Skip to content

Releases: 18F/identity-idp

RC 68

11 Oct 14:33
5c67b41
Compare
Choose a tag to compare
2018-10-11T141509

2018-10-11T141509 release

RC 66 - Patch 1

13 Sep 17:30
1f15cc9
Compare
Choose a tag to compare

Features

  • List/delete webauthn configurations for a user #2494
  • Allow a user to add a new webauthn configuration #2490
  • Create WebAuthn Configurations Table #2461

Bugs and Enhancements

  • Don't show recovery code before IdV flow #2485
  • Revert removal of #2351 (redirect uri validation) #2498
  • Update Reek from 4.8.1 to 5.0.2 #2499
  • Revert changes to `find_with_email #2497
  • Update gems with bummr #2493
  • Add timeout to Twilio API calls #2491
  • Fix tests using users with phones #2496
  • Ensure rack-timeout is properly configured #2488
  • Set up a TOTP user for local development #2483
  • Remove unused personal_key method #2481
  • Allow full exception logs for users without phone #2479
  • Refactor AccountReset::DeleteAccountController #2450
  • Catch no method error in formatted phone #2477
  • Fix failure screens throwing 500 error with failure_to_proof_url #2473
  • Take into account nil user in SmsLoginOptionPolicy #2472
  • Make user_access_key_overrides fasterer #2458
  • Remove dup webauthn_configurations index creation #2469
  • Add nil phone_configuration to anonymous user #2467
  • Run bundle install in devops repo when releasing #2468
  • Int: Fix Idv::Proofer vendor initialization #2465
  • Fix Idv::Proofer vendor initialization #2463
  • Return blank for nil phone numbers #2521

New Service Providers and updates to existing ones

  • Add HUD to the service providers in production #2495
  • Add CBP I-94 SP #2487
  • Add Railroad Retirement Board Branding #2482

RC65 patch 1

30 Aug 14:29
2018-08-30T142720
4c45627
Compare
Choose a tag to compare

Bugs and Enhancements

  • Update LOA3 "failure to proof" screens #2454
  • Redirect piv/cac errors to cleanup url #2380
  • Add spinner when requesting piv/cac cert from user #2258
  • Piv/cac available based on email domain #2429
  • Track additional IdV analytics #2431
  • Use 2-letter phone country code for analytics #2442
  • Refactor and fix account reset requests #2444
  • Allow sign in via remember me after idling #2438
  • Display fake banner in lower environments #2418
  • Prevent calling unsupported countries #2423
  • Fix already authenticated users redirecting to account page #2426
  • Fix border radius on Account boxes #2427
  • Add client-side Crockford Base32 encoding helper #2417

New Service Providers and updates to existing ones

  • Add RRB LOA3 SP to Production #2457
  • Adds in the logo for the Small Business Administration #2393
  • Add a new redirect_uri for logout with the CBP ROAM SP #2435
  • Update redirect_uri list for OIDC Sinatra developer demo app #2433
  • Add a logout redirect uri for the Trusted Traveler Program SP #2446

RC 64

14 Aug 14:13
2018-08-14T140838
Compare
Choose a tag to compare

Features

  • Failure to proof URL for service provides at LOA3 i#2389

Bugs and Enhancements

  • Fix preview images from PRs from showing in internal Slack channels #2422
  • Update dependencies #2420
  • Add script to give IDP access to CloudHSM keys #2235
  • Add a task to copy user phone numbers into a new table to eventually allow multiple phones per user #2415
  • Fix a bug where session timeout prevented user from ending at SP #2390
  • Stop storing unnecessary OIDC request data in the session #2412
  • Track errors when the user is nil in analytics #2407
  • Fix bug where users without a phone number where asked to use auth app to confirm phone during IdV #2389
  • Add account reset health checker #2387
  • Change release script to stop recycling unused servers #2349

New Service Providers and updates to existing ones

  • Add a redirect URI for DOE #2416

RC 63

07 Aug 17:58
84ff4a1
Compare
Choose a tag to compare

Features

  • Add Connected Applications to Account Management #2376
  • Write 2L KMS encrypted sessions #2373
  • Add script to email compromised users #2340

Bugs and Enhancements

  • Add phone configurations table #2361
  • Fix OIDC Sinatra SP redirect uri for int and dev #2391
  • Refactor SP redirect URI validation #2351
  • Use different text in SMS for login vs verify phone number #2342
  • Fix confusing placeholder phone number #2359
  • Update PR template and contribution guidelines #2315
  • Add console output suppression spec helper #2383
  • Remove stray SAML test file #2382
  • Add logstash.conf.example and update README #2378
  • Production Error: ERROR: duplicate key (email) #2379
  • Ran make normalize_yaml on PR 2358 #2377
  • Update USAJOBS / TTP instructions on create account #2358
  • Update gems with bummr #2371
  • Clean up localizations #2333
  • Create an AWS lambda function for delayed notifications with account reset #2310
  • Fix 500 errors on bad personal key. Match host on redirect URIs #2362
  • Fix phone validation logic to prevent toggling disable #2357
  • User can't create account because their email is "invalid" #2360
  • Display a message to the user when an account reset link is expired #2331
  • Ignore saml_*.txt files generated by tests #2352
  • Adjust response code for SMS reply #2325
  • Fix 500 errors on bad personal key and invalid otp_delivery_preference in path. Add specs. #2346
  • Match host on redirect URIs #2347
  • Add SMS opt-out reply job spec #2343
  • Create an AWS lambda function to upload USPS verification to GPO #2332
  • Ignore the old password columns on the user model #2330
  • Hardcode session encryption cost for migration #2395
  • Catch sending too much to kms #2411
  • Use 32 byte salts for passwords #2372

