Deploy RC 352 to Production #10018
Merged
Deploy RC 352 to Production #10018
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
LG-11997 | Mark users as fraudulent on USPS return If a user has a fraud_pending_reason, mark them as fraud_review_pending_at when we get a response. changelog: Internal, IPP, Mark users as fraud_review_pending_at if appropriate
* Add the requested vectors of trust to `ServiceProviderRequest` We are working on implementing a feature for partners to request identity proofing and authentication features using vectors of trust. This will involve sending param describing the vector of trust in the original SAML or OIDC request. Within the context of OIDC this param is named `vtr`. This commit adds a `vtr` property to `ServiceProviderRequest`. This property is unused and unset in the persisted service provider request. This will allow us to write to it in the future and initialize `ServiceProviderRequest`s with the value without resulting in an `ArgumentError` (thus avoiding a dreaded 50/50 state bug) This commit also adds an `acr_values` property. This is looking forward to when parameters are consumed by the parser introduced in #9971. [skip changelog]
* LG-12143 Create a vector of trust parser This commit introduces a service that can take a string representing a vector of trust and parse it into its components and values. Vectors of trust are described in RFC 8485. We are planning to use vectors of trust in our OIDC interface to allow service providers to describe the authentication and identity proofing feature set they need in place for their use case. This will be an alternative to ACR values. To that end this commit includes VoT 2 components with their own unique values. Together these form 6 valid pairs of components and values. The `P` component represents identity proofing. It contains the following values: - `1`: Identity proofing is performed - `2`: A biometric comparison is performed as part of identity proofing (this is a future offering) The `C` component represents credential usage. This essentially describes authentication features. It contains the following values: - `1`: Password authentication + MFA - Implied for all transactions - `2`: AL2 conformant features engaged (e.g. no remember device) - `a`: A phishing resistant authenticator is required - `b`: A PIV or CAC is required The construction of this mapping satisfies LG-12151. As an example for how this new tool behaves, consider the vector "C2.P1". The "P1" vector implies the "C2" vector which is already included. The "C2" vector implies the "C1" vector. This results in the vector being expanded into "C1.C2.P1". The result that is returned form the parser includes fields for the requirements for the authentication and identity proofing transaction. It includes the following requirements: - `aal2`: AAL2 is required - `phishing_resistant`: Phishing resistant authenticators are required - `hspd12`: PIV/CAC is required - `identity_proofing`: Identity proofing is required - `biometric_comparison`: A biometric comparison is required This allows the result to be used to describe an authentication context that can be used to construct policies that ensure the requirements for the vector of trust are met. [skip changelog]
…9946) * Document parameters from running spec/forms * Add allowed_extra_analytics metadata * Handle string keys via YARD @options tag * Update AnalyticsEventDocumenter to parse @option tags * Remove documentation of "extra" param * memoize YARD parsing * Allow skipping via "*" changelog: Internal, Documentation, Add error for undocumented analytics event params
changelog: Internal, Dependencies, Update capybara to fix Rack 3 deprecation message
* LG-11718: test from client perspective with selfie enabled. * LG-11718: mock dependency not self with api_image_upload_form_spec. Other minor changes. * LG-11718: update feature test to verify error message. * LG-11718: update to use workflow lookup. * LG-11718: bring in changes from main branch and consolidate. * changelog: Internal, Doc Auth, Validating vendor http error situation * LG-11718: minor update from comment.
[skip changelog]
* Update Rubocop changelog: Internal, Dependencies, Update Rubocop * symbol conversion * redundant parentheses * line continuation * disable self-assignment check in x509 attributes
* Bump @18f/identity-design-system from 8.0.1 to 8.1.1 Bumps [@18f/identity-design-system](https://github.com/18F/identity-design-system) from 8.0.1 to 8.1.1. - [Release notes](https://github.com/18F/identity-design-system/releases) - [Changelog](https://github.com/18F/identity-design-system/blob/main/CHANGELOG.md) - [Commits](18F/identity-design-system@v8.0.1...v8.1.1) --- updated-dependencies: - dependency-name: "@18f/identity-design-system" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Remove patched upstream * Update to identity-design-system@8.1.2 Fix CommonJS import incompatibility https://github.com/18F/identity-design-system/releases/tag/v8.1.2 * Delete us_flag.svg Included in USWDS as of 3.7.0 https://github.com/uswds/uswds/releases/tag/v3.7.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
changelog: Internal, Rate Limiting, Update Rack Attack
* rename idv_session to idv_session_concern * rename IdvSession to IdvSessionConcern wherever it is included * add changelog changelog: Internal, IdV, rename concerns/idv_session to idv_session_concern
changelog: Internal, Data Reporting, Adds automated IdV DropOff Report --------- Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
* Consolidate SAML/OIDC redirect JavaScript changelog: Internal, Code Quality, Consolidate redirect logic for SAML/OIDC * Use classList#replace for no-js replacement * Use consistent click_immediate attribute value See: #9985 (comment) * Remove unnecessary hidden field for tests See: #9985 (comment) * Fix helper for OIDC redirect link * Improve spec helper resilience to HTML tag attributes
We weren't gracefully handling the case where a user has a pending profile but no PII attached to it. (This can happen for historical reasons) changelog: Bug Fixes,PII re-encryption,fix edge-case bug.
changelog: Internal, Type Checking, Increase type checking code coverage
* Browser support: Check iOS Safari engine for all iOS browsers changelog: Internal, Browser Support, Improve browser detection for iOS browsers * Filter browser matchers after memoization See: https://github.com/18F/identity-idp/pull/10002/files#r1471722417 * Build hash with each_with_object
changelog: Internal, Mailer Previews, Sync new device mailer preview content to live content
aduth
requested review from
n1zyy,
zachmargolis,
jmhooper,
theabrad,
mitchellhenke,
Sgtpluck,
jmax-gsa and
dawei-nava
mitchellhenke
approved these changes
Feb 1, 2024
zachmargolis
approved these changes
Feb 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug Fixes
Internal