New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy RC 187 to Production #6224
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Bump identity-style-guide from 6.4.0 to 6.4.1 Bumps [identity-style-guide](https://github.com/18F/identity-style-guide) from 6.4.0 to 6.4.1. - [Release notes](https://github.com/18F/identity-style-guide/releases) - [Changelog](https://github.com/18F/identity-style-guide/blob/main/CHANGELOG.md) - [Commits](18F/identity-design-system@v6.4.0...v6.4.1) --- updated-dependencies: - dependency-name: identity-style-guide dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Add changelog changelog: Internal, Dependencies, Update Login.gov Design System to v6.4.1 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Bump nokogiri from 1.13.3 to 1.13.4 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.3...v1.13.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Add changelog changelog: Internal, Dependencies, Update dependencies to address security advisories Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Adapt StepIndicator script to custom element **Why**: So it's more easily implemented in the context of a React component * Ensure component removal clean-up * Add changelog [skip changelog]
* email deletion requested * email language visited * email language updated * event disavowal visited * event disavowal password reset * Add changelog changelog: Internal, Documentation, Document additional analytics events
**Why**: Since it may have a negative impact on form usability, revert until we have a chance to think about this more holistically. [skip changelog]
changelog: Internal, Optimization, Drop unused user columns
Co-authored-by: ManishMShah <manishmshah@fcoh2j-k1b3hv2f.fios-router.home>
* Extract form-steps package from document-capture **Why**: Because, as part of ongoing IDV API work, we'll want form steps outside the context of document capture. [skip changelog] * Remove redundant field property on FormError * Revert unnecessary revisions to FormError
**Why**: - Because polyfills are intended to be confined to the polyfill package (#6060) - So that it's not included in modern browsers (#6068, -0.9kb gzipped) - To reduce surface area of dependencies shared with USWDS (related to 18F/identity-design-system#312 (comment)) changelog: Internal, Optimization, Reduce size of JavaScript for modern browsers
* Remove visually-disabled effect from FormStepsContinueButton **Why**: For consistency with other submit buttons, which are always shown as enabled and validate upon submission. Since this button will be used as part of ongoing identity verification work (LG-4159), changing this default behavior ensures we don't exacerbate the inconsistency. * Add changelog changelog: Improvements, Identity Proofing, Show document capture submit button as enabled by default for consistency
…ltiple MFA methods. (#6138) * Add setup router * delete authenticator service * LG-5988: work on routing for multiple selections * LG-5988: remove uneeded helper * changelog: New Feature, Allow Users to add more than one MFA method on account creation, LG-5988 * LG-5988: spec * LG-5988: address comments * rubocop * Refactor how were doing user updating otp method * rubocop * LG-5988: change method name * redirect fix * LG-5988: use index * use dig to reduce errors * rubocop * Ensure next url * LG-5988: rubocop * LG-5988: use shift for now
* Add "New Feature" badge for in-person proofing Co-authored-by: Andrew Duthie <aduth@users.noreply.github.com> changelog: Upcoming Features, In-Person Proofing, Add "new features" badge for links
* Remove unused string interpolation for personal key text **Why**: Since there is no "accent" interpolation key in the "instructions.personal_key.info_html" string. changelog: Internal, Localization, Remove unused locale strings * Remove unnecessary _html suffix * Remove double-spaces after sentence Consistency
**Why**: We think this error page is shown when identity resolution fails, which means IPP is not a viable option to get verified [skip changelog]
* Stub out React entry-point for new IdV API routes * Create new VerifyController for IdV API * Clean-up IdvController * Bring back FeatureFlaggedConcern by popular demand * Create feature_flagged_concern_spec.rb * Create verify_controller_spec.rb * Create basic React root element * Disable idv_api_enabled for all environments by default **Why**: Until it's ready to at least be remotely functional in local development * Route personal_key instead of password **Why**: Because that's the goal of LG-6066 * Add README for verify-flow package **Why**: So that someone unfamiliar can have a basic understanding of its purpose * Always define config value context for specs **Why**: Avoid issues with environment-specific configuration * Always draw route in spec * Replace FeatureFlaggedConcern with RenderConditionConcern **Why**: Less magical and open with forwarding of config keys, more explicit with callable behavior * Inline before_action block * Add changelog [skip changelog] * Namespace new IdV flow routes as "v2" * Remove unnecessary route drawing Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Rename "render_if" to "check_or_render_not_found' https: //github.com//pull/6177#discussion_r849771392 Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
