app/main/forms.py

import weakref
from datetime import datetime, timedelta
from itertools import chain

import pytz
from flask import Markup, render_template, request
from flask_login import current_user
from flask_wtf import FlaskForm as Form
from flask_wtf.file import FileAllowed
from flask_wtf.file import FileField as FileField_wtf
from notifications_utils.columns import Columns
from notifications_utils.countries.data import Postage
from notifications_utils.formatters import strip_whitespace
from notifications_utils.postal_address import PostalAddress
from notifications_utils.recipients import (
    InvalidPhoneError,
    normalise_phone_number,
    validate_phone_number,
)
from werkzeug.utils import cached_property
from wtforms import (
    BooleanField,
    DateField,
    FieldList,
    FileField,
    HiddenField,
    IntegerField,
    PasswordField,
)
from wtforms import RadioField as WTFormsRadioField
from wtforms import (
    SelectMultipleField,
    StringField,
    TextAreaField,
    ValidationError,
    validators,
    widgets,
)
from wtforms.fields.html5 import EmailField, SearchField, TelField
from wtforms.validators import URL, DataRequired, Length, Optional, Regexp

from app import format_thousands
from app.main.validators import (
    CommonlyUsedPassword,
    CsvFileValidator,
    DoesNotStartWithDoubleZero,
    LettersNumbersFullStopsAndUnderscoresOnly,
    MustContainAlphanumericCharacters,
    NoCommasInPlaceHolders,
    NoEmbeddedImagesInSVG,
    OnlySMSCharacters,
    ValidEmail,
    ValidGovEmail,
)
from app.models.feedback import PROBLEM_TICKET_TYPE, QUESTION_TICKET_TYPE
from app.models.organisation import Organisation
from app.models.roles_and_permissions import (
    broadcast_permissions,
    permissions,
    roles,
)
from app.utils import guess_name_from_email_address


def get_time_value_and_label(future_time):
    return (
        future_time.replace(tzinfo=None).isoformat(),
        '{} at {}'.format(
            get_human_day(future_time.astimezone(pytz.timezone('Europe/London'))),
            get_human_time(future_time.astimezone(pytz.timezone('Europe/London')))
        )
    )


def get_human_time(time):
    return {
        '0': 'midnight',
        '12': 'midday'
    }.get(
        time.strftime('%-H'),
        time.strftime('%-I%p').lower()
    )


def get_human_day(time, prefix_today_with='T'):
    #  Add 1 hour to get ‘midnight today’ instead of ‘midnight tomorrow’
    time = (time - timedelta(hours=1)).strftime('%A')
    if time == datetime.utcnow().strftime('%A'):
        return '{}oday'.format(prefix_today_with)
    if time == (datetime.utcnow() + timedelta(days=1)).strftime('%A'):
        return 'Tomorrow'
    return time


def get_furthest_possible_scheduled_time():
    return (datetime.utcnow() + timedelta(days=4)).replace(hour=0)


def get_next_hours_until(until):
    now = datetime.utcnow()
    hours = int((until - now).total_seconds() / (60 * 60))
    return [
        (now + timedelta(hours=i)).replace(minute=0, second=0, microsecond=0).replace(tzinfo=pytz.utc)
        for i in range(1, hours + 1)
    ]


def get_next_days_until(until):
    now = datetime.utcnow()
    days = int((until - now).total_seconds() / (60 * 60 * 24))
    return [
        get_human_day(
            (now + timedelta(days=i)).replace(tzinfo=pytz.utc),
            prefix_today_with='Later t'
        )
        for i in range(0, days + 1)
    ]


class RadioField(WTFormsRadioField):

    def __init__(
        self,
        *args,
        thing='an option',
        **kwargs
    ):
        super().__init__(*args, **kwargs)
        self.thing = thing
        self.validate_choice = False

    def pre_validate(self, form):
        super().pre_validate(form)
        if self.data not in dict(self.choices).keys():
            raise ValidationError(f'Select {self.thing}')


def email_address(label='Email address', gov_user=True, required=True):

    validators = [
        ValidEmail(),
    ]

    if gov_user:
        validators.append(ValidGovEmail())

    if required:
        validators.append(DataRequired(message='Cannot be empty'))

    return EmailField(label, validators, render_kw={'spellcheck': 'false'})


class UKMobileNumber(TelField):
    def pre_validate(self, form):
        try:
            validate_phone_number(self.data)
        except InvalidPhoneError as e:
            raise ValidationError(str(e))


class InternationalPhoneNumber(TelField):
    def pre_validate(self, form):
        try:
            if self.data:
                validate_phone_number(self.data, international=True)
        except InvalidPhoneError as e:
            raise ValidationError(str(e))


def uk_mobile_number(label='Mobile number'):
    return UKMobileNumber(label,
                          validators=[DataRequired(message='Cannot be empty')])


def international_phone_number(label='Mobile number'):
    return InternationalPhoneNumber(
        label,
        validators=[DataRequired(message='Cannot be empty')]
    )


def password(label='Password'):
    return PasswordField(label,
                         validators=[DataRequired(message='Cannot be empty'),
                                     Length(8, 255, message='Must be at least 8 characters'),
                                     CommonlyUsedPassword(message='Choose a password that’s harder to guess')])


class SMSCode(StringField):
    validators = [
        DataRequired(message='Cannot be empty'),
        Regexp(regex=r'^\d+$', message='Numbers only'),
        Length(min=5, message='Not enough numbers'),
        Length(max=5, message='Too many numbers'),
    ]

    def __call__(self, **kwargs):
        return super().__call__(type='tel', pattern='[0-9]*', **kwargs)

    def process_formdata(self, valuelist):
        if valuelist:
            self.data = Columns.make_key(valuelist[0])


class ForgivingIntegerField(StringField):

    #  Actual value is 2147483647 but this is a scary looking arbitrary number
    POSTGRES_MAX_INT = 2000000000

    def __init__(
        self,
        label=None,
        things='items',
        format_error_suffix='',
        **kwargs
    ):
        self.things = things
        self.format_error_suffix = format_error_suffix
        super().__init__(label, **kwargs)

    def process_formdata(self, valuelist):

        if valuelist:

            value = valuelist[0].replace(',', '').replace(' ', '')

            try:
                value = int(value)
            except ValueError:
                pass

            if value == '':
                value = 0

        return super().process_formdata([value])

    def pre_validate(self, form):

        if self.data:
            error = None
            try:
                if int(self.data) > self.POSTGRES_MAX_INT:
                    error = 'Number of {} must be {} or less'.format(
                        self.things,
                        format_thousands(self.POSTGRES_MAX_INT),
                    )
            except ValueError:
                error = 'Enter the number of {} {}'.format(
                    self.things,
                    self.format_error_suffix,
                )

            if error:
                raise ValidationError(error)

        return super().pre_validate(form)

    def __call__(self, **kwargs):

        if self.get_form().is_submitted() and not self.get_form().validate():
            return super().__call__(
                value=(self.raw_data or [None])[0],
                **kwargs
            )

        try:
            value = int(self.data)
            value = format_thousands(value)
        except (ValueError, TypeError):
            value = self.data if self.data is not None else ''

        return super().__call__(value=value, **kwargs)


class OrganisationTypeField(RadioField):
    def __init__(
        self,
        *args,
        include_only=None,
        validators=None,
        **kwargs
    ):
        super().__init__(
            *args,
            choices=[
                (value, label) for value, label in Organisation.TYPES
                if not include_only or value in include_only
            ],
            thing='the type of organisation',
            validators=validators or [],
            **kwargs
        )


class FieldWithNoneOption():

    # This is a special value that is specific to our forms. This is
    # more expicit than casting `None` to a string `'None'` which can
    # have unexpected edge cases
    NONE_OPTION_VALUE = '__NONE__'

    # When receiving Python data, eg when instantiating the form object
    # we want to convert that data to our special value, so that it gets
    # recognised as being one of the valid choices
    def process_data(self, value):
        self.data = self.NONE_OPTION_VALUE if value is None else value

    # After validation we want to convert it back to a Python `None` for
    # use elsewhere, eg posting to the API
    def post_validate(self, form, validation_stopped):
        if self.data == self.NONE_OPTION_VALUE and not validation_stopped:
            self.data = None


class RadioFieldWithNoneOption(FieldWithNoneOption, RadioField):
    pass


class NestedFieldMixin:

    def children(self):

        # start map with root option as a single child entry
        child_map = {None: [option for option in self
                            if option.data == self.NONE_OPTION_VALUE]}

        # add entries for all other children
        for option in self:
            # assign all options with a NONE_OPTION_VALUE (not always None) to the None key
            if option.data == self.NONE_OPTION_VALUE:
                child_ids = [
                    folder['id'] for folder in self.all_template_folders
                    if folder['parent_id'] is None]
                key = self.NONE_OPTION_VALUE
            else:
                child_ids = [
                    folder['id'] for folder in self.all_template_folders
                    if folder['parent_id'] == option.data]
                key = option.data

            child_map[key] = [option for option in self if option.data in child_ids]

        return child_map

    # to be used as the only version of .children once radios are converted
    @cached_property
    def _children(self):
        return self.children()

    def get_items_from_options(self, field):
        items = []

        for option in self._children[None]:
            item = self.get_item_from_option(option)
            if option.data in self._children:
                item['children'] = self.render_children(field.name, option.label.text, self._children[option.data])
            items.append(item)

        return items

    def render_children(self, name, label, options):
        params = {
            "name": name,
            "fieldset": {
                "legend": {
                    "text": label,
                    "classes": "govuk-visually-hidden"
                }
            },
            "formGroup": {
                "classes": "govuk-form-group--nested"
            },
            "asList": True,
            "items": []
        }
        for option in options:
            item = self.get_item_from_option(option)

            if len(self._children[option.data]):
                item['children'] = self.render_children(name, option.label.text, self._children[option.data])

            params['items'].append(item)

        return render_template('forms/fields/checkboxes/template.njk', params=params)


class NestedRadioField(RadioFieldWithNoneOption, NestedFieldMixin):
    pass


class NestedCheckboxesField(SelectMultipleField, NestedFieldMixin):
    NONE_OPTION_VALUE = None


class HiddenFieldWithNoneOption(FieldWithNoneOption, HiddenField):
    pass


class RadioFieldWithRequiredMessage(RadioField):
    def __init__(self, *args, required_message='Not a valid choice', **kwargs):
        self.required_message = required_message
        super().__init__(*args, **kwargs)

    def pre_validate(self, form):
        try:
            return super().pre_validate(form)
        except ValueError:
            raise ValueError(self.required_message)


class StripWhitespaceForm(Form):
    class Meta:
        def bind_field(self, form, unbound_field, options):
            # FieldList simply doesn't support filters.
            # @see: https://github.com/wtforms/wtforms/issues/148
            no_filter_fields = (FieldList, PasswordField)
            filters = [strip_whitespace] if not issubclass(unbound_field.field_class, no_filter_fields) else []
            filters += unbound_field.kwargs.get('filters', [])
            bound = unbound_field.bind(form=form, filters=filters, **options)
            bound.get_form = weakref.ref(form)  # GC won't collect the form if we don't use a weakref
            return bound


class StripWhitespaceStringField(StringField):
    def __init__(self, label=None, **kwargs):
        kwargs['filters'] = tuple(chain(
            kwargs.get('filters', ()),
            (
                strip_whitespace,
            ),
        ))
        super(StringField, self).__init__(label, **kwargs)


class PostalAddressField(TextAreaField):
    def process_formdata(self, valuelist):
        if valuelist:
            self.data = PostalAddress(valuelist[0]).normalised


class OnOffField(RadioField):

    def __init__(self, label, choices=None, *args, **kwargs):
        choices = choices or [
            (True, 'On'),
            (False, 'Off'),
        ]
        super().__init__(
            label,
            choices=choices,
            thing=f'{choices[0][1].lower()} or {choices[1][1].lower()}',
            *args,
            **kwargs,
        )

    def process_formdata(self, valuelist):
        if valuelist:
            value = valuelist[0]
            self.data = (value == 'True') if value in ['True', 'False'] else value

    def iter_choices(self):
        for value, label in self.choices:
            # This overrides WTForms default behaviour which is to check
            # self.coerce(value) == self.data
            # where self.coerce returns a string for a boolean input
            yield (
                value,
                label,
                (self.data in {value, self.coerce(value)})
            )


class LoginForm(StripWhitespaceForm):
    email_address = EmailField('Email address', validators=[
        Length(min=5, max=255),
        DataRequired(message='Cannot be empty'),
        ValidEmail()
    ])
    password = PasswordField('Password', validators=[
        DataRequired(message='Enter your password')
    ])


class RegisterUserForm(StripWhitespaceForm):
    name = StringField('Full name',
                       validators=[DataRequired(message='Cannot be empty')])
    email_address = email_address()
    mobile_number = international_phone_number()
    password = password()
    # always register as sms type
    auth_type = HiddenField('auth_type', default='sms_auth')


class RegisterUserFromInviteForm(RegisterUserForm):
    def __init__(self, invited_user):
        super().__init__(
            service=invited_user.service,
            email_address=invited_user.email_address,
            auth_type=invited_user.auth_type,
            name=guess_name_from_email_address(
                invited_user.email_address
            ),
        )

    mobile_number = InternationalPhoneNumber('Mobile number', validators=[])
    service = HiddenField('service')
    email_address = HiddenField('email_address')
    auth_type = HiddenField('auth_type', validators=[DataRequired()])

    def validate_mobile_number(self, field):
        if self.auth_type.data == 'sms_auth' and not field.data:
            raise ValidationError('Cannot be empty')


class RegisterUserFromOrgInviteForm(StripWhitespaceForm):
    def __init__(self, invited_org_user):
        super().__init__(
            organisation=invited_org_user.organisation,
            email_address=invited_org_user.email_address,
        )

    name = StringField(
        'Full name',
        validators=[DataRequired(message='Cannot be empty')]
    )

    mobile_number = InternationalPhoneNumber('Mobile number', validators=[DataRequired(message='Cannot be empty')])
    password = password()
    organisation = HiddenField('organisation')
    email_address = HiddenField('email_address')
    auth_type = HiddenField('auth_type', validators=[DataRequired()])


class govukCheckboxesMixin:

    def extend_params(self, params, extensions):
        items = None
        param_items = len(params['items']) if 'items' in params else 0

        # split items off from params to make it a pure dict
        if 'items' in extensions:
            items = extensions['items']
            del extensions['items']

        # merge dicts
        params.update(extensions)

        # merge items
        if items:
            if 'items' not in params:
                params['items'] = items
            else:
                for idx, _item in enumerate(items):
                    if idx >= param_items:
                        params['items'].append(items[idx])
                    else:
                        params['items'][idx].update(items[idx])


class govukCheckboxField(govukCheckboxesMixin, BooleanField):

    def __init__(self, label='', validators=None, param_extensions=None, **kwargs):
        super(govukCheckboxField, self).__init__(label, validators, false_values=None, **kwargs)
        self.param_extensions = param_extensions

    # self.__call__ renders the HTML for the field by:
    # 1. delegating to self.meta.render_field which
    # 2. calls field.widget
    # this bypasses that by making self.widget a method with the same interface as widget.__call__
    def widget(self, field, param_extensions=None, **kwargs):

        # error messages
        error_message = None
        if field.errors:
            error_message = {
                "attributes": {
                    "data-module": "track-error",
                    "data-error-type": field.errors[0],
                    "data-error-label": field.name
                },
                "text": " ".join(field.errors).strip()
            }

        params = {
            'name':  field.name,
            'errorMessage': error_message,
            'items': [
                {
                    "name": field.name,
                    "id": field.id,
                    "text": field.label.text,
                    "value": 'y',
                    "checked": field.data
                }
            ]

        }

        # extend default params with any sent in during instantiation
        if self.param_extensions:
            self.extend_params(params, self.param_extensions)

        # add any sent in though use in templates
        if param_extensions:
            self.extend_params(params, param_extensions)

        return Markup(
            render_template('forms/fields/checkboxes/macro.njk', params=params))


# based on work done by @richardjpope: https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6
class govukCheckboxesField(govukCheckboxesMixin, SelectMultipleField):

    render_as_list = False

    def __init__(self, label='', validators=None, param_extensions=None, **kwargs):
        super(govukCheckboxesField, self).__init__(label, validators, **kwargs)
        self.param_extensions = param_extensions

    def get_item_from_option(self, option):
        return {
            "name": option.name,
            "id": option.id,
            "text": option.label.text,
            "value": str(option.data),  # to protect against non-string types like uuids
            "checked": option.checked
        }

    def get_items_from_options(self, field):
        return [self.get_item_from_option(option) for option in field]

    def extend_params(self, params, extensions):
        items = None
        param_items = len(params['items']) if 'items' in params else 0

        # split items off from params to make it a pure dict
        if 'items' in extensions:
            items = extensions['items']
            del extensions['items']

        # merge dicts
        params.update(extensions)

        # merge items
        if items:
            if 'items' not in params:
                params['items'] = items
            else:
                for idx, _item in enumerate(items):
                    if idx >= param_items:
                        params['items'].append(items[idx])
                    else:
                        params['items'][idx].update(items[idx])

    # self.__call__ renders the HTML for the field by:
    # 1. delegating to self.meta.render_field which
    # 2. calls field.widget
    # this bypasses that by making self.widget a method with the same interface as widget.__call__
    def widget(self, field, param_extensions=None, **kwargs):

        # error messages
        error_message = None
        if field.errors:
            error_message = {
                "attributes": {
                    "data-module": "track-error",
                    "data-error-type": field.errors[0],
                    "data-error-label": field.name
                },
                "text": " ".join(field.errors).strip()
            }

        # returns either a list or a hierarchy of lists
        # depending on how get_items_from_options is implemented
        items = self.get_items_from_options(field)

        params = {
            'name':  field.name,
            "fieldset": {
                "attributes": {"id": field.name},
                "legend": {
                    "text": field.label.text,
                    "classes": "govuk-fieldset__legend--s"
                }
            },
            "asList": self.render_as_list,
            'errorMessage': error_message,
            'items': items
        }

        # extend default params with any sent in during instantiation
        if self.param_extensions:
            self.extend_params(params, self.param_extensions)

        # add any sent in though use in templates
        if param_extensions:
            self.extend_params(params, param_extensions)

        return Markup(
            render_template('forms/fields/checkboxes/macro.njk', params=params))


# Extends fields using the govukCheckboxesField interface to wrap their render in HTML needed by the collapsible JS
class govukCollapsibleCheckboxesMixin:
    def __init__(self, label='', validators=None, field_label='', param_extensions=None, **kwargs):

        super(govukCollapsibleCheckboxesMixin, self).__init__(label, validators, param_extensions, **kwargs)
        self.field_label = field_label

    def widget(self, field, **kwargs):

        # add a blank hint to act as an ARIA live-region
        if self.param_extensions is not None:
            self.param_extensions.update(
                {"hint": {"html": "<div class=\"selection-summary\" role=\"region\" aria-live=\"polite\"></div>"}})
        else:
            self.param_extensions = \
                {"hint": {"html": "<div class=\"selection-summary\" role=\"region\" aria-live=\"polite\"></div>"}}

        # wrap the checkboxes HTML in the HTML needed by the collapisble JS
        return Markup(
            f'<div class="selection-wrapper"'
            f'     data-module="collapsible-checkboxes"'
            f'     data-field-label="{self.field_label}">'
            f'  {super(govukCollapsibleCheckboxesMixin, self).widget(field, **kwargs)}'
            f'</div>'
        )


class govukCollapsibleCheckboxesField(govukCollapsibleCheckboxesMixin, govukCheckboxesField):
    pass


# govukCollapsibleCheckboxesMixin adds an ARIA live-region to the hint and wraps the render in HTML needed by the
# collapsible JS
# NestedFieldMixin puts the items into a tree hierarchy, pre-rendering the sub-trees of the top-level items
class govukCollapsibleNestedCheckboxesField(govukCollapsibleCheckboxesMixin, NestedFieldMixin, govukCheckboxesField):
    NONE_OPTION_VALUE = None
    render_as_list = True


# guard against data entries that aren't a role in permissions
def filter_by_permissions(valuelist):
    if valuelist is None:
        return None
    else:
        return [entry for entry in valuelist if any(entry in role for role in permissions)]


# guard against data entries that aren't a role in broadcast_permissions
def filter_by_broadcast_permissions(valuelist):
    if valuelist is None:
        return None
    else:
        return [entry for entry in valuelist if any(entry in role for role in broadcast_permissions)]


class BasePermissionsForm(StripWhitespaceForm):
    def __init__(self, all_template_folders=None, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.folder_permissions.choices = []
        if all_template_folders is not None:
            self.folder_permissions.all_template_folders = all_template_folders
            self.folder_permissions.choices = [
                (item['id'], item['name']) for item in ([{'name': 'Templates', 'id': None}] + all_template_folders)
            ]

    folder_permissions = govukCollapsibleNestedCheckboxesField(
        'Folders this team member can see',
        field_label='folder')

    login_authentication = RadioField(
        'Sign in using',
        choices=[
            ('sms_auth', 'Text message code'),
            ('email_auth', 'Email link'),
        ],
        thing='how this team member should sign in',
        validators=[DataRequired()]
    )

    permissions_field = govukCheckboxesField(
        'Permissions',
        filters=[filter_by_permissions],
        choices=[
            (value, label) for value, label in permissions
        ],
        param_extensions={
            "hint": {"text": "All team members can see sent messages."}
        }
    )

    @property
    def permissions(self):
        return set(self.permissions_field.data)

    @classmethod
    def from_user(cls, user, service_id, **kwargs):
        return cls(
            **kwargs,
            **{
                "permissions_field": [
                    role for role in roles.keys() if user.has_permission_for_service(service_id, role)]
            },
            login_authentication=user.auth_type
        )


class PermissionsForm(BasePermissionsForm):
    pass


class BroadcastPermissionsForm(BasePermissionsForm):

    permissions_field = govukCheckboxesField(
        'Permissions',
        choices=[
            (value, label) for value, label in broadcast_permissions
        ],
        filters=[filter_by_broadcast_permissions],
        param_extensions={
            "hint": {"text": "All team members can see sent messages."}
        }
    )

    @property
    def permissions(self):
        return {'view_activity'} | super().permissions


class BaseInviteUserForm():
    email_address = email_address(gov_user=False)

    def __init__(self, invalid_email_address, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.invalid_email_address = invalid_email_address.lower()

    def validate_email_address(self, field):
        if field.data.lower() == self.invalid_email_address and not current_user.platform_admin:
            raise ValidationError("You cannot send an invitation to yourself")


class InviteUserForm(BaseInviteUserForm, PermissionsForm):
    pass


class BroadcastInviteUserForm(BaseInviteUserForm, BroadcastPermissionsForm):
    pass


class InviteOrgUserForm(StripWhitespaceForm):
    email_address = email_address(gov_user=False)

    def __init__(self, invalid_email_address, *args, **kwargs):
        super(InviteOrgUserForm, self).__init__(*args, **kwargs)
        self.invalid_email_address = invalid_email_address.lower()

    def validate_email_address(self, field):
        if field.data.lower() == self.invalid_email_address and not current_user.platform_admin:
            raise ValidationError("You cannot send an invitation to yourself")


class TwoFactorForm(StripWhitespaceForm):
    def __init__(self, validate_code_func, *args, **kwargs):
        '''
        Keyword arguments:
        validate_code_func -- Validates the code with the API.
        '''
        self.validate_code_func = validate_code_func
        super(TwoFactorForm, self).__init__(*args, **kwargs)

    sms_code = SMSCode('Text message code')

    def validate(self):

        if not self.sms_code.validate(self):
            return False

        is_valid, reason = self.validate_code_func(self.sms_code.data)

        if not is_valid:
            self.sms_code.errors.append(reason)
            return False

        return True


class TextNotReceivedForm(StripWhitespaceForm):
    mobile_number = international_phone_number()


class RenameServiceForm(StripWhitespaceForm):
    name = StringField(
        u'Service name',
        validators=[
            DataRequired(message='Cannot be empty'),
            MustContainAlphanumericCharacters()
        ])


class RenameOrganisationForm(StripWhitespaceForm):
    name = StringField(
        u'Organisation name',
        validators=[
            DataRequired(message='Cannot be empty'),
            MustContainAlphanumericCharacters()
        ])


class AddGPOrganisationForm(StripWhitespaceForm):

    def __init__(self, *args, service_name='unknown', **kwargs):
        super().__init__(*args, **kwargs)
        self.same_as_service_name.label.text = 'Is your GP practice called ‘{}’?'.format(service_name)
        self.service_name = service_name

    def get_organisation_name(self):
        if self.same_as_service_name.data:
            return self.service_name
        return self.name.data

    same_as_service_name = OnOffField(
        'Is your GP practice called the same name as your service?',
        choices=(
            (True, 'Yes'),
            (False, 'No'),
        ),
    )

    name = StringField(
        'What’s your practice called?',
    )

    def validate_name(self, field):
        if self.same_as_service_name.data is False:
            if not field.data:
                raise ValidationError('Cannot be empty')
        else:
            field.data = ''


class AddNHSLocalOrganisationForm(StripWhitespaceForm):

    def __init__(self, *args, organisation_choices=None, **kwargs):
        super().__init__(*args, **kwargs)
        self.organisations.choices = organisation_choices

    organisations = RadioField(
        'Which NHS Trust or Clinical Commissioning Group do you work for?',
        thing='an NHS Trust or Clinical Commissioning Group'
    )


class OrganisationOrganisationTypeForm(StripWhitespaceForm):
    organisation_type = OrganisationTypeField('What type of organisation is this?')


class OrganisationCrownStatusForm(StripWhitespaceForm):
    crown_status = RadioField(
        (
            'Is this organisation a crown body?'
        ),
        choices=[
            ('crown', 'Yes'),
            ('non-crown', 'No'),
            ('unknown', 'Not sure'),
        ],
        thing='whether this organisation is a crown body',
    )


class OrganisationAgreementSignedForm(StripWhitespaceForm):
    agreement_signed = RadioField(
        (
            'Has this organisation signed the agreement?'
        ),
        choices=[
            ('yes', 'Yes'),
            ('no', 'No'),
            ('unknown', 'No (but we have some service-specific agreements in place)'),
        ],
        thing='whether this organisation has signed the agreement',
    )


class OrganisationDomainsForm(StripWhitespaceForm):

    def populate(self, domains_list):
        for index, value in enumerate(domains_list):
            self.domains[index].data = value

    domains = FieldList(
        StripWhitespaceStringField(
            '',
            validators=[
                Optional(),
            ],
            default=''
        ),
        min_entries=20,
        max_entries=20,
        label="Domain names"
    )


class CreateServiceForm(StripWhitespaceForm):
    name = StringField(
        "What’s your service called?",
        validators=[
            DataRequired(message='Cannot be empty'),
            MustContainAlphanumericCharacters()
        ])
    organisation_type = OrganisationTypeField('Who runs this service?')


class CreateNhsServiceForm(CreateServiceForm):
    organisation_type = OrganisationTypeField(
        'Who runs this service?',
        include_only={'nhs_central', 'nhs_local', 'nhs_gp'},
    )


class NewOrganisationForm(
    RenameOrganisationForm,
    OrganisationOrganisationTypeForm,
    OrganisationCrownStatusForm,
):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        # Don’t offer the ‘not sure’ choice
        self.crown_status.choices = self.crown_status.choices[:-1]


class FreeSMSAllowance(StripWhitespaceForm):
    free_sms_allowance = IntegerField(
        'Numbers of text message fragments per year',
        validators=[
            DataRequired(message='Cannot be empty')
        ]
    )


class ConfirmPasswordForm(StripWhitespaceForm):
    def __init__(self, validate_password_func, *args, **kwargs):
        self.validate_password_func = validate_password_func
        super(ConfirmPasswordForm, self).__init__(*args, **kwargs)

    password = PasswordField(u'Enter password')

    def validate_password(self, field):
        if not self.validate_password_func(field.data):
            raise ValidationError('Invalid password')


class BaseTemplateForm(StripWhitespaceForm):
    name = StringField(
        u'Template name',
        validators=[DataRequired(message="Cannot be empty")])

    template_content = TextAreaField(
        u'Message',
        validators=[
            DataRequired(message="Cannot be empty"),
            NoCommasInPlaceHolders()
        ]
    )
    process_type = RadioField(
        'Use priority queue?',
        choices=[
            ('priority', 'Yes'),
            ('normal', 'No'),
        ],
        thing='yes or no',
        validators=[DataRequired()],
        default='normal'
    )


class SMSTemplateForm(BaseTemplateForm):
    def validate_template_content(self, field):
        OnlySMSCharacters(template_type='sms')(None, field)


class BroadcastTemplateForm(SMSTemplateForm):
    def validate_template_content(self, field):
        OnlySMSCharacters(template_type='broadcast')(None, field)


class LetterAddressForm(StripWhitespaceForm):

    def __init__(self, *args, allow_international_letters=False, **kwargs):
        self.allow_international_letters = allow_international_letters
        super().__init__(*args, **kwargs)

    address = PostalAddressField(
        'Address',
        validators=[DataRequired(message="Cannot be empty")]
    )

    def validate_address(self, field):

        address = PostalAddress(
            field.data,
            allow_international_letters=self.allow_international_letters,
        )

        if not address.has_enough_lines:
            raise ValidationError(
                f'Address must be at least {PostalAddress.MIN_LINES} lines long'
            )

        if address.has_too_many_lines:
            raise ValidationError(
                f'Address must be no more than {PostalAddress.MAX_LINES} lines long'
            )

        if not address.has_valid_last_line:
            if self.allow_international_letters:
                raise ValidationError(
                    f'Last line of the address must be a UK postcode or another country'
                )
            raise ValidationError(
                f'Last line of the address must be a real UK postcode'
            )

        if address.has_invalid_characters:
            raise ValidationError(
                'Address lines must not start with any of the following characters: @ ( ) = [ ] ” \\ / ,'
            )


class EmailTemplateForm(BaseTemplateForm):
    subject = TextAreaField(
        u'Subject',
        validators=[DataRequired(message="Cannot be empty")])


class LetterTemplateForm(EmailTemplateForm):
    subject = TextAreaField(
        u'Main heading',
        validators=[DataRequired(message="Cannot be empty")])

    template_content = TextAreaField(
        u'Body',
        validators=[
            DataRequired(message="Cannot be empty"),
            NoCommasInPlaceHolders()
        ]
    )


class LetterTemplatePostageForm(StripWhitespaceForm):
    postage = RadioField(
        'Choose the postage for this letter template',
        choices=[
            ('first', 'First class'),
            ('second', 'Second class'),
        ],
        thing='first class or second class',
        validators=[DataRequired()]
    )


class LetterUploadPostageForm(StripWhitespaceForm):

    def __init__(self, *args, postage_zone, **kwargs):

        super().__init__(*args, **kwargs)

        if postage_zone != Postage.UK:
            self.postage.choices = [(postage_zone, '')]
            self.postage.data = postage_zone

