LG-11962 return 406 if biometric selected in production#9837
Merged
Conversation
jmax-gsa
changed the title
Contributor
Author
|
As an alternative, I could've re-used the existing 404 content and rendered it if necessary, but adding an explicit route to the existing controller and redirecting to it seemed like the better alternative to me. Arguments to the contrary invited. |
jmax-gsa
force-pushed
the
jmax/LG-11962-return-404-if-biometric-selected-in-production
branch
from
8771acd to
b97507c
Compare
matthinz
reviewed
Dec 29, 2023
jmax-gsa
force-pushed
the
jmax/LG-11962-return-404-if-biometric-selected-in-production
branch
2 times, most recently
from
a1c0fcc to
e721140
Compare
changelog: Internal,Biometrics,404 if asked for biometrics in production
Render 404 page in a better way; thanks to matt.hinz@gsa.gov
jmax-gsa
force-pushed
the
jmax/LG-11962-return-404-if-biometric-selected-in-production
branch
from
b65b619 to
bdc159c
Compare
The code no longer does a redirect, so the before action name needed to change.
jmax-gsa
changed the title
matthinz
reviewed
Jan 3, 2024
Also pulled that logic out to FeatureManagement
soniaconnolly
approved these changes
Jan 4, 2024
Contributor
soniaconnolly
left a comment
soniaconnolly
left a comment
There was a problem hiding this comment.
LGTM. I like the way the check for prod is set up now. We might want to add the datacenter check to decorated_session.selfie_required? (but not in this PR).
jmhooper
approved these changes
Jan 4, 2024
jmax-gsa
deleted the
jmax/LG-11962-return-404-if-biometric-selected-in-production
branch
Merged
8 tasks
jmhooper
added a commit
that referenced
this pull request
Feb 28, 2024
In #9837 we modified the IdP to render a 406 if biometric comparison was requested but not allowed for the current environment. This change applied to the query parameter method for requesting biometric comparison which was the only way to request biometric comparison at the time. Since then we have enabled biometric comparison requests using vectors of trust but did not port over the feature for blocking biometric comparison requests in environments where they are not allowed. This commit applies the feature to requests that use a vector of trust to request biometric comparison. [skip changelog]
jmhooper
added a commit
that referenced
this pull request
Feb 29, 2024
…10180) In #9837 we modified the IdP to render a 406 if biometric comparison was requested but not allowed for the current environment. This change applied to the query parameter method for requesting biometric comparison which was the only way to request biometric comparison at the time. Since then we have enabled biometric comparison requests using vectors of trust but did not port over the feature for blocking biometric comparison requests in environments where they are not allowed. This commit applies the feature to requests that use a vector of trust to request biometric comparison. [skip changelog]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎫 Ticket
LG-11962
🛠 Summary of changes
Added a check to ensure that SP requests for selfies are not permitted in production. This is a temporary measure, until we are actually ready to handle them properly.
📜 Testing Plan
Provide a checklist of steps to confirm the changes.
feature_managementto simulate a production environment (see below).Simulating a production environment on a dev box turned out to be a time sink. After spending Friday afternoon shaving yaks, re-assessed and simulated a production environment via a code change. If desired, we could spin up a sandbox for closer simulation of production. I don't feel that's necessary for code review, but perhaps for acceptance.
The code change is in
lib/feature_management.rb, lines 167-168:👀 Screenshots
If relevant, include a screenshot or screen capture of the changes.
Development request for biometrics:
Production: no request for biometrics
Production: request for biometrics
Details