profile
viewpoint
Mitchell Henke mitchellhenke GSA (work) + Personal Projects Milwaukee, WI

getsentry/sentry-elixir 512

The official Elixir SDK for Sentry (sentry.io)

beam-community/jsonapi 415

JSON:API Serializer and Query Handler for Elixir

MarchonMilwaukee/MarchonMilwaukee.github.io 2

200 Nights of Freedom Website.

18F/identity-pki-elixir 0

Support PIV/CAC with identity-idp, now with more immutability!

codeformilwaukee/hack-night-planning 0

Hack Night Planning Repository

push event18F/identity-idp

Mitchell Henke

commit sha f9d0f43f3aa17cc3a2dd2dbb802a0a5a3d7a512b

remove comment JIRA-Ref: https://jira.company.com/secure/PROJ-123 JIRA-Ref2: https://jira.company.com/secure/PROJ-124

view details

Mitchell Henke

commit sha 4b0484e78e644167ee5f5e7c98db1fcb0a13a2ec

use union merge strategy for CHANGELOG

view details

push time in 3 days

issue closed18F/identity-idp

Platofrm authenticators (TouchID/FaceID and Windows Hello) not suported

Steps to reproduce the issue (please be as specific as possible)

Log in to login.gov, then select "Add Security Key" beneath "Your Authenticators".

Expected behavior

[macOS/iOS] The authentication prompt opens, asking to use FaceID/TouchID [Windows 10/11] The authentication prompt opens, asking to use Windows Hello for authentication.

In both of these prompts, there should be a link to instead authenticate with a security key.

Actual behavior

On both ends, it only asks for a security key.

I think this is occurring because the webauthn javascript code explicitly sets the authenticatorSelection.authenticatorAttachment option to 'cross-platform' when registering a new credential. Not setting this property can allow for both cross-platform authenticators (such as a Yubikey) and platform authenticators (such as your mobile device).

If we remove the following line and keep user_verification to 'discouraged', it should still keep users from being required to enter a PIN number to authenticate, but should also allow use of TouchID/FaceID and Windows Hello.

https://github.com/18F/identity-idp/blob/b04e0cc0b07bf526ab30b5822a734efb7df8a929/app/javascript/app/webauthn.js#L93-L97

Otherwise, what is the rationale forbidding use of FaceID/TouchID and Windows Hello?

closed time in 3 days

tmccal2

issue comment18F/identity-idp

Platofrm authenticators (TouchID/FaceID and Windows Hello) not suported

This feature was released today! 🙂

tmccal2

comment created time in 3 days

Pull request review comment18F/identity-idp

Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

Yeah, that makes sense and I'll give that a shot. Trailers are very much in the nice-to-have category, not strictly required.

mitchellhenke

comment created time in 3 days

PullRequestReviewEvent

push event18F/identity-idp

Andrew Duthie

commit sha 57fcf601cd22d96c445cce1a8968de4a32105805

Remove useless simple_form default class (#5814) **Why**: Because the class would already be applied, and in some cases we aren't applying the option correction, since it must be passed as the html keyword of simple_form_for.

view details

dependabot[bot]

commit sha f7a94f0f7ee779d38b9e9551ba374f0f49d33093

Bump follow-redirects from 1.13.0 to 1.14.7 (#5818) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.13.0 to 1.14.7. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.13.0...v1.14.7) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

Andrew Duthie

commit sha fb4961ee44759419fddcf6683d0aad5b25407505

Remove redundant empty div wrappers (#5813) * Remove useless empty div wrappers **Why**: Since div carries no semantics, and these elements have no other attributes or classes, the only purpose would have been to create a [block formatting context](https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Block_formatting_context), but this is not necessary for the changed files due their existing placement and/or surrounding content. * Bump CodeClimate

view details

Andrew Duthie

commit sha 0a3493210e667a411fd2a629710538cac3257fb0

LG-3437: Improve responsiveness of Acuant pending crop (#5747) * Split "AcuantCamera" from "AcuantCaptureCanvas" for managing Acuant lifecycle **Why**: As currently implemented, the AcuantCaptureCanvas component must remain mounted for the full duration of an Acuant capture, since it's currently responsible for managing callbacks. Since the canvas is a UI component rendered within the FullScreen dialog, this has limited our ability to show different UI states for when an image has been captured, but hasn't yet finished cropping. To be able to improve the responsiveness of the interaction, we can instead split this into two component: One which manages the Acuant lifecycle (AcuantCamera) and one which displays the UI associated with the canvas rendering (AcuantCaptureCanvas). * Extract SpinnerDots component * FileInput: Add support for pending value * AcuantCapture: Render FileInput as pending while cropping * FullScreen: Avoid calling onRequestClose during unmount "onRequestClose" should only be initiated by a user interaction * Reset hasStartedCropping between captures * Update specs for split AcuantCamera, AcuantCaptureCanvas * Format _file-input.scss with Prettier * Prefer pending state to existing value * Unassign hasEffectiveValue to fix TypeScript error See: https://github.com/18F/identity-idp/pull/5747#discussion_r778398872 * Add minor delay to spinner animation **Why**: Without this, spinner dots animate inconsistently in iOS Safari, sometimes only animating one of the three dots. * work in progress: announce image load * Use status message to announce pending file changes * Try: Extract StatusMessage component **Why**: To better support use-case where element should always be present in the page, but text may only be set in specific circumstances (improve interoperability with screen reader live announcements). * Try: Upgrade focus-trap to latest version **Why**: See if it helps stability of screen reader announcements with FullScreen component focus trap behaviors. * Use separate StatusMessage instance for error, success See: https://github.com/18F/identity-idp/pull/5747#discussion_r781342665

view details

Andrew Duthie

commit sha 399e0300fae873f96a952ca61a3cd251604cd1fe

Add support for native TypeScript (#5815) * Try: TypeScript **Why**: One of the other advantages / hopes with #5746 was a more direct path to incrementally adopting native TypeScript if we choose. * Move babel/preset-typescript to dependencies Required for production build * wip: ESLint, Mocha * Move TypeScript ESLint rules to shared configuration * Revert extends to main Simplify diff * Add test case for additional resolved Webpack extensions

view details

Zach Margolis

commit sha 33e3781d4306869c355048b19bc0bc97731c3677

Simplify account page personal key logic (#5817) * Simplify account page personal key logic * Split Users::PersonalKeysController into two: - /manage/personal_key stays with Users:: controller - /account/personal_key goes to a new Accounts:: controller

view details

Andrew Duthie

commit sha 558d4d6b3661ffc25cd80a362712ec6d70d73e4f

Correctly set RAILS_ENV for Make test target (#5821) **Why**: Since the Webpack configuration has special considerations for test environment (specifically, checking absence of i18n keys), ensure that the `yarn build` would be run with the correct environment.

view details

Andrew Duthie

commit sha a02cc75c785780b0ab6a1568cc631b4d80f943c7

Persist Webpack assets manifest between requests (#5805) * Persist Webpack assets manifest between requests **Why**: To avoid touching the filesystem for every request in production, since the manifest will never change during the lifetime of the application. * Add happy-path test case for load_manifest * Reset cached manifest before starting specs **Why**: May have lingering value from preceding tests * Disable asset manifest caching in non-production * Reset AssetSources.manifest to nil for load spec **Why**: Since it may be assigned via a preceding spec, and load_manifest is only called based on a combination of both cache_manifest and the presence of an existing manifest. * Bump CodeClimate * Remove production-specific handling for assets * Cache manifest in test environment * Always reset manifest in specs **Why**: Because we now cache in test env * Swaparoo cached vs. uncached in spec context Default is cached

view details

bleachbyte

commit sha b0032430d9c9b666fc81c3d3a047394cf2bf90a5

create rake task to look up UUID by email address

view details

bleachbyte

commit sha 1ee2c28c7a291d2ecc85d8b14f214579a6c7b1d4

Merge branch 'jp/email-to-uuid'

view details

Mitchell Henke

commit sha 9dfadf4397b98c6b0316671dde9337067008d61b

Fix a handful of 500s (#5823) * fix oidc logout 500 * fix oidc token 500 * fix TOTP 500 * fix phone_info 500 * Update spec/controllers/openid_connect/logout_controller_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

view details

Zach Margolis

commit sha 63504b9d418fdebe0da538ced772d4bc9cbfaf24

Skip Gzipping assets in development (#5824) **Why**: It sped up rake assets:compile for me locally - Follow-up to #5812

view details

Manish Shah

commit sha eceea0f4df59cf3bb934b561e1d141edf1276174

LG-5670-RoU-acceptance-more-explicit (#5826) Co-authored-by: Manish Shah <manishshah@Manishs-MBP.fios-router.home>

view details

Manish Shah

commit sha 12cfbac80505fb6b6872db1f4652cacd811f1972

LG-5523-state-id-number-to-state-issued-id (#5831) Co-authored-by: Manish Shah <manishshah@Manishs-MBP.fios-router.home>

view details

Manish Shah

commit sha 83672a5449a1c0eedf2b14325c98ad9dff2f12be

LG-5523-state-id-number-to-state-issued-id-spell-fix (#5833) Co-authored-by: Manish Shah <manishshah@Manishs-MBP.fios-router.home>

view details

Andrew Duthie

commit sha e8dcc5680f1a16156056d4f5c30b055d325bb81d

Fix Acuant sequence-break error cookie sync issue (#5830) * Fix Acuant sequence-break error cookie sync issue **Why**: To fix a bug where if the Acuant camera fails to start due to iOS 15 "sequence-break" error, subsequent attempts to capture would result in the captured image not being set correctly. This fixes a regression introduced in #5778 where the cookie value tracked by AcuantCapture falls out of date after Acuant handles the error, since we never refresh the value after it is [set internally by Acuant's error handling](https://github.com/Acuant/JavascriptWebSDKV11/blob/9a5387576a33710188501ad6233f986b1b6bb1cb/SimpleHTMLApp/webSdk/dist/AcuantCamera.js#L616). Thus, the next time the user clicks "Take Photo", the [cookie value logic](https://github.com/18F/identity-idp/blob/eceea0f4df59cf3bb934b561e1d141edf1276174/app/javascript/packages/document-capture/components/acuant-capture.jsx#L400) is out-of-date, and Acuant capture is started instead of the default manual capture handling. To resolve this, we anticipate that Acuant would set the cookie in their error handling of sequence-break, and refresh the cookie value when we get a chance to handle the error in our own code. * Try to improve async handling of focus return * useCookie: Set next value as variable for subscriber set 1. Clearer that the value is actually being updated 2. Only parse cookie once for all subscribers, rather than per-subscriber

view details

Andrew Duthie

commit sha e1a05a7ef37054cc4b8320c3276caec422ba4d09

Prevent simultaneous active Acuant instances (#5834) * Prevent simulataneous active Acuant instances **Why**: Because the Acuant SDK (or at least our implementation of it) is treated as a singleton, unexpected behavior can occur when trying to start capturing a second image before the first is finished, as in the case of the new loading experience introduced in #5747. * Update specs for Acuant context * Rearrange capture spec to ensure image processing while clicking second

view details

Andrew Duthie

commit sha 7bdfb5b5013a394b120a4f6856a62fcdcbdbc97a

Improve "make run-https" asset workflow (#5835) * Improve "make run-https" asset workflow **Why**: - To prevent caching in development with the Rails public file server - To avoid writing webpack-dev-server URLs into the asset manifest when the app is requested across the network - To automatically recompile JavaScript while running "make run-https" * Keep webpack port consideration **Why**: So as not to break assets precompilation * Flip webpack watch and webpack serve by HTTPS env Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

view details

Nathan Berg

commit sha 6085ea61d3c402f28d52c66a470bc5b134617366

Update rules_of_use_updated_at (#5837) This is used to trigger users to accept the new rules of use. Relates to: https://github.com/18F/identity-site/pull/792

view details

Jessica Dembe

commit sha d7f1eaf8001c78ecc7c33a3d51838cca12cc2f0f

make text readable in personal key custom dialog (#5806) * add aria labelledby and ariadescribed by * add local assignment to views * change how data gets passed between personal key and modal * change other modals to be dynamically assigned * Update app/views/shared/_modal_layout.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * refactor label id and description, fix lint errors * Update app/views/reactivate_account/_modal.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update app/views/reactivate_account/_modal.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * add tab index -1 to modal Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>

view details

push time in 3 days

Pull request review comment18F/identity-idp

Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

Yeah, without a good option for CHANGELOG.md, I'm leaning towards experimenting with something else. Git commit messages would be good, I would like to use trailers as GitLab describes here, but that only works if it's the absolute end of the commit message, which probably isn't feasible due to our squashing of PRs.

mitchellhenke

comment created time in 3 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review comment18F/identity-idp

specified ruby version, enhanced troubleshooting guidance

 source 'https://rubygems.org' git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } -ruby '~> 3.0.3'+ruby "~> #{File.read('.ruby-version').strip}"

I don't feel strongly on it, so that seems fine to me!

SammySteiner

comment created time in 4 days

Pull request review comment18F/identity-idp

specified ruby version, enhanced troubleshooting guidance

 source 'https://rubygems.org' git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" } -ruby '~> 3.0.3'+ruby "~> #{File.read('.ruby-version').strip}"

Should we drop the ~> to match the specificity in .ruby-version?

SammySteiner

comment created time in 4 days

PullRequestReviewEvent

push event18F/identity-idp

Mitchell Henke

commit sha 7407a65aad6eb7924ddcf0d0b7e842e457a1d772

remove comment

view details

push time in 4 days

PullRequestReviewEvent

Pull request review comment18F/identity-idp

Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

My aim was to be able to copy/paste the markdown from the CHANGELOG into the release notes without much/any tooling in between. I don't like the potential friction where a pull request could be opened and be completely valid with the exception of not being able to know the PR number ahead of time for the changelog and failing because of that.

I'm not sure, I lean towards just not requiring the PR number and having the release manager do it manually, though I guess it would then also require an update to the changelog. A bit torn here.

The multiple PRs support required a small regex change in da7969c.

mitchellhenke

comment created time in 4 days

PullRequestReviewEvent

push event18F/identity-idp

Mitchell Henke

commit sha da7969c19bd1a69393a4c9df84c4bfb4409f1bad

support multiple PRs

view details

push time in 4 days

Pull request review comment18F/identity-idp

Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

Added the PR check in https://github.com/18F/identity-idp/pull/5836/commits/98a4586741238a75233e39b8c5063f6b9c93fad9

mitchellhenke

comment created time in 4 days

PullRequestReviewEvent

push event18F/identity-idp

Mitchell Henke

commit sha 98a4586741238a75233e39b8c5063f6b9c93fad9

add PR check

view details

Mitchell Henke

commit sha 2d3c0f0634ad65a4b86304fe6bc1eca84997ec63

better regex

view details

Mitchell Henke

commit sha cc6402067f737c6df96c1dc619be07f635dbe183

fix missing category

view details

push time in 4 days

Pull request review comment18F/identity-idp

[WIP] Require Changelog on Pull Requests (LG-5631)

 jobs:       - slack/status:           fail_only: true           failure_message: ':aws-emoji: :red_circle: AWS Pinpoint country configuration is out of date'+  check_changelog:+    executor: ruby_browsers+    steps:+      - checkout+      - run:+          name: Check Changelog+          command: |-+            if [ -z "${CIRCLE_PULL_REQUEST}" ]+            then+              exit 0+            else+              ./scripts/changelog-check -b "${CIRCLE_BRANCH}" -s main+            fi+ workflows:   version: 2   release:     jobs:       - setup+      - check_changelog

Thanks for looking into that, good to know there is an unauthenticated option. Is it possible to create an org or team token?

mitchellhenke

comment created time in 4 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review comment18F/identity-idp

[WIP] Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

Yeah, I don't like that it's a chicken/egg thing, it'd be nice to have a good solution for that.

mitchellhenke

comment created time in 4 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review comment18F/identity-idp

[WIP] Require Changelog on Pull Requests (LG-5631)

+#!/usr/bin/env ruby+require 'open3'+require 'optparse'++# [skip_changelog]++CHANGELOG_REGEX = %r{^\+- (?<category>[\w ]+{2,}): (?<change>[\w\s]+{2,})}+# A valid diff line is in the form of:+# +- CATEGORY: CHANGE DESCRIPTION+def is_valid_changelog_diff_addition?(line)+  matches = CHANGELOG_REGEX.match?(line)+  !matches.nil?

Yeah, exactly. I'll add the validation to include (#5836), and keep the category validation just for existence for now. If we want to have a set of categories we want to limit ourselves to at some point, that's an option.

mitchellhenke

comment created time in 4 days

push event18F/identity-idp

Mitchell Henke

commit sha 844647c760dee0f41c8497147030055fb8009663

use correct branch order

view details

push time in 4 days

Pull request review comment18F/identity-idp

[WIP] Require Changelog on Pull Requests (LG-5631)

+# Changelog++## Unreleased++### Improvements/Changes++### Accessibility++## Bug Fixes Users Might Notice++## Behind the Scenes Changes Users Probably Won't Notice+- Add CI check to include changelog message in change requests (#5836)++## RC 173 - 2022-01-13++### Improvements/Changes+- Authentication: Limit maximum number of phone numbers (LG-5493) (#5779)++### Behind the scenes bug fixes users probably won't notice

I also snuck in a section change from ### Behind the Scenes Bug Fixes Users Probably Won't Notice to change Bug Fixes to Changes since most that end up there aren't necessarily bug fixes.

I'll have some handbook updates too for these changes.

mitchellhenke

comment created time in 4 days

PullRequestReviewEvent
more