    @property
    def show_postage(self):
        return len(self.postage.choices) > 1

    postage = RadioField(
        'Choose the postage for this letter',
        choices=[
            ('first', 'First class post'),
            ('second', 'Second class post'),
        ],
        default='second',
        validators=[DataRequired()]
    )


class ForgotPasswordForm(StripWhitespaceForm):
    email_address = email_address(gov_user=False)


class NewPasswordForm(StripWhitespaceForm):
    new_password = password()


class ChangePasswordForm(StripWhitespaceForm):
    def __init__(self, validate_password_func, *args, **kwargs):
        self.validate_password_func = validate_password_func
        super(ChangePasswordForm, self).__init__(*args, **kwargs)

    old_password = password('Current password')
    new_password = password('New password')

    def validate_old_password(self, field):
        if not self.validate_password_func(field.data):
            raise ValidationError('Invalid password')


class CsvUploadForm(StripWhitespaceForm):
    file = FileField('Add recipients', validators=[DataRequired(
        message='Please pick a file'), CsvFileValidator()])


class ChangeNameForm(StripWhitespaceForm):
    new_name = StringField(u'Your name')


class ChangeEmailForm(StripWhitespaceForm):
    def __init__(self, validate_email_func, *args, **kwargs):
        self.validate_email_func = validate_email_func
        super(ChangeEmailForm, self).__init__(*args, **kwargs)

    email_address = email_address()

    def validate_email_address(self, field):
        is_valid = self.validate_email_func(field.data)
        if is_valid:
            raise ValidationError("The email address is already in use")


class ChangeNonGovEmailForm(ChangeEmailForm):
    email_address = email_address(gov_user=False)


class ChangeMobileNumberForm(StripWhitespaceForm):
    mobile_number = international_phone_number()


class ChooseTimeForm(StripWhitespaceForm):

    def __init__(self, *args, **kwargs):
        super(ChooseTimeForm, self).__init__(*args, **kwargs)
        self.scheduled_for.choices = [('', 'Now')] + [
            get_time_value_and_label(hour) for hour in get_next_hours_until(
                get_furthest_possible_scheduled_time()
            )
        ]
        self.scheduled_for.categories = get_next_days_until(get_furthest_possible_scheduled_time())

    scheduled_for = RadioField(
        'When should Notify send these messages?',
        default='',
    )


class ChooseBroadcastDurationForm(StripWhitespaceForm):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.finishes_at.choices = [
            get_time_value_and_label(hour) for hour in get_next_hours_until(
                get_furthest_possible_scheduled_time()
            )
        ]
        self.finishes_at.categories = get_next_days_until(
            get_furthest_possible_scheduled_time()
        )

    finishes_at = RadioField(
        'End time',
    )


class CreateKeyForm(StripWhitespaceForm):
    def __init__(self, existing_keys, *args, **kwargs):
        self.existing_key_names = [
            key['name'].lower() for key in existing_keys
            if not key['expiry_date']
        ]
        super().__init__(*args, **kwargs)

    key_type = RadioField(
        'Type of key',
        thing='the type of key',
    )

    key_name = StringField(u'Description of key', validators=[
        DataRequired(message='You need to give the key a name')
    ])

    def validate_key_name(self, key_name):
        if key_name.data.lower() in self.existing_key_names:
            raise ValidationError('A key with this name already exists')


class SupportType(StripWhitespaceForm):
    support_type = RadioField(
        'How can we help you?',
        choices=[
            (PROBLEM_TICKET_TYPE, 'Report a problem'),
            (QUESTION_TICKET_TYPE, 'Ask a question or give feedback'),
        ],
    )


class SupportRedirect(StripWhitespaceForm):
    who = RadioField(
        'What do you need help with?',
        choices=[
            ('public-sector', 'I work in the public sector and need to send emails, text messages or letters'),
            ('public', 'I’m a member of the public with a question for the government'),
        ],
    )


class FeedbackOrProblem(StripWhitespaceForm):
    name = StringField('Name (optional)')
    email_address = email_address(label='Email address', gov_user=False, required=True)
    feedback = TextAreaField('Your message', validators=[DataRequired(message="Cannot be empty")])


class Triage(StripWhitespaceForm):
    severe = RadioField(
        'Is it an emergency?',
        choices=[
            ('yes', 'Yes'),
            ('no', 'No'),
        ],
        thing='yes or no',
    )


class EstimateUsageForm(StripWhitespaceForm):

    volume_email = ForgivingIntegerField(
        'How many emails do you expect to send in the next year?',
        things='emails',
        format_error_suffix='you expect to send',
    )
    volume_sms = ForgivingIntegerField(
        'How many text messages do you expect to send in the next year?',
        things='text messages',
        format_error_suffix='you expect to send',
    )
    volume_letter = ForgivingIntegerField(
        'How many letters do you expect to send in the next year?',
        things='letters',
        format_error_suffix='you expect to send',
    )
    consent_to_research = RadioField(
        'Can we contact you when we’re doing user research?',
        choices=[
            ('yes', 'Yes'),
            ('no', 'No'),
        ],
        thing='yes or no',
    )

    at_least_one_volume_filled = True

    def validate(self, *args, **kwargs):

        if self.volume_email.data == self.volume_sms.data == self.volume_letter.data == 0:
            self.at_least_one_volume_filled = False
            return False

        return super().validate(*args, **kwargs)


class ProviderForm(StripWhitespaceForm):
    priority = IntegerField('Priority', [validators.NumberRange(min=1, max=100, message="Must be between 1 and 100")])


class ProviderRatioForm(StripWhitespaceForm):

    ratio = RadioField(choices=[
        (str(value), '{}% / {}%'.format(value, 100 - value))
        for value in range(100, -10, -10)
    ])

    @property
    def percentage_left(self):
        return int(self.ratio.data)

    @property
    def percentage_right(self):
        return 100 - self.percentage_left


class ServiceContactDetailsForm(StripWhitespaceForm):
    contact_details_type = RadioField(
        'Type of contact details',
        choices=[
            ('url', 'Link'),
            ('email_address', 'Email address'),
            ('phone_number', 'Phone number'),
        ],
    )

    url = StringField("URL")
    email_address = EmailField("Email address")
    phone_number = StringField("Phone number")

    def validate(self):

        if self.contact_details_type.data == 'url':
            self.url.validators = [DataRequired(), URL(message='Must be a valid URL')]

        elif self.contact_details_type.data == 'email_address':
            self.email_address.validators = [DataRequired(), Length(min=5, max=255), ValidEmail()]

        elif self.contact_details_type.data == 'phone_number':
            # we can't use the existing phone number validation functions here since we want to allow landlines
            def valid_phone_number(self, num):
                try:
                    normalise_phone_number(num.data)
                    return True
                except InvalidPhoneError:
                    raise ValidationError('Must be a valid phone number')
            self.phone_number.validators = [DataRequired(), Length(min=5, max=20), valid_phone_number]

        return super().validate()


class ServiceReplyToEmailForm(StripWhitespaceForm):
    email_address = email_address(label='Reply-to email address', gov_user=False)
    is_default = govukCheckboxField("Make this email address the default")


class ServiceSmsSenderForm(StripWhitespaceForm):
    sms_sender = StringField(
        'Text message sender',
        validators=[
            DataRequired(message="Cannot be empty"),
            Length(max=11, message="Enter 11 characters or fewer"),
            Length(min=3, message="Enter 3 characters or more"),
            LettersNumbersFullStopsAndUnderscoresOnly(),
            DoesNotStartWithDoubleZero(),
        ]
    )
    is_default = govukCheckboxField("Make this text message sender the default")


class ServiceEditInboundNumberForm(StripWhitespaceForm):
    is_default = govukCheckboxField("Make this text message sender the default")


class ServiceLetterContactBlockForm(StripWhitespaceForm):
    letter_contact_block = TextAreaField(
        validators=[
            DataRequired(message="Cannot be empty"),
            NoCommasInPlaceHolders()
        ]
    )
    is_default = govukCheckboxField("Set as your default address")

    def validate_letter_contact_block(self, field):
        line_count = field.data.strip().count('\n')
        if line_count >= 10:
            raise ValidationError(
                'Contains {} lines, maximum is 10'.format(line_count + 1)
            )


class ServiceOnOffSettingForm(StripWhitespaceForm):

    def __init__(self, name, *args, truthy='On', falsey='Off', **kwargs):
        super().__init__(*args, **kwargs)
        self.enabled.label.text = name
        self.enabled.choices = [
            (True, truthy),
            (False, falsey),
        ]

    enabled = OnOffField('Choices')


class ServiceSwitchChannelForm(ServiceOnOffSettingForm):
    def __init__(self, channel, *args, **kwargs):
        name = 'Send {}'.format({
            'email': 'emails',
            'sms': 'text messages',
            'letter': 'letters',
        }.get(channel))

        super().__init__(name, *args, **kwargs)


class SetEmailBranding(StripWhitespaceForm):

    branding_style = RadioFieldWithNoneOption(
        'Branding style',
        thing='a branding style',
    )

    DEFAULT = (FieldWithNoneOption.NONE_OPTION_VALUE, 'GOV.UK')

    def __init__(self, all_branding_options, current_branding):

        super().__init__(branding_style=current_branding)

        self.branding_style.choices = sorted(
            all_branding_options + [self.DEFAULT],
            key=lambda branding: (
                branding[0] != current_branding,
                branding[0] is not self.DEFAULT[0],
                branding[1].lower(),
            ),
        )


class SetLetterBranding(SetEmailBranding):
    # form is the same, but instead of GOV.UK we have None as a valid option
    DEFAULT = (FieldWithNoneOption.NONE_OPTION_VALUE, 'None')


class PreviewBranding(StripWhitespaceForm):

    branding_style = HiddenFieldWithNoneOption('branding_style')


class ServiceUpdateEmailBranding(StripWhitespaceForm):
    name = StringField('Name of brand')
    text = StringField('Text')
    colour = StringField(
        'Colour',
        validators=[
            Regexp(regex="^$|^#(?:[0-9a-fA-F]{3}){1,2}$", message='Must be a valid color hex code (starting with #)')
        ]
    )
    file = FileField_wtf('Upload a PNG logo', validators=[FileAllowed(['png'], 'PNG Images only!')])
    brand_type = RadioField(
        "Brand type",
        choices=[
            ('both', 'GOV.UK and branding'),
            ('org', 'Branding only'),
            ('org_banner', 'Branding banner'),
        ]
    )

    def validate_name(self, name):
        op = request.form.get('operation')
        if op == 'email-branding-details' and not self.name.data:
            raise ValidationError('This field is required')


class SVGFileUpload(StripWhitespaceForm):
    file = FileField_wtf(
        'Upload an SVG logo',
        validators=[
            FileAllowed(['svg'], 'SVG Images only!'),
            DataRequired(message="You need to upload a file to submit"),
            NoEmbeddedImagesInSVG()
        ]
    )


class ServiceLetterBrandingDetails(StripWhitespaceForm):
    name = StringField('Name of brand', validators=[DataRequired()])


class PDFUploadForm(StripWhitespaceForm):
    file = FileField_wtf(
        'Upload a letter in PDF format',
        validators=[
            FileAllowed(['pdf'], 'Save your letter as a PDF and try again.'),
            DataRequired(message="You need to choose a file to upload")
        ]
    )


class EmailFieldInGuestList(EmailField, StripWhitespaceStringField):
    pass


class InternationalPhoneNumberInGuestList(InternationalPhoneNumber, StripWhitespaceStringField):
    pass


class GuestList(StripWhitespaceForm):

    def populate(self, email_addresses, phone_numbers):
        for form_field, existing_guest_list in (
            (self.email_addresses, email_addresses),
            (self.phone_numbers, phone_numbers)
        ):
            for index, value in enumerate(existing_guest_list):
                form_field[index].data = value

    email_addresses = FieldList(
        EmailFieldInGuestList(
            '',
            validators=[
                Optional(),
                ValidEmail()
            ],
            default=''
        ),
        min_entries=5,
        max_entries=5,
        label="Email addresses"
    )

    phone_numbers = FieldList(
        InternationalPhoneNumberInGuestList(
            '',
            validators=[
                Optional()
            ],
            default=''
        ),
        min_entries=5,
        max_entries=5,
        label="Mobile numbers"
    )


class DateFilterForm(StripWhitespaceForm):
    start_date = DateField("Start Date", [validators.optional()])
    end_date = DateField("End Date", [validators.optional()])
    include_from_test_key = govukCheckboxField("Include test keys")


class RequiredDateFilterForm(StripWhitespaceForm):
    start_date = DateField("Start Date")
    end_date = DateField("End Date")


class SearchByNameForm(StripWhitespaceForm):

    search = SearchField(
        'Search by name',
        validators=[DataRequired("You need to enter full or partial name to search by.")],
    )


class SearchUsersByEmailForm(StripWhitespaceForm):

    search = SearchField(
        'Search by name or email address',
        validators=[
            DataRequired("You need to enter full or partial email address to search by.")
        ],
    )


class SearchUsersForm(StripWhitespaceForm):

    search = SearchField('Search by name or email address')


class SearchNotificationsForm(StripWhitespaceForm):

    to = SearchField()

    labels = {
        'email': 'Search by email address',
        'sms': 'Search by phone number',
    }

    def __init__(self, message_type, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.to.label.text = self.labels.get(
            message_type,
            'Search by phone number or email address',
        )


class PlaceholderForm(StripWhitespaceForm):

    pass


class PasswordFieldShowHasContent(StringField):
    widget = widgets.PasswordInput(hide_value=False)


class ServiceInboundNumberForm(StripWhitespaceForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.inbound_number.choices = kwargs['inbound_number_choices']

    inbound_number = RadioField(
        "Select your inbound number",
        thing='an inbound number',
    )


class CallbackForm(StripWhitespaceForm):

    def validate(self):
        return super().validate() or self.url.data == ''


class ServiceReceiveMessagesCallbackForm(CallbackForm):
    url = StringField(
        "URL",
        validators=[DataRequired(message='Cannot be empty'),
                    Regexp(regex="^https.*", message='Must be a valid https URL')]
    )
    bearer_token = PasswordFieldShowHasContent(
        "Bearer token",
        validators=[DataRequired(message='Cannot be empty'),
                    Length(min=10, message='Must be at least 10 characters')]
    )


class ServiceDeliveryStatusCallbackForm(CallbackForm):
    url = StringField(
        "URL",
        validators=[DataRequired(message='Cannot be empty'),
                    Regexp(regex="^https.*", message='Must be a valid https URL')]
    )
    bearer_token = PasswordFieldShowHasContent(
        "Bearer token",
        validators=[DataRequired(message='Cannot be empty'),
                    Length(min=10, message='Must be at least 10 characters')]
    )


class InternationalSMSForm(StripWhitespaceForm):
    enabled = RadioField(
        'Send text messages to international phone numbers',
        choices=[
            ('on', 'On'),
            ('off', 'Off'),
        ],
    )


class SMSPrefixForm(StripWhitespaceForm):
    enabled = RadioField(
        '',
        choices=[
            ('on', 'On'),
            ('off', 'Off'),
        ],
    )


def get_placeholder_form_instance(
    placeholder_name,
    dict_to_populate_from,
    template_type,
    allow_international_phone_numbers=False,
):

    if (
        Columns.make_key(placeholder_name) == 'emailaddress' and
        template_type == 'email'
    ):
        field = email_address(label=placeholder_name, gov_user=False)
    elif (
        Columns.make_key(placeholder_name) == 'phonenumber' and
        template_type == 'sms'
    ):
        if allow_international_phone_numbers:
            field = international_phone_number(label=placeholder_name)
        else:
            field = uk_mobile_number(label=placeholder_name)
    else:
        field = StringField(placeholder_name, validators=[
            DataRequired(message='Cannot be empty')
        ])

    PlaceholderForm.placeholder_value = field

    return PlaceholderForm(
        placeholder_value=dict_to_populate_from.get(placeholder_name, '')
    )


class SetSenderForm(StripWhitespaceForm):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.sender.choices = kwargs['sender_choices']
        self.sender.label.text = kwargs['sender_label']

    sender = RadioField()


class SetTemplateSenderForm(StripWhitespaceForm):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.sender.choices = kwargs['sender_choices']
        self.sender.label.text = 'Select your sender'

    sender = RadioField()


class LinkOrganisationsForm(StripWhitespaceForm):

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.organisations.choices = kwargs['choices']

    organisations = RadioField(
        'Select an organisation',
        validators=[
            DataRequired()
        ]
    )


class BrandingOptions(StripWhitespaceForm):

    FALLBACK_OPTION_VALUE = 'something_else'
    FALLBACK_OPTION = (FALLBACK_OPTION_VALUE, 'Something else')

    options = RadioField('Choose your new branding')
    something_else = TextAreaField('Describe the branding you want')

    def __init__(self, service, *args, branding_type="email", **kwargs):
        super().__init__(*args, **kwargs)
        self.options.choices = tuple(self.get_available_choices(service, branding_type))
        self.options.label.text = 'Choose your new {} branding'.format(branding_type)
        if self.something_else_is_only_option:
            self.options.data = self.FALLBACK_OPTION_VALUE

    @staticmethod
    def get_available_choices(service, branding_type):
        if branding_type == "email":
            organisation_branding_id = service.organisation.email_branding_id if service.organisation else None
            service_branding_id = service.email_branding_id
            service_branding_name = service.email_branding_name
        elif branding_type == "letter":
            organisation_branding_id = service.organisation.letter_branding_id if service.organisation else None
            service_branding_id = service.letter_branding_id
            service_branding_name = service.letter_branding_name

        if (
            service.organisation_type == Organisation.TYPE_CENTRAL
            and organisation_branding_id is None
            and service_branding_id is not None
            and branding_type == "email"
        ):
            yield ('govuk', 'GOV.UK')

        if (
            service.organisation_type == Organisation.TYPE_CENTRAL
            and service.organisation
            and organisation_branding_id is None
            and service_branding_name.lower() != 'GOV.UK and {}'.format(service.organisation.name).lower()
            and branding_type == "email"
        ):
            yield ('govuk_and_org', 'GOV.UK and {}'.format(service.organisation.name))

        if (
            service.organisation_type in {
                Organisation.TYPE_NHS_CENTRAL,
                Organisation.TYPE_NHS_LOCAL,
                Organisation.TYPE_NHS_GP,
            }
            and service_branding_name != 'NHS'
        ):
            yield ('nhs', 'NHS')

        if (
            service.organisation
            and service.organisation_type not in {
                Organisation.TYPE_NHS_LOCAL,
                Organisation.TYPE_NHS_CENTRAL,
                Organisation.TYPE_NHS_GP,
            }
            and (
                service_branding_id is None
                or service_branding_id != organisation_branding_id
            )
        ):
            yield ('organisation', service.organisation.name)

        yield BrandingOptions.FALLBACK_OPTION

    @property
    def something_else_is_only_option(self):
        return self.options.choices == (self.FALLBACK_OPTION,)

    def validate_something_else(self, field):
        if (
            self.something_else_is_only_option
            or self.options.data == self.FALLBACK_OPTION_VALUE
        ) and not field.data:
            raise ValidationError('Cannot be empty')

        if self.options.data != self.FALLBACK_OPTION_VALUE:
            field.data = ''


class ServiceDataRetentionForm(StripWhitespaceForm):

    notification_type = RadioField(
        'What notification type?',
        choices=[
            ('email', 'Email'),
            ('sms', 'SMS'),
            ('letter', 'Letter'),
        ],
        validators=[DataRequired()],
    )
    days_of_retention = IntegerField(label="Days of retention",
                                     validators=[validators.NumberRange(min=3, max=90,
                                                                        message="Must be between 3 and 90")],
                                     )


class ServiceDataRetentionEditForm(StripWhitespaceForm):
    days_of_retention = IntegerField(label="Days of retention",
                                     validators=[validators.NumberRange(min=3, max=90,
                                                                        message="Must be between 3 and 90")],
                                     )


class ReturnedLettersForm(StripWhitespaceForm):
    references = TextAreaField(
        u'Letter references',
        validators=[
            DataRequired(message="Cannot be empty"),
        ]
    )


class TemplateFolderForm(StripWhitespaceForm):
    def __init__(self, all_service_users=None, *args, **kwargs):
        super().__init__(*args, **kwargs)
        if all_service_users is not None:
            self.users_with_permission.all_service_users = all_service_users
            self.users_with_permission.choices = [
                (item.id, item.name) for item in all_service_users
            ]

    users_with_permission = govukCollapsibleCheckboxesField(
        'Team members who can see this folder',
        field_label='folder')
    name = StringField('Folder name', validators=[DataRequired(message='Cannot be empty')])


def required_for_ops(*operations):
    operations = set(operations)

    def validate(form, field):
        if form.op not in operations and any(field.raw_data):
            # super weird
            raise validators.StopValidation('Must be empty')
        if form.op in operations and not any(field.raw_data):
            raise validators.StopValidation('Cannot be empty')
    return validate


class TemplateAndFoldersSelectionForm(Form):
    """
    This form expects the form data to include an operation, based on which submit button is clicked.
    If enter is pressed, unknown will be sent by a hidden submit button at the top of the form.
    The value of this operation affects which fields are required, expected to be empty, or optional.

    * unknown
        currently not implemented, but in the future will try and work out if there are any obvious commands that can be
        assumed based on which fields are empty vs populated.
    * move-to-existing-folder
        must have data for templates_and_folders checkboxes, and move_to radios
    * move-to-new-folder
        must have data for move_to_new_folder_name, cannot have data for move_to_existing_folder_name
    * add-new-folder
        must have data for move_to_existing_folder_name, cannot have data for move_to_new_folder_name
    """

    ALL_TEMPLATES_FOLDER = {
        'name': 'Templates',
        'id': RadioFieldWithNoneOption.NONE_OPTION_VALUE,
    }

    def __init__(
        self,
        all_template_folders,
        template_list,
        available_template_types,
        allow_adding_copy_of_template,
        *args,
        **kwargs
    ):

        super().__init__(*args, **kwargs)

        self.available_template_types = available_template_types

        self.templates_and_folders.choices = template_list.as_id_and_name

        self.op = None
        self.is_move_op = self.is_add_folder_op = self.is_add_template_op = False

        self.move_to.all_template_folders = all_template_folders
        self.move_to.choices = [
            (item['id'], item['name'])
            for item in ([self.ALL_TEMPLATES_FOLDER] + all_template_folders)
        ]

        self.add_template_by_template_type.choices = list(filter(None, [
            # We want to show email and text message to everyone,
            # whether or not the service has them switched on. The
            # option to add letter or broadcast templates should only
            # be shown to services which have that permission
            ('email', 'Email'),
            ('sms', 'Text message'),
            ('letter', 'Letter') if 'letter' in available_template_types else None,
            ('broadcast', 'Broadcast') if 'broadcast' in available_template_types else None,
            ('copy-existing', 'Copy an existing template') if allow_adding_copy_of_template else None,
        ]))

    @property
    def trying_to_add_unavailable_template_type(self):
        return all((
            self.is_add_template_op,
            self.add_template_by_template_type.data,
            self.add_template_by_template_type.data not in self.available_template_types,
        ))

    def is_selected(self, template_folder_id):
        return template_folder_id in (self.templates_and_folders.data or [])

    def validate(self):
        self.op = request.form.get('operation')

        self.is_move_op = self.op in {'move-to-existing-folder', 'move-to-new-folder'}
        self.is_add_folder_op = self.op in {'add-new-folder', 'move-to-new-folder'}
        self.is_add_template_op = self.op in {'add-new-template'}

        if not (self.is_add_folder_op or self.is_move_op or self.is_add_template_op):
            return False

        return super().validate()

    def get_folder_name(self):
        if self.op == 'add-new-folder':
            return self.add_new_folder_name.data
        elif self.op == 'move-to-new-folder':
            return self.move_to_new_folder_name.data
        return None

    templates_and_folders = govukCheckboxesField(
        'Choose templates or folders',
        validators=[required_for_ops('move-to-new-folder', 'move-to-existing-folder')],
        choices=[],  # added to keep order of arguments, added properly in __init__
        param_extensions={
            "fieldset": {
                "legend": {
                    "classes": "govuk-visually-hidden"
                }
            }
        }
    )
    # if no default set, it is set to None, which process_data transforms to '__NONE__'
    # this means '__NONE__' (self.ALL_TEMPLATES option) is selected when no form data has been submitted
    # set default to empty string so process_data method doesn't perform any transformation
    move_to = NestedRadioField(
        'Choose a folder',
        default='',
        validators=[
            required_for_ops('move-to-existing-folder'),
            Optional()
        ])
    add_new_folder_name = StringField('Folder name', validators=[required_for_ops('add-new-folder')])
    move_to_new_folder_name = StringField('Folder name', validators=[required_for_ops('move-to-new-folder')])

    add_template_by_template_type = RadioFieldWithRequiredMessage('New template', validators=[
        required_for_ops('add-new-template'),
        Optional(),
    ], required_message='Select the type of template you want to add')


class ClearCacheForm(StripWhitespaceForm):
    model_type = RadioField(
        'What do you want to clear today',
    )


class GoLiveNotesForm(StripWhitespaceForm):
    request_to_go_live_notes = TextAreaField(
        'Go live notes',
        filters=[lambda x: x or None],
    )


class AcceptAgreementForm(StripWhitespaceForm):

    @classmethod
    def from_organisation(cls, org):

        if org.agreement_signed_on_behalf_of_name and org.agreement_signed_on_behalf_of_email_address:
            who = 'someone-else'
        elif org.agreement_signed_version:  # only set if user has submitted form previously
            who = 'me'
        else:
            who = None

        return cls(
            version=org.agreement_signed_version,
            who=who,
            on_behalf_of_name=org.agreement_signed_on_behalf_of_name,
            on_behalf_of_email=org.agreement_signed_on_behalf_of_email_address,
        )

    version = StringField(
        'Which version of the agreement do you want to accept?'
    )

    who = RadioField(
        'Who are you accepting the agreement for?',
        choices=(
            (
                'me',
                'Yourself',
            ),
            (
                'someone-else',
                'Someone else',
            ),
        ),
    )

    on_behalf_of_name = StringField(
        'What’s their name?'
    )

    on_behalf_of_email = email_address(
        'What’s their email address?',
        required=False,
        gov_user=False,
    )

    def __validate_if_nominating(self, field):
        if self.who.data == 'someone-else':
            if not field.data:
                raise ValidationError('Cannot be empty')
        else:
            field.data = ''

    validate_on_behalf_of_name = __validate_if_nominating
    validate_on_behalf_of_email = __validate_if_nominating

    def validate_version(self, field):
        try:
            float(field.data)
        except (TypeError, ValueError):
            raise ValidationError("Must be a number")


class BroadcastAreaForm(StripWhitespaceForm):

    areas = govukCheckboxesField('Choose areas to broadcast to')

    def __init__(self, choices, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.areas.choices = choices
        self.areas.render_as_list = True
        self.areas.param_extensions = {'fieldset': {'legend': {'classes': 'govuk-visually-hidden'}}}

    @classmethod
    def from_library(cls, library):
        return cls(choices=[
            (area.id, area.name) for area in sorted(library)
        ])


class BroadcastAreaFormWithSelectAll(BroadcastAreaForm):

    select_all = govukCheckboxField('Select all')

    @classmethod
    def from_library(cls, library, select_all_choice):
        instance = super().from_library(library)
        (
            instance.select_all.area_slug,
            instance.select_all.label.text,
        ) = select_all_choice
        return instance

    @property
    def selected_areas(self):
        if self.select_all.data:
            return [self.select_all.area_slug]
        return self.areas.data
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								import weakref
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								from datetime import datetime, timedelta
-												Make whitespace stripping work for whitelists too

It’s a bit hacky, but it fixes a potential issue for users.

Code adapted from:
https://github.com/alphagov/digitalmarketplace-utils/commit/2c34f678ab4a34eaa1c510c91dacfc210343f389

											
										
										
											2017-12-11 16:22:37 +00:00
+								from itertools import chain
-												[WIP]
Let the API return a 400 error message if the service name is a duplicate.

											
										
										
											2017-08-07 11:30:25 +01:00
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								import pytz
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
+								from flask import Markup, render_template, request
-												move invite error handler to top level

ensure we catch org errors as well as regular errors

											
										
										
											2020-03-06 11:53:55 +00:00
+								from flask_login import current_user
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								from flask_wtf import FlaskForm as Form
 								from flask_wtf.file import FileAllowed
 								from flask_wtf.file import FileField as FileField_wtf
 								from notifications_utils.columns import Columns
-												Don’t show postage choice for international letters

International letters don’t have a choice of postage. Under the hood
they are either `europe` or `rest-of-world`.

So, for letters that we detect are international, this commit:
- removes the radios buttons that give users the choice of postage
- passes through either `europe` or `rest-of-world` to the API,
  depending on what address we find in the letter

This will cause the API to 500 until it can accept `europe` or
`rest-of-world` as postage types, but this is probably OK because it’s
only our services that have international letters switched on at the
moment.

											
										
										
											2020-05-20 11:12:33 +01:00
+								from notifications_utils.countries.data import Postage
-												Refactor to use PostalAddress helper from utils

Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  https://github.com/alphagov/notifications-api/blob/401c8e41d6a1e3b348b99eb0cc205bb420fce0c1/app/notifications/process_notifications.py#L40)

											
										
										
											2020-04-02 17:21:27 +01:00
+								from notifications_utils.formatters import strip_whitespace
 								from notifications_utils.postal_address import PostalAddress
-												Updated notifications_utils version and associated code. Added email subject formatting for placeholders.

											
										
										
											2016-04-14 12:00:55 +01:00
+								from notifications_utils.recipients import (
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								    InvalidPhoneError,
-												Allow service contact details to be phone number, email or url

Service contact details are needed if the upload document permission is
enabled - this used to be a link but services can now choose to use a
link, email address or phone number. The form to add or change service
contact details now gives these options and validates the data according
to the type of contact details provided.

When validating phone numbers we can't use the existing validation
because we want to allow landlines too, so there is a basic check that
the phone number is the right length and doesn't include certain
characters.

											
										
										
											2018-08-09 11:59:05 +01:00
+								    normalise_phone_number,
-												Update the service name validation in the ServiceNameForm and AddServiceForm to check the email_safe version
of the name against a list of all service email_from fields.
Update find_all_service_names to find_all_service_email_from, which returns the email_from of all services.

											
										
										
											2016-03-31 15:17:05 +01:00
+								    validate_phone_number,
 								)
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								from werkzeug.utils import cached_property
-												resolve merge conflicts

											
										
										
											2016-01-12 10:43:23 +00:00
+								from wtforms import (
-												[WIP] New user can now accept invite and will be made to
register. On succesful register and verfication they
will be added to service and forwarded to dashboard.

Nothing is done yet with the permissions requested in the
invite to the user.

											
										
										
											2016-03-02 15:25:04 +00:00
+								    BooleanField,
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								    DateField,
 								    FieldList,
 								    FileField,
-												Added provider management pages in.

- see priority
- change priority

											
										
										
											2016-05-11 09:43:55 +01:00
+								    HiddenField,
-												Add radio buttons for choosing the API key type

Best-guess wording for what the labels and question should be.

Adds a macro for rendering radio buttons from a WTForms field.

