profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/aduth/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Andrew Duthie aduth @GSA, and personal projects Cincinnati, OH, USA https://andrewduthie.com/ Developer and purveyor of open source with an enduring passion for bleeding-edge front-end web.

aduth/dones 63

Simple team task management and tracking

aduth/correctingInterval 57

An auto-correcting alternative to setInterval

aduth/Doom_CooldownPulse 8

A World of Warcraft addon that animates ability icons when they are available to be used after cooldown

aduth/g-debugger 7

Visual debugging tools for block development

aduth/Ghat 4

Relay GitHub events to your favorite chat client

aduth/equivalent-key-map 3

A Map variant which allows for equivalent (deeply equal) object and array keys

aduth/express-mongoose-starter 3

A very bare-bones starter app, using only Express and Mongoose.

aduth/github-explorer 3

Embeddable GitHub file explorer

aduth/crawl-domain 2

Crawl to discover all paths under a given URL domain

create barnch18F/identity-idp

branch : stevegsa-override-ahoy-user

created branch time in 4 hours

PR opened 18F/identity-style-guide

Bump postcss from 8.1.2 to 8.2.10

Bumps postcss from 8.1.2 to 8.2.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by <a href="https://github.com/barak007"><code>@​barak007</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/roelandmoors"><code>@​roelandmoors</code></a>).</li> </ul> <h2>8.2.9</h2> <ul> <li>Exported <code>NodeErrorOptions</code> type (by <a href="https://github.com/realityking"><code>@​realityking</code></a>)</li> </ul> <h2>8.2.8</h2> <ul> <li>Fixed browser builds in webpack 5 (by <a href="https://github.com/mattcompiles"><code>@​mattcompiles</code></a>).</li> </ul> <h2>8.2.7</h2> <ul> <li>Fixed browser builds in webpack 5 (by <a href="https://github.com/mattcompiles"><code>@​mattcompiles</code></a>).</li> </ul> <h2>8.2.6</h2> <ul> <li>Fixed <code>Maximum call stack size exceeded</code> in <code>Node#toJSON</code>.</li> <li>Fixed docs (by <a href="https://github.com/inokawa"><code>@​inokawa</code></a>).</li> </ul> <h2>8.2.5</h2> <ul> <li>Fixed escaped characters handling in <code>list.split</code> (by <a href="https://github.com/nex3"><code>@​nex3</code></a>).</li> </ul> <h2>8.2.4</h2> <ul> <li>Added plugin name to <code>postcss.plugin()</code> warning (by <a href="https://github.com/Alphy11"><code>@​Alphy11</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/billcolumbia"><code>@​billcolumbia</code></a>).</li> </ul> <h2>8.2.3</h2> <ul> <li>Fixed <code>JSON.stringify(Node[])</code> support (by <a href="https://github.com/mischnic"><code>@​mischnic</code></a>).</li> </ul> <h2>8.2.2</h2> <ul> <li>Fixed CSS-in-JS support (by <a href="https://github.com/43081j"><code>@​43081j</code></a>).</li> <li>Fixed plugin types (by <a href="https://github.com/ludofischer"><code>@​ludofischer</code></a>).</li> <li>Fixed <code>Result#warn()</code> types.</li> </ul> <h2>8.2.1</h2> <ul> <li>Fixed <code>Node#toJSON()</code> and <code>postcss.fromJSON()</code> (by <a href="https://github.com/mischnic"><code>@​mischnic</code></a>).</li> </ul> <h2>8.2 “Prince Orobas”</h2> <!-- raw HTML omitted --> <p>PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON.</p> <pre lang="js"><code>import { parse, fromJSON } from 'postcss' <p>let root = parse('a{}', { from: 'input.css' }) let json = root.toJSON() // save to file, send by network, etc let root2 = fromJSON(json) </code></pre></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by Barak Igal).</li> <li>Fixed docs (by Roeland Moors).</li> </ul> <h2>8.2.9</h2> <ul> <li>Exported <code>NodeErrorOptions</code> type (by Rouven Weßling).</li> </ul> <h2>8.2.8</h2> <ul> <li>Fixed browser builds in webpack 4 (by Matt Jones).</li> </ul> <h2>8.2.7</h2> <ul> <li>Fixed browser builds in webpack 5 (by Matt Jones).