darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-20 10:24:39 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
203393de235631db0ce3c38dec85da170a634fba
notifications-admin/app/main/validators.py

145 lines
4.0 KiB
Python
Raw Normal View History

Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
import re
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
Update error message about commas in placeholders We call the yellow things ‘double brackets’ on the frontend, not fields or placeholders. This error message was a bit out of date. Also refactored it to use the `Field` class; this code was probably written before `Field` was factored out of `Template`.
2017-12-05 14:48:36 +00:00
from notifications_utils.field import Field
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from notifications_utils.recipients import (
InvalidEmailError,
validate_email_address,
)
Bump utils and sanitise header values Updated notifications-utils. This brings in - the renamed character sanitization classes - the change to allow unicode in letter addresses (this lets us delete a test that is no longer relevant) Also replaced non-ascii characters in headers. This fixes a bug where non-ascii characters in a CSV filename were causing errors since the filename is also used in the header.
2018-05-25 10:18:39 +01:00
from notifications_utils.sanitise_text import SanitiseGSM
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from wtforms import ValidationError
from wtforms.validators import Email
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
allow downgradeable unicode characters in SMS templates
2017-02-14 17:06:32 +00:00
from app import formatted_list
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
from app.main._blacklisted_passwords import blacklisted_passwords
Don’t allow adding unknown domains to branding lookup We should make sure we’re not putting typos in the branding list. We can validate what gets entered here against our known list of public-sector domains.
2018-09-03 11:06:30 +01:00
from app.utils import AgreementInfo, Spreadsheet, is_gov_user
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class Blacklist:
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
def __init__(self, message=None):
if not message:
message = 'Password is blacklisted.'
self.message = message
def __call__(self, form, field):
Stop people using very common passwords If a user chooses a very common password then an attacker could guess it in relatively few attempts, circumventing the lockout. CESG recommend blacklisting the most common passwords: > …enforcing the requirement for complex character sets in passwords is > not recommended. Instead, concentrate efforts on technical controls, > especially: > > - defending against automated guessing attacks by either using account > lockout, throttling, or protective monitoring > - blacklisting the most common password choices How I made this list: - went to the OWASP repository of security lists: https://github.com/danielmiessler/SecLists - downloaded `10k_most_common.txt`, `twitter-banned.txt` and `500-worst-passwords.txt` - filtered out any under 8 characters: ``` sed -r '/^.{,7}$/d' passwords-twitter.txt > passwords-combined.txt sed -r '/^.{,7}$/d' passwords-500.txt >> passwords-combined.txt sed -r '/^.{,7}$/d' passwords.txt >> passwords-combined.txt ``` - filtered out any duplicates: ``` cat passwords-combined.txt | awk '!x[$0]++' > passwords-combined-deduped.txt ```
2016-09-27 11:28:12 +01:00
if field.data in blacklisted_passwords:
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
raise ValidationError(self.message)
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.
2016-01-07 12:43:10 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class CsvFileValidator:
First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing.
2016-01-11 15:00:51 +00:00
def __init__(self, message='Not a csv file'):
self.message = message
def __call__(self, form, field):
Accept common spreadsheet formats, not just CSV We require users to export their spreadsheets as CSV files before uploading them. But this seems like the sort of thing a computer should be able to do. So this commit adds a wrapper class which: - takes a the uploaded file - returns it in a normalised format, or reads it using pyexcel[1] - gives the data back in CSV format This allows us to accept `.csv`, `.xlsx`, `.xls` (97 and 95), `.ods`, `.xlsm` and `.tsv` files. We can upload the resultant CSV just like normal, and process it for errors as before. Testing --- To test this I’ve added a selection of common spreadsheet files as test data. They all contain the same data, so the tests look to see that the resultant CSV output is the same for each. UI changes --- This commit doesn’t change the UI, apart from to give a different error message if a user uploads a file type that we still don’t understand. I intend to do this as a separate pull request, in order to fulfil https://www.pivotaltracker.com/story/show/119371637
2016-05-05 15:41:11 +01:00
if not Spreadsheet.can_handle(field.data.filename):
raise ValidationError("{} isnt a spreadsheet that Notify can read".format(field.data.filename))
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class ValidGovEmail:
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
def __call__(self, form, field):
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
if field.data == '':
return
Refactor to use a cleaner and lean regex
2016-10-28 10:45:05 +01:00
from flask import url_for
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
message = (
Stop referring to central gov in error messages
2017-08-10 13:51:46 +01:00
'Enter a government email address.'
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
' If you think you should have access'
Split support into two pages The kind of communications we’re getting at the moment can broadly be broken down into: - problems - questions and feedback We will need to triage problems differently, because they could potentially be urgent/severe/emergency/P1/whatever language we use. Questions or feedback will never be P1. Two reasons for making the user categorise their tickets themselves: - Outside of hours we can’t get someone out of bed in order to decide if a ticket is a problem or just feedback - We can tailor the subsequent pages to whether it’s a problem or feedback (eg showing a link to the status page if the user is having a problem) This commit let’s users make the choice with a pair of radio buttons. It also cleans up a bunch of the tests and parameterizes them so we’re testing the flow for both ticket types.