											
										
										
											2016-06-29 17:10:49 +01:00
+								    IntegerField,
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								    PasswordField,
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								)
 								from wtforms import RadioField as WTFormsRadioField
 								from wtforms import (
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
+								    SelectMultipleField,
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								    StringField,
 								    TextAreaField,
 								    ValidationError,
 								    validators,
 								    widgets,
-												Add flake8 linting to project

The GDS Way™[1] recommends using Flake8 to lint Python projects.

This commit takes the Flake8 config from Digital Marketplace API[2] and
removes the bits we don’t need.

It changes the `max_complexity` setting to 14, which is the most complex
code we have in this repo currently (we shouldn’t be writing code _more_
complex than what we already have).

This commit also fixes the errors found by Flake8, which includes 6(!)
tests which were never getting run because they had the same names as
existing tests.

Here is a full list of the errors that were found and fixed:
```
./app/__init__.py:2:1: F401 're' imported but unused
./app/__init__.py:4:1: F401 'json' imported but unused
./app/__init__.py:8:1: F401 'dateutil' imported but unused
./app/__init__.py:11:1: F401 'flask.escape' imported but unused
./app/__init__.py:41:1: F401 'app.proxy_fix' imported but unused
./app/__init__.py:129:5: F821 undefined name 'proxy_fix'
./app/__init__.py:221:19: F821 undefined name 'highlight'
./app/__init__.py:221:35: F821 undefined name 'JavascriptLexer'
./app/__init__.py:221:54: F821 undefined name 'HtmlFormatter'
./app/config.py:2:1: F401 'datetime.timedelta' imported but unused
./app/event_handlers.py:2:1: F401 'flask_login.current_user' imported but unused
./app/utils.py:11:1: F401 'dateutil.parser' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.two_factor' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.notifications' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.add_service' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.forgot_password' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.inbound_number' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.styleguide' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.organisations' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.letter_jobs' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.verify' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.conversation' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.api_keys' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.send' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.dashboard' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.jobs' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.manage_users' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.sign_in' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.sign_out' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.code_not_received' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.invites' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.platform_admin' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.providers' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.service_settings' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.index' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.new_password' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.user_profile' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.feedback' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.choose_service' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.templates' imported but unused
./app/main/__init__.py:5:1: F401 'app.main.views.register' imported but unused
./app/main/forms.py:12:1: F401 'wtforms.SelectField' imported but unused
./app/main/views/api_keys.py:37:29: E241 multiple spaces after ':'
./app/main/views/feedback.py:3:1: F401 'flask.flash' imported but unused
./app/main/views/feedback.py:122:17: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/inbound_number.py:1:1: F401 'flask.url_for' imported but unused
./app/main/views/inbound_number.py:1:1: F401 'flask.session' imported but unused
./app/main/views/inbound_number.py:1:1: F401 'flask.redirect' imported but unused
./app/main/views/inbound_number.py:1:1: F401 'flask.request' imported but unused
./app/main/views/inbound_number.py:13:1: F401 'flask.jsonify' imported but unused
./app/main/views/jobs.py:31:1: F401 'app.utils.get_template' imported but unused
./app/main/views/letter_jobs.py:1:1: F401 'datetime' imported but unused
./app/main/views/letter_jobs.py:6:1: F401 'app.format_datetime_24h' imported but unused
./app/main/views/manage_users.py:111:9: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/notifications.py:121:5: F841 local variable 'status_args' is assigned to but never used
./app/main/views/organisations.py:1:1: F401 'flask.request' imported but unused
./app/main/views/service_settings.py:77:9: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/service_settings.py:82:9: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/service_settings.py:420:13: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/sign_in.py:12:1: F401 'flask_login.confirm_login' imported but unused
./app/main/views/sign_in.py:17:1: F401 'app.service_api_client' imported but unused
./app/main/views/sign_in.py:62:13: E123 closing bracket does not match indentation of opening bracket's line
./app/main/views/templates.py:4:1: F401 'flask.json' imported but unused
./app/main/views/templates.py:17:1: F401 'notifications_utils.formatters.escape_html' imported but unused
./app/main/views/templates.py:23:1: F401 'app.utils.get_help_argument' imported but unused
./app/main/views/templates.py:64:13: E123 closing bracket does not match indentation of opening bracket's line
./app/notify_client/service_api_client.py:6:1: F401 '.notification_api_client' imported but unused
./app/notify_client/user_api_client.py:1:1: F401 'uuid' imported but unused
./app/notify_client/user_api_client.py:3:1: F401 'flask.session' imported but unused
./tests/__init__.py:1:1: F401 'csv' imported but unused
./tests/app/main/test_asset_fingerprinter.py:2:1: F401 'os' imported but unused
./tests/app/main/test_asset_fingerprinter.py:4:1: F401 'unittest.mock' imported but unused
./tests/app/main/test_asset_fingerprinter.py:98:9: F841 local variable 'string_with_unicode_character' is assigned to but never used
./tests/app/main/test_errorhandlers.py:2:1: F401 'flask.url_for' imported but unused
./tests/app/main/test_permissions.py:26:13: F841 local variable 'response' is assigned to but never used
./tests/app/main/test_placeholder_form.py:3:1: F401 'wtforms.Label' imported but unused
./tests/app/main/test_placeholder_form.py:11:10: F841 local variable 'req' is assigned to but never used
./tests/app/main/test_two_factor_form.py:10:67: F841 local variable 'req' is assigned to but never used
./tests/app/main/test_two_factor_form.py:23:65: F841 local variable 'req' is assigned to but never used
./tests/app/main/test_two_factor_form.py:37:48: F841 local variable 'req' is assigned to but never used
./tests/app/main/test_two_factor_form.py:51:67: F841 local variable 'req' is assigned to but never used
./tests/app/main/test_two_factor_form.py:65:67: F841 local variable 'req' is assigned to but never used
./tests/app/main/views/test_accept_invite.py:356:5: F841 local variable 'element' is assigned to but never used
./tests/app/main/views/test_activity.py:11:1: F811 redefinition of unused 'mock_get_notifications' from line 11
./tests/app/main/views/test_activity.py:18:1: F401 'datetime.datetime' imported but unused
./tests/app/main/views/test_activity.py:102:5: F841 local variable 'content' is assigned to but never used
./tests/app/main/views/test_activity.py:104:5: F841 local variable 'notification' is assigned to but never used
./tests/app/main/views/test_activity.py:337:5: F841 local variable '_notifications_mock' is assigned to but never used
./tests/app/main/views/test_activity.py:373:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_activity.py:378:9: E121 continuation line under-indented for hanging indent
./tests/app/main/views/test_activity.py:404:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_activity.py:407:9: E121 continuation line under-indented for hanging indent
./tests/app/main/views/test_api_keys.py:354:5: F841 local variable 'response' is assigned to but never used
./tests/app/main/views/test_conversation.py:5:1: F401 'bs4.BeautifulSoup' imported but unused
./tests/app/main/views/test_conversation.py:198:5: F841 local variable 'mock_get_inbound_sms' is assigned to but never used
./tests/app/main/views/test_dashboard.py:53:5: F841 local variable 'mock_template_stats' is assigned to but never used
./tests/app/main/views/test_dashboard.py:72:5: F841 local variable 'mock_template_stats' is assigned to but never used
./tests/app/main/views/test_jobs.py:2:1: F401 'uuid' imported but unused
./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.urlparse' imported but unused
./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.quote' imported but unused
./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.parse_qs' imported but unused
./tests/app/main/views/test_jobs.py:9:1: F401 'app.main.views.jobs.get_status_filters' imported but unused
./tests/app/main/views/test_jobs.py:10:1: F401 'tests.notification_json' imported but unused
./tests/app/main/views/test_letters.py:6:1: F401 'tests.service_json' imported but unused
./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.REQUESTED_STATUSES' imported but unused
./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.DELIVERED_STATUSES' imported but unused
./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.SENDING_STATUSES' imported but unused
./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.FAILURE_STATUSES' imported but unused
./tests/app/main/views/test_platform_admin.py:242:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_platform_admin.py:247:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_send.py:3:1: F401 'unittest.mock.Mock' imported but unused
./tests/app/main/views/test_send.py:18:1: F811 redefinition of unused 'mock_get_service' from line 18
./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_letter_contact_blocks' imported but unused
./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_sms_senders' imported but unused
./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_sms_senders' imported but unused
./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_letter_contact_blocks' imported but unused
./tests/app/main/views/test_send.py:102:5: F841 local variable 'response' is assigned to but never used
./tests/app/main/views/test_send.py:870:5: F841 local variable 'response' is assigned to but never used
./tests/app/main/views/test_send.py:1367:5: F841 local variable 'service_id' is assigned to but never used
./tests/app/main/views/test_send.py:1451:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_send.py:1620:80: E226 missing whitespace around arithmetic operator
./tests/app/main/views/test_send.py:1909:13: E126 continuation line over-indented for hanging indent
./tests/app/main/views/test_send.py:1912:9: E121 continuation line under-indented for hanging indent
./tests/app/main/views/test_service_settings.py:13:1: F811 redefinition of unused 'no_reply_to_email_addresses' from line 13
./tests/app/main/views/test_service_settings.py:13:1: F401 'tests.conftest.single_reply_to_email_address' imported but unused
./tests/app/main/views/test_service_settings.py:28:5: E123 closing bracket does not match indentation of opening bracket's line
./tests/app/main/views/test_service_settings.py:104:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:166:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:186:5: F841 local variable 'mocked_get_fn' is assigned to but never used
./tests/app/main/views/test_service_settings.py:217:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:237:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:257:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:307:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:340:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:466:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:555:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:615:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:719:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:874:5: F841 local variable 'page' is assigned to but never used
./tests/app/main/views/test_service_settings.py:902:5: F841 local variable 'page' is assigned to but never used
./tests/app/main/views/test_service_settings.py:954:5: F841 local variable 'page' is assigned to but never used
./tests/app/main/views/test_service_settings.py:986:5: F841 local variable 'page' is assigned to but never used
./tests/app/main/views/test_service_settings.py:1101:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1121:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1271:1: F811 redefinition of unused 'test_set_letter_contact_block_saves' from line 1189
./tests/app/main/views/test_service_settings.py:1433:5: F841 local variable 'page' is assigned to but never used
./tests/app/main/views/test_service_settings.py:1495:5: F841 local variable 'mocked_get_fn' is assigned to but never used
./tests/app/main/views/test_service_settings.py:1540:5: F841 local variable 'mocked_get_fn' is assigned to but never used
./tests/app/main/views/test_service_settings.py:1570:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1589:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1621:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1641:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1658:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1676:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1697:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1759:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_service_settings.py:1775:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13
./tests/app/main/views/test_templates.py:3:1: F401 'uuid' imported but unused
./tests/app/main/views/test_templates.py:11:1: F401 'tests.conftest.mock_get_user' imported but unused
./tests/app/main/views/test_templates.py:514:1: F811 redefinition of unused 'mock_get_user' from line 11
./tests/app/main/views/test_templates.py:672:1: F811 redefinition of unused 'mock_get_user' from line 11
./tests/app/main/views/test_templates.py:795:1: F811 redefinition of unused 'mock_get_user' from line 11
./tests/app/main/views/test_templates.py:835:1: F811 redefinition of unused 'mock_get_user' from line 11
./tests/app/main/views/test_two_factor.py:67:13: E126 continuation line over-indented for hanging indent
./tests/app/notify_client/test_notification_client.py:79:5: F841 local variable 'mock_post' is assigned to but never used
```

1. https://gds-way.cloudapps.digital/manuals/programming-languages/python/linting.html#how-to-use-flake8
2. https://github.com/alphagov/digitalmarketplace-api/blob/d5ab8afef4a0472f9d266d94ab4ffe1333a9aaad/.flake8

											
										
										
											2017-10-18 14:51:26 +01:00
+								)
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								from wtforms.fields.html5 import EmailField, SearchField, TelField
-												Add page to change a service's contact link

Added a page which lets users with the 'manage_service' permission change the
contact link for their service. There are no links to this page yet
since only services using document download will need to set a contact
link.

											
										
										
											2018-06-05 10:37:41 +01:00
+								from wtforms.validators import URL, DataRequired, Length, Optional, Regexp
-												First slice of csv upload of phone numbers for sending messages.

At the moment the file contents are not persisted by checked in
memory.

The first and last three records are show if all are valid.

If there are invalid rows, they are reported and the user is
prompted to go back and sort out upload file.

The storing of upload result (i.e. validation of file) in session
will be removed in next story which is about persisting of file
for later processing.

											
										
										
											2016-01-11 15:00:51 +00:00
-												Make one method for comma-formatting numbers

We were doing this a few different ways in different places.

											
										
										
											2019-07-08 14:09:29 +01:00
+								from app import format_thousands
-												Refactor to use validator class

Using a separate validator class to check for appropriate characters in
a text message sender means that we’re not doing this validation in a
different way from the other checks (length and required). So the code
is cleaner.

											
										
										
											2018-01-31 10:26:37 +00:00
+								from app.main.validators import (
-												Remove term ‘blacklist’ from codebase

‘Commonly used passwords’ is more specific, and avoids the terminology
‘blacklist’ which the National Cyber Security Centre explain to be
problematic:

> It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use.
>
> However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will
> avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps.

– https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white

											
										
										
											2020-06-16 18:04:29 +01:00
+								    CommonlyUsedPassword,
-												Refactor to use validator class

Using a separate validator class to check for appropriate characters in
a text message sender means that we’re not doing this validation in a
different way from the other checks (length and required). So the code
is cleaner.

											
										
										
											2018-01-31 10:26:37 +00:00
+								    CsvFileValidator,
-												Update SMS sender validation to reject senders starting with 00

Having SMS senders that start with 00 can cause issues with Firetext due
to Firetext's validation rules, so we shouldn't allow SMS senders to start
with 00.

Firetext treats a double 00 at the start of the senderID as an international
prefix, so removes them. A sender of 00447876574016 would become 447876574016.

Under Firetext's validation rules, an SMS sender of five 0s (00000) would
become  4400. This is because the first 00 are removed (as the international
prefix). The third 0 is seen as the start of a phone number, and becomes 44,
leaving the final 00 = 4400.

											
										
										
											2018-02-28 11:50:41 +00:00
+								    DoesNotStartWithDoubleZero,
-												Allow underscores in SMS senders

											
										
										
											2020-04-02 15:57:46 +01:00
+								    LettersNumbersFullStopsAndUnderscoresOnly,
-												Validate service and organisation name

											
										
										
											2019-11-08 17:12:32 +00:00
+								    MustContainAlphanumericCharacters,
-												Refactor to use validator class

Using a separate validator class to check for appropriate characters in
a text message sender means that we’re not doing this validation in a
different way from the other checks (length and required). So the code
is cleaner.

											
										
										
											2018-01-31 10:26:37 +00:00
+								    NoCommasInPlaceHolders,
-												Do not allow to upload SVG logos with embedded raster images in them

Those are for example png or jpg images. They do not render properly.

											
										
										
											2020-03-04 14:25:14 +00:00
+								    NoEmbeddedImagesInSVG,
-												Allow Welsh characters in SMS

- This brings in the latest version of notifications-utils which
allows Welsh characters in SMS templates.
- Updated the pricing page to show the new prices for SMS with certain
Welsh characters

											
										
										
											2019-05-03 15:13:39 +01:00
+								    OnlySMSCharacters,
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								    ValidEmail,
 								    ValidGovEmail,
-												Refactor to use validator class

Using a separate validator class to check for appropriate characters in
a text message sender means that we’re not doing this validation in a
different way from the other checks (length and required). So the code
is cleaner.

											
										
										
											2018-01-31 10:26:37 +00:00
+								)
-												Refactor so constants are used everywhere

											
										
										
											2020-03-24 15:36:39 +00:00
+								from app.models.feedback import PROBLEM_TICKET_TYPE, QUESTION_TICKET_TYPE
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								from app.models.organisation import Organisation
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
+								from app.models.roles_and_permissions import (
 								    broadcast_permissions,
 								    permissions,
 								    roles,
 								)
-												Remove domains from branding forms

We’re deprecating storing the domain as text on a branding in favour of
a database relationship between branding and organisation.

We need to do this now in order to remove the validation on these fields
(which depends on the data in `domains.yml`)

											
										
										
											2019-04-04 11:09:09 +01:00
+								from app.utils import guess_name_from_email_address
-												Moved mobile validation to utils module for use in csv upload as well.

This could be moved to shared utils code base at some point.

											
										
										
											2016-02-01 16:57:40 +00:00
-												108536490: Initial effort to implement log in

Add endpoint for post to /sign-in
Initialise role data

											
										
										
											2015-11-27 09:47:29 +00:00
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								def get_time_value_and_label(future_time):
 								    return (
 								        future_time.replace(tzinfo=None).isoformat(),
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								        '{} at {}'.format(
 								            get_human_day(future_time.astimezone(pytz.timezone('Europe/London'))),
 								            get_human_time(future_time.astimezone(pytz.timezone('Europe/London')))
 								        )
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								    )
 								def get_human_time(time):
 								    return {
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								        '0': 'midnight',
 								        '12': 'midday'
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								    }.get(
 								        time.strftime('%-H'),
 								        time.strftime('%-I%p').lower()
 								    )
-												Make it say later today

Categories before:

> Now, today, tomorrow, Friday…

Categories after:

> Now, later today, tomorrow Friday…

This reduces the ambiguity of ‘now’ vs ‘today’, and keeping the word
‘later’ suggests what this features is about.

This implementation here is a bit hacky, but it works…

											
										
										
											2016-10-11 17:59:09 +01:00
+								def get_human_day(time, prefix_today_with='T'):
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								    #  Add 1 hour to get ‘midnight today’ instead of ‘midnight tomorrow’
 								    time = (time - timedelta(hours=1)).strftime('%A')
 								    if time == datetime.utcnow().strftime('%A'):
-												Make it say later today

Categories before:

> Now, today, tomorrow, Friday…

Categories after:

> Now, later today, tomorrow Friday…

This reduces the ambiguity of ‘now’ vs ‘today’, and keeping the word
‘later’ suggests what this features is about.

This implementation here is a bit hacky, but it works…

											
										
										
											2016-10-11 17:59:09 +01:00
+								        return '{}oday'.format(prefix_today_with)
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								    if time == (datetime.utcnow() + timedelta(days=1)).strftime('%A'):
 								        return 'Tomorrow'
 								    return time
 								def get_furthest_possible_scheduled_time():
 								    return (datetime.utcnow() + timedelta(days=4)).replace(hour=0)
 								def get_next_hours_until(until):
 								    now = datetime.utcnow()
 								    hours = int((until - now).total_seconds() / (60 * 60))
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								    return [
-												Let users choose when to end a broadcast

Different emergencies will need broadcasts to last for a variable amount
of time. We give users some control over this by letting them stop a
broadcast early. But we should also let them set a maximum broadcast
time, for:
- when the duration of the danger is known
- when the broadcast has been live long enough to alert everyone who
  needs to know about it

This code re-uses the pattern for scheduling jobs, which has some
constraints that are probably OK for now:
- end time is limited to an hour
- longest duration is 3 whole days (eg if you start broadcasting Friday
  you have the choice of Saturday, Sunday and all of Monday, up to
  midnight)

											
										
										
											2020-07-16 10:49:21 +01:00
+								        (now + timedelta(hours=i)).replace(minute=0, second=0, microsecond=0).replace(tzinfo=pytz.utc)
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								        for i in range(1, hours + 1)
 								    ]
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								def get_next_days_until(until):
 								    now = datetime.utcnow()
 								    days = int((until - now).total_seconds() / (60 * 60 * 24))
 								    return [
-												Make it say later today

Categories before:

> Now, today, tomorrow, Friday…

Categories after:

> Now, later today, tomorrow Friday…

This reduces the ambiguity of ‘now’ vs ‘today’, and keeping the word
‘later’ suggests what this features is about.

This implementation here is a bit hacky, but it works…

											
										
										
											2016-10-11 17:59:09 +01:00
+								        get_human_day(
 								            (now + timedelta(days=i)).replace(tzinfo=pytz.utc),
 								            prefix_today_with='Later t'
 								        )
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								        for i in range(0, days + 1)
 								    ]
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								class RadioField(WTFormsRadioField):
 								    def __init__(
 								        self,
 								        *args,
 								        thing='an option',
 								        **kwargs
 								    ):
 								        super().__init__(*args, **kwargs)
 								        self.thing = thing
 								        self.validate_choice = False
 								    def pre_validate(self, form):
 								        super().pre_validate(form)
 								        if self.data not in dict(self.choices).keys():
 								            raise ValidationError(f'Select {self.thing}')
-												Use email fields for feedback form

Otherwise we can end up collecting invalid email addresses…

This required some refactoring to allow our email fields to be optional
(but not by default).

											
										
										
											2018-12-07 12:23:12 +00:00
+								def email_address(label='Email address', gov_user=True, required=True):
-												Update forgotten password to allow non-gov with test

											
										
										
											2016-10-26 14:01:01 +01:00
+								    validators = [
-												Use email fields for feedback form

Otherwise we can end up collecting invalid email addresses…

This required some refactoring to allow our email fields to be optional
(but not by default).

											
										
										
											2018-12-07 12:23:12 +00:00
+								        ValidEmail(),
-												Update forgotten password to allow non-gov with test

											
										
										
											2016-10-26 14:01:01 +01:00
+								    ]
 								    if gov_user:
-												Refactor to use a cleaner and lean regex

											
										
										
											2016-10-28 10:45:05 +01:00
+								        validators.append(ValidGovEmail())
-												Use email fields for feedback form

Otherwise we can end up collecting invalid email addresses…

This required some refactoring to allow our email fields to be optional
(but not by default).

											
										
										
											2018-12-07 12:23:12 +00:00
 								    if required:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators.append(DataRequired(message='Cannot be empty'))
-												Use email fields for feedback form

Otherwise we can end up collecting invalid email addresses…

This required some refactoring to allow our email fields to be optional
(but not by default).

											
										
										
											2018-12-07 12:23:12 +00:00
-												Don’t spellcheck email addresses

The GOV.UK Design System recommends:
> setting the spellcheck attribute to false so that browsers do not
> spellcheck the email address

											
										
										
											2019-07-16 08:59:17 +01:00
+								    return EmailField(label, validators, render_kw={'spellcheck': 'false'})
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
-												Use correct HTML 5 input types

These give devices a hint (although don’t mandate them) to use a numeric keypad,
or a keypad with the `@` symbol visible when entering phone numbers or email
addresses.

											
										
										
											2016-02-15 13:13:57 +00:00
+								class UKMobileNumber(TelField):
-												Add form field for a UK mobile phone number

This field does two things:
- validates the format of the phone number
- outputs a consistent representation of the phone number

Because of this I think it’s better represented as a new field type, rather
than individual validators.

I also think that it’s better to do this without regular expression(s), because
it makes returning the specific error easier.

This commit also adds basic pass/fail test for a series of valid/invalid
phone numbers.

											
										
										
											2016-01-12 18:10:16 +00:00
+								    def pre_validate(self, form):
-												Moved mobile validation to utils module for use in csv upload as well.

This could be moved to shared utils code base at some point.

											
										
										
											2016-02-01 16:57:40 +00:00
+								        try:
-												Store phone number as the user entered it

It’s confusing to the user to have their phone number played back to them in
a format that they didn’t enter it. We’ve seen multiple times that people enter
0781… and then don’t recognise their own phone number when it’s played back as
+44781…

The API can handle phone numbers in any format as of
https://github.com/alphagov/notifications-api/pull/134

So there is no need to reformat the user’s phone number before storing it now.

											
										
										
											2016-03-08 07:17:39 +00:00
+								            validate_phone_number(self.data)
-												Moved mobile validation to utils module for use in csv upload as well.

This could be moved to shared utils code base at some point.

											
										
										
											2016-02-01 16:57:40 +00:00
+								        except InvalidPhoneError as e:
-												Add remaining endpoints for PDFs and PNGs

Right now we can show what a letter template looks like as a PDF or PNG.

This commit completes the work so this is also possible when:

- showing a template with the placeholders replaced
- showing any version of a template

Also removes dependency on `Exception().message`, which was deprecated
in Python 2.6. See
https://github.com/alphagov/notifications-utils/commit/97f82d565f3112926752ae382e723b0808a3135d
for full details.

											
										
										
											2016-12-20 14:38:34 +00:00
+								            raise ValidationError(str(e))
-												Add form field for a UK mobile phone number

This field does two things:
- validates the format of the phone number
- outputs a consistent representation of the phone number

Because of this I think it’s better represented as a new field type, rather
than individual validators.

I also think that it’s better to do this without regular expression(s), because
it makes returning the specific error easier.

This commit also adds basic pass/fail test for a series of valid/invalid
phone numbers.

											
										
										
											2016-01-12 18:10:16 +00:00
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								class InternationalPhoneNumber(TelField):
 								    def pre_validate(self, form):
 								        try:
-												Updated invite email auth user flow

											
										
										
											2017-11-10 12:35:21 +00:00
+								            if self.data:
 								                validate_phone_number(self.data, international=True)
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								        except InvalidPhoneError as e:
 								            raise ValidationError(str(e))
-												Let users register with int’national phone numbers

Right now Notify restricts you to registering with a UK mobile number.
This is because when we built the user registration stuff we couldn’t
send to international mobiles.

However we can send to international mobile numbers, and it’s totally
reasonable to expect employees of the UK government to be working
abroad, and have a foreign mobile phone – we’ve heard from one such
user.

So this commit:
- changes all places where users enter their own phone number to use
  the validation function which allows international phone numbers
- renames the `mobile_number` validation to `uk_mobile_number` to make
  it explicit, and force it to break the tests if there’s somewhere it’s
  being used that I haven’t thought of

											
										
										
											2017-08-29 14:52:24 +01:00
+								def uk_mobile_number(label='Mobile number'):
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								    return UKMobileNumber(label,
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								                          validators=[DataRequired(message='Cannot be empty')])
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								def international_phone_number(label='Mobile number'):
 								    return InternationalPhoneNumber(
 								        label,
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty')]
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								    )
-												Change wording of form hints on register page

We’ve seen in research that people can be reticent to give their real
phone number. Telling them that it will be used for something should
help (ie we’re not just collecting it for marketing).

This also rewords the other form hints on this page to be less computery
because we haven’t looked at them in aaaages.

											
										
										
											2016-04-07 14:12:40 +01:00
+								def password(label='Password'):
-												Add confirmation of password for important changes

This commit adds an extra page or field for confirming your current password
when making important changes

Name                 | Email address     | Mobile number     | Password
---------------------|-------------------|-------------------|------------
No password required | As second page    | As second page    | On same page as new password

											
										
										
											2016-01-12 11:25:46 +00:00
+								    return PasswordField(label,
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								                         validators=[DataRequired(message='Cannot be empty'),
-												Reduce minimum password length to 8 characters

We see over and over in research that people are tripped up by the 10
character requirement because it’s longer than they are used to. Most
sites require 6 or 8 characters for a password.

It goes against the CESG advice which is to not try increasing password
strength by increasing the burden on the user:

> Traditionally, organisations impose rules on the length and complexity
> of passwords. However, people then tend to use predictable strategies
> to generate passwords, so the security benefit is marginal while the
> user burden is high.

https://www.cesg.gov.uk/guidance/password-guidance-simplifying-your-approach

Instead we should be relying on:

- [x] two factor authentication
- [x] blacklisting common passwords
- [ ] locking out users after a number of failed logins (not sure this
  is working)

											
										
										
											2016-09-26 09:29:50 +01:00
+								                                     Length(8, 255, message='Must be at least 8 characters'),
-												Remove term ‘blacklist’ from codebase

‘Commonly used passwords’ is more specific, and avoids the terminology
‘blacklist’ which the National Cyber Security Centre explain to be
problematic:

> It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use.
>
> However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will
> avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps.

– https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white

											
										
										
											2020-06-16 18:04:29 +01:00
+								                                     CommonlyUsedPassword(message='Choose a password that’s harder to guess')])
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
-												Enable numeric keypad for text message code

If you’re signing in on a phone, it’s easier to type the two factor code
with a numeric keypad. The most reliable way to get the numeric keypad
to show up on multiple devices is:
- `type='tel'` (not `type='number'` because that’s only meant for
  numbers, not string of digits, ie `01234` is not a number)
- `pattern='[0-9]*'`, without which it doesn’t work on iOS

Based on the guidance here:
- https://github.com/alphagov/govuk-design-system-backlog/issues/74
- https://docs.google.com/document/d/1wozIhOdt6wvlgqVReauUnlsJI-3fqUlNuQFwUI7tqAA/edit

											
										
										
											2018-05-07 22:26:24 +01:00
+								class SMSCode(StringField):
-												Refactor `sms_code` functionality into the class

So it’s all in one place, not two.

											
										
										
											2018-05-07 22:57:18 +01:00
+								    validators = [
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        DataRequired(message='Cannot be empty'),
-												bump reqs

											
										
										
											2018-11-13 10:49:35 +00:00
+								        Regexp(regex=r'^\d+$', message='Numbers only'),
-												Give better error messages for incorrect code

If we know the code won’t pass the validation on the API side, we might
as well tell the user before even passing it to the API.

So this commit:
- adds some more validators to the field
- rewrites the validation function on the form to actually call the
  field-level validators before hitting the API 🤦‍♂️
- refactors the tests to be parametrize, which means they can be
  shorter, easier to read, and more comprehensive

											
										
										
											2018-05-07 21:24:23 +01:00
+								        Length(min=5, message='Not enough numbers'),
 								        Length(max=5, message='Too many numbers'),
-												Refactor `sms_code` functionality into the class

So it’s all in one place, not two.

											
										
										
											2018-05-07 22:57:18 +01:00
+								    ]
 								    def __call__(self, **kwargs):
 								        return super().__call__(type='tel', pattern='[0-9]*', **kwargs)
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
-												Allow spaces and dashes in the two factor code

I noticed when using the dication software that saying ‘one two three
four five’ got dictated as `123 45`. This tripped the validation,
because the space character isn’t a digit.

So this commit normalises out spaces (and other spacing characters like
dashes and underscores) before validating the code and sending it to the
API.

I can also imagine that some people might like to space out the code to
make it easier to transcribe (like you might do with a credit card
number).

											
										
										
											2020-04-17 16:16:52 +01:00
+								    def process_formdata(self, valuelist):
 								        if valuelist:
 								            self.data = Columns.make_key(valuelist[0])
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								class ForgivingIntegerField(StringField):
-												Round max number limit down

A round number feels better than a very arbitrary-looking one.

											
										
										
											2019-02-27 13:02:55 +00:00
+								    #  Actual value is 2147483647 but this is a scary looking arbitrary number
 								    POSTGRES_MAX_INT = 2000000000
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								    def __init__(
 								        self,
 								        label=None,
 								        things='items',
 								        format_error_suffix='',
 								        **kwargs
 								    ):
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								        self.things = things
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								        self.format_error_suffix = format_error_suffix
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								        super().__init__(label, **kwargs)
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								    def process_formdata(self, valuelist):
 								        if valuelist:
-												Don’t reformat numbers if there are errors

It’s confusing to at the same time:
1. change what you’ve inputted
2. tell you it’s wrong

This commit makes it so that 1. only happens if 2. doesn’t.