</li> </ul> <h2>8.2.6</h2> <ul> <li>Fixed <code>Maximum call stack size exceeded</code> in <code>Node#toJSON</code>.</li> <li>Fixed docs (by inokawa).</li> </ul> <h2>8.2.5</h2> <ul> <li>Fixed escaped characters handling in <code>list.split</code> (by Natalie Weizenbaum).</li> </ul> <h2>8.2.4</h2> <ul> <li>Added plugin name to <code>postcss.plugin()</code> warning (by Tom Williams).</li> <li>Fixed docs (by Bill Columbia).</li> </ul> <h2>8.2.3</h2> <ul> <li>Fixed <code>JSON.stringify(Node[])</code> support (by Niklas Mischkulnig).</li> </ul> <h2>8.2.2</h2> <ul> <li>Fixed CSS-in-JS support (by James Garbutt).</li> <li>Fixed plugin types (by Ludovico Fischer).</li> <li>Fixed <code>Result#warn()</code> types.</li> </ul> <h2>8.2.1</h2> <ul> <li>Fixed <code>Node#toJSON()</code> and <code>postcss.fromJSON()</code> (by Niklas Mischkulnig).</li> </ul> <h2>8.2 “Prince Orobas”</h2> <ul> <li>Added <code>Node#toJSON()</code> and <code>postcss.fromJSON()</code> (by Niklas Mischkulnig).</li> </ul> <h2>8.1.14</h2> <ul> <li>Fixed parser performance regression.</li> </ul> <h2>8.1.13</h2> <ul> <li>Fixed broken AST after moving nodes in visitor API.</li> </ul> <h2>8.1.12</h2> <ul> <li>Fixed Autoprefixer regression.</li> </ul> <h2>8.1.11</h2> <ul> <li>Added PostCSS update suggestion on unknown event in plugin.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/8395d9f53efbaae5f3372b6b662a9e9b5b02360b"><code>8395d9f</code></a> Release 8.2.10 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2baaa7e3780bad669814df498e301a47b5307c3"><code>f2baaa7</code></a> Update ESLint config</li> <li><a href="https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5"><code>b6f3e4d</code></a> Fix unsafe regexp in getAnnotationURL() too</li> <li><a href="https://github.com/postcss/postcss/commit/4bcd7276d19511ec9ae01d6471c6417533240668"><code>4bcd727</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1553">#1553</a> from barak007/patch-2</li> <li><a href="https://github.com/postcss/postcss/commit/7c2e97aeaaae1faa65f655c09798101b4bc00a44"><code>7c2e97a</code></a> Add covrage ignore on error paths</li> <li><a href="https://github.com/postcss/postcss/commit/8c5843463041a9e76b9af2b76eb54db5faddde64"><code>8c58434</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/postcss/postcss/commit/ff2fd57f6632436426156be63e696529f5ba0504"><code>ff2fd57</code></a> add error for sourcePath</li> <li><a href="https://github.com/postcss/postcss/commit/8f02bdcf62b820c8927a822fad02ffb6fec779d9"><code>8f02bdc</code></a> disable url based features</li> <li><a href="https://github.com/postcss/postcss/commit/a54d0205ef4c4bb127ccd1eaa807498f0534cdcf"><code>a54d020</code></a> Fix browser bundling with webpack 5</li> <li><a href="https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4"><code>8682b1e</code></a> Fix unsafe regexp</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.1.2...8.2.10">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+14 -30

0 comment

1 changed file

pr created time in 8 hours

create barnch18F/identity-dashboard

branch : dependabot/npm_and_yarn/lodash-4.17.21

created branch time in 8 hours

PR opened 18F/identity-dashboard

Bump lodash from 4.17.20 to 4.17.21

Bumps lodash from 4.17.20 to 4.17.21. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/f299b52f39486275a9e6483b60a410e06520c538"><code>f299b52</code></a> Bump to v4.17.21</li> <li><a href="https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a"><code>c4847eb</code></a> Improve performance of <code>toNumber</code>, <code>trim</code> and <code>trimEnd</code> on large input strings</li> <li><a href="https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"><code>3469357</code></a> Prevent command injection through <code>_.template</code>'s <code>variable</code> option</li> <li>See full diff in <a href="https://github.com/lodash/lodash/compare/4.17.20...4.17.21">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 8 hours