* Move PageHeading to components package For reuse in verify-flow * Add basic FormSteps flow for IdV React implementation **Why**: So that we can start implementing step screens for the new, React-based identity verification flow. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Initialize React I18nContext with global locale data * Add basic personal key step content * Fix imports * Update test default i18n context * Set default I18nContext value to shared i18n instance * Import t directly Moving toward potential future removal of useI18n * Remove unnecessary string interpolation https://github.com/18F/identity-idp/pull/6195/files#r849653819 * Update usage for I18nContext.Provider Previously receives strings object, now receives I18n instance * Update personal_key info string key Changed in #6196 * Reorder props Bit easier to read with className last
* add flash error for phone step in rails * Add changelog changelog: Bug Fixes, Identity Proofing, Fixed missing error message for invalid phone step submission- like non US number * updated relevant rspec test * Update spec/controllers/idv/phone_controller_spec.rb specify exact error message we are expecting (us country code) Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * added more precise test for invalid phone number * Fix spec to test U.S. country code Co-authored-by: Nadya Primak <nadyaprimak@Nadyas-MacBook-Pro.local> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
**Why**: It's been enabled for a few weeks with no major issues [skip changelog]
* LG-6066: Initialize personal key value and render badge content **Why**: As an incremental step toward getting actual personal key initialized into the page, for feature parity with existing step. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Remove optional format argument * Avoid prompt on navigate for VerifyFlow We probably won't need it, since we'll be persisting values client-side * Use string keys for nonstandard hash key casing Should be camelCase for JavaScript app, but avoid camelCase symbols in Ruby See: #6206 (comment) Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
* Typescript-ify ClipboardButton * Move ClipboardButton to dedicated file Make room in index for React implementation * Restore index * Rename ClipboardButton to ClipboardButtonElement * Typescript-ify clipboard_button_component * Define custom element from implementation * Add global tag definition for lg-clipboard-button * Add React ClipboardButton implementation * LG-6066: Implement functional clipboard button on FSMv2 Personal Key step **Why**: So that we can retain feature parity with the existing screen. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Create README.md * Rename links.copy string to components.clipboard_button.label Associate with the component * Render default "Copy" text for button For consistency with server-side implementation * Change ClipboardButtonElement as default export Consistency * Add optional React peer dependency * Fix default import type * Fix name for ClipboardButtonElement in spec * Use personalKey text for ClipboardButton * Use index for personal key segment Avoid React warnings for duplicate content * Appease linter
* Longer timeout for remove old throttles job * reduce limits rather than increase timeout changelog: Internal, Maintenance, Reduce limit for background job that cleans up old Throttle database rows
* LG-6066: Implement print button on FSMv2 Personal Key step **Why**: - So that we can retain feature parity with the existing screen. - To reduce size and scope of common application bundle - To create a more rigid connection between print JavaScript functionality and server-side render logic - To improve test coverage for existing print button behavior changelog: Upcoming Features, Identity Verification, Add personal key step screen * Create README.md
* Bump async from 2.6.3 to 2.6.4 Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.3...v2.6.4) --- updated-dependencies: - dependency-name: async dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Add changelog changelog: Internal, Dependencies, Update dependencies to address security advisories Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Create manifest to associate asset references per Webpack pack **Why**: Since our current approach to list assets required per pack is not scalable, and does not account. changelog: Internal, Build, Generate asset manifest during JavaScript build * Emit as assets.json * Retrieve assets from asset.json manifest output * Use existing manifest to append assets * Omit nil values from AssetSources.get_assets Because there's nil-safe navigation, so possible nil values * Add getAssetPath specs * Add specs for AssetsWebpackPlugin * Clean up unused references * Remove more remnants of asset-checker * Add specs for AssetSources.get_assets * Stub CSP method for test * Render JavaScript tag with script text argument * Add specs for render_javascript_pack_once_tags assets behavior * Avoid polluting global namespace with content_security_policy_nonce https: //github.com//pull/6198#discussion_r850804108 Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Add inline comment describing publicPath customization #6198 (comment) * Emit asset map as JSON **Why**: Avoid risks and complication of dealing with executable script tag * bump circleci * Add type signature for getAssetPath 1. Parameter not typed (any) 2. Inferred return value is "string", when it can be undefined Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
changelog: Internal, Database, Background job to log psql table bloat stats Co-authored-by: Zach Margolis <zachary.margolis@gsa.gov>, Mitchell Henke <mitchell.henke@gsa.gov>
* Add a background job encryptor **Why**: Currently we use the session encryptor to encrypt args for async proofing activities and sessions. This adds a complication to modifying the way sessions are encrypted because it is coupled to the way background job arguments are encrypted. Adding this new encryptor (which is a clone of the session encryptor) decouples them and enables us to make changes to the session encryptor. changelog: Internal, Encryption, A new encryptor was added for handling encrypted background job arguments