											
										
										
											2019-02-27 12:05:28 +00:00
+								            value = valuelist[0].replace(',', '').replace(' ', '')
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
 								            try:
-												Don’t reformat numbers if there are errors

It’s confusing to at the same time:
1. change what you’ve inputted
2. tell you it’s wrong

This commit makes it so that 1. only happens if 2. doesn’t.

											
										
										
											2019-02-27 12:05:28 +00:00
+								                value = int(value)
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								            except ValueError:
 								                pass
-												Don’t reformat numbers if there are errors

It’s confusing to at the same time:
1. change what you’ve inputted
2. tell you it’s wrong

This commit makes it so that 1. only happens if 2. doesn’t.

											
										
										
											2019-02-27 12:05:28 +00:00
+								            if value == '':
 								                value = 0
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
-												Don’t reformat numbers if there are errors

It’s confusing to at the same time:
1. change what you’ve inputted
2. tell you it’s wrong

This commit makes it so that 1. only happens if 2. doesn’t.

											
										
										
											2019-02-27 12:05:28 +00:00
+								        return super().process_formdata([value])
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
 								    def pre_validate(self, form):
 								        if self.data:
 								            error = None
 								            try:
 								                if int(self.data) > self.POSTGRES_MAX_INT:
-												Make one method for comma-formatting numbers

We were doing this a few different ways in different places.

											
										
										
											2019-07-08 14:09:29 +01:00
+								                    error = 'Number of {} must be {} or less'.format(
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								                        self.things,
-												Make one method for comma-formatting numbers

We were doing this a few different ways in different places.

											
										
										
											2019-07-08 14:09:29 +01:00
+								                        format_thousands(self.POSTGRES_MAX_INT),
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								                    )
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								            except ValueError:
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								                error = 'Enter the number of {} {}'.format(
 								                    self.things,
 								                    self.format_error_suffix,
 								                )
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
 								            if error:
 								                raise ValidationError(error)
 								        return super().pre_validate(form)
 								    def __call__(self, **kwargs):
-												Don’t reformat numbers if there are errors

It’s confusing to at the same time:
1. change what you’ve inputted
2. tell you it’s wrong

This commit makes it so that 1. only happens if 2. doesn’t.

											
										
										
											2019-02-27 12:05:28 +00:00
+								        if self.get_form().is_submitted() and not self.get_form().validate():
 								            return super().__call__(
 								                value=(self.raw_data or [None])[0],
 								                **kwargs
 								            )
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								        try:
 								            value = int(self.data)
-												Make one method for comma-formatting numbers

We were doing this a few different ways in different places.

											
										
										
											2019-07-08 14:09:29 +01:00
+								            value = format_thousands(value)
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								        except (ValueError, TypeError):
 								            value = self.data if self.data is not None else ''
 								        return super().__call__(value=value, **kwargs)
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								class OrganisationTypeField(RadioField):
 								    def __init__(
 								        self,
 								        *args,
 								        include_only=None,
 								        validators=None,
 								        **kwargs
 								    ):
 								        super().__init__(
 								            *args,
 								            choices=[
 								                (value, label) for value, label in Organisation.TYPES
 								                if not include_only or value in include_only
 								            ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								            thing='the type of organisation',
 								            validators=validators or [],
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								            **kwargs
 								        )
-												Add page to change organisation type

If a user picks the wrong thing, we should be able to override it when
they go live.

											
										
										
											2017-10-05 12:06:40 +01:00
-												Move field definitions before form definitions

											
										
										
											2019-02-25 16:17:48 +00:00
+								class FieldWithNoneOption():
 								    # This is a special value that is specific to our forms. This is
 								    # more expicit than casting `None` to a string `'None'` which can
 								    # have unexpected edge cases
 								    NONE_OPTION_VALUE = '__NONE__'
 								    # When receiving Python data, eg when instantiating the form object
 								    # we want to convert that data to our special value, so that it gets
 								    # recognised as being one of the valid choices
 								    def process_data(self, value):
 								        self.data = self.NONE_OPTION_VALUE if value is None else value
 								    # After validation we want to convert it back to a Python `None` for
 								    # use elsewhere, eg posting to the API
 								    def post_validate(self, form, validation_stopped):
 								        if self.data == self.NONE_OPTION_VALUE and not validation_stopped:
 								            self.data = None
 								class RadioFieldWithNoneOption(FieldWithNoneOption, RadioField):
 								    pass
 								class NestedFieldMixin:
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
-												Move field definitions before form definitions

											
										
										
											2019-02-25 16:17:48 +00:00
+								    def children(self):
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
-												Move field definitions before form definitions

											
										
										
											2019-02-25 16:17:48 +00:00
+								        # start map with root option as a single child entry
 								        child_map = {None: [option for option in self
 								                            if option.data == self.NONE_OPTION_VALUE]}
 								        # add entries for all other children
 								        for option in self:
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								            # assign all options with a NONE_OPTION_VALUE (not always None) to the None key
-												Move field definitions before form definitions

											
										
										
											2019-02-25 16:17:48 +00:00
+								            if option.data == self.NONE_OPTION_VALUE:
 								                child_ids = [
 								                    folder['id'] for folder in self.all_template_folders
 								                    if folder['parent_id'] is None]
 								                key = self.NONE_OPTION_VALUE
 								            else:
 								                child_ids = [
 								                    folder['id'] for folder in self.all_template_folders
 								                    if folder['parent_id'] == option.data]
 								                key = option.data
 								            child_map[key] = [option for option in self if option.data in child_ids]
 								        return child_map
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								    # to be used as the only version of .children once radios are converted
 								    @cached_property
 								    def _children(self):
 								        return self.children()
 								    def get_items_from_options(self, field):
 								        items = []
 								        for option in self._children[None]:
 								            item = self.get_item_from_option(option)
 								            if option.data in self._children:
 								                item['children'] = self.render_children(field.name, option.label.text, self._children[option.data])
 								            items.append(item)
 								        return items
 								    def render_children(self, name, label, options):
 								        params = {
 								            "name": name,
 								            "fieldset": {
 								                "legend": {
 								                    "text": label,
 								                    "classes": "govuk-visually-hidden"
 								                }
 								            },
 								            "formGroup": {
 								                "classes": "govuk-form-group--nested"
 								            },
 								            "asList": True,
 								            "items": []
 								        }
 								        for option in options:
 								            item = self.get_item_from_option(option)
 								            if len(self._children[option.data]):
 								                item['children'] = self.render_children(name, option.label.text, self._children[option.data])
 								            params['items'].append(item)
 								        return render_template('forms/fields/checkboxes/template.njk', params=params)
-												Move field definitions before form definitions

											
										
										
											2019-02-25 16:17:48 +00:00
 								class NestedRadioField(RadioFieldWithNoneOption, NestedFieldMixin):
 								    pass
 								class NestedCheckboxesField(SelectMultipleField, NestedFieldMixin):
 								    NONE_OPTION_VALUE = None
 								class HiddenFieldWithNoneOption(FieldWithNoneOption, HiddenField):
 								    pass
 								class RadioFieldWithRequiredMessage(RadioField):
 								    def __init__(self, *args, required_message='Not a valid choice', **kwargs):
 								        self.required_message = required_message
 								        super().__init__(*args, **kwargs)
 								    def pre_validate(self, form):
 								        try:
 								            return super().pre_validate(form)
 								        except ValueError:
 								            raise ValueError(self.required_message)
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class StripWhitespaceForm(Form):
 								    class Meta:
 								        def bind_field(self, form, unbound_field, options):
 								            # FieldList simply doesn't support filters.
 								            # @see: https://github.com/wtforms/wtforms/issues/148
 								            no_filter_fields = (FieldList, PasswordField)
 								            filters = [strip_whitespace] if not issubclass(unbound_field.field_class, no_filter_fields) else []
 								            filters += unbound_field.kwargs.get('filters', [])
 								            bound = unbound_field.bind(form=form, filters=filters, **options)
 								            bound.get_form = weakref.ref(form)  # GC won't collect the form if we don't use a weakref
 								            return bound
-												Make whitespace stripping work for whitelists too

It’s a bit hacky, but it fixes a potential issue for users.

Code adapted from:
https://github.com/alphagov/digitalmarketplace-utils/commit/2c34f678ab4a34eaa1c510c91dacfc210343f389

											
										
										
											2017-12-11 16:22:37 +00:00
+								class StripWhitespaceStringField(StringField):
 								    def __init__(self, label=None, **kwargs):
 								        kwargs['filters'] = tuple(chain(
 								            kwargs.get('filters', ()),
 								            (
 								                strip_whitespace,
 								            ),
 								        ))
 								        super(StringField, self).__init__(label, **kwargs)
-												Refactor to use PostalAddress helper from utils

Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  https://github.com/alphagov/notifications-api/blob/401c8e41d6a1e3b348b99eb0cc205bb420fce0c1/app/notifications/process_notifications.py#L40)

											
										
										
											2020-04-02 17:21:27 +01:00
+								class PostalAddressField(TextAreaField):
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
+								    def process_formdata(self, valuelist):
 								        if valuelist:
-												Refactor to use PostalAddress helper from utils

Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  https://github.com/alphagov/notifications-api/blob/401c8e41d6a1e3b348b99eb0cc205bb420fce0c1/app/notifications/process_notifications.py#L40)

											
										
										
											2020-04-02 17:21:27 +01:00
+								            self.data = PostalAddress(valuelist[0]).normalised
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
-												Let GPs nominate service name

Most GP practice services are named after the practice, which is the
organisation.

So rather than make people re-type the name of their organisation (and
potentially make a typo) let’s just let them say ‘yes, that’s the name
of my organisation’.

											
										
										
											2019-09-05 12:10:24 +01:00
+								class OnOffField(RadioField):
 								    def __init__(self, label, choices=None, *args, **kwargs):
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        choices = choices or [
-												Let GPs nominate service name

Most GP practice services are named after the practice, which is the
organisation.

So rather than make people re-type the name of their organisation (and
potentially make a typo) let’s just let them say ‘yes, that’s the name
of my organisation’.

											
										
										
											2019-09-05 12:10:24 +01:00
+								            (True, 'On'),
 								            (False, 'Off'),
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        ]
 								        super().__init__(
 								            label,
 								            choices=choices,
 								            thing=f'{choices[0][1].lower()} or {choices[1][1].lower()}',
 								            *args,
 								            **kwargs,
 								        )
-												Let GPs nominate service name

Most GP practice services are named after the practice, which is the
organisation.

So rather than make people re-type the name of their organisation (and
potentially make a typo) let’s just let them say ‘yes, that’s the name
of my organisation’.

											
										
										
											2019-09-05 12:10:24 +01:00
 								    def process_formdata(self, valuelist):
 								        if valuelist:
 								            value = valuelist[0]
 								            self.data = (value == 'True') if value in ['True', 'False'] else value
 								    def iter_choices(self):
 								        for value, label in self.choices:
 								            # This overrides WTForms default behaviour which is to check
 								            # self.coerce(value) == self.data
 								            # where self.coerce returns a string for a boolean input
 								            yield (
 								                value,
 								                label,
 								                (self.data in {value, self.coerce(value)})
 								            )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class LoginForm(StripWhitespaceForm):
-												Improve email address input on sign in

- `type='email'` on the form field
- removing `autocomplete='off'` because it’s a browser feature that
  some people find useful

											
										
										
											2018-05-03 16:31:00 +01:00
+								    email_address = EmailField('Email address', validators=[
-												108536490: Adding the login manager and csrf token.

Still need to figure out how to override the load_user method, currently it is not working.

											
										
										
											2015-11-27 16:25:56 +00:00
+								        Length(min=5, max=255),
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        DataRequired(message='Cannot be empty'),
-												validate email addresses in one-off flow

previously we were just using the wtforms builtin email validator,
which is much more relaxed than our own one. It'd catch bad emails when
POSTing to the API, resulting in an ugly error message. It's easy work
to make sure we validate email addresses as soon as they're entered.

											
										
										
											2018-02-14 14:35:16 +00:00
+								        ValidEmail()
-												108536490: Initial effort to implement log in

Add endpoint for post to /sign-in
Initialise role data

											
										
										
											2015-11-27 09:47:29 +00:00
+								    ])
-												Amend name & password labels
											
										
										
											2015-12-02 15:23:03 +00:00
+								    password = PasswordField('Password', validators=[
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
+								        DataRequired(message='Enter your password')
-												108536490: Initial effort to implement log in

Add endpoint for post to /sign-in
Initialise role data

											
										
										
											2015-11-27 09:47:29 +00:00
+								    ])
-												108536366: Implement register flow

Includes validation for gov.uk email address, mobile number with +44, password at least 10 char.
Form validation errors will be added to template in a later story.
User is created when form validates.

											
										
										
											2015-12-01 13:23:54 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class RegisterUserForm(StripWhitespaceForm):
-												Amend name & password labels
											
										
										
											2015-12-02 15:23:03 +00:00
+								    name = StringField('Full name',
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								                       validators=[DataRequired(message='Cannot be empty')])
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
+								    email_address = email_address()
-												Let users register with int’national phone numbers

Right now Notify restricts you to registering with a UK mobile number.
This is because when we built the user registration stuff we couldn’t
send to international mobiles.

However we can send to international mobile numbers, and it’s totally
reasonable to expect employees of the UK government to be working
abroad, and have a foreign mobile phone – we’ve heard from one such
user.

So this commit:
- changes all places where users enter their own phone number to use
  the validation function which allows international phone numbers
- renames the `mobile_number` validation to `uk_mobile_number` to make
  it explicit, and force it to break the tests if there’s somewhere it’s
  being used that I haven’t thought of

											
										
										
											2017-08-29 14:52:24 +01:00
+								    mobile_number = international_phone_number()
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
+								    password = password()
-												refactor RegisterFromInvite to make auth_type required, and update test fixtures

											
										
										
											2017-11-13 13:39:31 +00:00
+								    # always register as sms type
 								    auth_type = HiddenField('auth_type', default='sms_auth')
-												109526520: render verify template with VerifyForm

											
										
										
											2015-12-04 16:21:01 +00:00
-												Guess people’s names when they’re invited

Most people’s names, especially in government are in the format
firstname.lastname@department.gov.uk. This means that you can pretty
reliably guess that their name is ‘Firstname Lastname’.

When users are invited to Notify we know their email address already.

So this commit pre-populates the registration form based on this guess.

This is a nice little detail, but it should also stop the browser
pre-filling the name field with someone’s email address (which I think
happens because the browser assumes a registration form will have an
email field).

											
										
										
											2018-07-02 09:08:21 +01:00
+								class RegisterUserFromInviteForm(RegisterUserForm):
-												only show mobile number on register from invite page if user is sms_auth

also clean up the way the form is invoked - it now populates from an
invited_user object

											
										
										
											2017-11-14 15:53:38 +00:00
+								    def __init__(self, invited_user):
 								        super().__init__(
-												Make user API client return JSON, not a model

The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.

											
										
										
											2019-05-23 15:27:35 +01:00
+								            service=invited_user.service,
 								            email_address=invited_user.email_address,
 								            auth_type=invited_user.auth_type,
-												Guess people’s names when they’re invited

Most people’s names, especially in government are in the format
firstname.lastname@department.gov.uk. This means that you can pretty
reliably guess that their name is ‘Firstname Lastname’.

When users are invited to Notify we know their email address already.

So this commit pre-populates the registration form based on this guess.

This is a nice little detail, but it should also stop the browser
pre-filling the name field with someone’s email address (which I think
happens because the browser assumes a registration form will have an
email field).

											
										
										
											2018-07-02 09:08:21 +01:00
+								            name=guess_name_from_email_address(
-												Make user API client return JSON, not a model

The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.

											
										
										
											2019-05-23 15:27:35 +01:00
+								                invited_user.email_address
-												Guess people’s names when they’re invited

Most people’s names, especially in government are in the format
firstname.lastname@department.gov.uk. This means that you can pretty
reliably guess that their name is ‘Firstname Lastname’.

When users are invited to Notify we know their email address already.

So this commit pre-populates the registration form based on this guess.

This is a nice little detail, but it should also stop the browser
pre-filling the name field with someone’s email address (which I think
happens because the browser assumes a registration form will have an
email field).

											
										
										
											2018-07-02 09:08:21 +01:00
+								            ),
-												only show mobile number on register from invite page if user is sms_auth

also clean up the way the form is invoked - it now populates from an
invited_user object

											
										
										
											2017-11-14 15:53:38 +00:00
+								        )
-												Updated invite email auth user flow

											
										
										
											2017-11-10 12:35:21 +00:00
+								    mobile_number = InternationalPhoneNumber('Mobile number', validators=[])
-												[WIP] New user can now accept invite and will be made to
register. On succesful register and verfication they
will be added to service and forwarded to dashboard.

Nothing is done yet with the permissions requested in the
invite to the user.

											
										
										
											2016-03-02 15:25:04 +00:00
+								    service = HiddenField('service')
-												Revert the disabled email field on the register-invited-user page, the email address is not being submitted on the form when registering

											
										
										
											2016-03-08 16:29:05 +00:00
+								    email_address = HiddenField('email_address')
-												refactor RegisterFromInvite to make auth_type required, and update test fixtures

											
										
										
											2017-11-13 13:39:31 +00:00
+								    auth_type = HiddenField('auth_type', validators=[DataRequired()])
-												[WIP] New user can now accept invite and will be made to
register. On succesful register and verfication they
will be added to service and forwarded to dashboard.

Nothing is done yet with the permissions requested in the
invite to the user.

											
										
										
											2016-03-02 15:25:04 +00:00
-												Updated invite email auth user flow

											
										
										
											2017-11-10 12:35:21 +00:00
+								    def validate_mobile_number(self, field):
-												refactor RegisterFromInvite to make auth_type required, and update test fixtures

											
										
										
											2017-11-13 13:39:31 +00:00
+								        if self.auth_type.data == 'sms_auth' and not field.data:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            raise ValidationError('Cannot be empty')
-												Updated invite email auth user flow

											
										
										
											2017-11-10 12:35:21 +00:00
-												[WIP] New user can now accept invite and will be made to
register. On succesful register and verfication they
will be added to service and forwarded to dashboard.

Nothing is done yet with the permissions requested in the
invite to the user.

											
										
										
											2016-03-02 15:25:04 +00:00
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								class RegisterUserFromOrgInviteForm(StripWhitespaceForm):
 								    def __init__(self, invited_org_user):
 								        super().__init__(
-												Make user API client return JSON, not a model

The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.

											
										
										
											2019-05-23 15:27:35 +01:00
+								            organisation=invited_org_user.organisation,
 								            email_address=invited_org_user.email_address,
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								        )
 								    name = StringField(
 								        'Full name',
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty')]
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								    )
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								    mobile_number = InternationalPhoneNumber('Mobile number', validators=[DataRequired(message='Cannot be empty')])
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								    password = password()
 								    organisation = HiddenField('organisation')
 								    email_address = HiddenField('email_address')
 								    auth_type = HiddenField('auth_type', validators=[DataRequired()])
-												Split common checkbox methods off into mixin

											
										
										
											2020-05-07 15:44:13 +01:00
+								class govukCheckboxesMixin:
-												Add govukCheckboxField for single checkboxes

Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False

											
										
										
											2020-05-07 15:30:20 +01:00
 								    def extend_params(self, params, extensions):
 								        items = None
 								        param_items = len(params['items']) if 'items' in params else 0
 								        # split items off from params to make it a pure dict
 								        if 'items' in extensions:
 								            items = extensions['items']
 								            del extensions['items']
 								        # merge dicts
 								        params.update(extensions)
 								        # merge items
 								        if items:
 								            if 'items' not in params:
 								                params['items'] = items
 								            else:
 								                for idx, _item in enumerate(items):
 								                    if idx >= param_items:
 								                        params['items'].append(items[idx])
 								                    else:
 								                        params['items'][idx].update(items[idx])
-												Split common checkbox methods off into mixin

											
										
										
											2020-05-07 15:44:13 +01:00
 								class govukCheckboxField(govukCheckboxesMixin, BooleanField):
 								    def __init__(self, label='', validators=None, param_extensions=None, **kwargs):
 								        super(govukCheckboxField, self).__init__(label, validators, false_values=None, **kwargs)
 								        self.param_extensions = param_extensions
-												Add govukCheckboxField for single checkboxes

Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False

											
										
										
											2020-05-07 15:30:20 +01:00
+								    # self.__call__ renders the HTML for the field by:
 								    # 1. delegating to self.meta.render_field which
 								    # 2. calls field.widget
 								    # this bypasses that by making self.widget a method with the same interface as widget.__call__
 								    def widget(self, field, param_extensions=None, **kwargs):
 								        # error messages
 								        error_message = None
 								        if field.errors:
-												Add analytics error tracking to checkbox fields

The existing macros added data attributes to any
error message displayed which communicated the
error to Google Analytics (if the user had given
consent).

This re-implements that functionality.

											
										
										
											2020-07-14 10:34:53 +01:00
+								            error_message = {
 								                "attributes": {
 								                    "data-module": "track-error",
 								                    "data-error-type": field.errors[0],
 								                    "data-error-label": field.name
 								                },
 								                "text": " ".join(field.errors).strip()
 								            }
-												Add govukCheckboxField for single checkboxes

Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False

											
										
										
											2020-05-07 15:30:20 +01:00
 								        params = {
 								            'name':  field.name,
 								            'errorMessage': error_message,
 								            'items': [
 								                {
 								                    "name": field.name,
 								                    "id": field.id,
 								                    "text": field.label.text,
 								                    "value": 'y',
 								                    "checked": field.data
 								                }
 								            ]
 								        }
 								        # extend default params with any sent in during instantiation
 								        if self.param_extensions:
 								            self.extend_params(params, self.param_extensions)
 								        # add any sent in though use in templates
 								        if param_extensions:
 								            self.extend_params(params, param_extensions)
 								        return Markup(
 								            render_template('forms/fields/checkboxes/macro.njk', params=params))
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
+								# based on work done by @richardjpope: https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6
-												Split common checkbox methods off into mixin

											
										
										
											2020-05-07 15:44:13 +01:00
+								class govukCheckboxesField(govukCheckboxesMixin, SelectMultipleField):
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								    render_as_list = False
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
+								    def __init__(self, label='', validators=None, param_extensions=None, **kwargs):
 								        super(govukCheckboxesField, self).__init__(label, validators, **kwargs)
 								        self.param_extensions = param_extensions
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								    def get_item_from_option(self, option):
 								        return {
 								            "name": option.name,
 								            "id": option.id,
 								            "text": option.label.text,
 								            "value": str(option.data),  # to protect against non-string types like uuids
 								            "checked": option.checked
 								        }
 								    def get_items_from_options(self, field):
 								        return [self.get_item_from_option(option) for option in field]
-												Update templates page

Includes:
- changes to the govukCheckboxesField class
  to allow params to be extended at render time
- updates to templates and folders CSS

											
										
										
											2020-04-09 11:51:11 +01:00
+								    def extend_params(self, params, extensions):
 								        items = None
 								        param_items = len(params['items']) if 'items' in params else 0
 								        # split items off from params to make it a pure dict
 								        if 'items' in extensions:
 								            items = extensions['items']
 								            del extensions['items']
 								        # merge dicts
 								        params.update(extensions)
 								        # merge items
 								        if items:
 								            if 'items' not in params:
 								                params['items'] = items
 								            else:
 								                for idx, _item in enumerate(items):
 								                    if idx >= param_items:
 								                        params['items'].append(items[idx])
 								                    else:
 								                        params['items'][idx].update(items[idx])
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
+								    # self.__call__ renders the HTML for the field by:
 								    # 1. delegating to self.meta.render_field which
 								    # 2. calls field.widget
 								    # this bypasses that by making self.widget a method with the same interface as widget.__call__
-												Update templates page

Includes:
- changes to the govukCheckboxesField class
  to allow params to be extended at render time
- updates to templates and folders CSS

											
										
										
											2020-04-09 11:51:11 +01:00
+								    def widget(self, field, param_extensions=None, **kwargs):
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
 								        # error messages
 								        error_message = None
 								        if field.errors:
-												Add analytics error tracking to checkbox fields

The existing macros added data attributes to any
error message displayed which communicated the
error to Google Analytics (if the user had given
consent).

This re-implements that functionality.

											
										
										
											2020-07-14 10:34:53 +01:00
+								            error_message = {
 								                "attributes": {
 								                    "data-module": "track-error",
 								                    "data-error-type": field.errors[0],
 								                    "data-error-label": field.name
 								                },
 								                "text": " ".join(field.errors).strip()
 								            }
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								        # returns either a list or a hierarchy of lists
 								        # depending on how get_items_from_options is implemented
 								        items = self.get_items_from_options(field)
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
 								        params = {
 								            'name':  field.name,
-												Add govukCheckboxField for single checkboxes

Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False

											
										
										
											2020-05-07 15:30:20 +01:00
+								            "fieldset": {
 								                "attributes": {"id": field.name},
 								                "legend": {
 								                    "text": field.label.text,
 								                    "classes": "govuk-fieldset__legend--s"
 								                }
 								            },
 								            "asList": self.render_as_list,
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
+								            'errorMessage': error_message,
 								            'items': items
 								        }
-												Add govukCheckboxField for single checkboxes

Single checkboxes are distinct because:
- they don't need to be wrapped in a `<fieldset>`
- they are a subclass of BooleanField so their
  data is either True or False

											
										
										
											2020-05-07 15:30:20 +01:00
+								        # extend default params with any sent in during instantiation
 								        if self.param_extensions:
 								            self.extend_params(params, self.param_extensions)
 								        # add any sent in though use in templates
 								        if param_extensions:
 								            self.extend_params(params, param_extensions)
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
 								        return Markup(
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								            render_template('forms/fields/checkboxes/macro.njk', params=params))
-												Add govukCheckboxesField

govukCheckboxesField subclasses
SelectMultipleField and overwrites how it renders
HTML to let us use the GOVUK Checkboxes component
while retaining all the functionality of WTForms
fields.

Based on work on github.com/richardjpope/recourse:

https://github.com/richardjpope/recourse/blob/master/recourse/forms.py#L6

											
										
										
											2020-04-02 18:06:01 +01:00
-												Add mixin & field to make collapsible checkboxes

Allows checkboxes to be collapsed so they take up
less space in the page. The collapsed state
includes a live summary tracking which of them are
selected.

Includes changes to the JS for collapsible
checkboxes to make it work with the GOVUK
Checkboxes component HTML.

											
										
										
											2020-04-23 12:12:55 +01:00
+								# Extends fields using the govukCheckboxesField interface to wrap their render in HTML needed by the collapsible JS
 								class govukCollapsibleCheckboxesMixin:
 								    def __init__(self, label='', validators=None, field_label='', param_extensions=None, **kwargs):
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								        super(govukCollapsibleCheckboxesMixin, self).__init__(label, validators, param_extensions, **kwargs)
-												Add mixin & field to make collapsible checkboxes

Allows checkboxes to be collapsed so they take up
less space in the page. The collapsed state
includes a live summary tracking which of them are
selected.

Includes changes to the JS for collapsible
checkboxes to make it work with the GOVUK
Checkboxes component HTML.

											
										
										
											2020-04-23 12:12:55 +01:00
+								        self.field_label = field_label
 								    def widget(self, field, **kwargs):
 								        # add a blank hint to act as an ARIA live-region
 								        if self.param_extensions is not None:
 								            self.param_extensions.update(
 								                {"hint": {"html": "<div class=\"selection-summary\" role=\"region\" aria-live=\"polite\"></div>"}})
 								        else:
 								            self.param_extensions = \
 								                {"hint": {"html": "<div class=\"selection-summary\" role=\"region\" aria-live=\"polite\"></div>"}}
 								        # wrap the checkboxes HTML in the HTML needed by the collapisble JS
 								        return Markup(
 								            f'<div class="selection-wrapper"'
 								            f'     data-module="collapsible-checkboxes"'
 								            f'     data-field-label="{self.field_label}">'
 								            f'  {super(govukCollapsibleCheckboxesMixin, self).widget(field, **kwargs)}'
 								            f'</div>'
 								        )
 								class govukCollapsibleCheckboxesField(govukCollapsibleCheckboxesMixin, govukCheckboxesField):
 								    pass
-												Add govukCollapsibleNestedCheckboxesField

Includes:
1. changes to make NestedFieldMixin work
  with new fields and CSS for nested checkboxes
2. adds custom version of GOVUK checkboxes
  component to allow us to:
  - add classes to elements currently inaccessible
  - wrap the checkboxes in a list
  - add child checkboxes to each checkbox (making
    tree structures possible through recursion

Change 2. should be pushed upstream to the GOVUK
Design System as a proposal for changes to the
GOVUK Checkboxes component.

											
										
										
											2020-04-23 12:15:24 +01:00
+								# govukCollapsibleCheckboxesMixin adds an ARIA live-region to the hint and wraps the render in HTML needed by the
 								# collapsible JS
 								# NestedFieldMixin puts the items into a tree hierarchy, pre-rendering the sub-trees of the top-level items
 								class govukCollapsibleNestedCheckboxesField(govukCollapsibleCheckboxesMixin, NestedFieldMixin, govukCheckboxesField):
 								    NONE_OPTION_VALUE = None
 								    render_as_list = True
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								# guard against data entries that aren't a role in permissions
 								def filter_by_permissions(valuelist):
 								    if valuelist is None:
 								        return None
 								    else:
 								        return [entry for entry in valuelist if any(entry in role for role in permissions)]
 								# guard against data entries that aren't a role in broadcast_permissions
 								def filter_by_broadcast_permissions(valuelist):
 								    if valuelist is None:
 								        return None
 								    else:
 								        return [entry for entry in valuelist if any(entry in role for role in broadcast_permissions)]
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
+								class BasePermissionsForm(StripWhitespaceForm):
-												Display nested folders permissions form on user permissions page

We're reusing the logic for the `move_to` nested radios field for the
user folder permissions nested checkboxes.

The main difference between the two forms (aside from the different
input type) is that "Move" form contains the root "Templates" as an
option, whereas the folder permissions doesn't.

It turns out that, because of the way NestedFieldMixin.children and
select_nested macro are implemented the easiest way to get the desired
folder permissions behaviour is to add the root folder as a choice with
a `None` value and `NONE_OPTION_VALUE = None` set on the field, which
allows the `child_map` to be constructed but doesn't display the root
folder checkbox itself since it gets overwritten in the final `child_map`.

											
										
										
											2019-02-25 16:23:28 +00:00
+								    def __init__(self, all_template_folders=None, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
-												Add tests for editing folder permissions for platform admin users

											
										
										
											2019-05-17 11:03:41 +01:00
+								        self.folder_permissions.choices = []
-												Send updated user folder permissions to the API

Integrates the folder permissions form with the updated API endpoint
to store changes in the user folders.

Since user folder permissions are returned in the full list of template
folders for the service we need to invalidate the cache key for it each
time we update user permissions.

											
										
										
											2019-02-27 15:45:18 +00:00
+								        if all_template_folders is not None:
-												Display nested folders permissions form on user permissions page

We're reusing the logic for the `move_to` nested radios field for the
user folder permissions nested checkboxes.

The main difference between the two forms (aside from the different
input type) is that "Move" form contains the root "Templates" as an
option, whereas the folder permissions doesn't.

It turns out that, because of the way NestedFieldMixin.children and
select_nested macro are implemented the easiest way to get the desired
folder permissions behaviour is to add the root folder as a choice with
a `None` value and `NONE_OPTION_VALUE = None` set on the field, which
allows the `child_map` to be constructed but doesn't display the root
folder checkbox itself since it gets overwritten in the final `child_map`.

											
										
										
											2019-02-25 16:23:28 +00:00
+								            self.folder_permissions.all_template_folders = all_template_folders
 								            self.folder_permissions.choices = [
 								                (item['id'], item['name']) for item in ([{'name': 'Templates', 'id': None}] + all_template_folders)
 								            ]
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								    folder_permissions = govukCollapsibleNestedCheckboxesField(
 								        'Folders this team member can see',
 								        field_label='folder')
-												Make permission checking a method

Having a function that takes an instance as its only argument suggests
that it should instead be a method on that instance.

											
										
										
											2018-06-13 12:07:08 +01:00
-												Email auth for inviting members and editing permissions

											
										
										
											2017-11-01 15:36:27 +00:00
+								    login_authentication = RadioField(
 								        'Sign in using',
 								        choices=[
 								            ('sms_auth', 'Text message code'),
 								            ('email_auth', 'Email link'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='how this team member should sign in',
-												Email auth for inviting members and editing permissions

											
										
										
											2017-11-01 15:36:27 +00:00
+								        validators=[DataRequired()]
 								    )
-												Updated form and fixed existing tests.

											
										
										
											2016-03-03 13:00:12 +00:00
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								    permissions_field = govukCheckboxesField(
-												Fix typo on invite page

There’s an _i_ missing from _Permssions_

											
										
										
											2020-08-04 18:17:38 +01:00
+								        'Permissions',
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								        filters=[filter_by_permissions],
 								        choices=[
 								            (value, label) for value, label in permissions
 								        ],
 								        param_extensions={
 								            "hint": {"text": "All team members can see sent messages."}
 								        }
 								    )
-												Revert "Change checkboxes to GOVUK frontend"

											
										
										
											2020-05-14 16:59:34 +01:00
 								    @property
 								    def permissions(self):
-												Revert support for old user permissions params

The fields used for user permissions on
permissions forms were changed as part of the work
converting the checkboxes to GOVUK Frontend.

This removes code added to protect against a
situation where the server-side app was running
this updated code but clients were POSTing from
pages that were not, and so sending the old HTTP
params.

											
										
										
											2020-07-31 15:16:56 +01:00
+								        return set(self.permissions_field.data)
-												Relabel existing permissions

Since we have added a new, 5th permission the existing permissions
should be relabelled so that the five make sense as a coherent set.

We especially want to make sure that:
- the labels work against the checkboxes and against the tick/crosses on
  the manage users page (a long time ago this page was layed out
  differently so didn’t have space for full labels)
- there is no confusion between usage and reports

This commit also:
- re-adds a line about what all users can see (‘sent messages’) but
  continues to omit the additional bullet points about templates and
  team members (because we think this is clear enough from reading the
  permissions)
- refactors the `Form` subclass so that the content and order of the
  permissions only have to be defined once
- brings back the ‘permissions’ legend on the `fieldset`

											
										
										
											2018-08-08 08:45:58 +01:00
-												Add a ‘See dashboard’ permission

Our research and prototyping around ‘basic view’ found that:
- a lot of users who send messages rarely or never look at the dashboard
  (yet it’s the first page they see when they sign in)
- team managers like the idea of taking away things that users don’t
  need in order to make the interface simpler

We’ve disentangled the simpler way of sending messages from being part
of ‘basic view’. This means we can give managers the option of taking
away the dashboard as an independent choice, not something that’s
wrapped up in a separate ‘view’.

I think that this checkbox is a more straightforward proposition than
‘basic view’ ever was (despite all the work we did to explain it and
develop the nested checkbox pattern). In research users would often
explain the feature back to us as being about hiding the dashboard – we
should try to make Notify operate in terms of concepts that come
naturally to people wherever possible.

											
										
										
											2018-08-06 11:10:37 +01:00
+								    @classmethod
-												Display nested folders permissions form on user permissions page

We're reusing the logic for the `move_to` nested radios field for the
user folder permissions nested checkboxes.

The main difference between the two forms (aside from the different
input type) is that "Move" form contains the root "Templates" as an
option, whereas the folder permissions doesn't.

It turns out that, because of the way NestedFieldMixin.children and
select_nested macro are implemented the easiest way to get the desired
folder permissions behaviour is to add the root folder as a choice with
a `None` value and `NONE_OPTION_VALUE = None` set on the field, which
allows the `child_map` to be constructed but doesn't display the root
folder checkbox itself since it gets overwritten in the final `child_map`.

											
										
										
											2019-02-25 16:23:28 +00:00
+								    def from_user(cls, user, service_id, **kwargs):
-												Add a ‘See dashboard’ permission

Our research and prototyping around ‘basic view’ found that:
- a lot of users who send messages rarely or never look at the dashboard
  (yet it’s the first page they see when they sign in)
- team managers like the idea of taking away things that users don’t
  need in order to make the interface simpler

We’ve disentangled the simpler way of sending messages from being part
of ‘basic view’. This means we can give managers the option of taking
away the dashboard as an independent choice, not something that’s
wrapped up in a separate ‘view’.

I think that this checkbox is a more straightforward proposition than
‘basic view’ ever was (despite all the work we did to explain it and
develop the nested checkbox pattern). In research users would often
explain the feature back to us as being about hiding the dashboard – we
should try to make Notify operate in terms of concepts that come
naturally to people wherever possible.

											
										
										
											2018-08-06 11:10:37 +01:00
+								        return cls(
-												Display nested folders permissions form on user permissions page

We're reusing the logic for the `move_to` nested radios field for the
user folder permissions nested checkboxes.

The main difference between the two forms (aside from the different
input type) is that "Move" form contains the root "Templates" as an
option, whereas the folder permissions doesn't.

It turns out that, because of the way NestedFieldMixin.children and
select_nested macro are implemented the easiest way to get the desired
folder permissions behaviour is to add the root folder as a choice with
a `None` value and `NONE_OPTION_VALUE = None` set on the field, which
allows the `child_map` to be constructed but doesn't display the root
folder checkbox itself since it gets overwritten in the final `child_map`.

											
										
										
											2019-02-25 16:23:28 +00:00
+								            **kwargs,
-												Add a ‘See dashboard’ permission

Our research and prototyping around ‘basic view’ found that:
- a lot of users who send messages rarely or never look at the dashboard
  (yet it’s the first page they see when they sign in)
- team managers like the idea of taking away things that users don’t
  need in order to make the interface simpler

We’ve disentangled the simpler way of sending messages from being part
of ‘basic view’. This means we can give managers the option of taking
away the dashboard as an independent choice, not something that’s
wrapped up in a separate ‘view’.

I think that this checkbox is a more straightforward proposition than
‘basic view’ ever was (despite all the work we did to explain it and
develop the nested checkbox pattern). In research users would often
explain the feature back to us as being about hiding the dashboard – we
should try to make Notify operate in terms of concepts that come
naturally to people wherever possible.

											
										
										
											2018-08-06 11:10:37 +01:00
+								            **{
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								                "permissions_field": [
 								                    role for role in roles.keys() if user.has_permission_for_service(service_id, role)]
-												Add a ‘See dashboard’ permission

Our research and prototyping around ‘basic view’ found that:
- a lot of users who send messages rarely or never look at the dashboard
  (yet it’s the first page they see when they sign in)
- team managers like the idea of taking away things that users don’t
  need in order to make the interface simpler

We’ve disentangled the simpler way of sending messages from being part
of ‘basic view’. This means we can give managers the option of taking
away the dashboard as an independent choice, not something that’s
wrapped up in a separate ‘view’.

I think that this checkbox is a more straightforward proposition than
‘basic view’ ever was (despite all the work we did to explain it and
develop the nested checkbox pattern). In research users would often
explain the feature back to us as being about hiding the dashboard – we
should try to make Notify operate in terms of concepts that come
naturally to people wherever possible.

											
										
										
											2018-08-06 11:10:37 +01:00
+								            },
 								            login_authentication=user.auth_type
 								        )
-												Allow setting of caseworking on a user

This commit changes the form that the user sees when inviting or editing
another user, if the service has the ‘caseworking’ permission set.

This will allow creating a new type of user, one who only has the
`send_messages` permission, without the `view_activity` permission.

We are doing this because we think there are a number of services with a
lot of users who don’t need to see the dashboard, or the other team
members, and that we can make a simpler interface for these users.

											
										
										
											2018-06-12 14:29:47 +01:00
-												Revert support for old user permissions params

The fields used for user permissions on
permissions forms were changed as part of the work
converting the checkboxes to GOVUK Frontend.

This removes code added to protect against a
situation where the server-side app was running
this updated code but clients were POSTing from
pages that were not, and so sending the old HTTP
params.

											
										
										
											2020-07-31 15:16:56 +01:00
+								class PermissionsForm(BasePermissionsForm):
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
+								    pass
-												Revert support for old user permissions params

The fields used for user permissions on
permissions forms were changed as part of the work
converting the checkboxes to GOVUK Frontend.

This removes code added to protect against a
situation where the server-side app was running
this updated code but clients were POSTing from
pages that were not, and so sending the old HTTP
params.

											
										
										
											2020-07-31 15:16:56 +01:00
+								class BroadcastPermissionsForm(BasePermissionsForm):
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								    permissions_field = govukCheckboxesField(
-												Fix typo on invite page

There’s an _i_ missing from _Permssions_

											
										
										
											2020-08-04 18:17:38 +01:00
+								        'Permissions',
-												Update permissions page

Includes adding filtering to the user permissions
data.

Classes extending BasePermissionsForm have their
user permissions handled by permissions_field
which stores its data in a list. This replaces the
previous approach of having a BooleanField for
each role.

Because permissions_field.data is taken directly
from POST data, it needs extra guarding against
values not present in whatever roles model the
class is based on (ie. broadcast_permissions).

											
										
										
											2020-04-02 18:08:50 +01:00
+								        choices=[
 								            (value, label) for value, label in broadcast_permissions
 								        ],
 								        filters=[filter_by_broadcast_permissions],
 								        param_extensions={
 								            "hint": {"text": "All team members can see sent messages."}
 								        }
 								    )
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
 								    @property
 								    def permissions(self):
 								        return {'view_activity'} | super().permissions
 								class BaseInviteUserForm():
-												Update forgotten password to allow non-gov with test

											
										
										
											2016-10-26 14:01:01 +01:00
+								    email_address = email_address(gov_user=False)
-												Added validation to ensure user can't invite themselves.

Refactored Invited user form into permissions and invite forms
for use in invite and edit permissions.

Added template for edit permissions.

											
										
										
											2016-03-09 13:00:52 +00:00
 								    def __init__(self, invalid_email_address, *args, **kwargs):
-												Refactor form classes for future reuse

There are three parts to a ‘user’ form:
- the email address
- the permissions
- the auth type setting

This commit breaks them up into abstract classes so that they can be
composed more flexibly in future commits.

											
										
										
											2018-06-12 11:51:37 +01:00
+								        super().__init__(*args, **kwargs)
-												Added validation to ensure user can't invite themselves.

Refactored Invited user form into permissions and invite forms
for use in invite and edit permissions.

Added template for edit permissions.

											
										
										
											2016-03-09 13:00:52 +00:00
+								        self.invalid_email_address = invalid_email_address.lower()
 								    def validate_email_address(self, field):
-												move invite error handler to top level

ensure we catch org errors as well as regular errors

											
										
										
											2020-03-06 11:53:55 +00:00
+								        if field.data.lower() == self.invalid_email_address and not current_user.platform_admin:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            raise ValidationError("You cannot send an invitation to yourself")
-												Added validation to ensure user can't invite themselves.

Refactored Invited user form into permissions and invite forms
for use in invite and edit permissions.

Added template for edit permissions.

											
										
										
											2016-03-09 13:00:52 +00:00
-												Only show relevant user permissions for broadcast services

For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost

											
										
										
											2020-07-13 11:10:34 +01:00
+								class InviteUserForm(BaseInviteUserForm, PermissionsForm):
 								    pass
 								class BroadcastInviteUserForm(BaseInviteUserForm, BroadcastPermissionsForm):
 								    pass
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								class InviteOrgUserForm(StripWhitespaceForm):
 								    email_address = email_address(gov_user=False)
 								    def __init__(self, invalid_email_address, *args, **kwargs):
 								        super(InviteOrgUserForm, self).__init__(*args, **kwargs)
 								        self.invalid_email_address = invalid_email_address.lower()
 								    def validate_email_address(self, field):
-												move invite error handler to top level

ensure we catch org errors as well as regular errors

											
										
										
											2020-03-06 11:53:55 +00:00
+								        if field.data.lower() == self.invalid_email_address and not current_user.platform_admin:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            raise ValidationError("You cannot send an invitation to yourself")
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class TwoFactorForm(StripWhitespaceForm):
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								    def __init__(self, validate_code_func, *args, **kwargs):
-												Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.

											
										
										
											2016-01-07 12:43:10 +00:00
+								        '''
 								        Keyword arguments:
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								        validate_code_func -- Validates the code with the API.
-												Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.

											
										
										
											2016-01-07 12:43:10 +00:00
+								        '''
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								        self.validate_code_func = validate_code_func
-												Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.

											
										
										
											2016-01-07 12:43:10 +00:00
+								        super(TwoFactorForm, self).__init__(*args, **kwargs)
-												Refactor `sms_code` functionality into the class

So it’s all in one place, not two.

											
										
										
											2018-05-07 22:57:18 +01:00
+								    sms_code = SMSCode('Text message code')
-												109638656: Implement two factor verify flow
When user enters valid sms code they are redirected to the dashboard.
Otherwise, form errors are present.

											
										
										
											2015-12-08 12:36:54 +00:00
-												Give better error messages for incorrect code

If we know the code won’t pass the validation on the API side, we might
as well tell the user before even passing it to the API.

So this commit:
- adds some more validators to the field
- rewrites the validation function on the form to actually call the
  field-level validators before hitting the API 🤦‍♂️
- refactors the tests to be parametrize, which means they can be
  shorter, easier to read, and more comprehensive

											
										
										
											2018-05-07 21:24:23 +01:00
+								    def validate(self):
 								        if not self.sms_code.validate(self):
 								            return False
 								        is_valid, reason = self.validate_code_func(self.sms_code.data)
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								        if not is_valid:
-												Give better error messages for incorrect code

If we know the code won’t pass the validation on the API side, we might
as well tell the user before even passing it to the API.

So this commit:
- adds some more validators to the field
- rewrites the validation function on the form to actually call the
  field-level validators before hitting the API 🤦‍♂️
- refactors the tests to be parametrize, which means they can be
  shorter, easier to read, and more comprehensive

											
										
										
											2018-05-07 21:24:23 +01:00
+								            self.sms_code.errors.append(reason)
 								            return False
 								        return True
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
-												109638656: Initial implementation for two-factor

											
										
										
											2015-12-07 16:56:11 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class TextNotReceivedForm(StripWhitespaceForm):
-												Let users register with int’national phone numbers

Right now Notify restricts you to registering with a UK mobile number.
This is because when we built the user registration stuff we couldn’t
send to international mobiles.

However we can send to international mobile numbers, and it’s totally
reasonable to expect employees of the UK government to be working
abroad, and have a foreign mobile phone – we’ve heard from one such
user.

So this commit:
- changes all places where users enter their own phone number to use
  the validation function which allows international phone numbers
- renames the `mobile_number` validation to `uk_mobile_number` to make
  it explicit, and force it to break the tests if there’s somewhere it’s
  being used that I haven’t thought of

											
										
										
											2017-08-29 14:52:24 +01:00
+								    mobile_number = international_phone_number()
-												109898688: Implementation of text-not-received and email-not-received

											
										
										
											2015-12-15 15:35:30 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class RenameServiceForm(StripWhitespaceForm):
-												Service name uniqueness handled in all cases and tests passing.

											
										
										
											2016-03-10 14:29:31 +00:00
+								    name = StringField(
-												Tidy up ‘change service name’ page

- Make service name repopulate in textbox
- More spacing between sections of the page

											
										
										
											2016-06-20 13:33:29 +01:00
+								        u'Service name',
-												Service name uniqueness handled in all cases and tests passing.

											
										
										
											2016-03-10 14:29:31 +00:00
+								        validators=[
-												Validate service and organisation name

											
										
										
											2019-11-08 17:12:32 +00:00
+								            DataRequired(message='Cannot be empty'),
 								            MustContainAlphanumericCharacters()
-												Service name uniqueness handled in all cases and tests passing.

											
										
										
											2016-03-10 14:29:31 +00:00
+								        ])
-												Add a WTForms-compatible textbox macro

This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
  and in markup terms

It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro

…to use this new macro and removes both of the old ones.

It also adds the option to display hint text above the textbox.

											
										
										
											2016-01-11 13:15:10 +00:00
-												update organisation name

											
										
										
											2018-03-06 17:12:31 +00:00
+								class RenameOrganisationForm(StripWhitespaceForm):
 								    name = StringField(
 								        u'Organisation name',
 								        validators=[
-												Validate service and organisation name

											
										
										
											2019-11-08 17:12:32 +00:00
+								            DataRequired(message='Cannot be empty'),
 								            MustContainAlphanumericCharacters()
-												update organisation name

											
										
										
											2018-03-06 17:12:31 +00:00
+								        ])
-												Let GPs nominate service name

Most GP practice services are named after the practice, which is the
organisation.

So rather than make people re-type the name of their organisation (and
potentially make a typo) let’s just let them say ‘yes, that’s the name
of my organisation’.

											
										
										
											2019-09-05 12:10:24 +01:00
+								class AddGPOrganisationForm(StripWhitespaceForm):
 								    def __init__(self, *args, service_name='unknown', **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.same_as_service_name.label.text = 'Is your GP practice called ‘{}’?'.format(service_name)
 								        self.service_name = service_name
 								    def get_organisation_name(self):
 								        if self.same_as_service_name.data:
 								            return self.service_name
 								        return self.name.data
 								    same_as_service_name = OnOffField(
 								        'Is your GP practice called the same name as your service?',
 								        choices=(
 								            (True, 'Yes'),
 								            (False, 'No'),
 								        ),
 								    )
 								    name = StringField(
 								        'What’s your practice called?',
 								    )
 								    def validate_name(self, field):
 								        if self.same_as_service_name.data is False:
 								            if not field.data:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								                raise ValidationError('Cannot be empty')
-												Let GPs nominate service name

Most GP practice services are named after the practice, which is the
organisation.

So rather than make people re-type the name of their organisation (and
potentially make a typo) let’s just let them say ‘yes, that’s the name
of my organisation’.

											
										
										
											2019-09-05 12:10:24 +01:00
+								        else:
 								            field.data = ''
-												Let NHS Trusts and CCGs choose own organisation

All we do via support is ask which organisation they work for and
manually assign their service to it. This commit makes that process self
service.

We think we have all the trusts and clinical commissioning groups
loaded into the database now.

This will make the go live process smoother for these teams.

											
										
										
											2019-09-05 16:18:02 +01:00
+								class AddNHSLocalOrganisationForm(StripWhitespaceForm):
 								    def __init__(self, *args, organisation_choices=None, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.organisations.choices = organisation_choices
 								    organisations = RadioField(
 								        'Which NHS Trust or Clinical Commissioning Group do you work for?',
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='an NHS Trust or Clinical Commissioning Group'
-												Let NHS Trusts and CCGs choose own organisation

All we do via support is ask which organisation they work for and
manually assign their service to it. This commit makes that process self
service.

We think we have all the trusts and clinical commissioning groups
loaded into the database now.

This will make the go live process smoother for these teams.

											
										
										
											2019-09-05 16:18:02 +01:00
+								    )
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								class OrganisationOrganisationTypeForm(StripWhitespaceForm):
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								    organisation_type = OrganisationTypeField('What type of organisation is this?')
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
 								class OrganisationCrownStatusForm(StripWhitespaceForm):
 								    crown_status = RadioField(
 								        (
 								            'Is this organisation a crown body?'
 								        ),
 								        choices=[
 								            ('crown', 'Yes'),
 								            ('non-crown', 'No'),
 								            ('unknown', 'Not sure'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='whether this organisation is a crown body',
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								    )
 								class OrganisationAgreementSignedForm(StripWhitespaceForm):
 								    agreement_signed = RadioField(
 								        (
 								            'Has this organisation signed the agreement?'
 								        ),
 								        choices=[
 								            ('yes', 'Yes'),
 								            ('no', 'No'),
 								            ('unknown', 'No (but we have some service-specific agreements in place)'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='whether this organisation has signed the agreement',
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								    )
 								class OrganisationDomainsForm(StripWhitespaceForm):
 								    def populate(self, domains_list):
 								        for index, value in enumerate(domains_list):
 								            self.domains[index].data = value
 								    domains = FieldList(
 								        StripWhitespaceStringField(
 								            '',
 								            validators=[
 								                Optional(),
 								            ],
 								            default=''
 								        ),
-												Allow up to 20 domains per organisation

The most we have in the spreadsheet is 18

											
										
										
											2019-03-22 16:27:30 +00:00
+								        min_entries=20,
 								        max_entries=20,
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								        label="Domain names"
 								    )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class CreateServiceForm(StripWhitespaceForm):
-												Collect organisation type

So that we can default services to their appropriate text allowance, we
need to find out what sector they're in. So let's start collecting that
from teams as they create new services.

I think Central/Local/NHS are the right options, but these can be easily
changed if not.

											
										
										
											2017-10-04 11:49:32 +01:00
+								    name = StringField(
-												Only show nhs radios if user has nhs domain email

Also split local NHS into two groups following designer advice
on readability.

											
										
										
											2019-07-16 15:37:27 +01:00
+								        "What’s your service called?",
-												Collect organisation type

So that we can default services to their appropriate text allowance, we
need to find out what sector they're in. So let's start collecting that
from teams as they create new services.

I think Central/Local/NHS are the right options, but these can be easily
changed if not.

											
										
										
											2017-10-04 11:49:32 +01:00
+								        validators=[
-												Validate service and organisation name

											
										
										
											2019-11-08 17:12:32 +00:00
+								            DataRequired(message='Cannot be empty'),
 								            MustContainAlphanumericCharacters()
-												Collect organisation type

So that we can default services to their appropriate text allowance, we
need to find out what sector they're in. So let's start collecting that
from teams as they create new services.

I think Central/Local/NHS are the right options, but these can be easily
changed if not.

											
										
										
											2017-10-04 11:49:32 +01:00
+								        ])
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								    organisation_type = OrganisationTypeField('Who runs this service?')
-												Add page to change organisation type

If a user picks the wrong thing, we should be able to override it when
they go live.

											
										
										
											2017-10-05 12:06:40 +01:00
-												Only show nhs radios if user has nhs domain email

Also split local NHS into two groups following designer advice
on readability.

											
										
										
											2019-07-16 15:37:27 +01:00
+								class CreateNhsServiceForm(CreateServiceForm):
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								    organisation_type = OrganisationTypeField(
 								        'Who runs this service?',
-												Add ‘GP’ as an organisation type

Although their allowances are the same as what we call `nhs_local` it
makes more sense to store them separately because:

- we already present them as two separate choices to the user
- we may want to handle them differently in the future, eg in terms of
  what branding choices are available to them

Once the API is updated we can start passing in this new value from
the admin app.

											
										
										
											2019-08-27 16:26:50 +01:00
+								        include_only={'nhs_central', 'nhs_local', 'nhs_gp'},
-												Refactor to avoid redefinition of org types

We’re defining the list of org types in a few different places. This
makes it more likely we’ll forget to update one of these places, thereby
introducing a bug.

This commit moves the definition to be on the organisation model, which
feels like a sensible enough place for it.

											
										
										
											2019-08-27 15:52:42 +01:00
+								    )
-												Only show nhs radios if user has nhs domain email

Also split local NHS into two groups following designer advice
on readability.

											
										
										
											2019-07-16 15:37:27 +01:00
-												Require more information when creating organisations

Currently we set not-very-useful defaults for organisation type and
crown status when creating an organisation. This commit adds two field
to the form (in addition to the existing name field) to explicitly ask
for:
- organisation type
- crown status

We need these for all organisations before we can make any of their
services live.

This commit also records any new organisation as not having accepted the
data sharing and financial agreement, because if we don’t know about the
organisation already then they definitely won’t have signed it.

											
										
										
											2019-07-01 10:19:33 +01:00
+								class NewOrganisationForm(
 								    RenameOrganisationForm,
-												Don’t create new organisations with no crown status

We need the crown status set so that we can let them accept the
agreement online.

											
										
										
											2019-07-01 17:01:11 +01:00
+								    OrganisationOrganisationTypeForm,
-												Require more information when creating organisations

Currently we set not-very-useful defaults for organisation type and
crown status when creating an organisation. This commit adds two field
to the form (in addition to the existing name field) to explicitly ask
for:
- organisation type
- crown status

We need these for all organisations before we can make any of their
services live.

This commit also records any new organisation as not having accepted the
data sharing and financial agreement, because if we don’t know about the
organisation already then they definitely won’t have signed it.

											
										
										
											2019-07-01 10:19:33 +01:00
+								    OrganisationCrownStatusForm,
 								):
-												Don’t create new organisations with no crown status

We need the crown status set so that we can let them accept the
agreement online.

											
										
										
											2019-07-01 17:01:11 +01:00
+								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        # Don’t offer the ‘not sure’ choice
 								        self.crown_status.choices = self.crown_status.choices[:-1]
-												Require more information when creating organisations

Currently we set not-very-useful defaults for organisation type and
crown status when creating an organisation. This commit adds two field
to the form (in addition to the existing name field) to explicitly ask
for:
- organisation type
- crown status

We need these for all organisations before we can make any of their
services live.

This commit also records any new organisation as not having accepted the
data sharing and financial agreement, because if we don’t know about the
organisation already then they definitely won’t have signed it.

											
										
										
											2019-07-01 10:19:33 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class FreeSMSAllowance(StripWhitespaceForm):
-												Add page to change SMS allowance

There may be exceptions to the rule, so we should have a way of
overriding this manually.

											
										
										
											2017-10-05 13:49:43 +01:00
+								    free_sms_allowance = IntegerField(
 								        'Numbers of text message fragments per year',
 								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message='Cannot be empty')
-												Add page to change SMS allowance

There may be exceptions to the rule, so we should have a way of
overriding this manually.

											
										
										
											2017-10-05 13:49:43 +01:00
+								        ]
 								    )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ConfirmPasswordForm(StripWhitespaceForm):
-												Added check for password on service change page, work in progress.

											
										
										
											2016-01-22 16:34:36 +00:00
+								    def __init__(self, validate_password_func, *args, **kwargs):
 								        self.validate_password_func = validate_password_func
 								        super(ConfirmPasswordForm, self).__init__(*args, **kwargs)
-												Add a WTForms-compatible textbox macro

This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
  and in markup terms

It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro

…to use this new macro and removes both of the old ones.

It also adds the option to display hint text above the textbox.

											
										
										
											2016-01-11 13:15:10 +00:00
+								    password = PasswordField(u'Enter password')
-												Added check for password on service change page, work in progress.

											
										
										
											2016-01-22 16:34:36 +00:00
+								    def validate_password(self, field):
 								        if not self.validate_password_func(field.data):
 								            raise ValidationError('Invalid password')
-												Add a WTForms-compatible textbox macro

This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
  and in markup terms

It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro

…to use this new macro and removes both of the old ones.

It also adds the option to display hint text above the textbox.

											
										
										
											2016-01-11 13:15:10 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class BaseTemplateForm(StripWhitespaceForm):
-												Mapped template actions to the api and mocked tests.

											
										
										
											2016-01-19 15:54:12 +00:00
+								    name = StringField(
 								        u'Template name',
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message="Cannot be empty")])
-												Make ‘template type’ radio buttons not `<select>`

Because burn your select tags[1]

This commit hard codes the markup for the time being until I can work out how
to get WTForms outputting the markup I want.

1. https://www.youtube.com/watch?v=CUkMCQR4TpY

											
										
										
											2016-01-22 12:19:15 +00:00
-												Rename `content` to `template` content

WTForms sets the `id` of a `textarea` element to the variable name to which the
form control is assigned.

This conflicts with the page container, which is styled by targeting `#content`.

											
										
										
											2016-01-22 12:15:47 +00:00
+								    template_content = TextAreaField(
-												Give the textbox on edit template a better label

‘Message content’ is very much _our_ name for the thing. ‘Message’ is
more human-friendly.

											
										
										
											2016-06-20 11:37:42 +01:00
+								        u'Message',
-												Don’t allow commas in placeholders

> If a user tries to save a template containing something like
> ((name,date)) we should give a validation error.

This is because it causes havoc with the column headers in CSV files.

https://www.pivotaltracker.com/story/show/117043389

											
										
										
											2016-04-07 16:02:06 +01:00
+								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message="Cannot be empty"),
-												ensure emails still accept emoji

											
										
										
											2017-02-15 15:06:47 +00:00
+								            NoCommasInPlaceHolders()
-												Don’t allow commas in placeholders

> If a user tries to save a template containing something like
> ((name,date)) we should give a validation error.

This is because it causes havoc with the column headers in CSV files.

https://www.pivotaltracker.com/story/show/117043389

											
										
										
											2016-04-07 16:02:06 +01:00
+								        ]
 								    )
-												Change the selectField on the edit template form to a radio field.
It's more stylish

											
										
										
											2017-01-19 09:35:34 +00:00
+								    process_type = RadioField(
 								        'Use priority queue?',
 								        choices=[
 								            ('priority', 'Yes'),
 								            ('normal', 'No'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='yes or no',
-												Change the selectField on the edit template form to a radio field.
It's more stylish

											
										
										
											2017-01-19 09:35:34 +00:00
+								        validators=[DataRequired()],
 								        default='normal'
 								    )
-												Add a WTForms-compatible textbox macro

This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
  and in markup terms

It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro

…to use this new macro and removes both of the old ones.

It also adds the option to display hint text above the textbox.

											
										
										
											2016-01-11 13:15:10 +00:00
-												ensure emails still accept emoji

											
										
										
											2017-02-15 15:06:47 +00:00
+								class SMSTemplateForm(BaseTemplateForm):
 								    def validate_template_content(self, field):
-												Make error message specific to template type

											
										
										
											2020-07-03 15:46:00 +01:00
+								        OnlySMSCharacters(template_type='sms')(None, field)
-												ensure emails still accept emoji

											
										
										
											2017-02-15 15:06:47 +00:00
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								class BroadcastTemplateForm(SMSTemplateForm):
-												Make error message specific to template type

											
										
										
											2020-07-03 15:46:00 +01:00
+								    def validate_template_content(self, field):
 								        OnlySMSCharacters(template_type='broadcast')(None, field)
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
+								class LetterAddressForm(StripWhitespaceForm):
-												Allow international addresses in spreadsheets

For services with permission, they can now put international addresses
into their spreadsheets without getting a postcode error.

