usagov / test-at-home Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Explore address validation
With Smarty Streets API
To discover how we might deliver the best address validation experience
Resources
Approach
Note: this is now only using the US street address validation API, since autocomplete has been deprioritized for launch.
Questions to answer
strict
match mode or by enabling invalid or enhanced APIs but filtering any dpv_match_codes
that are not Y
, S
, or D
. Match output strategies invalid
or enhanced
are the only ways to suggest addresses to the user (strict
will not`).Running notes
strict
to only return results if they have dpv_match_code
of Y, S, or D, which we think maps to USPS deliverability. However, this seems to be very strict in practice - and won't return suggestionsdpv_match_code
, they can also return dpv_footnotes
with information from USPS about the address. See api docs. I assume this is only present for S
and D
types but not sure. Additionally, Smarty adds a footnotes
section (docs].dpv_match_code
of D
, and only accepts Y
and S
.dpv_match_code
is S
additional information is preserved in the returned address even though it is incorrect.Finalize product spec:
Acceptance:
On the client, allow users to review the details they've provided prior to submission, also allowing the option to go back to edit/update information.
add pipeline step to deploy main branch to staging
From conversation with Em on Jan 10
If someone tries visiting the confirmation page directly, they should see a page that says:
This page has expired!
If you are looking to order a set of rapid at-home COVID tests, please visit COVIDtest.gov.
https://guides.rubyonrails.org/active_record_encryption.html
Fields we should encrypt:
I'm also thinking at least mailing address 1. @rahearn any thoughts? [update: just went for it, but invite comments on the PR!]
Research doc here (feel free to request access)
For returned matches, we get information that may be helpful to surface to people, especially if we are correcting their addresses or their matched address is determined undeliverable (dpv_match_codeD
).
Documentation:
We might consider pairing this with more permissive match strategies.
Finalize consent text with GSA and USPS.
Need to know what USPS will do with the information we send them.
Especially will it be used for anything outside of order fulfillment (ex. will it be used to strengthen USPS address verification API?)
Confirm what will be collected and stored (agnostic of format)
Document data protection measures that will be in place.
From #60, where a decision on address validation resiliency was made
In the event that SmartyStreets encounters an outage:
Steps to reproduce:
Email adoption in the United States is in the mid/low 90s with lower numbers amongst:
While the USPS fulfillment system requires an email, we will investigate being able to support order intake with an email address.
Acceptance Criteria
Move CI pipeline to circleci because this repo has a limit of 0 minutes available for Github Actions
CircleC Free Plan:
Private repositories will have 2,500 credits/week available, which replenish every Sunday 12:00 UTC
owasp/zap2docker-weekly
has an updated log4jMust have by 1/18 launch (captured in #67)
Nice to have by 1/18 launch captured in #68
Given:
Then:
Thoughts:
Email validation controls
Ryan's sample code:
def recaptcha_valid?(user_response)
return true unless recaptcha_required?
return false if user_response.blank?
uri = URI("https://www.google.com/recaptcha/api/siteverify")
response = Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
request = Net::HTTP::Post.new uri
request.set_form_data secret: Rails.application.credentials.recaptcha[:site_secret], response: user_response
http.request request
end
json = JSON.parse response.body
json["success"]
end
Recaptcha docs: https://cloud.google.com/recaptcha-enterprise/docs
Rather than redeploy or restage in case of launch-day issues, we can and maybe should have multiple instances of the app running with different configs for likely runbook plays. We could then swap configs with cf map-route
very quickly.
two scenarios that come to mind:
Create supporting services using terraform for more auditable change management
This is the happy path as described in the intial prototype (https://gsa.invisionapp.com/console/share/UR3ACI81CG)
Acceptance criteria
** Background**
USPS guest checkout looks at entered addresses to confirm that it has found the address within its database.
This is different from most patterns other e-commerce sites use. They often give the user a choice between a suggested updated address and what the user entered.
If it is confirmed that USPS fulfillment system requires addresses that match a deliverable address (DPVConfirmation
), then we have to:
Acceptance Criteria
DPVConfirmation
values of Y,S
DPVConfirmation
values of D,N
<Address1>
<Address2>
<City>
<CityAbbreviation>
<State>
<Zip5>
<Zip4>
<DeliveryPoint>
<CarrierRoute>
<DPVConfirmation>
Acceptance Criteria :
Content to be translated into Spanish and Simplified Chinese.
Using the mockups provided by @AvivaOskow, apply the initial mobile-first USWDS styles to the rails app.
https://github.com/usagov/test-at-home/pull/61/files#diff-1dc4bea7b6827b18f8869436bd7786266d3cea8596529887ef16a027eb2e4076R4 introduces a robots.txt to prevent indexing - this is a reminder to remove the restrictions in prod upon launch.
Coordinate with User Testing.com to get prototypes tested.
We've discussed using a captcha of some sort on the front-end.
Issues:
curl
submissions, for example?In case we need to shard the DB, investigate how that can be accomplished with ActiveRecord and Postgres
Initially store in RDS, but remain flexible enough to move to s3-as-db in future.
Some options with their benefits and drawbacks: https://guides.rubyonrails.org/i18n.html
USA.gov has two URLs: usa.gov and usa.gov/espanol
USPS uses subdomains: usps.com, es.usps.com, zh.usps.com
Believe we should use URL params (eg .gov/en/ or .gov/es) to reduce amount of DNS configuration
We'd like client-side validations that match server-side validations so we don't have to hit the server for person to know they need to correct their entry.
Bring boundary diagram up to date with latest tools & architecture decisions
Thus far it our team has not been able to get in touch with USPS. @jacky chang has asked our team to think through contingencies on how to handle the situation where we are going to be taking in orders but have not touched data delivery.
Brainstorming:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.