Merged
Conversation
…pdate time (#8848) * LG-10248: Send in-person proofing notifications based on the status update time changelog: Bug Fixes, In-Person Proofing, Send in-person proofing notifications based on the status update time instead of the proofing time * Update spec/jobs/get_usps_proofing_results_job_spec.rb Co-authored-by: Tomas Apodaca <thomas.apodaca@gsa.gov> --------- Co-authored-by: Tomas Apodaca <thomas.apodaca@gsa.gov>
* changelog: Internal, CI, add rails console docs
* add tests for update route * fix clear session spec * add merge ab_test_args in spec * changelog: Internal, SSN update route, add tests * change spec name
* Add hostdata metadata to review apps changelog: Internal, Continuous Integration, Add hostdata metadata to review apps * update identity-hostdata * skip saml * alphabetize LOGIN_ * switch to tag
* Remove acuant_maintenance_window configs Originally added in #4202 (LG-3451), this work has been superceded by the `vendor_status_acuant` flag as described in [the handbook](https://handbook.login.gov/articles/vendor-outage-response-process.html) changelog: Internal, Cleanup, Remove acuant_maintenance_window configs * Remove more references to maintenance window * Remove more unused translations
We want to divide the IdV funnel events by whether the user saw Welcome or GettingStarted, so add A/B test buckets to idv_phone_of_record_visited. [skip changelog]
… phone number (#8768) * init alert for idv phone input * Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * store failed phone step numbers in idv_session * check inputted number to see if prvsiously submitted in e164 * display alert for failed nubmers * phone form does not require failed_numbers and does not default to failed phone number * add alert messaging for en, fr, es * happy lintin changelog: User-Facing Improvements, Identity Verification, alert the user before resubmitting a phone number that failed verification * do not add failed phone nmber if due to timeout * make gpo message cond'l * failed phoned numbers are not auto-populated * test failed phone resubmission with alert messaging * demonstrate that valid phone number after invalid phone is successful * create before block for repeatable setup * happy linting * rebase conflict resolved * add_failed_phone_step_number testing in idv_session * test that timeout numbers do not render failed alert * Apply suggestions from code review Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * refactor handling failed proofing attempts in phone step * test failed phone numbers added to session * Apply suggestions from code review Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Only invoke the job when we get a pass/fail from the USPS API * Log notification job 'skipped' when the enrollment can't be found (instead of 'completed') * Capture exceptions and log them with a new analytics event * Convert telephony response to a hash before logging it changelog: Internal, In-person proofing, refactor SendProofingNotificationJob
… API event (#8871) We removed the tooling for checking for reproofing in a previous pull request, but left this `has_proofed_before?` method behind. The implementation was incorrect, however. This commit cleans up that code and removes the IRS attmepts API event that depended on it. [skip changelog]
* LG-8763 Log that a profile is pending on password reset When a user resets their password it deactivates their active profile. We log that we do that. Additionally, we invalidate any pending profiles which will encounter a encryption error when the user logs in. This commit adds logging to log that a pending profile is present and the reasons that it is pending so we can measure the impact of this behavior at password reset [skip changelog]
* LG-10313: Blocking associated emails for Gmail when suspended changelog: Internal, User suspension, Add code to block associated emails for user suspension * feedback * feedack * removing dependent destroy
* Remove `reproof_at` column from `profiles` changelog: Internal, Maintenance, Remove unused column from profiles * Remove `reproof_at` test in profile maker spec
* Rename translation tag phone_confirmation_throttled -> phone_confirmation_limited changelog: Internal, naming, rename translation tags that include 'throttle' * Rename translation tags with throttled_ -> rate_limited_ * Rename translation key throttled -> rate_limited * Rename telephony ThrottledError -> RateLimitedError * Rename translation tag send_link_throttle -> send_link_limited
* Render non-passkey-restricted WebAuthn input as visible changelog: User-Facing Enhancements, MFA Methods, Avoid flickering layout for WebAuthn options on authenticator selection * Fix webauthn_option_hidden spec helper changelog: User-Facing Improvements, MFA Methods, Avoid flickering layout for WebAuthn options on authenticator selection
* Update english text * Update spanish text * Update french text * Allow lowercase text in capture box * Lint yaml files * changelog: User-Facing Improvements, In-Person Proofing, Update text on the id/document upload screen * Use the font-size from %h2, which is different on mobile and desktop.
…tion. (#8873) * Add a rollplan rake task to remove errant verified_at fields This is the rake task for ROLL-0017. * add changelog changelog: Bug Fixes, IdV, Remove verified_at from users who have not finished verification * added check for fraud_rejection also * wording on validation * typo fix
* LG-10457: Track unexpected WebAuthn errors changelog: Upcoming Features, Face or Touch Unlock, Log unexpected errors during WebAuthn enrollment or authentication * Revise isExpectedWebauthnError to catch some DOMException
…er is fraud review pending (#8845) We recently changed the way we determine if a user is in fraud review. The change added a `fraud_pending_reason` column to a user to mark that they might require fraud review after address verification. Users who verify their address by phone are marked fraud review pending right away. Users who verify their address by mail are only marked fraud review pending after they enter their OTP. To allow us to change the way we manage the fraud timestamps we moved the reads that determine if a user is in fraud review to look for the presence of `fraud_pending_reason`. This maintained legacy behavior while allowing us to adjust writes on `fraud_review_pending_at` and backfilling. Now that those reads and backfills are complete we can switch reads back to `fraud_review_pending_at`. [skip changelog]
soniaconnolly
approved these changes
Jul 27, 2023
changelog: Bug Fixes, Account Registration, Require re-authentication during MFA setup flow Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal
Upcoming Features