This also means they can start using address line 7 instead of postcode,
since it doesn’t make sense to put a country in a field called
‘postcode’. But this will be undocumented to start with, because we’re
not giving any real users the permission.

It does now mean that the number of possible placeholders (7 + postcode)
is greater than the number of allowed placeholders (7), so we have to
account for that in the one-off address flow where we’re populating the
placeholders automatically. We’re sticking with 6 + postcode here for
backwards compatibility.

											
										
										
											2020-04-27 10:57:25 +01:00
+								    def __init__(self, *args, allow_international_letters=False, **kwargs):
 								        self.allow_international_letters = allow_international_letters
 								        super().__init__(*args, **kwargs)
-												Refactor to use PostalAddress helper from utils

Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  https://github.com/alphagov/notifications-api/blob/401c8e41d6a1e3b348b99eb0cc205bb420fce0c1/app/notifications/process_notifications.py#L40)

											
										
										
											2020-04-02 17:21:27 +01:00
+								    address = PostalAddressField(
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
+								        'Address',
 								        validators=[DataRequired(message="Cannot be empty")]
 								    )
 								    def validate_address(self, field):
-												Allow international addresses in spreadsheets

For services with permission, they can now put international addresses
into their spreadsheets without getting a postcode error.

This also means they can start using address line 7 instead of postcode,
since it doesn’t make sense to put a country in a field called
‘postcode’. But this will be undocumented to start with, because we’re
not giving any real users the permission.

It does now mean that the number of possible placeholders (7 + postcode)
is greater than the number of allowed placeholders (7), so we have to
account for that in the one-off address flow where we’re populating the
placeholders automatically. We’re sticking with 6 + postcode here for
backwards compatibility.

											
										
										
											2020-04-27 10:57:25 +01:00
+								        address = PostalAddress(
 								            field.data,
 								            allow_international_letters=self.allow_international_letters,
 								        )
-												Refactor to use PostalAddress helper from utils

Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  https://github.com/alphagov/notifications-api/blob/401c8e41d6a1e3b348b99eb0cc205bb420fce0c1/app/notifications/process_notifications.py#L40)

											
										
										
											2020-04-02 17:21:27 +01:00
 								        if not address.has_enough_lines:
 								            raise ValidationError(
 								                f'Address must be at least {PostalAddress.MIN_LINES} lines long'
 								            )
 								        if address.has_too_many_lines:
 								            raise ValidationError(
 								                f'Address must be no more than {PostalAddress.MAX_LINES} lines long'
 								            )
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
-												Allow international addresses in spreadsheets

For services with permission, they can now put international addresses
into their spreadsheets without getting a postcode error.

This also means they can start using address line 7 instead of postcode,
since it doesn’t make sense to put a country in a field called
‘postcode’. But this will be undocumented to start with, because we’re
not giving any real users the permission.

It does now mean that the number of possible placeholders (7 + postcode)
is greater than the number of allowed placeholders (7), so we have to
account for that in the one-off address flow where we’re populating the
placeholders automatically. We’re sticking with 6 + postcode here for
backwards compatibility.

											
										
										
											2020-04-27 10:57:25 +01:00
+								        if not address.has_valid_last_line:
 								            if self.allow_international_letters:
 								                raise ValidationError(
 								                    f'Last line of the address must be a UK postcode or another country'
 								                )
-												Add postcode validation check for one-off letters

We’re doing this everywhere else now, so this completes the story.

It uses the same regex as elsewhere and the error messaging is
consistent (but not uniform) with the other places.

											
										
										
											2020-04-02 17:32:26 +01:00
+								            raise ValidationError(
 								                f'Last line of the address must be a real UK postcode'
 								            )
-												Check for invalid chars in letter addresses

This now adds validation for invalid characters on the
LetterAddressForm for one off letters. It also adds a validation failed
message for uploaded letters, precompiled letters sent through the API,
and CSV rows with errors.

											
										
										
											2020-07-28 13:44:14 +01:00
+								        if address.has_invalid_characters:
 								            raise ValidationError(
 								                'Address lines must not start with any of the following characters: @ ( ) = [ ] ” \\ / ,'
 								            )
-												input letter address data in a single block

rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.

											
										
										
											2020-03-10 15:12:19 +00:00
-												ensure emails still accept emoji

											
										
										
											2017-02-15 15:06:47 +00:00
+								class EmailTemplateForm(BaseTemplateForm):
-												Make subject a textarea

In order for subject lines to have their fields highlighted they have to
be textboxes. This is because the highlighting script only works with
textboxes that don’t scroll, either horizontally, vertically, or be
keying through them.

											
										
										
											2016-04-14 14:04:41 +01:00
+								    subject = TextAreaField(
-												Add basic flow for adding email _or_ sms templates

Templates now have:
- a type (email or sms)
- a subject (if they are email templates)

We don’t want two completely separate view files for email and SMS, because they
would have an enormous amount of repetition.

So this commit adds
- different templates for SMS and email templates
- different form objects for SMS and email templates

…and wires them up.

											
										
										
											2016-02-22 14:45:13 +00:00
+								        u'Subject',
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message="Cannot be empty")])
-												Add basic flow for adding email _or_ sms templates

Templates now have:
- a type (email or sms)
- a subject (if they are email templates)

We don’t want two completely separate view files for email and SMS, because they
would have an enormous amount of repetition.

So this commit adds
- different templates for SMS and email templates
- different form objects for SMS and email templates

…and wires them up.

											
										
										
											2016-02-22 14:45:13 +00:00
-												Sprinkle `letter` throughout the app

Let users create/edit/delete letter templates.

Let them upload a CSV file or send a test against a letter template.

Big assumption at the moment is that addresses only have one line, and
therefore one column in the CSV file.

											
										
										
											2016-11-08 13:12:07 +00:00
+								class LetterTemplateForm(EmailTemplateForm):
-												Add multiple ‘edit’ links for letter templates

Letter templates have (or will have) multiple different editable
regions. I think that the most intuitive way for this to work is to have
- an edit link for each of these areas
- positioned next to the thing to be edited

Again, this isn’t fully hooked up, but since no-one is using letters
live yet this is a good way of getting research feedback and pointing
towards where we want the feature to go.

Uses percentages for the positioning so that the alignment is maintained
on mobile.

											
										
										
											2017-03-13 10:55:15 +00:00
+								    subject = TextAreaField(
-												Call letter subjects ‘main heading’

This is a term that one of our research participants used to describe
the big bold text that starts each letter. I think it’s quite a nice
plain english term for it.

Also changes the formatting guidance to use the word heading instead of
title, for consistency.

											
										
										
											2017-05-10 11:27:45 +01:00
+								        u'Main heading',
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message="Cannot be empty")])
-												Add multiple ‘edit’ links for letter templates

Letter templates have (or will have) multiple different editable
regions. I think that the most intuitive way for this to work is to have
- an edit link for each of these areas
- positioned next to the thing to be edited

Again, this isn’t fully hooked up, but since no-one is using letters
live yet this is a good way of getting research feedback and pointing
towards where we want the feature to go.

Uses percentages for the positioning so that the alignment is maintained
on mobile.

											
										
										
											2017-03-13 10:55:15 +00:00
 								    template_content = TextAreaField(
 								        u'Body',
 								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message="Cannot be empty"),
-												Add multiple ‘edit’ links for letter templates

Letter templates have (or will have) multiple different editable
regions. I think that the most intuitive way for this to work is to have
- an edit link for each of these areas
- positioned next to the thing to be edited

Again, this isn’t fully hooked up, but since no-one is using letters
live yet this is a good way of getting research feedback and pointing
towards where we want the feature to go.

Uses percentages for the positioning so that the alignment is maintained
on mobile.

											
										
										
											2017-03-13 10:55:15 +00:00
+								            NoCommasInPlaceHolders()
 								        ]
 								    )
-												Sprinkle `letter` throughout the app

Let users create/edit/delete letter templates.

Let them upload a CSV file or send a test against a letter template.

Big assumption at the moment is that addresses only have one line, and
therefore one column in the CSV file.

											
										
										
											2016-11-08 13:12:07 +00:00
-												Edit template postage from a separate view

											
										
										
											2019-01-29 15:43:59 +00:00
+								class LetterTemplatePostageForm(StripWhitespaceForm):
 								    postage = RadioField(
 								        'Choose the postage for this letter template',
 								        choices=[
 								            ('first', 'First class'),
 								            ('second', 'Second class'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='first class or second class',
-												Edit template postage from a separate view

											
										
										
											2019-01-29 15:43:59 +00:00
+								        validators=[DataRequired()]
 								    )
-												Add radio button and convert from to WTForm

											
										
										
											2019-10-09 11:23:02 +01:00
+								class LetterUploadPostageForm(StripWhitespaceForm):
-												Don’t show postage choice for international letters

International letters don’t have a choice of postage. Under the hood
they are either `europe` or `rest-of-world`.

So, for letters that we detect are international, this commit:
- removes the radios buttons that give users the choice of postage
- passes through either `europe` or `rest-of-world` to the API,
  depending on what address we find in the letter

This will cause the API to 500 until it can accept `europe` or
`rest-of-world` as postage types, but this is probably OK because it’s
only our services that have international letters switched on at the
moment.

											
										
										
											2020-05-20 11:12:33 +01:00
 								    def __init__(self, *args, postage_zone, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        if postage_zone != Postage.UK:
 								            self.postage.choices = [(postage_zone, '')]
 								            self.postage.data = postage_zone
 								    @property
 								    def show_postage(self):
 								        return len(self.postage.choices) > 1
-												Add radio button and convert from to WTForm

											
										
										
											2019-10-09 11:23:02 +01:00
+								    postage = RadioField(
 								        'Choose the postage for this letter',
 								        choices=[
 								            ('first', 'First class post'),
 								            ('second', 'Second class post'),
 								        ],
 								        default='second',
 								        validators=[DataRequired()]
 								    )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ForgotPasswordForm(StripWhitespaceForm):
-												Update forgotten password to allow non-gov with test

											
										
										
											2016-10-26 14:01:01 +01:00
+								    email_address = email_address(gov_user=False)
-												Add endpoints for forgot-password.

											
										
										
											2016-01-04 14:00:39 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class NewPasswordForm(StripWhitespaceForm):
-												Take out the Canadian politeness.
Make the error message more consistent.
Extracted common fields for the forms.

											
										
										
											2016-01-08 12:00:52 +00:00
+								    new_password = password()
-												First slice of csv upload of phone numbers for sending messages.

At the moment the file contents are not persisted by checked in
memory.

The first and last three records are show if all are valid.

If there are invalid rows, they are reported and the user is
prompted to go back and sort out upload file.

The storing of upload result (i.e. validation of file) in session
will be removed in next story which is about persisting of file
for later processing.

											
										
										
											2016-01-11 15:00:51 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ChangePasswordForm(StripWhitespaceForm):
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								    def __init__(self, validate_password_func, *args, **kwargs):
 								        self.validate_password_func = validate_password_func
 								        super(ChangePasswordForm, self).__init__(*args, **kwargs)
-												Add confirmation of password for important changes

This commit adds an extra page or field for confirming your current password
when making important changes

Name                 | Email address     | Mobile number     | Password
---------------------|-------------------|-------------------|------------
No password required | As second page    | As second page    | On same page as new password

											
										
										
											2016-01-12 11:25:46 +00:00
+								    old_password = password('Current password')
 								    new_password = password('New password')
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								    def validate_old_password(self, field):
 								        if not self.validate_password_func(field.data):
 								            raise ValidationError('Invalid password')
-												Add confirmation of password for important changes

This commit adds an extra page or field for confirming your current password
when making important changes

Name                 | Email address     | Mobile number     | Password
---------------------|-------------------|-------------------|------------
No password required | As second page    | As second page    | On same page as new password

											
										
										
											2016-01-12 11:25:46 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class CsvUploadForm(StripWhitespaceForm):
-												Updates to ‘send SMS’ page

Based on discussion with Pete.

Make the blue banner an ‘important’ banner (copied from Register to Vote, used
because it’s not as boxy and fits on the page better).

Remove the back button because you haven’t changed any data yet. If you need to
go back you can just press back or start again.

Make the filename stand out more.

Remove the ‘download example’ link. Will need to revist the best way of doing
this.

Make text messages consistently 2/3rd width.

											
										
										
											2016-02-04 12:20:24 +00:00
+								    file = FileField('Add recipients', validators=[DataRequired(
-												Added provider management pages in.

- see priority
- change priority

											
										
										
											2016-05-11 09:43:55 +01:00
+								        message='Please pick a file'), CsvFileValidator()])
-												Add loops for changing each part of your profile

This commit adds a page or series of pages for changing your:

Name              | Email address     | Mobile number     | Password
------------------|-------------------|-------------------|------------
Enter new value   | Enter new value   | Enter new value   | Enter new value
                  | Enter 2fa code    | Enter 2fa code    |
Return to profile | Return to profile | Return to profile | Return to profile

(each row is a page)

											
										
										
											2016-01-12 10:28:14 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ChangeNameForm(StripWhitespaceForm):
-												Add loops for changing each part of your profile

This commit adds a page or series of pages for changing your:

Name              | Email address     | Mobile number     | Password
------------------|-------------------|-------------------|------------
Enter new value   | Enter new value   | Enter new value   | Enter new value
                  | Enter 2fa code    | Enter 2fa code    |
Return to profile | Return to profile | Return to profile | Return to profile

(each row is a page)

											
										
										
											2016-01-12 10:28:14 +00:00
+								    new_name = StringField(u'Your name')
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ChangeEmailForm(StripWhitespaceForm):
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								    def __init__(self, validate_email_func, *args, **kwargs):
 								        self.validate_email_func = validate_email_func
 								        super(ChangeEmailForm, self).__init__(*args, **kwargs)
-												Add loops for changing each part of your profile

This commit adds a page or series of pages for changing your:

Name              | Email address     | Mobile number     | Password
------------------|-------------------|-------------------|------------
Enter new value   | Enter new value   | Enter new value   | Enter new value
                  | Enter 2fa code    | Enter 2fa code    |
Return to profile | Return to profile | Return to profile | Return to profile

(each row is a page)

											
										
										
											2016-01-12 10:28:14 +00:00
+								    email_address = email_address()
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								    def validate_email_address(self, field):
 								        is_valid = self.validate_email_func(field.data)
-												invite-team-members

											
										
										
											2018-02-19 16:53:29 +00:00
+								        if is_valid:
-												Working tests, hopefully all code changes done.

											
										
										
											2016-01-27 12:22:32 +00:00
+								            raise ValidationError("The email address is already in use")
-												Add loops for changing each part of your profile

This commit adds a page or series of pages for changing your:

Name              | Email address     | Mobile number     | Password
------------------|-------------------|-------------------|------------
Enter new value   | Enter new value   | Enter new value   | Enter new value
                  | Enter 2fa code    | Enter 2fa code    |
Return to profile | Return to profile | Return to profile | Return to profile

(each row is a page)

											
										
										
											2016-01-12 10:28:14 +00:00
-												Allow non-gov email addresses to be changed to gov email addresses

When a user's email address is updated, we not allowing it to be changed
to a non-government email address. We now allow a non-gov email address
to be changed to another non-gov email address. Government email
addresses still cannot be changed to non-government email addresses.

Also fixes the link in the error message on the ChangeEmailAddress form -
this was being escaped before.

											
										
										
											2019-04-18 16:03:13 +01:00
+								class ChangeNonGovEmailForm(ChangeEmailForm):
 								    email_address = email_address(gov_user=False)
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ChangeMobileNumberForm(StripWhitespaceForm):
-												Let users register with int’national phone numbers

Right now Notify restricts you to registering with a UK mobile number.
This is because when we built the user registration stuff we couldn’t
send to international mobiles.

However we can send to international mobile numbers, and it’s totally
reasonable to expect employees of the UK government to be working
abroad, and have a foreign mobile phone – we’ve heard from one such
user.

So this commit:
- changes all places where users enter their own phone number to use
  the validation function which allows international phone numbers
- renames the `mobile_number` validation to `uk_mobile_number` to make
  it explicit, and force it to break the tests if there’s somewhere it’s
  being used that I haven’t thought of

											
										
										
											2017-08-29 14:52:24 +01:00
+								    mobile_number = international_phone_number()
-												Add loops for changing each part of your profile

This commit adds a page or series of pages for changing your:

Name              | Email address     | Mobile number     | Password
------------------|-------------------|-------------------|------------
Enter new value   | Enter new value   | Enter new value   | Enter new value
                  | Enter 2fa code    | Enter 2fa code    |
Return to profile | Return to profile | Return to profile | Return to profile

(each row is a page)

											
										
										
											2016-01-12 10:28:14 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ChooseTimeForm(StripWhitespaceForm):
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
 								    def __init__(self, *args, **kwargs):
 								        super(ChooseTimeForm, self).__init__(*args, **kwargs)
 								        self.scheduled_for.choices = [('', 'Now')] + [
-												Allow a job to be scheduled any time in next 96hrs

If you want to send a job on Monday morning, you should be able to
schedule it on Friday. You shouldn’t need to work on the weekend.

96 hours is a full 4 days, so you can schedule a job at any time on
Friday for any time on Monday.

We’ve checked with the information assurance people, and they’re OK
with us holding the data for this extra amount of time.

This commit changes the choose time form from showing one radio button
for each of the next 24 hours to one for each of the next 96 hours. It
changes the labels from ‘9am’ to ‘Monday at 9am’ so it’s clear which
day you’re choosing.

											
										
										
											2016-10-11 14:11:10 +01:00
+								            get_time_value_and_label(hour) for hour in get_next_hours_until(
 								                get_furthest_possible_scheduled_time()
 								            )
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
+								        ]
-												Group choices for scheduling a job by day

The options for scheduling a job by time should be grouped by day,
because a long list of 96 options is not very usable.

On the server side, this commit generates label for the next 4 days in
a friendly format (ie today/tomorrow/Sunday/Monday)

The Javascript component for choosing a time was built in a kind of
old-school jQuery way, where it manipulated the elements on the page.
The complexity of introducing groups of options was just too much for
this pattern, because it involves storing a lot of state in the DOM.

This commit completely rewrites the JS to:

- read the initial options and groups from the HTML and store them
  in the object
- use Hogan to completely re-render the UI from a series of Mustache
  templates, each of which represents a state of the UI and takes the
  inital options and groups
- filter the choices to show when the today/tomorrow/… buttons are
  clicked

											
										
										
											2016-10-11 14:17:29 +01:00
+								        self.scheduled_for.categories = get_next_days_until(get_furthest_possible_scheduled_time())
-												Add a component for picking the time to send a job

Users need to pick a time in the next 24hrs, or send a file immediately.

Rationale for this is a bit lost in time-before-holiday, but generally:

‘Now’ and ‘later’ as the inital choices makes it really clear what
this feature is about conceptually.

The choice of times is absolute, eg ‘1pm’ not ‘in 3 hours’

											
										
										
											2016-08-07 09:17:49 +01:00
 								    scheduled_for = RadioField(
 								        'When should Notify send these messages?',
 								        default='',
 								    )
-												Let users choose when to end a broadcast

Different emergencies will need broadcasts to last for a variable amount
of time. We give users some control over this by letting them stop a
broadcast early. But we should also let them set a maximum broadcast
time, for:
- when the duration of the danger is known
- when the broadcast has been live long enough to alert everyone who
  needs to know about it

This code re-uses the pattern for scheduling jobs, which has some
constraints that are probably OK for now:
- end time is limited to an hour
- longest duration is 3 whole days (eg if you start broadcasting Friday
  you have the choice of Saturday, Sunday and all of Monday, up to
  midnight)

											
										
										
											2020-07-16 10:49:21 +01:00
+								class ChooseBroadcastDurationForm(StripWhitespaceForm):
 								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.finishes_at.choices = [
 								            get_time_value_and_label(hour) for hour in get_next_hours_until(
 								                get_furthest_possible_scheduled_time()
 								            )
 								        ]
 								        self.finishes_at.categories = get_next_days_until(
 								            get_furthest_possible_scheduled_time()
 								        )
 								    finishes_at = RadioField(
-												Make start time explicit when previewing a broadcast

We recently introduced a form control that lets user choose when a
broadcast ends.

Based on the most recent research participant, we think:
- there is a specific misunderstanding of what this control does
- there is a general low level of understanding of what a ‘broadcast’
  means

People will try to understand what a ‘broadcast’ is by using mental
models they have for other kinds of messaging, for example text
messages.

Other kinds of messaging are one-to-one, i.e. they go from a sender to a
recipient. They are not ongoing in any way.

Emails and texts are sent at a time (and for all practicable purposes
are received at that same time). So, when we present the user with
a form that controls time, they might well assume it controls the time
when the message will be sent.

This is a feature we offer for sending messages using a spreadsheet, and
that’s where we’ve borrowed this pattern from.

We reinforce this assumption with the labelling of the form control. By
front-loading it with the word ‘When’ we are playing to the users
confirmation bias, i.e. they are interpreting the meaning of the control
in a way that confirms their prior beliefs about how messaging works.

So this commit does two things:
- re-labels the form to front-load the word ‘End’ not ‘When’
- adds text to the page explaining when the broadcast will start, so
  there’s a chance of overriding that confirmation bias

If we can get users to go through this before sending a broadcast for
real, it could help them learn what a broadcast is, and how it differs
from sending text messages.

											
										
										
											2020-07-27 17:25:13 +01:00
+								        'End time',
-												Let users choose when to end a broadcast

Different emergencies will need broadcasts to last for a variable amount
of time. We give users some control over this by letting them stop a
broadcast early. But we should also let them set a maximum broadcast
time, for:
- when the duration of the danger is known
- when the broadcast has been live long enough to alert everyone who
  needs to know about it

This code re-uses the pattern for scheduling jobs, which has some
constraints that are probably OK for now:
- end time is limited to an hour
- longest duration is 3 whole days (eg if you start broadcasting Friday
  you have the choice of Saturday, Sunday and all of Monday, up to
  midnight)

											
										
										
											2020-07-16 10:49:21 +01:00
+								    )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class CreateKeyForm(StripWhitespaceForm):
-												Make existing_keys a required argument

Because we should always expect its presence, even it’s an empty list.
And because having mutable default arguments can have nasty side
effects.

											
										
										
											2018-11-13 14:27:01 +00:00
+								    def __init__(self, existing_keys, *args, **kwargs):
-												Move data transformation into the form

Follows what we’re doing with the folders stuff. Avoids having too many
very straightforward methods on the model. Especially when the data they
need is only used by the form. So it’s better to encapsulate the logic
in the form.

											
										
										
											2018-11-13 09:57:17 +00:00
+								        self.existing_key_names = [
 								            key['name'].lower() for key in existing_keys
-												Allow replacing a revoked key

We had someone wondering why they couldn’t do this. Seems legit to allow
it.

											
										
										
											2019-03-04 19:50:00 +00:00
+								            if not key['expiry_date']
-												Move data transformation into the form

Follows what we’re doing with the folders stuff. Avoids having too many
very straightforward methods on the model. Especially when the data they
need is only used by the form. So it’s better to encapsulate the logic
in the form.

											
										
										
											2018-11-13 09:57:17 +00:00
+								        ]
 								        super().__init__(*args, **kwargs)
-												Added a validator so that the key name is unique per service.

											
										
										
											2016-01-21 14:15:36 +00:00
-												Add radio buttons for choosing the API key type

Best-guess wording for what the labels and question should be.

Adds a macro for rendering radio buttons from a WTForms field.

											
										
										
											2016-06-29 17:10:49 +01:00
+								    key_type = RadioField(
-												Make label for key type grammatically correct

Wasn’t changed when we changed the options. 

Matches the ‘Name for this key’ label on the field above.
											
										
										
											2017-04-26 13:21:27 +01:00
+								        'Type of key',
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='the type of key',
-												Add radio buttons for choosing the API key type

Best-guess wording for what the labels and question should be.

Adds a macro for rendering radio buttons from a WTForms field.

											
										
										
											2016-06-29 17:10:49 +01:00
+								    )
-												Added a validator so that the key name is unique per service.

											
										
										
											2016-01-21 14:15:36 +00:00
+								    key_name = StringField(u'Description of key', validators=[
 								        DataRequired(message='You need to give the key a name')
 								    ])
 								    def validate_key_name(self, key_name):
-												Validation on key name is case insenstive

											
										
										
											2016-01-21 16:52:01 +00:00
+								        if key_name.data.lower() in self.existing_key_names:
-												Added a validator so that the key name is unique per service.

											
										
										
											2016-01-21 14:15:36 +00:00
+								            raise ValidationError('A key with this name already exists')
-												Feedback page working with all tests passing.

Updated to include team id.

Give Feedback -> Give feedback

											
										
										
											2016-04-19 13:51:16 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class SupportType(StripWhitespaceForm):
-												Split support into two pages

The kind of communications we’re getting at the moment can broadly be
broken down into:
- problems
- questions and feedback

We will need to triage problems differently, because they could
potentially be urgent/severe/emergency/P1/whatever language we use.
Questions or feedback will never be P1.

Two reasons for making the user categorise their tickets themselves:

- Outside of hours we can’t get someone out of bed in order to decide if
  a ticket is a problem or just feedback

- We can tailor the subsequent pages to whether it’s a problem or
  feedback (eg showing a link to the status page if the user is having
  a problem)

This commit let’s users make the choice with a pair of radio buttons.

It also cleans up a bunch of the tests and parameterizes them so we’re
testing the flow for both ticket types.

											
										
										
											2016-12-12 11:25:43 +00:00
+								    support_type = RadioField(
 								        'How can we help you?',
 								        choices=[
-												Refactor so constants are used everywhere

											
										
										
											2020-03-24 15:36:39 +00:00
+								            (PROBLEM_TICKET_TYPE, 'Report a problem'),
 								            (QUESTION_TICKET_TYPE, 'Ask a question or give feedback'),
-												Split support into two pages

The kind of communications we’re getting at the moment can broadly be
broken down into:
- problems
- questions and feedback

We will need to triage problems differently, because they could
potentially be urgent/severe/emergency/P1/whatever language we use.
Questions or feedback will never be P1.

Two reasons for making the user categorise their tickets themselves:

- Outside of hours we can’t get someone out of bed in order to decide if
  a ticket is a problem or just feedback

- We can tailor the subsequent pages to whether it’s a problem or
  feedback (eg showing a link to the status page if the user is having
  a problem)

This commit let’s users make the choice with a pair of radio buttons.

It also cleans up a bunch of the tests and parameterizes them so we’re
testing the flow for both ticket types.

											
										
										
											2016-12-12 11:25:43 +00:00
+								        ],
 								    )
-												Direct members of the public somewhere more useful

We can’t give advice to members of the public, but increasingly we’re
seeing them try to use our support form to ask.

It would be better for them if we can direct them straight to somewhere
more useful, before they have the chance to raise a support ticket.

This commit replaces the report a problem/ask a question triaging for
users who aren’t signed in. It’s not possible for non-signed-in users to
raise an priority 1 ticket, so we never need to triage the tickets in
this way.

Instead we can triage people based on whether they work in the public
sector or not. If they do then we send them on to the feedback form. If
not then they go to a new page which contains some useful links. We’ve
chosen these links based on some analysis of the support tickets we’ve
received recently[1]

1. https://docs.google.com/spreadsheets/d/1uBQn-ZnCYfz6ltFaUKZpytgvBF0-MeshCLZ1cD74R0c/edit?usp=sharing

											
										
										
											2020-03-24 15:01:42 +00:00
+								class SupportRedirect(StripWhitespaceForm):
 								    who = RadioField(
 								        'What do you need help with?',
 								        choices=[
 								            ('public-sector', 'I work in the public sector and need to send emails, text messages or letters'),
 								            ('public', 'I’m a member of the public with a question for the government'),
 								        ],
 								    )
-												Use the same form for problems and questions

											
										
										
											2020-03-24 15:13:53 +00:00
+								class FeedbackOrProblem(StripWhitespaceForm):
-												Mark field as optional

As suggested by the design system

											
										
										
											2020-03-23 11:36:06 +00:00
+								    name = StringField('Name (optional)')
-												Require email address for all support tickets

We are seeing little benefit of allowing users to not put in their email
address. This will mean that you must provide it for feedback, not just
problems with the site.

There could maybe be some more refactoring of the support templates as
this is now very similar to the report a problem page but this is a
quick fix so haven't gone too in depth.

											
										
										
											2020-03-23 11:04:03 +00:00
+								    email_address = email_address(label='Email address', gov_user=False, required=True)
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								    feedback = TextAreaField('Your message', validators=[DataRequired(message="Cannot be empty")])
-												Put a form on the request to go live page

This commit:
- moves things around a bit on the request to go live page
- sticks a textbox in there

So when someone click the big green button, we will get a support ticket
that looks something like:
```
From Test User <test@user.gov.uk> on behalf of Test Service
(6ce466d0-fd6a-11e5-82f5-e0accb9d11a6)

---

We’ll send about 1000 text messages in the first month, and then 10,000
text messages per month after that. Usage of our service is about 50%
higher in March, at the end of the tax year.
```

											
										
										
											2016-04-26 13:31:57 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class Triage(StripWhitespaceForm):
-												Triage tickets based on time of day and services

TL;DR, as much as possible we should work out how to prioritise tickets
and not put that burden on the user. However, there are some cases where
we can’t.

In business hours all tickets are high priority, ie we will at least
acknowledge them within 30 mins.

If we are not in business hours then we need to know if a ticket is
serious enough to get someone out of bed. Only the user can tell us
this, but we can give them some examples to help them decide.

In addition, out-of-hours tickets are only a priority if the user has
live services. Normally we can determine this and do the
priority-setting in the background.

If they can’t log in then we can’t determine what services they have. So
in this case they will need to use the emergency email address, which
only users with live services will have.

The logic for this gets fairly complex. It might be to easier to
understand what’s going on by walking through the test cases, which are
a bit more declarative.

N.B. Deskpro’s ‘urgency’ is descending, eg 10 is the most urgent and 1
is the least.

											
										
										
											2016-12-12 11:44:11 +00:00
+								    severe = RadioField(
 								        'Is it an emergency?',
 								        choices=[
 								            ('yes', 'Yes'),
 								            ('no', 'No'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='yes or no',
-												Triage tickets based on time of day and services

TL;DR, as much as possible we should work out how to prioritise tickets
and not put that burden on the user. However, there are some cases where
we can’t.

In business hours all tickets are high priority, ie we will at least
acknowledge them within 30 mins.

If we are not in business hours then we need to know if a ticket is
serious enough to get someone out of bed. Only the user can tell us
this, but we can give them some examples to help them decide.

In addition, out-of-hours tickets are only a priority if the user has
live services. Normally we can determine this and do the
priority-setting in the background.

If they can’t log in then we can’t determine what services they have. So
in this case they will need to use the emergency email address, which
only users with live services will have.

The logic for this gets fairly complex. It might be to easier to
understand what’s going on by walking through the test cases, which are
a bit more declarative.

N.B. Deskpro’s ‘urgency’ is descending, eg 10 is the most urgent and 1
is the least.

											
										
										
											2016-12-12 11:44:11 +00:00
+								    )
-												Move the ‘estimated usage’ questions

We get a bunch of requests to go live where people have told us they're
going to send email but there is no email reply-to address present.

