Merged
Conversation
* Validate frontend logging events changelog: Internal, Logging, Validate frontend logging events --------- Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* fix otp missing translations * rails 7.1 changelog: Internal, Dependencies, Upgrade to Rails 7.1
changelog: Bug Fixes, SMS Opt-In, Fix error for SMS opt-in missing title
The `Pii::Cacher#fetch_string` method gets the raw PII JSON blob and returns it. This is called by the `#fetch` in the `Pii::Cacher` and converted to `Pii::Attributes`. Outside of the `Pii::Cacher` this method is called in one place by the IdP. This is in the completions controller to get the PII which is ultimately parsed into a hash. The same can be acheived by taking the result of `Pii::Cacher#fetch` and calling `#to_h` on it. This commit does that so the `#fetch_string` method can be made part of the private API. Making this method part of the private API will make it easier to modify the way the cacher works to support encrypting and decrypting both active and pending profiles in the future. [skip changelog]
changelog: Internal, Dependencies, Update devise to fix deprecation warning
changelog: Internal, Code Quality, Remove unused image assets
changelog: Internal, Rails upgrade, schema changes
* LG-11278: Group TOTP fields with fieldset changelog: User-Facing Improvements, Accessibility, Improve grouping semantics for authentication app setup form * Add spec assertion for logical grouping * Adapt common accessible name utility * Simplify diff * Simplify diff
* changelog: Internal, tech debt, Break up MFA selection presenter classes for Webauthn * revise selection_presenters method with new classes * remove labels from selection_presenter * revise selected options and option methods * update class reference in spec * fix spec tests for platform sign in * removes split classes and specs * fix new class references * fix with correct label translation * add test coverage for setup webauthn * point spec to sign in webauthn class * refactor code inconsistency
…ecrypted_pii` (#9498) The `#save_decrypted_pii_json` method consumed a JSON PII object and wrote it into the session under the `decrypted_pii` key. This method was called in 2 places: - The `ReactivateAccountController` - The `Idv::Session` In `ReactivateAccountController` the PII is available as `Pii::Attributes` and is converted to JSON to enable a call to `#save_decrypted_pii_json`. In the `Idv::Session` the PII is available as `Pii::Attributes`, but prior to this commit underwent quite the Rube Goldberg process to find it's way into a JSON string that was then written to the session by `save_decrypted_pii_json`. This commit changes `save_decrypted_pii_json` to be `save_decrypted_pii` and take a `Pii::Attributes` instead of a JSON string argument. This will make it easier to implement a version of this method that handles multiple profiles when we start encrypting both the active and pending profile in the session. This commit also short circuits the Rube Goldberg machine in `Idv::Session` and simply writes the attributes to the user session when the profile is created. changelog: Internal, PII session encryption, The Pii::Cacher#save_decrypted_pii_json was modified to be the Pii:Cacher#save_decrypted_pii.
changelog: Internal, Code Quality, Remove unused UI component code
changelog: Internal, Automated Testing, Improve test coverage for SMS opt-in
changelog: Internal, Scripts, Fix bug with missing require in email-deliveries script
* changelog: Internal, In-Person Proofing, Fix intermittent test failure * Adding specs to confirm date calculation for ipp enrollment * adding let blocks to clarify dates * duration checks use configuration values now * Updating spec to use validity in days from config
* init commit of refactor doc pii form validations * rename errors and handle multiple errors with generic message * update pii_like_keypaths for doc_pii_form * add errors and error details to pii_like_key_paths * update pii like keyphaths for doc form pii * remove comments * doc pii form pii_like_keypaths to be a class method * update specs to expect errors by field name * re-add :pii to pii like keypaths * rename vars i pii_like_keypaths * lintfix * linting pii_like_keypaths line lengths * happy linting * add validation test for state * Update app/forms/idv/doc_pii_form.rb * move pii_like_keypaths into spec helper * include DocPiiHelper * changelog: Internal, Document Authentication, Refactor DocPiiForm validation to use ActiveModel Validations
- Updates report to run starting yesterday (makes datetime math easier) - Adds fiscal quarter methods to CalendarService * Fix reports to work with new report_date changelog: Internal, Reporting, Update monthly key metrics report
* Add watch_events Makefile target changelog: Internal, Developer Tools, Add developer tool for watching local event logging * Update example to use new name convention
…de URL (#9486) We made changes to the routes for the verify by mail code entry and come back later URLs. The come_back_later URL has a reasonably low amount of traffic to it. This commit unpublishes it for that reason. The enter_code URL does have traffic to it. Currently it redirects which strips a query param included in the URL. To support that query param this commit republishes it so that query parameter works. changelog: Internal, URLs, The /verify/come_back_later url was unpubished and the /verify/by_mail URL was republished
* Add automated communication to account reinstatement (LG-11330) - Adds automated emails for reinstated users - Adds new task to confirm suspension * Add analytics event for suspension confirmed changelog: User-Facing Improvements, Emails, Alert users of account reinstatement
* Update Rubocop and rules changelog: Internal, Dependencies, Update Rubocop and rules * add Performance/StringInclude to enabled lints * add frozen_string_literal to rack_attack config * Update spec/i18n_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
- Uses 'fully registered' users - Matches timestamp logic changelog: Internal, Reporting, Update monthly key metrics report
changelog: Internal, Reporting, Add mutex around progress bar for cloudwatch script
* Ignore legacy event names with hardcoded list changelog: Internal, Automated Testing, Improve developer experience of analytics event name linter * Use compacted, truncated list of legacy event digests
- The way we report on APGs will double-count unique users changelog: Internal, Reporting, Update monthly key metrics report
The Pii::Cacher is used for decrypting PII and moving it to the session when the user enters their password. It is also used to read the PII from the session and do other ad-hoc writes. We are planning to change the way that PII is handled in the session. The goal is to be able to decrypt multiple profiles on sign in and get the correct profile when operating on PII for a given profile. To do this we will change the session to have PII stored in the session by profile ID. ## Pii::ProfileCacher While we are transitioning between the old way to store PII in the session and the new way we will need to write PII using both approaches. To facilitate this change this commit adds the `Pii::ProfileCacher` class. The `Pii::ProfileCacher` class implements the same API as `Pii::Cacher` and is intended to supersede `Pii::Cacher` when this work is done. `Pii::Cacher` methods were modified to nvoke the `Pii::ProfileCacher` methods. These are done under 2 circumstances: 1. A feature flag is enabled for reading or writing depending on the operation 2. A profile ID is passed in on invocations to `#fetch` and `#save_decrypted_pii` #### New feature flags The `Pii::ProfileCacher` is only invoked by `Pii::Cacher` when feature flags are in place telling it to do so: - `session_encrypted_profiles_read_enabled`: When this flag is enabled the `#fetch` method will read PII from the new place in the session - `session_encrypted_profiles_write_enabled`: When this flag is enabled the `#save` method and the `save_decrypted_pii` method will write to the new place in the session in addition to the place where PII is currently written ## Session encryptor approach changes Previously the `SessionEncryptor` transparently encrypted decrypted PII with KMS as it was written to and from the session store. This commit opts to change that behavior for `Pii::ProfileCacher`. Instead of letting the `SessionEncryptor` encrypt PII the `Pii::ProfileCacher` explicitly encrypts the PII. This was done to make it more clear to readers of the code how the PII is encrypted when being written and read from the session. As a note, when we replace the current `Pii::Cacher` implementation with the new `Pii::ProfileCacher` we should be able to remove the logic that transparently encrypted the PII as it was written to and from the session store. changelog: Internal, Pii management, The ProfileCacher was added.
changelog: Bug Fixes, SMS Opt-In, Fix error for SMS opt-in missing title
* revise label spec description * add back in missing test coverage * replace missing render_in spec * changelog: Internal, tech debt, Spec coverage for Webauthn platform selection presenter
) * changelog: User-Facing Improvements, accessibility, Removes a redundant aria-required attribute from required input fields * remove aria-required=true from javascript test * modify required inputs using a custom component * spread :html5 custom module to other config.wrapper and tweak require statement * cover all of config.wrapper html5 overrides * set html5 var to true
zachmargolis
approved these changes
Nov 2, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Bug Fixes
Internal