Merged
Conversation
* Add conditional text to view * add new tests * Add period to display text * package version increase from 3.1.0 to 3.1.1 * fix linter errors * changelog: Upcoming feature, USPS Full Address Search, Added conditional logic to display/hide text on the Find a participating Post Office view that will display in Help Center only
#9336) Since feature specs run slowly, it's better to check assertions as part of a single longer spec rather than restart identity verification over and over. This removes several long-running feature specs from the test suite. [skip changelog]
changelog: Internal, Automated Testing, Improve accuracy of session stubbing in tests
…sistency (#9349) * Change `<b>` tags to `<strong>` for better accessibility and code consistency changelog: User-facing Improvements, Accessibility, Use strong html tag instead of b for emphasis
* Enable RSpec/LeakyConstantDeclaration rubocop changelog: Internal, Source code, Enable RSpec rubocop * Use let instead of defining new class --------- Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
changelog: Internal, Dependencies, Update dependencies to their latest versions
…f gpo letter requests exceeded (#9303) * display warning banner on gpo welcome back page if gpo letter requests are spammed changelog: User-Facing Improvements, Identity Verification, display warning banner if user has sent max letter requests within a time window * handle if user has no gpo confirmatio codes * Update app/views/idv/by_mail/enter_code/index.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * tests for alert banner for spammed gpo requesets * happy linting * fix extra space in alert_spam_warning_html i18n * happy linting * lintfix i18n * lint line too long * js tag removal from alert gpo spam banner spec * integrate warning alert banner for spammed gpo letter requests into existing tests * refactor test for gpo spam warning banner * happy linting * create before action to remove test order dependency * happy linting * define gpo_verification_enabled in review app * define gpo_verification_enabled in review app --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* fix otp missing translations * rails 7.1 changelog: Internal, Dependencies, Upgrade to Rails 7.1 * fix untranslated webauthn verification
* changelog: Internal Fixes, Authentication LG-10837: Piv Cac Logging fixes * changelog: Internal, Authentication, Add Login visited for pivcac/change logging names to be uniform * uniform spec test * fix naming convention for piv cac * update rspec * add previous name
* Add lint check for reasonable asset bundle sizes changelog: Internal, Automated Testing, Add test for reasonable asset bundle size * TEMPORARY: Revert "Fix JavaScript dead code elimination (#9217)" This reverts commit 0fcc3a7. * Revert "TEMPORARY: Revert "Fix JavaScript dead code elimination (#9217)"" This reverts commit af166f2.
changelog: Internal, Changelog, Update changelog script to reflect non-security Dependabot usage
changelog: Internal, Reporting, Monthly report includes all-time user count
changelog: Internal, Reporting, Reorganize combined-invoice-supplement-report
changelog: Internal, Dependencies, Remove unused testing dependencies
…e and address rate limited (#9345) Users are being rate limited and encounting the phone error screen even if they can still verify by mail. This commit changes the rate limit logic to allow users to proceed to the phone step if they can still verify their phone or complete verification by mail. A side-effect of this change is a bug is fixed where the following situation would exist: 1. A user proofed by mail after exhausting phone attempts 2. The user goes to GPO entry and chooses to cancel and start over 3. The user is redirected to the welcome step to start over 4. The welcome step before action observes the user is phone rate limited and sends the user to the phone errors controller 5. The phone errors controller has a before action to confirm the user has completed the phone errors step; the user has not since in this session so they are redirected to the welcome step 6. Steps 4 and 5 complete until there are too many redirects [skip changelog] Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
- If the first month was a partial month, the code would inadvertently return the whole month instead of just that partial month - This came up for a one-off reporting request, most production agreements last longer than just a month changelog: Bug Fixes, Reporting, Fix issue with calculating usage for single-month reports
* Show same Personal Key when page is refreshed changelog: Bug Fixes, Identity Verification Personal Key, show same Personal Key when page is refreshed * Remove references to AccountStateChecker in spec titles * Don't add personal key to user_session, not used.
Reports are now an array of structs Now you should only have to update this (and the test) to add something new.
We do not currently count successful proofing attempts towards the rate limit. This was done to support a feature that prevented users from being rate limited after successfully completing a step. The logic that caused that issue was addressed in #9343. This commit starts counting successful attempts to towards the rate limit. This protects our vendors from abuse and makes it easier for us to make this step re-entrant to support the back button. changelog: Improvements, Rate-Limiting, The proof address rate limiter was modified to rate limit on successful address proofing attempts as well as on failed address proofing attempts --------- Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
…9370) Prior to this commit we reset the doc auth rate limiter on success. This was done to prevent users from being rate limited after successfully completing a step. The logic that caused that issue was addressed in #9343. This commit starts counting successful attempts to towards the rate limit. This protects our vendors from abuse and makes it easier for us to make this step re-entrant to support the back button. changelog: Improvements, Rate Limiting, The idv doc auth rate limiter was modified to rate limit on successful doc auth attempts as well as on failed doc auth proofing attempts
Updated text on the "Verify your address" screen. changelog: User-facing improvements,verify by mail,updated "request a letter" screen Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> Co-authored-by: Alexander Bradley <alexander.bradley@gsa.gov>
… identity verification request (#9111) * add failing spec * Do not always prompt for password when logging in with PIV/CAC during identity verification request changelog: Bug Fixes, Authentication, Do not always prompt for password when logging in with PIV/CAC
* LG-11037: add step to return sp links * LG-11037: some other events that have step logged. * LG-11037: test link changelog: Internal, Logging enhancement, Missing step names for analytics events. * LG-11037: test with step name. * LG-11037: clean up. * LG-11037: rewording based on comment. * LG-11037: rewording based on comment. * LG-11037: test fix due to change.