These come from 2 scenarios:

1. when there are email templates, and no reply to address – but they
   ignore the checklist
2. when there are no email templates (yet) but they provide anticipated
   volumes for email

At the moment we only auto-check for a reply to address when they have
email templates. And because the question about anticipated volumes
follows the checklist, you'll get a checklist that passes (reply
addresses not required as no templates present) - but your future intent
that differs (reply address IS required because you have anticipated
volumes).

So let’s bring the request for anticipated volumes into the checklist,
that way we can dynamically add the requirement for a reply to address
if they say they will send email but don't have templates yet.

We should begin storing it in the database against the service to stop
people having to re-enter it each time they try to complete the go live
screens.

This also means moving the ‘consent to research question’ along with
the questions about volume, because
- we want people to answer both before going live
- we don’t want to clutter up the summary page by asking questions there
  too

											
										
										
											2019-02-15 11:03:19 +00:00
+								class EstimateUsageForm(StripWhitespaceForm):
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
 								    volume_email = ForgivingIntegerField(
-												Replace channels and volumes with volumes/channel

Now that we’re a more mature platform we don’t care so much about the
load that one service might put on our platform.

We do care about intended volumes for two reasons:
- modelling the benefits that services get from using Notify
- managing stocks of envelopes (while our letter volumes are small
  enough that they could be skewed by one new service)

Changing to the ‘how many per year’ question also has the benefit of
mapping directly to the data we store in the ‘beta partners’
spreadsheet.

											
										
										
											2018-08-30 11:00:39 +01:00
+								        'How many emails do you expect to send in the next year?',
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								        things='emails',
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								        format_error_suffix='you expect to send',
-												Made the request to go live fields mandatory
											
										
										
											2016-10-24 15:46:22 +01:00
+								    )
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								    volume_sms = ForgivingIntegerField(
-												Replace channels and volumes with volumes/channel

Now that we’re a more mature platform we don’t care so much about the
load that one service might put on our platform.

We do care about intended volumes for two reasons:
- modelling the benefits that services get from using Notify
- managing stocks of envelopes (while our letter volumes are small
  enough that they could be skewed by one new service)

Changing to the ‘how many per year’ question also has the benefit of
mapping directly to the data we store in the ‘beta partners’
spreadsheet.

											
										
										
											2018-08-30 11:00:39 +01:00
+								        'How many text messages do you expect to send in the next year?',
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								        things='text messages',
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								        format_error_suffix='you expect to send',
-												Fix casing and multi-line stuff

											
										
										
											2016-10-24 13:38:55 +01:00
+								    )
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								    volume_letter = ForgivingIntegerField(
-												Replace channels and volumes with volumes/channel

Now that we’re a more mature platform we don’t care so much about the
load that one service might put on our platform.

We do care about intended volumes for two reasons:
- modelling the benefits that services get from using Notify
- managing stocks of envelopes (while our letter volumes are small
  enough that they could be skewed by one new service)

Changing to the ‘how many per year’ question also has the benefit of
mapping directly to the data we store in the ‘beta partners’
spreadsheet.

											
										
										
											2018-08-30 11:00:39 +01:00
+								        'How many letters do you expect to send in the next year?',
-												Add latest content

From: https://docs.google.com/document/d/1aykf1MjJH5y21Bz1ht6WJncb9cKu0fsPlac3-bkMPe8/edit

											
										
										
											2019-02-27 13:02:37 +00:00
+								        things='letters',
-												Revise error message for non-numeric responses

Things we talked about:
• asking users to write the number 'as numerals' or 'using digits' isn't
  very plain English
• the style guide says to use an example in the error `..., like 5,000`
  but not if you have an example in the hint text, so we can't do that
• I have reservations about 'correct format', because it sounds odd if
  you're not describing something like a phone number, NI number or
  credit card number.

Looking back through Request to Go Live tickets on Zendesk.
---

I got to September before I found anything that would count as invalid
under our new rules:

> Possibly around 1,000,000- not planning on implementing emails yet but
might change

I'll keep looking, but if most people enter the number according to the
hint example we might be able to go with a much simpler error just
prompting them to enter a number – no convoluted descriptions of what we
mean by a number

There seemed to be more problems when the Qs were about start volume and
peak volume. Users felt the need to explain their plans more.

Using 'number' instead of 'volume' is more explicit too – so that
probably helps.

In terms of errors:
`Enter the number of emails you expect to send`
`Enter the number of text messages you expect to send`
`Enter the number of letters you expect to send`
– will probably do it, right?

											
										
										
											2019-02-27 15:10:34 +00:00
+								        format_error_suffix='you expect to send',
-												Fix casing and multi-line stuff

											
										
										
											2016-10-24 13:38:55 +01:00
+								    )
-												Move the ‘estimated usage’ questions

We get a bunch of requests to go live where people have told us they're
going to send email but there is no email reply-to address present.

These come from 2 scenarios:

1. when there are email templates, and no reply to address – but they
   ignore the checklist
2. when there are no email templates (yet) but they provide anticipated
   volumes for email

At the moment we only auto-check for a reply to address when they have
email templates. And because the question about anticipated volumes
follows the checklist, you'll get a checklist that passes (reply
addresses not required as no templates present) - but your future intent
that differs (reply address IS required because you have anticipated
volumes).

So let’s bring the request for anticipated volumes into the checklist,
that way we can dynamically add the requirement for a reply to address
if they say they will send email but don't have templates yet.

We should begin storing it in the database against the service to stop
people having to re-enter it each time they try to complete the go live
screens.

This also means moving the ‘consent to research question’ along with
the questions about volume, because
- we want people to answer both before going live
- we don’t want to clutter up the summary page by asking questions there
  too

											
										
										
											2019-02-15 11:03:19 +00:00
+								    consent_to_research = RadioField(
-												Add question about research consent

Since GDPR came into effect it’s less clear about whether we can
contact teams for user research purposes.

If we make people opt-in (or not) we know we’re safe to contact them (or
not).

Since we mostly care about how services are using Notify for real (ie
live services) or services that are considering adopting it (ie those
who have contacted us with a question) it feels like the go-live process
is the most appropriate place to collect this consent.

											
										
										
											2018-08-30 11:51:34 +01:00
+								        'Can we contact you when we’re doing user research?',
 								        choices=[
 								            ('yes', 'Yes'),
 								            ('no', 'No'),
 								        ],
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='yes or no',
-												Add question about research consent

Since GDPR came into effect it’s less clear about whether we can
contact teams for user research purposes.

If we make people opt-in (or not) we know we’re safe to contact them (or
not).

Since we mostly care about how services are using Notify for real (ie
live services) or services that are considering adopting it (ie those
who have contacted us with a question) it feels like the go-live process
is the most appropriate place to collect this consent.

											
										
										
											2018-08-30 11:51:34 +01:00
+								    )
-												Added provider management pages in.

- see priority
- change priority

											
										
										
											2016-05-11 09:43:55 +01:00
-												Make answers to volume questions optional

It’s annoying and very ‘computer says no’ to make people type `0` in a
box. We can see from our analytics that this error is affecting about 7%
of users trying to go live.

This commit relaxes the validation to only require a number greater than
1 for at least one of the questions.

It also lets people enter their numbers comma-separated – like our
examples suggest – but normalises them to integers before sending them
over to the API.

											
										
										
											2019-02-15 13:34:29 +00:00
+								    at_least_one_volume_filled = True
 								    def validate(self, *args, **kwargs):
 								        if self.volume_email.data == self.volume_sms.data == self.volume_letter.data == 0:
 								            self.at_least_one_volume_filled = False
 								            return False
 								        return super().validate(*args, **kwargs)
-												Added provider management pages in.

- see priority
- change priority

											
										
										
											2016-05-11 09:43:55 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ProviderForm(StripWhitespaceForm):
-												Added provider management pages in.

- see priority
- change priority

											
										
										
											2016-05-11 09:43:55 +01:00
+								    priority = IntegerField('Priority', [validators.NumberRange(min=1, max=100, message="Must be between 1 and 100")])
-												Admin app settings to save reply to email address for service.

											
										
										
											2016-05-16 13:09:58 +01:00
-												Add a form to set priority of top 2 providers

Their priority should always add up to 100%. Currently we have to ensure
this by hand. Adding this form means there’s no way to not set their
combined priorities to 100%. And it’s a bit more of an intuitive UI than
two textboxes on separate pages.

											
										
										
											2019-12-02 18:15:00 +00:00
+								class ProviderRatioForm(StripWhitespaceForm):
 								    ratio = RadioField(choices=[
 								        (str(value), '{}% / {}%'.format(value, 100 - value))
 								        for value in range(100, -10, -10)
 								    ])
 								    @property
 								    def percentage_left(self):
 								        return int(self.ratio.data)
 								    @property
 								    def percentage_right(self):
 								        return 100 - self.percentage_left
-												Allow service contact details to be phone number, email or url

Service contact details are needed if the upload document permission is
enabled - this used to be a link but services can now choose to use a
link, email address or phone number. The form to add or change service
contact details now gives these options and validates the data according
to the type of contact details provided.

When validating phone numbers we can't use the existing validation
because we want to allow landlines too, so there is a basic check that
the phone number is the right length and doesn't include certain
characters.

											
										
										
											2018-08-09 11:59:05 +01:00
+								class ServiceContactDetailsForm(StripWhitespaceForm):
 								    contact_details_type = RadioField(
 								        'Type of contact details',
 								        choices=[
 								            ('url', 'Link'),
 								            ('email_address', 'Email address'),
 								            ('phone_number', 'Phone number'),
 								        ],
-												Add page to change a service's contact link

Added a page which lets users with the 'manage_service' permission change the
contact link for their service. There are no links to this page yet
since only services using document download will need to set a contact
link.

											
										
										
											2018-06-05 10:37:41 +01:00
+								    )
-												Allow service contact details to be phone number, email or url

Service contact details are needed if the upload document permission is
enabled - this used to be a link but services can now choose to use a
link, email address or phone number. The form to add or change service
contact details now gives these options and validates the data according
to the type of contact details provided.

When validating phone numbers we can't use the existing validation
because we want to allow landlines too, so there is a basic check that
the phone number is the right length and doesn't include certain
characters.

											
										
										
											2018-08-09 11:59:05 +01:00
+								    url = StringField("URL")
 								    email_address = EmailField("Email address")
 								    phone_number = StringField("Phone number")
 								    def validate(self):
 								        if self.contact_details_type.data == 'url':
 								            self.url.validators = [DataRequired(), URL(message='Must be a valid URL')]
 								        elif self.contact_details_type.data == 'email_address':
 								            self.email_address.validators = [DataRequired(), Length(min=5, max=255), ValidEmail()]
 								        elif self.contact_details_type.data == 'phone_number':
 								            # we can't use the existing phone number validation functions here since we want to allow landlines
 								            def valid_phone_number(self, num):
 								                try:
 								                    normalise_phone_number(num.data)
 								                    return True
 								                except InvalidPhoneError:
 								                    raise ValidationError('Must be a valid phone number')
 								            self.phone_number.validators = [DataRequired(), Length(min=5, max=20), valid_phone_number]
 								        return super().validate()
-												Add page to change a service's contact link

Added a page which lets users with the 'manage_service' permission change the
contact link for their service. There are no links to this page yet
since only services using document download will need to set a contact
link.

											
										
										
											2018-06-05 10:37:41 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ServiceReplyToEmailForm(StripWhitespaceForm):
-												Update 'reply-to email address'
											
										
										
											2019-07-09 16:47:11 +01:00
+								    email_address = email_address(label='Reply-to email address', gov_user=False)
-												Update all single field checkboxes

Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.

											
										
										
											2020-04-09 16:31:19 +01:00
+								    is_default = govukCheckboxField("Make this email address the default")
-												Users can set a value that appears as the sender of a text message.

It can be up to eleven characters alpha numeric, no special characters
allowed.

											
										
										
											2016-07-01 13:47:22 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ServiceSmsSenderForm(StripWhitespaceForm):
-												Add some explaining to the SMS sender page

											
										
										
											2016-08-22 16:10:57 +01:00
+								    sms_sender = StringField(
 								        'Text message sender',
 								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message="Cannot be empty"),
-												Refactor to use validator class

Using a separate validator class to check for appropriate characters in
a text message sender means that we’re not doing this validation in a
different way from the other checks (length and required). So the code
is cleaner.

											
										
										
											2018-01-31 10:26:37 +00:00
+								            Length(max=11, message="Enter 11 characters or fewer"),
-												Reduce min sender length from 4 to 3

This is now supported at the network and aggregator level

											
										
										
											2020-04-21 12:51:54 +01:00
+								            Length(min=3, message="Enter 3 characters or more"),
-												Allow underscores in SMS senders

											
										
										
											2020-04-02 15:57:46 +01:00
+								            LettersNumbersFullStopsAndUnderscoresOnly(),
-												Update SMS sender validation to reject senders starting with 00

Having SMS senders that start with 00 can cause issues with Firetext due
to Firetext's validation rules, so we shouldn't allow SMS senders to start
with 00.

Firetext treats a double 00 at the start of the senderID as an international
prefix, so removes them. A sender of 00447876574016 would become 447876574016.

Under Firetext's validation rules, an SMS sender of five 0s (00000) would
become  4400. This is because the first 00 are removed (as the international
prefix). The third 0 is seen as the start of a phone number, and becomes 44,
leaving the final 00 = 4400.

											
										
										
											2018-02-28 11:50:41 +00:00
+								            DoesNotStartWithDoubleZero(),
-												Add some explaining to the SMS sender page

											
										
										
											2016-08-22 16:10:57 +01:00
+								        ]
 								    )
-												Update all single field checkboxes

Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.

											
										
										
											2020-04-09 16:31:19 +01:00
+								    is_default = govukCheckboxField("Make this text message sender the default")
-												Users can set a value that appears as the sender of a text message.

It can be up to eleven characters alpha numeric, no special characters
allowed.

											
										
										
											2016-07-01 13:47:22 +01:00
-												Add a page to set organisation and branding option

Platform admin only.

Adds radio buttons to choose one of:
- three hard-coded branding options
- organisations from a list provided by the API

											
										
										
											2016-08-08 10:28:40 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ServiceEditInboundNumberForm(StripWhitespaceForm):
-												Update all single field checkboxes

Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.

											
										
										
											2020-04-09 16:31:19 +01:00
+								    is_default = govukCheckboxField("Make this text message sender the default")
-												Fixed broken edit functionality

											
										
										
											2017-10-30 14:30:43 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ServiceLetterContactBlockForm(StripWhitespaceForm):
-												Enable placeholders in letter contact block

Depends on:
- [x] https://github.com/alphagov/notifications-api/pull/950
- [x] https://github.com/alphagov/notifications-template-preview/pull/18
- [x] https://github.com/alphagov/notifications-utils/pull/161
- [ ] https://github.com/alphagov/notifications-utils/pull/164

											
										
										
											2017-05-17 15:35:21 +01:00
+								    letter_contact_block = TextAreaField(
 								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message="Cannot be empty"),
-												Enable placeholders in letter contact block

Depends on:
- [x] https://github.com/alphagov/notifications-api/pull/950
- [x] https://github.com/alphagov/notifications-template-preview/pull/18
- [x] https://github.com/alphagov/notifications-utils/pull/161
- [ ] https://github.com/alphagov/notifications-utils/pull/164

											
										
										
											2017-05-17 15:35:21 +01:00
+								            NoCommasInPlaceHolders()
 								        ]
 								    )
-												Update all single field checkboxes

Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.

											
										
										
											2020-04-09 16:31:19 +01:00
+								    is_default = govukCheckboxField("Set as your default address")
-												add letter_contact_block edit fields

no actual template functionality yet - just the ability for services
that have letters enabled to edit a 10 line block that will go on the
top right hand side of their letters with contact information

											
										
										
											2017-03-02 15:56:28 +00:00
-												fix linter errors

											
										
										
											2017-10-27 10:56:03 +01:00
+								    def validate_letter_contact_block(self, field):
-												Add better error if user goes over line limit

Don’t make people count the number of lines themselves.

											
										
										
											2017-03-03 16:15:15 +00:00
+								        line_count = field.data.strip().count('\n')
 								        if line_count >= 10:
 								            raise ValidationError(
 								                'Contains {} lines, maximum is 10'.format(line_count + 1)
 								            )
-												add letter_contact_block edit fields

no actual template functionality yet - just the ability for services
that have letters enabled to edit a 10 line block that will go on the
top right hand side of their letters with contact information

											
										
										
											2017-03-02 15:56:28 +00:00
-												Add a new boolean radios fields and change forms to use it

This adds a new OnOffField class that implements a boolean field
that is rendered as two On / Off radio buttons. This allows us to
avoid comparing 'on' and 'off' string values in the views since
the field takes care of transforming form data into python booleans.

This also adds a form class that can be used for any single On / Off
switch forms (e.g. service permissions).

											
										
										
											2019-02-18 16:27:53 +00:00
+								class ServiceOnOffSettingForm(StripWhitespaceForm):
-												Allow excluding services from live services count

Adds a front end for:
https://github.com/alphagov/notifications-api/pull/2417

> Sometimes we have to make a few services for what really is one
> service, for example GOV.UK Pay and GOV.UK Pay Direct Debit. We also
> have our own test services which aren’t included in the count of live
> services. We currently count these as one service by not including
> them in the beta partners spreadsheet.

											
										
										
											2019-03-25 14:46:42 +00:00
+								    def __init__(self, name, *args, truthy='On', falsey='Off', **kwargs):
-												Let users switch channels on and off by themselves

We let people do this for letters already. We should let them do it for
emails and texts too, rather than have to email us.

											
										
										
											2019-01-29 14:51:31 +00:00
+								        super().__init__(*args, **kwargs)
-												Add a new boolean radios fields and change forms to use it

This adds a new OnOffField class that implements a boolean field
that is rendered as two On / Off radio buttons. This allows us to
avoid comparing 'on' and 'off' string values in the views since
the field takes care of transforming form data into python booleans.

This also adds a form class that can be used for any single On / Off
switch forms (e.g. service permissions).

											
										
										
											2019-02-18 16:27:53 +00:00
+								        self.enabled.label.text = name
-												Allow excluding services from live services count

Adds a front end for:
https://github.com/alphagov/notifications-api/pull/2417

> Sometimes we have to make a few services for what really is one
> service, for example GOV.UK Pay and GOV.UK Pay Direct Debit. We also
> have our own test services which aren’t included in the count of live
> services. We currently count these as one service by not including
> them in the beta partners spreadsheet.

											
										
										
											2019-03-25 14:46:42 +00:00
+								        self.enabled.choices = [
 								            (True, truthy),
 								            (False, falsey),
 								        ]
-												Add a new boolean radios fields and change forms to use it

This adds a new OnOffField class that implements a boolean field
that is rendered as two On / Off radio buttons. This allows us to
avoid comparing 'on' and 'off' string values in the views since
the field takes care of transforming form data into python booleans.

This also adds a form class that can be used for any single On / Off
switch forms (e.g. service permissions).

											
										
										
											2019-02-18 16:27:53 +00:00
 								    enabled = OnOffField('Choices')
 								class ServiceSwitchChannelForm(ServiceOnOffSettingForm):
 								    def __init__(self, channel, *args, **kwargs):
 								        name = 'Send {}'.format({
-												Let users switch channels on and off by themselves

We let people do this for letters already. We should let them do it for
emails and texts too, rather than have to email us.

											
										
										
											2019-01-29 14:51:31 +00:00
+								            'email': 'emails',
 								            'sms': 'text messages',
 								            'letter': 'letters',
 								        }.get(channel))
-												Allows services to choose if they can send letters

Our support ticket analysis shows that the most common action request
after going live is turning on letters.

We just do this for any team that requests it – there’s no gatekeeping.
So we should just allow people to make the change themselves.

This will be a better experience for our users, and less work for us.
The design of the page replicates roughly what we have for international
text messaging.

											
										
										
											2018-01-19 13:45:54 +00:00
-												Add a new boolean radios fields and change forms to use it

This adds a new OnOffField class that implements a boolean field
that is rendered as two On / Off radio buttons. This allows us to
avoid comparing 'on' and 'off' string values in the views since
the field takes care of transforming form data into python booleans.

This also adds a form class that can be used for any single On / Off
switch forms (e.g. service permissions).

											
										
										
											2019-02-18 16:27:53 +00:00
+								        super().__init__(name, *args, **kwargs)
-												Allows services to choose if they can send letters

Our support ticket analysis shows that the most common action request
after going live is turning on letters.

We just do this for any team that requests it – there’s no gatekeeping.
So we should just allow people to make the change themselves.

This will be a better experience for our users, and less work for us.
The design of the page replicates roughly what we have for international
text messaging.

											
										
										
											2018-01-19 13:45:54 +00:00
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								class SetEmailBranding(StripWhitespaceForm):
-												Add a page to set organisation and branding option

Platform admin only.

Adds radio buttons to choose one of:
- three hard-coded branding options
- organisations from a list provided by the API

											
										
										
											2016-08-08 10:28:40 +01:00
-												Post to the API when moving folders and templates

This commit adds logic to:
- take the list of selected folders and templates
- split it into two lists (of folders and templates)
- `POST` that data to the API, to effect the movement of said folders
  and templates

I’ve tried to architect it in such a way that we can easily add more
template ‘operations’ in the future, as we add more forms to the choose
template page.

											
										
										
											2018-11-08 14:46:18 +00:00
+								    branding_style = RadioFieldWithNoneOption(
-												Change organisations to email branding

											
										
										
											2018-02-07 10:30:49 +00:00
+								        'Branding style',
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='a branding style',
-												Add a page to set organisation and branding option

Platform admin only.

Adds radio buttons to choose one of:
- three hard-coded branding options
- organisations from a list provided by the API

											
										
										
											2016-08-08 10:28:40 +01:00
+								    )
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
-												Make handling of `None` values in forms clearer

If the browser posts the value of `<input value='None'>` to the server
it does so as a string.

We want to post a value of `None` (actually JSON `null`) to the API. To
do this we:
- set the value in the form class to `'None'` (ie a string)
- convert to `None` (as a type) afterwards

However seeing `x = 'None'` in code looks a bit like a mistake. So to
make sure it looks deliberate and clear what is happening this commit:
- makes a reusable constant for `'None'`
- adds a comment explaining why it’s a string

											
										
										
											2018-11-12 09:04:39 +00:00
+								    DEFAULT = (FieldWithNoneOption.NONE_OPTION_VALUE, 'GOV.UK')
-												Refactor some of the logic into form

It’s messy having a lot of logic in the view methods. Handling the form
stuff can be better encapsulated inside the `Form` subclass itself.

											
										
										
											2018-08-31 17:31:26 +01:00
-												rename branding to email_branding

to help transition to having letter branding as well

											
										
										
											2019-02-01 16:31:34 +00:00
+								    def __init__(self, all_branding_options, current_branding):
-												Refactor some of the logic into form

It’s messy having a lot of logic in the view methods. Handling the form
stuff can be better encapsulated inside the `Form` subclass itself.

											
										
										
											2018-08-31 17:31:26 +01:00
-												rename branding to email_branding

to help transition to having letter branding as well

											
										
										
											2019-02-01 16:31:34 +00:00
+								        super().__init__(branding_style=current_branding)
-												Refactor some of the logic into form

It’s messy having a lot of logic in the view methods. Handling the form
stuff can be better encapsulated inside the `Form` subclass itself.

											
										
										
											2018-08-31 17:31:26 +01:00
 								        self.branding_style.choices = sorted(
-												rename branding to email_branding

to help transition to having letter branding as well

											
										
										
											2019-02-01 16:31:34 +00:00
+								            all_branding_options + [self.DEFAULT],
-												Refactor some of the logic into form

It’s messy having a lot of logic in the view methods. Handling the form
stuff can be better encapsulated inside the `Form` subclass itself.

											
										
										
											2018-08-31 17:31:26 +01:00
+								            key=lambda branding: (
-												rename branding to email_branding

to help transition to having letter branding as well

											
										
										
											2019-02-01 16:31:34 +00:00
+								                branding[0] != current_branding,
-												Refactor some of the logic into form

It’s messy having a lot of logic in the view methods. Handling the form
stuff can be better encapsulated inside the `Form` subclass itself.

											
										
										
											2018-08-31 17:31:26 +01:00
+								                branding[0] is not self.DEFAULT[0],
 								                branding[1].lower(),
 								            ),
 								        )
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								class SetLetterBranding(SetEmailBranding):
-												use new letter branding instead of dvla organisation id

new code is copied stylistically from the email branding patterns.
Instead of `service.dvla_organisation`, there's now
`service.letter_branding` and `service.letter_branding_id`. However,
unlike email branding we're not currently showing a preview of the
logo. That can come later when we work out how we want to do it.

											
										
										
											2019-02-01 16:34:54 +00:00
+								    # form is the same, but instead of GOV.UK we have None as a valid option
 								    DEFAULT = (FieldWithNoneOption.NONE_OPTION_VALUE, 'None')
-												Allow editing of an organisation’s details

Adds a user interface for updating all the columns added in
https://github.com/alphagov/notifications-api/pull/2368

Sorry for the mega commit 😓

											
										
										
											2019-02-19 17:26:16 +00:00
+								class PreviewBranding(StripWhitespaceForm):
-												Add preview step to branding selection flow

Gives platform admins a chance to preview the
combination of brand type and custom brand
(coloured banner and logo) set for service before
saving.

											
										
										
											2018-08-02 14:46:01 +01:00
-												Make handling of `None` values in forms clearer

If the browser posts the value of `<input value='None'>` to the server
it does so as a string.

We want to post a value of `None` (actually JSON `null`) to the API. To
do this we:
- set the value in the form class to `'None'` (ie a string)
- convert to `None` (as a type) afterwards

However seeing `x = 'None'` in code looks a bit like a mistake. So to
make sure it looks deliberate and clear what is happening this commit:
- makes a reusable constant for `'None'`
- adds a comment explaining why it’s a string

											
										
										
											2018-11-12 09:04:39 +00:00
+								    branding_style = HiddenFieldWithNoneOption('branding_style')
-												Add preview step to branding selection flow

Gives platform admins a chance to preview the
combination of brand type and custom brand
(coloured banner and logo) set for service before
saving.

											
										
										
											2018-08-02 14:46:01 +01:00
-												Change organisations to email branding

											
										
										
											2018-02-07 10:30:49 +00:00
+								class ServiceUpdateEmailBranding(StripWhitespaceForm):
-												Revert "Require name when adding email branding"

											
										
										
											2018-09-07 11:43:32 +01:00
+								    name = StringField('Name of brand')
-												Add 'name' field to brand creation/edit page

											
										
										
											2018-08-09 16:24:22 +01:00
+								    text = StringField('Text')
-												Change organisations to email branding

											
										
										
											2018-02-07 10:30:49 +00:00
+								    colour = StringField(
 								        'Colour',
 								        validators=[
-												Make hex colour code error more helpful

I just got stuck for like a whole minute on this.
											
										
										
											2018-11-07 10:49:04 +00:00
+								            Regexp(regex="^$|^#(?:[0-9a-fA-F]{3}){1,2}$", message='Must be a valid color hex code (starting with #)')
-												Change organisations to email branding

											
										
										
											2018-02-07 10:30:49 +00:00
+								        ]
 								    )
-												Add org select and manage pages

											
										
										
											2017-07-28 15:17:50 +01:00
+								    file = FileField_wtf('Upload a PNG logo', validators=[FileAllowed(['png'], 'PNG Images only!')])
-												Add brand type to email branding.
Removed banner_colour and single_id_colour.
We only really need one colour now.

											
										
										
											2018-08-23 14:21:41 +01:00
+								    brand_type = RadioField(
-												Fix the EmailBranding

											
										
										
											2018-08-23 17:44:34 +01:00
+								        "Brand type",
 								        choices=[
 								            ('both', 'GOV.UK and branding'),
 								            ('org', 'Branding only'),
 								            ('org_banner', 'Branding banner'),
 								        ]
-												Add brand type to email branding.
Removed banner_colour and single_id_colour.
We only really need one colour now.

											
										
										
											2018-08-23 14:21:41 +01:00
+								    )
-												Add org select and manage pages

											
										
										
											2017-07-28 15:17:50 +01:00
-												Do extra code style checks with flake8-bugbear

Flake8 Bugbear checks for some extra things that aren’t code style
errors, but are likely to introduce bugs or unexpected behaviour. A
good example is having mutable default function arguments, which get
shared between every call to the function and therefore mutating a value
in one place can unexpectedly cause it to change in another.

This commit enables all the extra warnings provided by Flake8 Bugbear,
except for the line length one (because we already lint for that
separately).

It disables:
- _B003: Assigning to os.environ_ because I don’t really understand this
- _B306: BaseException.message is removed in Python 3_ because I think
  our exceptions have a custom structure that means the `.message`
  attribute is still present

											
										
										
											2019-11-01 10:43:01 +00:00
+								    def validate_name(self, name):
-												Validate name field on ServiceUpdateEmailBranding form

This introduces a validator to validate that the name field is not empty
on the ServiceUpdateEmailBranding form, but only if the form details are
being submitted. If a file is being uploaded, the name is allowed to be
empty.

											
										
										
											2019-01-25 16:54:24 +00:00
+								        op = request.form.get('operation')
-												Do extra code style checks with flake8-bugbear

Flake8 Bugbear checks for some extra things that aren’t code style
errors, but are likely to introduce bugs or unexpected behaviour. A
good example is having mutable default function arguments, which get
shared between every call to the function and therefore mutating a value
in one place can unexpectedly cause it to change in another.

This commit enables all the extra warnings provided by Flake8 Bugbear,
except for the line length one (because we already lint for that
separately).

It disables:
- _B003: Assigning to os.environ_ because I don’t really understand this
- _B306: BaseException.message is removed in Python 3_ because I think
  our exceptions have a custom structure that means the `.message`
  attribute is still present

											
										
										
											2019-11-01 10:43:01 +00:00
+								        if op == 'email-branding-details' and not self.name.data:
-												Validate name field on ServiceUpdateEmailBranding form

This introduces a validator to validate that the name field is not empty
on the ServiceUpdateEmailBranding form, but only if the form details are
being submitted. If a file is being uploaded, the name is allowed to be
empty.

											
										
										
											2019-01-25 16:54:24 +00:00
+								            raise ValidationError('This field is required')
-												Add org select and manage pages

											
										
										
											2017-07-28 15:17:50 +01:00
-												Add page to create new letter branding

This has a form with 3 fields - the file upload field, logo name, and an
optional logo domain. Logos need to be uploaded in `.svg` format and we
then convert this to `.png` format and upload both file types to S3 as
well as saving the letter branding details in the database.

											
										
										
											2019-01-31 16:56:35 +00:00
+								class SVGFileUpload(StripWhitespaceForm):
 								    file = FileField_wtf(
 								        'Upload an SVG logo',
 								        validators=[
 								            FileAllowed(['svg'], 'SVG Images only!'),
-												Do not allow to upload SVG logos with embedded raster images in them

Those are for example png or jpg images. They do not render properly.