startedjlfwong/speedscope

started time in 8 hours

PR opened 18F/identity-dashboard

Bump hosted-git-info from 2.8.8 to 2.8.9

Bumps hosted-git-info from 2.8.8 to 2.8.9. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md">hosted-git-info's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9">2.8.9</a> (2021-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>backport regex fix from <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/76">#76</a> (<a href="https://github.com/npm/hosted-git-info/commit/29adfe5">29adfe5</a>), closes <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/84">#84</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01"><code>8d4b369</code></a> chore(release): 2.8.9</li> <li><a href="https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7"><code>29adfe5</code></a> fix: backport regex fix from <a href="https://github-redirect.dependabot.com/npm/hosted-git-info/issues/76">#76</a></li> <li>See full diff in <a href="https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~nlf">nlf</a>, a new releaser for hosted-git-info since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+3 -3

0 comment

1 changed file

pr created time in 9 hours

Pull request review comment18F/identity-idp

LG-4398: Support ActiveModel::Errors instance for FormResponse

 class FormResponse-  def initialize(success:, errors:, extra: {})+  def initialize(success:, errors: {}, extra: {})     @success = success-    @errors = errors.to_hash+    @errors = errors.is_a?(ActiveModel::Errors) ? errors.messages.to_hash : errors     @extra = extra+    @extra.merge!(+      error_details: flatten_details(errors.details),

Maybe some instance_eval to get around the property access? It's ugly but gets the job done... 😬

class A
  attr_accessor :a

  def initialize(a)
    @a = a
    @b = a + 1
  end

  def merge(other)
    self.class.new(self.a + other.a).tap do |merged|
      outer_b = b
      merged.instance_eval { @b = outer_b + other.instance_eval { b } }
    end
  end

  private

  attr_accessor :b
end

puts A.new(1).merge(A.new(2))
aduth

comment created time in 11 hours

create barnch18F/identity-idp

branch : mitchellhenke/async-doc-auth-analytics-lg-4488

created branch time in 11 hours

PR opened 18F/identity-idp

Deploy RC 139 to Prod
+912 -1190

0 comment

165 changed files

pr created time in 13 hours

create barnch18F/identity-idp

branch : stages/rc-2021-05-13

created branch time in 13 hours

push event18F/identity-pki

Mitchell Henke

commit sha fc9bbb0987e31950bddc35240626f9f9b3fe82f5

do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature (#231) * do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature * update rails

view details

push time in 13 hours

delete branch 18F/identity-pki

delete branch : mitchellhenke/use-piv-cac-indices

delete time in 13 hours

PR merged 18F/identity-pki

Reviewers
do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature

The piv_cacs table has case-sensitive indices on dn_signature and uuid, but issues a query for a uniqueness check to for case insensitive equality in the form of SELECT ? AS one FROM ? WHERE LOWER(?.?) = LOWER($?) LIMIT $?. That query is not indexed, and leads to table scans that have been getting slower over time.

https://github.com/18F/identity-pki/blob/b20063e58aa2d5c2f27079a971f97dfae447acd6/db/schema.rb#L41-L42

The initial implementation here attempted to have a case-insensitive check, but it was misconfigured by using:

# results in case-insensitive check
validates :uuid, presence: true, uniqueness: true, case_sensitive: false

This misconfiguration was fixed in the Rails 6.1 upgrade (https://github.com/18F/identity-pki/pull/213), and we then started running the unindexed queries.

This change reverts it back to being case-sensitive, which should be safe since it previously operated this way. I believe this is also the correct behavior since dn_signature is Base64 encoded, where an a is not the same as an A. Our UUIDs are always generated as being lowercase with SecureRandom.uuid as well.

This PR also includes some dependency updates to patch https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

+60 -60

0 comment

3 changed files

mitchellhenke

pr closed time in 13 hours

PR opened 18F/identity-pki

Reviewers
do not enforce case insensitive uniqueness for piv_cac uuid or dn_signature

The piv_cacs table has case-sensitive indices on dn_signature and uuid, but issues a query for a uniqueness check to for case insensitive equality in the form of SELECT ? AS one FROM ? WHERE LOWER(?.?) = LOWER($?) LIMIT $?. That query is not indexed, and leads to table scans that have been getting slower over time.

https://github.com/18F/identity-pki/blob/b20063e58aa2d5c2f27079a971f97dfae447acd6/db/schema.rb#L41-L42

The initial implementation here attempted to have a case-insensitive check, but it was misconfigured by using:

# results in case-insensitive check
validates :uuid, presence: true, uniqueness: true, case_sensitive: false

This misconfiguration was fixed in the Rails 6.1 upgrade (https://github.com/18F/identity-pki/pull/213), and we then started running the unindexed queries.

