Andy Brody

There is a bare rescue (which rescues all exceptions that inherit from `StandardError`) in `RedisSessionStore#load_session_from_redis`. This is extremely bad practice, because it will cause a huge variety of exceptions to...

Steps to reproduce: 1. Visit https://dashboard.int.identitysandbox.gov 1. Click "log in" 1. Click "Back to Dashboard" 1. View error page 

In EC2 environments, the SMTP_SETTINGS are not actually set to any meaningful values. So we may want to either fix the SMTP configuration so it points at a real mail...

The dashboard switched from SAML to OIDC a year ago, but still has a lot of references to SAML in disabled tests and in dependencies. https://github.com/18F/identity-dashboard/commit/bac2d0e5d4bd36c08512e5ca0a2cb59ffc42c340 We should ideally replace...

Logout is broken in int sandbox environment for OIDC sinatra SP

1

``` Redirect uri redirect_uri does not match registered redirect_uri ``` ## Steps to reproduce 1. Go to https://sp-oidc-sinatra.int.identitysandbox.gov 1. Log in 1. View "Success page" 1. Hit the "Log out"...

The app is entirely stateless and doesn't check the state or nonce parameters to double check that a received login request actually originated with this sample app. As a result,...

Currently sp-oidc-sinatra uses the hardcoded demo key in all environments, including when deployed in EC2. This is a low-impact vulnerability today since it could only be used to forge login...