2016-12-12 11:25:43 +00:00
' <a href="{}">contact us</a>').format(url_for('main.support'))
Refactor to use a cleaner and lean regex
2016-10-28 10:45:05 +01:00
if not is_gov_user(field.data.lower()):
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
raise ValidationError(message)
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
class ValidEmail(Email):
def __init__(self):
super().__init__('Enter a valid email address')
def __call__(self, form, field):
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
if field.data == '':
return
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
try:
validate_email_address(field.data)
except InvalidEmailError:
raise ValidationError(self.message)
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
return super().__call__(form, field)
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class NoCommasInPlaceHolders:
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
Reword because ‘inbetween’ isn’t a word
2017-12-11 10:50:55 +00:00
def __init__(self, message='You cant put commas between double brackets'):
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
self.message = message
def __call__(self, form, field):
Update error message about commas in placeholders We call the yellow things ‘double brackets’ on the frontend, not fields or placeholders. This error message was a bit out of date. Also refactored it to use the `Field` class; this code was probably written before `Field` was factored out of `Template`.
2017-12-05 14:48:36 +00:00
if ',' in ''.join(Field(field.data).placeholders):
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
raise ValidationError(self.message)
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class OnlyGSMCharacters:
def __call__(self, form, field):
Bump utils and sanitise header values Updated notifications-utils. This brings in - the renamed character sanitization classes - the change to allow unicode in letter addresses (this lets us delete a test that is no longer relevant) Also replaced non-ascii characters in headers. This fixes a bug where non-ascii characters in a CSV filename were causing errors since the filename is also used in the header.
2018-05-25 10:18:39 +01:00
non_gsm_characters = sorted(list(SanitiseGSM.get_non_compatible_characters(field.data)))
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
if non_gsm_characters:
allow downgradeable unicode characters in SMS templates
2017-02-14 17:06:32 +00:00
raise ValidationError(
fix non-gsm error message Use `it`/`they` depending on how many different characters you've used Also don't wrap the message with quotes, as it looks confusing and potentialy implies that you can't use apostrophes
2017-02-15 16:21:14 +00:00
'You cant use {} in text messages. {} wont show up properly on everyones phones.'.format(
formatted_list(non_gsm_characters, conjunction='or', before_each='', after_each=''),
('It' if len(non_gsm_characters) == 1 else 'They')
allow downgradeable unicode characters in SMS templates
2017-02-14 17:06:32 +00:00
)
)
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
Allow full stops in SMS senders We have a team who want their (short) web address as the text message sender. This commit updates the validation of text message senders to allow `.` as a valid character, which is currently blocking them from doing this. We can be fairly confident this works because: - the team are sending large volumes of messages already with their existing provider - we’ve tested it with all combinations of - both our text message providers - an Android phone and n iPhone
2018-01-31 10:38:44 +00:00
class LettersNumbersAndFullStopsOnly:
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
Allow full stops in SMS senders We have a team who want their (short) web address as the text message sender. This commit updates the validation of text message senders to allow `.` as a valid character, which is currently blocking them from doing this. We can be fairly confident this works because: - the team are sending large volumes of messages already with their existing provider - we’ve tested it with all combinations of - both our text message providers - an Android phone and n iPhone
2018-01-31 10:38:44 +00:00
regex = re.compile(r'^[a-zA-Z0-9\s\.]+$')
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
def __init__(self, message='Use letters and numbers only'):
self.message = message
def __call__(self, form, field):
if field.data and not re.match(self.regex, field.data):
raise ValidationError(self.message)
Update SMS sender validation to reject senders starting with 00 Having SMS senders that start with 00 can cause issues with Firetext due to Firetext's validation rules, so we shouldn't allow SMS senders to start with 00. Firetext treats a double 00 at the start of the senderID as an international prefix, so removes them. A sender of 00447876574016 would become 447876574016. Under Firetext's validation rules, an SMS sender of five 0s (00000) would become 4400. This is because the first 00 are removed (as the international prefix). The third 0 is seen as the start of a phone number, and becomes 44, leaving the final 00 = 4400.
2018-02-28 11:50:41 +00:00
class DoesNotStartWithDoubleZero:
def __init__(self, message="Can't start with 00"):
self.message = message
def __call__(self, form, field):
if field.data and field.data.startswith("00"):
raise ValidationError(self.message)
Don’t allow adding unknown domains to branding lookup We should make sure we’re not putting typos in the branding list. We can validate what gets entered here against our known list of public-sector domains.
2018-09-03 11:06:30 +01:00
class KnownGovernmentDomain:
message = 'Not a known government domain (you might need to update domains.yml)'
def __call__(self, form, field):
if field.data and AgreementInfo(field.data).owner is None:
raise ValidationError(self.message)
Validate non canonical domains At the moment we transform what the user gives us, so if someone enters `digital.cabinet-office.gov.uk` it will automagically be saved as `cabinet-office.gov.uk`. This happens without the user knowing, and might have unintended consequences. So let’s tell them what the problem is, and let them decide what to do about it (which might be accepting the canonical domain, or adding a new organisation to domains.yml first).
2018-09-06 12:12:36 +01:00
class CanonicalGovernmentDomain:
message = 'Not {} domain (use {} if appropriate)'
def __call__(self, form, field):
if not field.data:
return
domain = AgreementInfo(field.data)
if not domain.is_canonical:
raise ValidationError(
self.message.format('a canonical', domain.canonical_domain)
)
if field.data != domain.canonical_domain:
raise ValidationError(
self.message.format('an organisation-level', domain.canonical_domain)
)
Reference in New Issue Copy Permalink