This change reverts it back to being case-sensitive, which should be safe since it previously operated this way. I believe this is also the correct behavior since dn_signature is Base64 encoded, where an a is not the same as an A. Our UUIDs are always generated as being lowercase with SecureRandom.uuid as well.

This PR also includes some dependency updates to patch https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

+60 -60

0 comment

3 changed files

pr created time in 13 hours

push event18F/identity-pki

Mitchell Henke

commit sha 3549fd731b3bc6c9f03e4ad8d4e02e78b0aeb949

update rails

view details

push time in 14 hours

Pull request review comment18F/identity-site

LG-4125 Rules of use

+---+layout: sidenav+title: Rules of Use+description: Rules of use.+permalink: /policy/rules-of-use/+sidenav: policies+---+# Rules of Use++The login.gov service is provided by the U.S. General Services Administration to offer the public secure and private online access to participating government programs. With one login.gov account, users can sign into multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.++These terms of service provide:++- Information on how the login.gov service works and what you can expect from it,+- The terms under which we provide the login.gov service to you,+- How we use your information and your rights to that information, and+- The conditions you agree to when you take certain actions on the login.gov service.++# 1. General Service Definition++The login.gov service offers the public secure and private online access to participating government programs. With one login.gov account, you can sign into services offered by multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.++The login.gov service partners with other federal agencies ("partners") to allow users to access those services with just one login.gov account, eliminating the need to create many separate accounts across government.++The login.gov service protects your account by implementing strong security measures and protects your privacy by collecting the minimally necessary information from you and, in turn, revealing to partners only the information necessary for those partners to execute their service. And login.gov never shares anything about you with a partner without your explicit consent and you can revoke that consent at any time.++Some government applications that use login.gov require users to verify their identities. This means that you must prove that you are who you say you are. That proof helps ensure that only the right people get access to sensitive information.++You will only be asked to verify your identity the first time you sign into certain government applications. You only need to verify your identity once for your login.gov account. After you verify your identity with login.gov for one government application, you don't need to do it again for other government applications. By providing the login.gov service with the information needed to verify your account, you authorize it to use that information to conduct activities necessary to ensure your identity, including sharing information with certain third parties, namely identity proofing services. The login.gov service requires those parties to hold your information confidentially and not to use it for other purposes, as detailed in our [privacy policy.](https://login.gov/policy/our-privacy-act-statement/)++The login.gov service employs recognized security and privacy best practices.++Prior to using the login.gov service, you are required to agree to these terms of service. When the login.gov service changes its terms of service, you will be given the option to agree or to decline the updated terms of service. Similarly, when conducting certain activities in the login.gov service, such as providing personal information for the first time, the login.gov service may require you to re-confirm your understanding of how it uses your information.++# 2. Your Agreement++In addition to details about your consent stated elsewhere in these terms, by accepting these terms and using the login.gov service, you agree that:++1. Are not a child under 13 years of age,+2. Any information you provide to us is complete and accurate,+3. If you verify your identity, the identity you claim when using the service is your own,+4. You will comply with applicable local, state, and federal laws in your use of the service,+5. You will keep your personal and login information confidential, and+6. You will maintain accurate information in your account at all times.++You further agree that you will NOT misrepresent your identity or any information you present in the login.gov service, including through customer support channels.++You also agree that you are bound by these terms and the [Privacy Policy](https://login.gov/policy/), and other terms related to the login.gov service.