**Why**: adheres to OIDC spec better Fixes #5991 changelog: Internal, Encoding, Use URL-safe encoding of SHA256 digests to better match OIDC spec
* Add support for className for FormStepsContinueButton Sometimes we don't render content after it, we don't need bottom margin * Remove bottom margin from PersonalKeyStep continue button * Implement basic React modal component * Move useInstanceId to react-hooks package For reuse * LG-6066: Add personal key confirmation modal to IDV v2 app **Why**: So that a user can proceed from the personal key step to confirm their personal key and complete the proofing process. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Accept code with dashes for PersonalKeyInput See: #6209 (review)
* Rename StepIndicator as StepIndicatorElement named export Make room for React implementation * Add global typings for lg-step-indicator **Why**: For compatibility with React usage * Define StepIndicator as side effect of import **Why**: While impure, this is the easiest way to ensure it's defined in time for the React component, is pretty common practice, and avoids inconsistency with augmented global, where registered name name is assumed. * Implement React StepIndicator, StepIndicatorStep components * Render VerifyFlow step indicator * Add documentation * Add specs for StepIndicator * Add specs for StepIndicatorStep * Take advantage of global typing for tag name definition * Add changelog changelog: Upcoming Features, Identity Verification, Add personal key step screen * Import StepIndicatorElement as type Ensure import statement is side-effecty for step-indicator-element
…6215) * Button: Add support for link styled as button * Add DownloadButton component * LG-6066: Implement download button for personal key step (IdV app) **Why**: So that a user can download their personal key to their computer. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Remove unused import * Use fileName from props See: https://github.com/18F/identity-idp/pull/6215/files#r852255628 Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Use type narrowing to avoid any-cast See: https://github.com/18F/identity-idp/pull/6215/files#r852258951 Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Use URI encoding for download data URI consistency with server implementation see: https://github.com/18F/identity-idp/pull/6215/files#r852251328 Co-Authored-By: Zach Margolis <zbmargolis@gmail.com> * Add specs for hasProprietarySaveBlob Co-authored-by: Zach Margolis <zbmargolis@gmail.com>
* Fix Webpack asset manifest generation for production exports **Why**: So that the asset manifest plugin correctly identifies all assets. * Handle multiple letters see: https://github.com/webpack/webpack/blob/a72548f97037c941db3320397392a329f52db66a/lib/Template.js#L149 changelog: Internal, Build, Generate asset manifest during JavaScript build * Fix typo "mangled"
* Remove query parameter style history navigation for hash fragment * Remove initialValue support from useHistoryParam YAGNI! * FormSteps: Add support for path-based history * Add basePath for VerifyFlow FormSteps * Add routes for base and personal_key_confirm * DRY common step path for IdV app routing Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update type handling for possibly-undefined step * Fix specs * Remove step clearing logic from form completion Should be responsibility of consumer to deal with lingering path fragment upon completion if necessary changelog: Upcoming Features, Identity Verification, Add client-side application path routing * Pass basePath as data property to VerifyFlow app **Why**: Because it will be necessary to reliably create step URLs #6213 (comment) * Rename getCurrentQueryParam to getCurrentValue We're not using a query parameter format * Improve trailing slash handling for useHistoryParam Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* TypeScript-ify Icon component * Add support for design system icons to Icon component * Add support for icon prop to Button component For consistency with ButtonComponent ViewComponent * Add icons for personal key buttons * Serve icon sprite asset from same origin * Add changelog changelog: Upcoming Features, Identity Verification, Add personal key step screen * Skip Rails env stubbing Not necessary, since the condition considers the config value, not env * Freeze, use set for same origin assets Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Add spec for DownloadButton icon Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* LG-6114: Use Cleave.js to format personal key (IdV app) **Why**: So that the value is more readable as the user types, and to ensure feature parity with the existing experience. changelog: Upcoming Features, Identity Verification, Add personal key step screen * Remove explicit maxLength As confirmed via integration specs, Cleave handles this * Rename formatted-fields to ts Fix type errors * Fix formatted-fields TypeScript errors
changelog: Feature, Account Management, Rate limit phone confirmation attempts
changelog: Feature, Account Management, Rate limit phone confirmation attempts
zachmargolis
approved these changes
Apr 19, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
aduth
approved these changes
Apr 20, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
**Why**: Good security practice to avoid timing attacks [skip changelog]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
RC 187
Improvements
Bug Fixes
Internal
Upcoming Features