We renamed the code that is used to verify by mail in #9136. This replaced "GPO" with more descriptive names. This commit removes a few lingering references to GPO. [skip changelog]
* LG-10909 Add an explanation for the OTP rate limiter structure This commit adds details about why the OTP rate limiter has a funny pattern for checking the rate limit. It also links to the PR which made this change. This will helpfully prevent future consideration. [skip changelog]
* create destination for phone_question links * changelog: User-Facing Improvements, Document Authentication, Identity verificcation phone question page buttons routing * phone question page no phone link go to document capture with no_phone param * happy linting * change phone question page param to camera phone * happy linting * refactor tests * add routes to answer phone_question page * update phone question controller specs to test phone answers * happy linting * setup a/b testing routing and logging for phone question page * analytics spec to include phone_question logging Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> * add phone question ab testing logging into api image uploads * add phone_question_ab_test_bucket to image uploads controller spec * updater phone question controller spec to use phone_with_camera * happy linting * remove unused phone_question_visited from idv session * add a/b phone question to doc auth warning log * test hybrid handoffs usage of maybe_redirect_for_phone_question_ab_test * happy linting * add phone question ab test bucket to api image upload form spec * test phone quesiton ab test concern * verify phone_with_camera is logged on phone quesiton page * update analytics events naming for phone question * add param doc for phone_question_ab_test_bucket * fix typo * alphabetize new analytics events * Update spec/controllers/idv/phone_question_controller_spec.rb Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> * verify that link sent returns to hybrid handoff after phone_question page has been visited * happy linting * add missing phone_question_ab_test_bucket: :bypass_phone_question in analytics events spec --------- Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
* LG-111183 Add Document Proofing Report to Monthly Metrics changelog: Internal, Reporting, Add Document Upload Proofing Rate Report Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* LG-11149: Number of Monthly Active Users for monthly reporting changelog: Internal, Reporting, Add monthly active users count report * feedback
* Update build-sass dependencies changelog: Internal, Dependencies, Update dependencies to latest versions * Prepare build-sass@2.0.0 publish
…nstruction for default numbers (#9351)
changelog: Internal, Dependencies, Upgrade Node packages to patch critical vulnerability in Babel
…#9383) * Adds --date option changelog: Internal, Scripts, Update query-cloudwatch script to able to query multiple dates
* Alphabetize data-pull task names * Update table to have count of events per day changelog: Internal, Tools, Add tool to export user events
This commit renames the "Review" step to the "Enter password" step. This new name should hopefully better describe what is happening at this step. This commit changes the name, but leaves several places out of scope: 1. URLs: To maintain compatibility in the 50/50 state this commit introduces but does not start using URLs with the new name. Follow up commits will need to be added to use and then remove the old `/review` url. 2. Analytics event names [skip changelog]
This commit uses the phone number a user used to complete the hybrid flow if we have the user has no MFA phone number. Hopefully pre-filling the number in this way will help improve success on the phone step. changelog: User-Facing Improvements, IdV Phone Step, The hybrid flow phone is pre-filled on the phone step if the user has no MFA phone number to pre-fill.
* LG-10977: include new information in new TrueID workflow. changelog: Internal, Document Authentication, Picking up new TrueID workflow response information. * LG-10977: use an array of values for regions and region references. * LG-10977: spaces. * LG-10977: cleanup and test based on comment. * LG-10977: address comment. * LG-10977: more test according comment.
Remove IDV accordion changelog: User-Facing Improvements, Identity Verification, Remove IDV accordion
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.47 to 1.10.48. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.47...v1.10.48) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Remove IdvHelper (feature helper) from idv controller specs IdvHelper was copy/pasted across many idv controller specs, and is not needed [skip changelog] * Remove IdvHelper from service specs
#9397) **Why**: Lower environments have much shorter retentions than production changelog: Internal, Reporting, Add error handling for monthly metrics report
soniaconnolly
requested review from
jmhooper,
mitchellhenke,
n1zyy and
zachmargolis
zachmargolis
approved these changes
Oct 17, 2023
mdiarra3
approved these changes
Oct 17, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal