Deploy RC 335 to Production#9670
Merged
mitchellhenke merged 27 commits intostages/prodfrom Nov 28, 2023
Merged
Conversation
…time (#9628) changelog: Internal, Review Applications, Move dashboard service provider seeding to run-time from image-build time
* check agreement is completed * changelog: Upcoming Features, How to verify, redirect when prev step incomplete
* LG-11399: Show Face/Touch message for screen lock error changelog: User-Facing Improvements, Face or Touch Unlock, Show specific error message when authenticating on a device without screen lock Co-Authored-By: Zach Margolis <zachmargolis@users.noreply.github.com> * Remove unnecessary _html suffix * Add _html suffix for HTML interpolation --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
changelog: Bug Fixes, Buttons, Fix appearance of inline buttons
* Remove unreachable "otp_code" auth method changelog: Internal, Analytics, Normalize auth method for phone OTP submission * Remove form spec references to otp_code
…9633) * add check for if letter was recently enqueued * move confirm_letter_recently_enqueued to idv_step_concern * add tests * add changelog changelog: User-Facing Improvements, IdV Verify By Mail, redirect user to letter_enqueued on back button press * changed request letter spec to redirect to letter enqueued request letter spec will redirect a user to the letter_enqueued page if they re-request a letter. the spec now has a user sign out before they can complete the enter code step. Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov> * include IdvStepConcern in request letter * come_back_later -> letter_enqueued in end_to_end spec --------- Co-authored-by: Sonia Connolly <sonia.connolly@gsa.gov>
Update reauthentication user notice changelog: User-Facing Improvements, Authentication, Update reauthentication user notice
* LG-11395: include selfie in TrueID request * LG-11395: rebase to main * LG-11395: rebase to main * LG-11395: Update TrueIDRequest and tests with liveness workflow. * LG-11395: rebase to main * LG-11260: incorporate IalContext so we can check ial level requirement for user based on SP requirement. * LG-11395: add method to read selfie as dataurl format. * LG-11395: rebase to master. * LG-11395: rebase to main * LG-11395: remove duplicate entries for selfie flag. * LG-11395: build error. changelog: Internal, Doc Auth, Allow selfie to be included if enabled. * LG-11395: rebase to master. * LG-11395: fix test. * LG-11395: remove add cost, we may refactor it with multiple profiles support. * LG-11395: remove related costs. * LG-11395: reorder entry. * LG-11395: address some comments. * LG-11395: address minor comments. * LG-11395: For the true_id_request, assume consumer will initialize it properly, if requires liveness, a selfie image exists.
* LG-11395: flag_off for development. * Internal, Doc Auth, Flag for liveness in developement * changelog: Internal, Doc Auth, Flag for liveness in developement
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.49 to 1.10.50. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.49...v1.10.50) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…bmission (#9645) * Don't delete pii_from_doc and pii_from_user on VerifyInfo submission This allows us to enable the browser back button from Phone -> VerifyInfo and further back, without risking that unvalidated user id data from the in person flow could be submitted on the remote flow. It prevents the path of pii_from_user -> applicant -> pii_from doc. * Allow :same_address_as_id to be logged in proofing results now that :pii_from_user is still available [skip changelog] * Don't repeat the start of the flow in verify_info specs, hoping they'll be less flaky --------- Co-authored-by: Gina Yamada <gina.yamada@gsa.gov>
I used this format for the flag because we want to be able to split the number of users who see horizontal or vertical. changelog: Internal, Doc Auth, Add feature flag for reorienting SDK capture
* fix init argument order of TrueIDResponse init * [skip changelog] * remove debuging breakpoint * test TrueIDRequest can handle vendor response with doc auth errors
Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.50 to 1.10.51. - [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.50...v1.10.51) --- updated-dependencies: - dependency-name: libphonenumber-js dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
changelog: Internal, Dependencies, Update good_job
* Fix GpoExpirationJob::initialize Need to include *args and **rest on here so that required args get passed down to ApplicationJob. [skip changelog] * Remove on_profile_expired hook * Remove initialize method entirely
* rename address_step_complete? to phone_or_address_step_complete? * remove spec for #confirm_idv_steps_complete because it no longer exists * rm unnecessary let(:applicant)s because it doesn't have the phone_confirmed_at attribute * remove mocks of confirm_idv_applicant_created because that does not exist * move the stubbing of sign_in and attempts_tracker to global before * clean up befores * Clean up PhoneConfirmation concern The method was only used in PhoneSetupController, so move method & private method there and stop including this where it is not used. * FraudReviewConcern is already included via IdvStepConcern * Use idv_session.address_verification_mechanism rather than digging in user_session idv_session should always be available in EnterPasswordController and PersonalKeyController. This indirection is probably left over from FSM days. [skip changelog] * move the mock of usps_mock_fallback into the IPP context * add Idv::Session#verify_by_mail? * inline gpo_user_flow? method * fix failing specs --------- Co-authored-by: Douglas Price <douglas.price@gsa.gov> Co-authored-by: Matt Hinz <matt.hinz@gsa.gov>
* build-sass: Use native Node.js parseArgs utility changelog: Internal, Packages, Replace third-party dependency with native equivalent * Fix type error on potentially undefined outDir
… to VerifyInfo (#9589) * end_to_end_idv_spec small refactor * Start allowing Ssn to go back to DocumentCapture * Split end_to_end and back button specs The individual page validations could affect the back button history, so simplify by splitting the specs. * Allow back button starting from VerifyInfo Add StepInfo in VerifyInfo controller. Remove :confirm_document_capture_not_complete before_action from early steps and replace with :confirm_verify_info_step_needed to make the next barrier. Update specs. * Remove before action from SsnController that prevents back from VerifyInfo * Move #confirm_ssn_step_complete into InPerson::VerifyInfoController It is no longer used from other controllers since it is removed from remote VerifyInfo * Use FlowPolicy for AddressController (and SsnController before_action cleanup) * Add undo_step to ssn - verify_info controllers * clear_invalid_steps! now undoes future steps changelog: User-facing Improvements, Identity Verification back button, Allow back button up to VerifyInfo * Fix specs In redo document capture, ssn step is no longer skipped. * Clear more idv_session attributes * Add more flow policy specs for ssn to verify_info * Do not clear redo_document_capture in verify_info The whole redo_document_capture mechanism can be removed - in a separate PR * Add more idv_session fields to flow_session spec for undo_future_steps_from_controller! * Add confirm_verify_info_needed before_action to AddressController * Update LinkSent before_actions and specs * address next_steps includes :verify_info * rename clear_invalid_steps! to clear_future_steps! --------- Co-authored-by: Doug Price <douglas.price@gsa.gov> Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: Jessica Dembe <jessica.dembe@gsa.gov>
* Update content on in-person-prepare-step * update translations * changelog: User-Facing Improvements, In-person proofing, Revert PO related content changes in DocAuth and Prepare pages * update test description * update prompt detail text
* Remove new options from WelcomeController Reset show.html.erb to default (old) view * Remove GettingStartedController and specs * Remove GettingStarted AB Test machinery changelog: Internal, Identity Verification GettingStarted ABC test, reset to default original view and remove test code * review comments
Added aria tags and some basic testing support * Added `have_unique_form_landmark_labels` matcher * Improve form label check. changelog: User-Facing Improvements,remote proofing,Added accessibility tag attributes to cancel screen Co-authored by Andrew Duthie <andrew.duthie@gsa.gov>
…on (#9663) In #4634 we restricted the identity verification process to require a service provider for a user to undergo proofing. This commit added other features like a `idv_sp_required` for configuring this behavior to be enabled or disabled. This commit required an SP to be present but did not require the SP to actually request verification. This commit changes the code so that `IalContext` is invoked to check if verification was in fact requested. This way users can't go to an SP that does not require verification and start the verification process by navigating to `/verify`. changelog: User-Facing Improvements, SP IdV Requirement, Users can only undergo proofing if the SP IAL context is for identity verification or greater.
We have been discussing feature flags that can be toggled while the applicaiton is running. This would be an issue for the feature flags that drive `FeatureManagement#idv_available?`. That method is used in the routes file to handle routing for IdV routes when IdV is unavailable. This means that to change those feature flags while the app is running carries a requirement to redraw routes. This commit makes a change to move equivalent logic to the routes file to the `Idv::Availability` concern. This concern is then included in all of the controller that were previously affected by the rule in the routes file. changelog: Internal, IdV Availability, IdV availability is computed in a concern instead of the routes file
* LG-11517: Always show "Use another method" option in SMS opt-in changelog: User-Facing Improvements, SMS Opt-In, Provide a pathway to deleting one's account after opting-out SMS delivery * Remove unused strings
* send only active profile to service provider in SAML handoff * add changelog changelog: Internal, Profile SAML handoff, Use the correct active profile pii in the session for SAML handoff
This PR uses the Acuant SDK to capture a selfie on the document upload page in the docauth javascript app. All work in this PR should be behind a featureflag. To see it locally change doc_auth_selfie_capture in application.yml.
Contributor
This was cherry-picked into RC 334 so can be excluded here. |
aduth
approved these changes
Nov 28, 2023
matthinz
approved these changes
Nov 28, 2023
zachmargolis
approved these changes
Nov 28, 2023
amirbey
approved these changes
Nov 28, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User-Facing Improvements
Internal
Upcoming Features