ditto for https://github.com/18F/identity-site/pull/630/files#diff-9a6fd1d5a343260412f1f9befa0fd45a62039bec19632a3861d7c6e64ea0f24bR91, https://github.com/18F/identity-site/pull/630/files#diff-9a6fd1d5a343260412f1f9befa0fd45a62039bec19632a3861d7c6e64ea0f24bR109 and https://github.com/18F/identity-site/pull/630/files#diff-9a6fd1d5a343260412f1f9befa0fd45a62039bec19632a3861d7c6e64ea0f24bR157

stevegsa

comment created time in 14 hours

Pull request review comment18F/identity-site

LG-4125 Rules of use

+---+layout: sidenav+title: Rules of Use+description: Rules of use.+permalink: /policy/rules-of-use/+sidenav: policies+---+# Rules of Use++The login.gov service is provided by the U.S. General Services Administration to offer the public secure and private online access to participating government programs. With one login.gov account, users can sign into multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.++These terms of service provide:++- Information on how the login.gov service works and what you can expect from it,+- The terms under which we provide the login.gov service to you,+- How we use your information and your rights to that information, and+- The conditions you agree to when you take certain actions on the login.gov service.++# 1. General Service Definition++The login.gov service offers the public secure and private online access to participating government programs. With one login.gov account, you can sign into services offered by multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.++The login.gov service partners with other federal agencies ("partners") to allow users to access those services with just one login.gov account, eliminating the need to create many separate accounts across government.++The login.gov service protects your account by implementing strong security measures and protects your privacy by collecting the minimally necessary information from you and, in turn, revealing to partners only the information necessary for those partners to execute their service. And login.gov never shares anything about you with a partner without your explicit consent and you can revoke that consent at any time.++Some government applications that use login.gov require users to verify their identities. This means that you must prove that you are who you say you are. That proof helps ensure that only the right people get access to sensitive information.++You will only be asked to verify your identity the first time you sign into certain government applications. You only need to verify your identity once for your login.gov account. After you verify your identity with login.gov for one government application, you don't need to do it again for other government applications. By providing the login.gov service with the information needed to verify your account, you authorize it to use that information to conduct activities necessary to ensure your identity, including sharing information with certain third parties, namely identity proofing services. The login.gov service requires those parties to hold your information confidentially and not to use it for other purposes, as detailed in our [privacy policy.](https://login.gov/policy/our-privacy-act-statement/)++The login.gov service employs recognized security and privacy best practices.++Prior to using the login.gov service, you are required to agree to these terms of service. When the login.gov service changes its terms of service, you will be given the option to agree or to decline the updated terms of service. Similarly, when conducting certain activities in the login.gov service, such as providing personal information for the first time, the login.gov service may require you to re-confirm your understanding of how it uses your information.++# 2. Your Agreement++In addition to details about your consent stated elsewhere in these terms, by accepting these terms and using the login.gov service, you agree that:++1. Are not a child under 13 years of age,+2. Any information you provide to us is complete and accurate,+3. If you verify your identity, the identity you claim when using the service is your own,+4. You will comply with applicable local, state, and federal laws in your use of the service,+5. You will keep your personal and login information confidential, and+6. You will maintain accurate information in your account at all times.++You further agree that you will NOT misrepresent your identity or any information you present in the login.gov service, including through customer support channels.++You also agree that you are bound by these terms and the [Privacy Policy](https://login.gov/policy/), and other terms related to the login.gov service.
[Privacy Policy](https://login.gov/policy/)

is it possible to not hard code it via [Link to a post]({% link _posts/2016-07-26-name-of-post.md %})?

stevegsa

comment created time in 14 hours

push event18F/identity-idp

Mitchell Henke

commit sha bb842aef0953bc3c3afce75260c3e82eea3e489e

enable phone for Northern Mariana Islands (#5049)

view details

push time in 14 hours

delete branch 18F/identity-idp

delete branch : mitchellhenke/enable-phone-for-northern-mariana-islands

delete time in 14 hours

PR merged 18F/identity-idp

enable phone for Northern Mariana Islands

Enables support for SMS/Voice in the Northern Mariana Islands

+5 -0

0 comment

1 changed file

mitchellhenke

pr closed time in 14 hours

push event18F/identity-idp

Oren Kanner

commit sha d1f420adfa4945fd18eba0f46a7741e9aa7813af

Remove duplicate validations in the ServiceProvider model (#5039) Resolves LG-4095 There were also duplicate specs here that felt unnecessary if we're relying on the gem for validations so we moved them to the gem.

view details

push time in 15 hours

delete branch 18F/identity-idp

delete branch : oyk-remove-duplicate-sp-model-code

delete time in 15 hours

PR merged 18F/identity-idp

Reviewers
[LG-4095] Remove duplicate validations in the ServiceProvider model

Resolves LG-4095

There were also duplicate specs here that felt unnecessary if we're relying on the gem for validations so we moved them to the gem.

