements, In-person Proofing, Put Prepare step ahead of Location step in IPP flow * Fix verify info spec presentation order * get rid of dirty ternary * Updating specs * remove unnecessary else statement * use fsm for prepare step * appeasing linter * adding prepare submit event to analytics and addressing tims questions * add back in space * fix ordering of prepare and location steps in spec * remove unnecessary useRef call * update page order in spec
* Add test to ensure we do not generate migrations in the default folder changelog: Internal, Database, Add test to ensure we do not generate migrations in the default folder * Update scripts/migration_check Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Ripped out CaptureCompleteStep * Removed document capture step * Removed CaptureDocController * Removed VerifyDocumentStatusAction * Removed CaptureDocFlow * Removed doc_auth_hybrid_mobile_controllers_enabled feature flag * Fix syntax error in UploadStep * Remove VerifyDocumentStatusAction from DocAuthFlow * lint * Remove FSM document_capture path spec helpers * Remove capture_doc routes * Remove reference to @step_url in _document_capture.html.erb This was used by the async code, which is unused. * Move override_csp_to_allow_acuant spec to acuant_concern_spec.rb * Stopped using doc_auth_enable_presigned_s3_urls flag Async document capture has not been used. * Remove hybrid_flow_spec Replaced by hybrid_mobile/hybrid_mobile_spec.rb * Remove more async specs * Changelog changelog: internal,dismantle flow state machine,remove old hybrid flow * Remove idv_doc_auth_verify_document_status_submitted method, unused * Removed ApiDocumentverificationStatusForm * Put ApiDocumentverificationStatusForm back To be removed in LG-9611 --------- Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
* Remove columns * Remove ignored columns changelog: Internal, Identity Verification, Remove unused database columns * Remove fraud review pending index in migration Co-Authored-By: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com> --------- Co-authored-by: Mitchell Henke <1430443+mitchellhenke@users.noreply.github.com>
* Add click observer to consent checkbox on agreement step changelog: Internal, Identity verification, Add analytics to consent checkbox to help optimize the funnel. * Additional consent toggled event work - Add to "happy path" spec - Document & add to EVENT_MAP - Correct casing
changelog: Internal, Two-Factor Authentication, Refactor handling of successful two-factor phone confirmation
* Fix mobile navigation to prevent horizontal scroll changelog: Bug Fixes, Account Navigation, Fix horizontal scroll for mobile navigation * Translate mobile navigation "Close" button
* LG-5456: Implement confirmation tooltip for clipboard button changelog: User-Facing Improvements, Copy Button, Add confirmation tooltip to Copy buttons * Allow non-visible idref references Hidden elements are valid as references for idref * Workaround to show tooltip full width at small sizes
[skip changelog]
* LG-9646 Update success banner on SSN page changelog: User-facing Improvements, Identity Verification, clearer success banners * LG-9647 Update success banner on Verify Phone page * LG-9649 Update success banner on Personal Key page
* Use external package for dependency detection So that it can be used across packages, and in published packages * Add default load paths support for build-sass * Remove unnecessary load-path flag * Fix TypeScript syntax error changelog: Internal, Build Tooling, Improve Sass compilation tool to support defaults for design system * Update flag parsing to avoid magic numbers * Use util.parseArgs (polyfill) for args parsing * Add note for future selves * Update yarn.lock * Bump build-sass package version
changelog: Internal, In-person proofing, refactor capture_secondary_id_enabled method Refactor capture_secondary_id_enabled to be defined once Because these classes all inherit from `DocAuthBaseStep` and define the method in the exact same way, we can DRY it up by removing the method from the descendant classes.
* move confirm_ssn_step_complete into IdvStepConcern and make it and all the other 'confirm' before methods private * use the IdvStepConcern version of this method * move delete_pii into Idv::VerifyInfoConcern changelog: Internal, Refactor, Refactor verify info controllers
changelog: Bugfixes, IALMax, OIDC IALMax now completes ial2 consent
* Add extendable data-pull script * Add some tests, JSON output * Update email-lookup to have one row per email, confirmed_at column * Set default LOGIN_TASK_LOG_LEVEL to minimize extra output * Round timestamps for consistency in CI changelog: Internal, Tooling, Add script to streamline data pulls
soniaconnolly
requested review from
amirbey,
jmax-gsa,
jmhooper,
mitchellhenke and
zachmargolis
mitchellhenke
approved these changes
May 9, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features
Co-authored-by: Amir Reavis-Bey amir.reavis-bey@gsa.gov