New Service Providers and updates to existing ones

  • Add Forest Service ePermits to the production service providers #2339

RC 62

18 Jul 14:38
2018-07-17T200931
0df0bc5
Compare
Choose a tag to compare

Bugs and Enhancements

  • Cancelling account deletion now notifies both email and sms #2320
  • 2FA selection at sign in has been cleaned up #2317
  • Attribute encryption rake task logs errors and continues #2322
  • The IdP supports serving assets from the Cloudfront CDN #2321
  • Invalid user params won’t raise errors #2324
  • Adjust checkbox spacing on OTP verification screen #2316
  • Remove stray TODO comment #2312
  • Handle Twilio errors more gracefully #2308
  • Only send one SMS for account reset delayed notification #2309
  • Redesign IDV verification OTP delivery method screen #2302
  • Fix typo on account reset page #2306
  • Make programmable SMS countries configurable #2298
  • Make the call to action full width on mobile for some pages #2291
  • Fix attribute_encryption_key_queue in example application configuration #2294
  • Allow Code Climate to analyze spec folder #2292
  • Fix USPS uploader spec #2296
  • Remove TODO comments from codebase #2295
  • Remove CSRF protection from SendNotificationsController #2290
  • Remove CSRF protection from account reset delayed notifications endpoint #2289
  • Fix Voice OTP bug in previous release #2287
  • Define locale argument for VoiceOtpSenderJob #2284
  • Add SMS opt-out messaging #2276

New Service Providers and updates to existing ones

  • Add a new redirect uri to DOT portal SP #2327
  • Allow users of NGA and EOP SPs to use piv/cac as a second factor #2323
  • Add tsp.move.mil SP #2319

RC 61

05 Jul 14:58
144e2fe
Compare
Choose a tag to compare

Features

  • Use GPO instead of Equifax for address verification #2267, #2272
  • Delayed account reset requests #2274
  • Use Twilio/Auth Verify service to send international SMS #2275, #2280

Bugs and Enhancements

  • Fix 500 errors #2269
  • Allow SMS to be sent to Zambian and Liberian phone numbers #2256
  • Clarify and simplify personal keys instructions #2266

New Service Providers and updates to existing ones

  • MyCBP #2282
  • Update USAID logo #2278
  • Add piv/cac subject to attributes for move.mil #2263

Code maintenance

RC 60

07 Aug 17:27
fa08c35
Compare
Choose a tag to compare

Features

  • Add PIV/CAC as a two factor authentication option #2234, #2237, #2244, #2250, #2253
  • Allow dynamic service provider updates in production #2227
  • Log ‘Password Changed’ event #2233
  • Log ‘Personal Key Changed’ event #2217
  • Offer all two factor authentication options during account creation #2099
  • Increased the Reauthentication Timeout window from 2 to 5 minutes

Bugs and Enhancements

  • Fix bug in enter phone number screen #2255
  • Remove already initialized constant #2252
  • Hide nonce from html #2236
  • Upgrade Ruby from 2.3.5 to 2.5.1 #1997
  • Improve request tracing #2245
  • Add help text for SAM users on account creation screen #2230
  • Update dependencies #2175, #2228
  • Send ‘password reset link’ to confirmed email address #2182
  • Prevent ‘password reset tokens’ from leaking to 3rd party sites #2214
  • Fix validation bug on personal key screen #2215
  • Fix rate limiting issues #2216, #2222

New Service Providers and updates to existing ones

RC 59

07 Jun 17:00
04445aa
Compare
Choose a tag to compare

Features

Bugs and Enhancements

  • Add 849 and 829 area codes for Dominican Republic #2196
  • Fix visual bug on phone input #2190
  • Update edit phone screen to use new phone input #2195
  • Upgrade file encryptor to work with gpg2 #2199
  • Add proofer information to result and analytics #2207
  • Switch queuing from sidekiq to inline by default. #2208
  • Fix CircleCI build caching issue #2211

New Service Providers and updates to existing ones

RC 58

29 May 16:02
2018-05-29T160141
Compare
Choose a tag to compare

Features

  • Allow PIV/CAC as 2FA during login #2142, #2188
  • Manage PIV/CAC association in account #2128
  • Add reCAPTCHA to account creation and password reset screens #2136, #2160

Bugs and Enhancements

  • Add more testing for PIV/CAC feature #2157
  • Default recaptcha to off and whitelist it for unsafe-inline #2160
  • Prefix email confirmation event with use registration label #2181
  • Exclude events with invalid tokens #2153
  • Disallow indexing of certain pages #2151
  • Update gems with bummr #2173
  • Automate release management #2080
  • Sanitize Ahoy headers and cookies #2165
  • Make tests compatible with zeus #2158
  • Add script to create test accounts #1860

New Service Providers and updates to existing ones

  • Add move.mil and DOT SPs to production #2183