Blocked on https://github.com/18F/identity-validations/pull/9 for the version bump.

+4 -154

0 comment

4 changed files

orenyk

pr closed time in 15 hours

push event18F/identity-idp

Zach Margolis

commit sha 799fc62621a30c54e7edba17e376d94606d0c956

Make sure JWTs have a kid (key id) header value (LG-4480) (#5037) **Why**: To be able to match JWTs to public certificates in our certs endpoint to simplify supporting multiple certs

view details

Zach Margolis

commit sha 69f5d5c4658a8aa67e33ca8be1492af0517200fe

Remove unused scripts and things (#5038) * Remove GitHub metrics report * Remove old deploy checklist * Remove remove-overcommmit, it's been gone long enough * Remove generate_saml_pki script **Why**: it lives on in our developer documentation: https://developers.login.gov/testing/#creating-a-public-certificate * Remove openssl.conf used for example

view details

Alex Mathews

commit sha 7c6525cd8462af3e657e02dc5f649ff354fb3435

LG-4253 Combine Acuant and TrueID error translation (#5036) * LG-4253 Update doc_auth gems and send Acuant and TrueID errors through the same error translation now that they go through the same error generation. * LG-4253 Fixes for CI * LG-4253 Remove unneeded rubocop:disable

view details

Zach Margolis

commit sha 14f465ea55371a32c4a888f77edd457c2f4792d0

Format phone numbers consistently on account page (and others) (LG-4412) (#5041)

view details

Mitchell Henke

commit sha 7cfb33d373e1fb635b59f7b3a5cddf6f6abba66e

Send email notification when identity is verified (LG-4486) (#5035) * send email notification when identity is verified * Update config/locales/user_mailer/en.yml Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * use APP_NAME * convert to keyword args * localize date format * assignment shortcut Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * add sp name on GPO verification * localize date format Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

view details

Zach Margolis

commit sha 93ab6c1fd15165cf06be170b34620b1fdfcc89d0

Remove unused method (#5043)

view details

dependabot[bot]

commit sha 344d02c140d67ea17679dea939bc860f9095287a

Bump hosted-git-info from 2.8.8 to 2.8.9 (#5045) Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9. - [Release notes](https://github.com/npm/hosted-git-info/releases) - [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md) - [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

Zach Margolis

commit sha fb600a6c89c5eef668cdebfe8dde3b97d64e67e5

Add job to backfill backup codes with scrypt (LG-4429) (#5044)

view details

Andrew Duthie

commit sha 0ece7ac45fb8ed44c190c8f28d51214bbacbad5a

LG-4397: Include locale in default logging data (#5042) * LG-4397: Include locale in default logging data **Why**: To better understand what the language breakdowns look like for our flows, and so that we can identify abnormalities or discrepancies in metrics based on language. * Add specs for localized front-end logger bootstrapping URL

view details

Zach Margolis

commit sha 6d3c14b5b7dc4f77e9eee6aba478bdd64d17c6e7

Remove extra variables (#5047) **Why**: Leftover cruft from an arel approach we ended up not using in #5023

view details

Mitchell Henke

commit sha 33db93d93d4f750b9332f7aa735e35f7b49d4408

Remove _partial view methods (LG-4298) (#5046) * remove view partial methods * only render views when necessary

view details

Oren Kanner

commit sha 0ce7650bb866c476abfae14d9af2cf23c9deeaab

Remove duplicate validations in the ServiceProvider model Resolves LG-4095 There were also duplicate specs here that felt unnecessary if we're relying on the gem for validations so we moved them to the gem.

view details

push time in 15 hours

created tag18F/identity-validations

tagv0.5.0

A gem to provide validators that can be used across multiple repositories.

created time in 15 hours

push event18F/identity-validations

Oren Kanner

commit sha e3106f7261c6f2262e70f9a5519a3ca7d7f5d7dd

Update version in Gemfile.lock (#10)

view details

push time in 15 hours

PR merged 18F/identity-validations

Reviewers
Update version in Gemfile.lock

Forgot to stage this change, whoops!

+1 -1

1 comment

1 changed file

orenyk

pr closed time in 15 hours