											
										
										
											2020-03-04 14:25:14 +00:00
+								            DataRequired(message="You need to upload a file to submit"),
 								            NoEmbeddedImagesInSVG()
-												Add page to create new letter branding

This has a form with 3 fields - the file upload field, logo name, and an
optional logo domain. Logos need to be uploaded in `.svg` format and we
then convert this to `.png` format and upload both file types to S3 as
well as saving the letter branding details in the database.

											
										
										
											2019-01-31 16:56:35 +00:00
+								        ]
 								    )
 								class ServiceLetterBrandingDetails(StripWhitespaceForm):
 								    name = StringField('Name of brand', validators=[DataRequired()])
-												Add letter validation preview functionality

- add get/post view
- create a pdf upload form
- add a template where user can upload the file
- check boundaries of the letter by calling template-preview
- display banner messages with boundaries validation result
- display pages of the document, with visible boundaries overlay
if the document did not pass validation, and without overlay
if they do pass validation

											
										
										
											2018-09-26 16:42:40 +01:00
+								class PDFUploadForm(StripWhitespaceForm):
 								    file = FileField_wtf(
-												Add letter upload form which redirects to blank preview page

Added a form to upload a single letter. Currently this only uses the
form to validate that a file is submitted and that the file is a PDF. If
either of these validations fail, the form will display an error.
Otherwise, we redirect to a new preview page which just has the filename
as the heading for now.

											
										
										
											2019-09-06 10:39:23 +01:00
+								        'Upload a letter in PDF format',
-												Introduce validation and error handling for validation preview

											
										
										
											2018-09-27 17:55:18 +01:00
+								        validators=[
-												Use the new error messages when uploading a letter

We now use the pattern of showing a box at the top of the page with the
error. The error message has a heading and can have additional details.
Error messages and the invalid pages get stored in the S3 metadata.

											
										
										
											2019-10-15 15:56:06 +01:00
+								            FileAllowed(['pdf'], 'Save your letter as a PDF and try again.'),
 								            DataRequired(message="You need to choose a file to upload")
-												Introduce validation and error handling for validation preview

											
										
										
											2018-09-27 17:55:18 +01:00
+								        ]
-												Add letter validation preview functionality

- add get/post view
- create a pdf upload form
- add a template where user can upload the file
- check boundaries of the letter by calling template-preview
- display banner messages with boundaries validation result
- display pages of the document, with visible boundaries overlay
if the document did not pass validation, and without overlay
if they do pass validation

											
										
										
											2018-09-26 16:42:40 +01:00
+								    )
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								class EmailFieldInGuestList(EmailField, StripWhitespaceStringField):
-												Make whitespace stripping work for whitelists too

It’s a bit hacky, but it fixes a potential issue for users.

Code adapted from:
https://github.com/alphagov/digitalmarketplace-utils/commit/2c34f678ab4a34eaa1c510c91dacfc210343f389

											
										
										
											2017-12-11 16:22:37 +00:00
+								    pass
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								class InternationalPhoneNumberInGuestList(InternationalPhoneNumber, StripWhitespaceStringField):
-												Make whitespace stripping work for whitelists too

It’s a bit hacky, but it fixes a potential issue for users.

Code adapted from:
https://github.com/alphagov/digitalmarketplace-utils/commit/2c34f678ab4a34eaa1c510c91dacfc210343f389

											
										
										
											2017-12-11 16:22:37 +00:00
+								    pass
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								class GuestList(StripWhitespaceForm):
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
 								    def populate(self, email_addresses, phone_numbers):
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								        for form_field, existing_guest_list in (
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
+								            (self.email_addresses, email_addresses),
 								            (self.phone_numbers, phone_numbers)
 								        ):
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								            for index, value in enumerate(existing_guest_list):
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
+								                form_field[index].data = value
 								    email_addresses = FieldList(
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								        EmailFieldInGuestList(
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
+								            '',
 								            validators=[
 								                Optional(),
-												validate email addresses in one-off flow

previously we were just using the wtforms builtin email validator,
which is much more relaxed than our own one. It'd catch bad emails when
POSTing to the API, resulting in an ugly error message. It's easy work
to make sure we validate email addresses as soon as they're entered.

											
										
										
											2018-02-14 14:35:16 +00:00
+								                ValidEmail()
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
+								            ],
 								            default=''
 								        ),
 								        min_entries=5,
 								        max_entries=5,
 								        label="Email addresses"
 								    )
 								    phone_numbers = FieldList(
-												Rename form objects to remove the term ‘whitelist’

See c31264d4c for rationale. To avoid confusion the codebase should use
the same terminology as the UI.

											
										
										
											2020-06-12 09:02:40 +01:00
+								        InternationalPhoneNumberInGuestList(
-												Add a page to manage a service’s whitelist

Services who are in alpha or building prototypes need a way of sending
to any email address or phone number without having to sign the MOU.

This commit adds a page where they can whitelist up to 5 email addresses
and 5 phone numbers.

It uses the ‘list entry’ UI pattern from the Digital Marketplace
frontend toolkit [1] [2] [3].

I had to do some modification:
- of the Javascript, to make it work with the GOV.UK Module pattern
- of the template to make it work with WTForms
- of the content security policy, because the list entry pattern uses
  Hogan[1], which needs to use `eval()` (this should be fine if we’re
  only allowing it for scripts that we serve)
- of our SASS lint config, to allow browser-targeting mixins to come
  after normal rules (so that they can override them)

This commit also adds a new form class to validate and populate the two
whitelists. The validation is fairly rudimentary at the moment, and
doesn’t highlight which item in the list has the error, but it’s
probably good enough.

The list can only be updated all-at-once, this is how it’s possible to
remove items from the list without having to make multiple `POST`
requests.

1. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/templates/forms/list-entry.html
2. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/scss/forms/_list-entry.scss
3. https://github.com/alphagov/digitalmarketplace-frontend-toolkit/blob/434ad307913651ecb041ab94bdee748ebe066d1a/toolkit/javascripts/list-entry.js
4. http://twitter.github.io/hogan.js/

											
										
										
											2016-09-20 12:30:00 +01:00
+								            '',
 								            validators=[
 								                Optional()
 								            ],
 								            default=''
 								        ),
 								        min_entries=5,
 								        max_entries=5,
 								        label="Mobile numbers"
 								    )
-												Add date filter for platform admin page.

											
										
										
											2017-01-03 10:45:06 +00:00
-												Get the BooleanField working in the form.

											
										
										
											2017-01-03 16:14:25 +00:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class DateFilterForm(StripWhitespaceForm):
-												Add date filter for platform admin page.

											
										
										
											2017-01-03 10:45:06 +00:00
+								    start_date = DateField("Start Date", [validators.optional()])
-												Get the BooleanField working in the form.

											
										
										
											2017-01-03 16:14:25 +00:00
+								    end_date = DateField("End Date", [validators.optional()])
-												Update all single field checkboxes

Includes adding some code to govukCheckboxesField
to add a single boolean-like option by default, if
there are no choices added.

											
										
										
											2020-04-09 16:31:19 +01:00
+								    include_from_test_key = govukCheckboxField("Include test keys")
-												Merge email, text message + letter templates pages

Right now we have separate pages for email and text message templates.
In the future we will also have a separate page for letter templates.

This commit changes Notify to only have one page for all templates.

What is the problem?
---

The left-hand navigation is getting quite crowded, at 8 items for a
service that can send letters. Research suggests that the number of
objects an average human can hold in working memory is 7 ± 2 [1]. So
we’re at the limit of how many items the navigation should have.

In the future we will need to search/sort/filter templates by attributes
other than type, for example:
- show me the ‘confirmation’ templates
- show me the most recently used templates
- show me all templates containing the placeholder `((ref_no))`

These are hypothetical for now, but these needs (or others) may become
real in the future. At this point pre-filtering the list of templates
by type would restrict what searches a user could do. So by making this
change now we’re in a better position to iterate the design in the
future.

What’s the change?
---

This commit replaces the ‘Email templates’, ‘Text message templates’ and
‘Letter templates’ pages with one page called ‘Templates’.

This new templates page shows all the templates for the service, sorted
by most recently created first (as before).

To add a new template there is a new page with a form asking you what
kind of template you want to create. This is necessary because in the
past we knew what kind of template you wanted to create based on the
kind you were looking at.

What’s the impact of this change on new users?
---

This change alters the onboarding process slightly. We still want to
take people through the empty templates page from the call-to-action on
the dashboard because it helps them understand that to send a message
using Notify you need a template. But because we don’t have separate
pages for emails/text messages we will have to send users through the
extra step of choosing what kind of template to create. This is a bit
clunkier on first use but:

- it still gets the point across
- it takes them through the actual flow they will be using to create new
  templates in the future (ie they’re learning how to use Notify, not
  just being taken through a special onboarding route)

I’m not too worried about this change in terms of the experience for new
users. Furthermore, by making it now we get to validate whether it’s
causing any problems in the lab research booked for next week.

What’s the impact of this change on current services?
---

Looking at the top 15 services by number of templates[2], most are using
either text messages or emails. So this change would not have a
significant impact on these services because the page will not get any
longer. In other words we wouldn’t be making it worse for them.

Those services who do use both are not using as many templates. The
worst-case scenario is SSCS, who have 16 templates, evenly split between
email and text messages. So they would go from having 8 templates per
page to 16, which is still less than half the number that HMPO or
Digital Marketplace are managing.

References
---

1. https://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two

2. Template usage by service

Service name                           | Template count | Template types
---------------------------------------|----------------|---------------
Her Majesty's Passport Office          |             40 | sms
Digital Marketplace                    |             40 | email
GovWifi-Staging                        |             19 | sms
GovWifi                                |             18 | sms
Digital Apprenticeship Service         |             16 | email
SSCS                                   |             16 | both
Crown Commercial Service MI Collection |             15 | email
Help with Prison Visits                |             12 | both
Digital Future                         |             12 | email
Export Licensing Service               |             11 | email
Civil Money Claims                     |              9 | both
DVLA Drivers Medical Service           |              9 | sms
GOV.UK Notify                          |              8 | both
Manage your benefit overpayments       |              8 | both
Tax Renewals                           |              8 | both

											
										
										
											2017-02-28 12:16:35 +00:00
-												Add new report to show monthly notification stats for each service

This report will be used by the engagement team. There is a form to give
a start and end date for the report, and the form is then downloaded
as a CSV file when the form is submitted.

											
										
										
											2019-07-22 13:09:03 +01:00
+								class RequiredDateFilterForm(StripWhitespaceForm):
 								    start_date = DateField("Start Date")
 								    end_date = DateField("End Date")
-												remove option for branding to sometimes not show search

it wouldn't show search if there were under a certain amount of letter
or email branding options - however we know there will always be more
than that amount so lets remove some complexity.

Also, rename the SearchTemplatesForm because it can search anything -
it just prompts you to search by name is all.

											
										
										
											2019-02-06 17:32:13 +00:00
+								class SearchByNameForm(StripWhitespaceForm):
-												Add find-as-you-type on the choose template page

Not everyone knows how to use `ctrl` + `f`, and it’s not scoped to
just the list of templates.

The template you want to work with is often not the first one in the
list, but ordering by created at is useful for other reasons (mainly
around first time use).

This commit adds a find as you type control which aims to give users a
quick way of getting to the template they want to work with.

											
										
										
											2017-03-14 10:46:38 +00:00
-												Require data on search by name form

This lets us build leaner views when using this form.

											
										
										
											2019-08-15 12:41:46 +01:00
+								    search = SearchField(
 								        'Search by name',
 								        validators=[DataRequired("You need to enter full or partial name to search by.")],
 								    )
-												Show one field at a time on send yourself a test

The send yourself a test feature is useful for two things:
- constructing an email/text message/letter without uploading a CSV file
- seeing what the thing your going to send will look like (either by
  getting it in your inbox or downloading the PDF)
- learning the concept of placeholders, ie understanding they’re thing
  that gets populated with _stuff_

The problem we’re seeing is that the current UI breaks when a template
has a lot of placeholders. This is especially apparent with letter
templates, which have a minimum of 7 placeholders by virtue of the
address.

The idea behind having the form fields side-by-side was to help people
understand the relationship between their spreadsheet columns and the
placeholders. But this means that the page was doing a lot of work,
trying to teach:
- replacement of placeholders
- link between placeholders and spreadsheet columns

The latter is better explained by the example spreadsheet shown on the
upload page. So it can safely be removed from the send yourself a test
page – in other words the fields don’t need to be shown side by side.

Showing them one-at-a-time works well because:
- it’s really obvious, even on first use, what the page is asking you to
  do
- as your step through each placeholder, you see the message build up
  with the data you’ve entered – you’re learning how replacement of
  placeholders works by repetition

This also means adding a matching endpoint for viewing each step of
making the test letter as a PDF/PNG because we can’t reuse the view of
the template without any placeholders filled any more.

											
										
										
											2017-05-04 09:30:55 +01:00
-												Validate against empty form submission for find_users_by_email

This included:
- creating a new form SearchUsersByEmailForm with validation
on its search field

- introducing 400 status to the view  if the form does not validate

- fixing the POST request data structure in the tests (it was
incorrect before and uncaught due to lack of validation and mocking
the response from the API.

											
										
										
											2018-07-10 16:33:13 +01:00
+								class SearchUsersByEmailForm(StripWhitespaceForm):
-												Add view that displays user information, including:

- name
- email
- phone number
- services
- last login
- failed login attempts if any

The view can be accessed from results of find_users_by_email

logged_in_at added to User serialization on admin frontend as
a part of this work

											
										
										
											2018-07-10 17:24:20 +01:00
+								    search = SearchField(
 								        'Search by name or email address',
-												Validate against empty form submission for find_users_by_email

This included:
- creating a new form SearchUsersByEmailForm with validation
on its search field

- introducing 400 status to the view  if the form does not validate

- fixing the POST request data structure in the tests (it was
incorrect before and uncaught due to lack of validation and mocking
the response from the API.

											
										
										
											2018-07-10 16:33:13 +01:00
+								        validators=[
-												Add view that displays user information, including:

- name
- email
- phone number
- services
- last login
- failed login attempts if any

The view can be accessed from results of find_users_by_email

logged_in_at added to User serialization on admin frontend as
a part of this work

											
										
										
											2018-07-10 17:24:20 +01:00
+								            DataRequired("You need to enter full or partial email address to search by.")
 								        ],
-												Validate against empty form submission for find_users_by_email

This included:
- creating a new form SearchUsersByEmailForm with validation
on its search field

- introducing 400 status to the view  if the form does not validate

- fixing the POST request data structure in the tests (it was
incorrect before and uncaught due to lack of validation and mocking
the response from the API.

											
										
										
											2018-07-10 16:33:13 +01:00
+								    )
-												Add search bar to team member list

Another thing we did for templates, when they started to get
unmanageable, was add a find-as-you type search. We’ve observed real
users interacting with this to great effect, so I think it makes sense
for users too.

Like for templates, it only shows up when there are more than 7, so that
it’s not clutter for teams who don’t have a lot of members.

											
										
										
											2018-01-26 17:21:06 +00:00
+								class SearchUsersForm(StripWhitespaceForm):
 								    search = SearchField('Search by name or email address')
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class SearchNotificationsForm(StripWhitespaceForm):
-												Add a form to filter notifications by recipient

Because manually editing the URL isn’t a great user interface, this
commit adds a search field to do this on the user’s behalf.

For this pass at the story it doesn’t do any validation – the user will
just get no results if they search by something which isn’t a phone
number or email address.

If the user navigates to a different ‘bucket’ of notifications (eg
delivered, failed) then the search term is reset, because they’ve
changed the filter which is at a level above the search term.

											
										
										
											2017-05-30 13:51:25 +01:00
-												Label the search box dependent on message type

It doesn’t make sense to say ‘Search by email address or phone number’
when you’re only looking at emails.

											
										
										
											2018-08-07 14:44:09 +01:00
+								    to = SearchField()
 								    labels = {
 								        'email': 'Search by email address',
 								        'sms': 'Search by phone number',
 								    }
 								    def __init__(self, message_type, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.to.label.text = self.labels.get(
 								            message_type,
 								            'Search by phone number or email address',
 								        )
-												Add a form to filter notifications by recipient

Because manually editing the URL isn’t a great user interface, this
commit adds a search field to do this on the user’s behalf.

For this pass at the story it doesn’t do any validation – the user will
just get no results if they search by something which isn’t a phone
number or email address.

If the user navigates to a different ‘bucket’ of notifications (eg
delivered, failed) then the search term is reset, because they’ve
changed the filter which is at a level above the search term.

											
										
										
											2017-05-30 13:51:25 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class PlaceholderForm(StripWhitespaceForm):
-												Show one field at a time on send yourself a test

The send yourself a test feature is useful for two things:
- constructing an email/text message/letter without uploading a CSV file
- seeing what the thing your going to send will look like (either by
  getting it in your inbox or downloading the PDF)
- learning the concept of placeholders, ie understanding they’re thing
  that gets populated with _stuff_

The problem we’re seeing is that the current UI breaks when a template
has a lot of placeholders. This is especially apparent with letter
templates, which have a minimum of 7 placeholders by virtue of the
address.

The idea behind having the form fields side-by-side was to help people
understand the relationship between their spreadsheet columns and the
placeholders. But this means that the page was doing a lot of work,
trying to teach:
- replacement of placeholders
- link between placeholders and spreadsheet columns

The latter is better explained by the example spreadsheet shown on the
upload page. So it can safely be removed from the send yourself a test
page – in other words the fields don’t need to be shown side by side.

Showing them one-at-a-time works well because:
- it’s really obvious, even on first use, what the page is asking you to
  do
- as your step through each placeholder, you see the message build up
  with the data you’ve entered – you’re learning how replacement of
  placeholders works by repetition

This also means adding a matching endpoint for viewing each step of
making the test letter as a PDF/PNG because we can’t reuse the view of
the template without any placeholders filled any more.

											
										
										
											2017-05-04 09:30:55 +01:00
 								    pass
-												Enable update of url / bearer_token inbound api

											
										
										
											2017-06-21 17:34:22 +01:00
+								class PasswordFieldShowHasContent(StringField):
 								    widget = widgets.PasswordInput(hide_value=False)
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class ServiceInboundNumberForm(StripWhitespaceForm):
-												Added Multiple SMS sender functionality

											
										
										
											2017-10-24 15:37:44 +01:00
+								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.inbound_number.choices = kwargs['inbound_number_choices']
 								    inbound_number = RadioField(
 								        "Select your inbound number",
-												Bump WTForms to 2.3.1

This involves three changes which broke our code.

To validate email addresses, the optional dependency `email-validator`
must be installed<sup>1</sup>. But since we don’t use WTForms’ email
validation, we shouldn’t need to subclass it – it can just be its own
self contained thing. Then we don’t need to add the extra dependency.

When rendering textareas, and extra `\r\n` is inserted at the beginning
<sup>2</sup>. Browsers will strip this when displaying the textbox and
submitting the form, but some of our tests need updating to account for
this.

The error message for when you don’t choose an option from some radio
buttons has now changed. Rather than just accepting WTForms’ new
message, this commit makes the error messages like the examples from
the Design System<sup>3</sup>. By default it will say ‘Select an
option’, but by passing in an extra parameter (`thing`) it can be
customised to be more specific, for example ‘Select a type of
organisation’.

***

1. https://github.com/wtforms/wtforms/pull/429
2. https://github.com/wtforms/wtforms/issues/238
3. https://design-system.service.gov.uk/components/radios/#error-messages

											
										
										
											2020-04-22 17:49:03 +01:00
+								        thing='an inbound number',
-												Added Multiple SMS sender functionality

											
										
										
											2017-10-24 15:37:44 +01:00
+								    )
-												Allow callbacks to be removed

We’ve had a user who’s said:

> Seems configured callbacks cannot be removed once they’re set as the
> fields have a presence check. Is that intentional?

This means it’s not working as they expect. Rather than have to go and
change stuff in the database for them, let’s make it work as they’d
expect.

Only lets you clear the form if you remove both the token and the URL.

											
										
										
											2018-04-26 17:23:44 +01:00
+								class CallbackForm(StripWhitespaceForm):
 								    def validate(self):
-												allow you to remove URL without removing bearer token

											
										
										
											2018-07-06 11:47:35 +01:00
+								        return super().validate() or self.url.data == ''
-												Allow callbacks to be removed

We’ve had a user who’s said:

> Seems configured callbacks cannot be removed once they’re set as the
> fields have a presence check. Is that intentional?

This means it’s not working as they expect. Rather than have to go and
change stuff in the database for them, let’s make it work as they’d
expect.

Only lets you clear the form if you remove both the token and the URL.

											
										
										
											2018-04-26 17:23:44 +01:00
 								class ServiceReceiveMessagesCallbackForm(CallbackForm):
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
+								    url = StringField(
 								        "URL",
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty'),
-												Allow service to set callback url for notifications

											
										
										
											2017-12-04 15:07:11 +00:00
+								                    Regexp(regex="^https.*", message='Must be a valid https URL')]
 								    )
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
+								    bearer_token = PasswordFieldShowHasContent(
-												Allow service to set callback url for notifications

											
										
										
											2017-12-04 15:07:11 +00:00
+								        "Bearer token",
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty'),
-												Allow service to set callback url for notifications

											
										
										
											2017-12-04 15:07:11 +00:00
+								                    Length(min=10, message='Must be at least 10 characters')]
 								    )
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
-												Allow callbacks to be removed

We’ve had a user who’s said:

> Seems configured callbacks cannot be removed once they’re set as the
> fields have a presence check. Is that intentional?

This means it’s not working as they expect. Rather than have to go and
change stuff in the database for them, let’s make it work as they’d
expect.

Only lets you clear the form if you remove both the token and the URL.

											
										
										
											2018-04-26 17:23:44 +01:00
+								class ServiceDeliveryStatusCallbackForm(CallbackForm):
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
+								    url = StringField(
 								        "URL",
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty'),
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
+								                    Regexp(regex="^https.*", message='Must be a valid https URL')]
 								    )
 								    bearer_token = PasswordFieldShowHasContent(
 								        "Bearer token",
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								        validators=[DataRequired(message='Cannot be empty'),
-												refactor of api callbacks admin work

											
										
										
											2017-12-08 10:52:38 +00:00
+								                    Length(min=10, message='Must be at least 10 characters')]
 								    )
-												[WIP]
Page and form to persist the inbound api data for a service.

											
										
										
											2017-06-15 16:20:07 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class InternationalSMSForm(StripWhitespaceForm):
-												Allow services to turn international SMS on/off

We didn’t make this self-service before because the pricing information
wasn’t published (ie we had to send it to services that asked for it).

Now that we publish pricing information in the app, there’s no reason
why services can’t make an informed decision about whether they want
international SMS or not.

So this commit:
- removes the platform admin button
- adds some radio buttons that our users can click with their mice

											
										
										
											2017-09-26 14:05:02 +01:00
+								    enabled = RadioField(
 								        'Send text messages to international phone numbers',
 								        choices=[
 								            ('on', 'On'),
 								            ('off', 'Off'),
 								        ],
 								    )
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class SMSPrefixForm(StripWhitespaceForm):
-												Allow updates to SMS prefixing setting

We’re extracting this from being determined based on what the sender
name is to its own setting.

This commit will let users set it independently.

Until the explicitly set it, it will still be determined based on
whether their default sender name matches the default for the platform.

											
										
										
											2017-11-03 15:01:41 +00:00
+								    enabled = RadioField(
-												Change wording based on Thom’s feedback

											
										
										
											2017-11-06 14:12:25 +00:00
+								        '',
-												Allow updates to SMS prefixing setting

We’re extracting this from being determined based on what the sender
name is to its own setting.

This commit will let users set it independently.

Until the explicitly set it, it will still be determined based on
whether their default sender name matches the default for the platform.

											
										
										
											2017-11-03 15:01:41 +00:00
+								        choices=[
 								            ('on', 'On'),
 								            ('off', 'Off'),
 								        ],
 								    )
-												Show one field at a time on send yourself a test

The send yourself a test feature is useful for two things:
- constructing an email/text message/letter without uploading a CSV file
- seeing what the thing your going to send will look like (either by
  getting it in your inbox or downloading the PDF)
- learning the concept of placeholders, ie understanding they’re thing
  that gets populated with _stuff_

The problem we’re seeing is that the current UI breaks when a template
has a lot of placeholders. This is especially apparent with letter
templates, which have a minimum of 7 placeholders by virtue of the
address.

The idea behind having the form fields side-by-side was to help people
understand the relationship between their spreadsheet columns and the
placeholders. But this means that the page was doing a lot of work,
trying to teach:
- replacement of placeholders
- link between placeholders and spreadsheet columns

The latter is better explained by the example spreadsheet shown on the
upload page. So it can safely be removed from the send yourself a test
page – in other words the fields don’t need to be shown side by side.

Showing them one-at-a-time works well because:
- it’s really obvious, even on first use, what the page is asking you to
  do
- as your step through each placeholder, you see the message build up
  with the data you’ve entered – you’re learning how replacement of
  placeholders works by repetition

This also means adding a matching endpoint for viewing each step of
making the test letter as a PDF/PNG because we can’t reuse the view of
the template without any placeholders filled any more.

											
										
										
											2017-05-04 09:30:55 +01:00
+								def get_placeholder_form_instance(
 								    placeholder_name,
 								    dict_to_populate_from,
-												Don’t validate phone numbers when sending emails

If you have a placeholder called `((phone number))` in your email
template, and you try to send a one-off message then the form input will
attempt to validate your ‘phone number’.

This is not helpful if you’re trying to put a landline number in your
email, for example.

This only affects messages being sent through the one-off interface.

This commit makes the form be aware of template type, which fixes the
problem.

											
										
										
											2018-03-16 14:17:43 +00:00
+								    template_type,
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								    allow_international_phone_numbers=False,
-												Show one field at a time on send yourself a test

The send yourself a test feature is useful for two things:
- constructing an email/text message/letter without uploading a CSV file
- seeing what the thing your going to send will look like (either by
  getting it in your inbox or downloading the PDF)
- learning the concept of placeholders, ie understanding they’re thing
  that gets populated with _stuff_

The problem we’re seeing is that the current UI breaks when a template
has a lot of placeholders. This is especially apparent with letter
templates, which have a minimum of 7 placeholders by virtue of the
address.

The idea behind having the form fields side-by-side was to help people
understand the relationship between their spreadsheet columns and the
placeholders. But this means that the page was doing a lot of work,
trying to teach:
- replacement of placeholders
- link between placeholders and spreadsheet columns

The latter is better explained by the example spreadsheet shown on the
upload page. So it can safely be removed from the send yourself a test
page – in other words the fields don’t need to be shown side by side.

Showing them one-at-a-time works well because:
- it’s really obvious, even on first use, what the page is asking you to
  do
- as your step through each placeholder, you see the message build up
  with the data you’ve entered – you’re learning how replacement of
  placeholders works by repetition

This also means adding a matching endpoint for viewing each step of
making the test letter as a PDF/PNG because we can’t reuse the view of
the template without any placeholders filled any more.

											
										
										
											2017-05-04 09:30:55 +01:00
+								):
-												Don’t validate phone numbers when sending emails

If you have a placeholder called `((phone number))` in your email
template, and you try to send a one-off message then the form input will
attempt to validate your ‘phone number’.

This is not helpful if you’re trying to put a landline number in your
email, for example.

This only affects messages being sent through the one-off interface.

This commit makes the form be aware of template type, which fixes the
problem.

											
										
										
											2018-03-16 14:17:43 +00:00
+								    if (
 								        Columns.make_key(placeholder_name) == 'emailaddress' and
 								        template_type == 'email'
 								    ):
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								        field = email_address(label=placeholder_name, gov_user=False)
-												Don’t validate phone numbers when sending emails

If you have a placeholder called `((phone number))` in your email
template, and you try to send a one-off message then the form input will
attempt to validate your ‘phone number’.

This is not helpful if you’re trying to put a landline number in your
email, for example.

This only affects messages being sent through the one-off interface.

This commit makes the form be aware of template type, which fixes the
problem.

											
										
										
											2018-03-16 14:17:43 +00:00
+								    elif (
 								        Columns.make_key(placeholder_name) == 'phonenumber' and
 								        template_type == 'sms'
 								    ):
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								        if allow_international_phone_numbers:
 								            field = international_phone_number(label=placeholder_name)
 								        else:
-												Let users register with int’national phone numbers

Right now Notify restricts you to registering with a UK mobile number.
This is because when we built the user registration stuff we couldn’t
send to international mobiles.

However we can send to international mobile numbers, and it’s totally
reasonable to expect employees of the UK government to be working
abroad, and have a foreign mobile phone – we’ve heard from one such
user.

So this commit:
- changes all places where users enter their own phone number to use
  the validation function which allows international phone numbers
- renames the `mobile_number` validation to `uk_mobile_number` to make
  it explicit, and force it to break the tests if there’s somewhere it’s
  being used that I haven’t thought of

											
										
										
											2017-08-29 14:52:24 +01:00
+								            field = uk_mobile_number(label=placeholder_name)
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								    else:
 								        field = StringField(placeholder_name, validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message='Cannot be empty')
-												Validate recipients in send a one-off message

It would be annoying to get all the way to the end of the flow and get
told that the phone number or email address you entered isn’t valid.

So this commit reuses the existing WTForms objects that we have to do
some extra validation on the first step in the send one-off message
flow. It also accounts for international phone numbers, if the service
is allowed to send them.

It doesn’t reject other people’s phone numbers if your service is
restricted, because I think it’s better to let users play with the
feature – it’s good for learning.

											
										
										
											2017-05-25 09:40:37 +01:00
+								        ])
 								    PlaceholderForm.placeholder_value = field
-												Show one field at a time on send yourself a test

The send yourself a test feature is useful for two things:
- constructing an email/text message/letter without uploading a CSV file
- seeing what the thing your going to send will look like (either by
  getting it in your inbox or downloading the PDF)
- learning the concept of placeholders, ie understanding they’re thing
  that gets populated with _stuff_

The problem we’re seeing is that the current UI breaks when a template
has a lot of placeholders. This is especially apparent with letter
templates, which have a minimum of 7 placeholders by virtue of the
address.

The idea behind having the form fields side-by-side was to help people
understand the relationship between their spreadsheet columns and the
placeholders. But this means that the page was doing a lot of work,
trying to teach:
- replacement of placeholders
- link between placeholders and spreadsheet columns

The latter is better explained by the example spreadsheet shown on the
upload page. So it can safely be removed from the send yourself a test
page – in other words the fields don’t need to be shown side by side.

Showing them one-at-a-time works well because:
- it’s really obvious, even on first use, what the page is asking you to
  do
- as your step through each placeholder, you see the message build up
  with the data you’ve entered – you’re learning how replacement of
  placeholders works by repetition

This also means adding a matching endpoint for viewing each step of
making the test letter as a PDF/PNG because we can’t reuse the view of
the template without any placeholders filled any more.

											
										
										
											2017-05-04 09:30:55 +01:00
 								    return PlaceholderForm(
 								        placeholder_value=dict_to_populate_from.get(placeholder_name, '')
 								    )
-												Allow one-off email sending to select the reply-to address

											
										
										
											2017-10-16 16:35:35 +01:00
-												Strip whitespace before validating any form

We’ve had whitespace-in-emails problems on:
- register form
- sign in form
- send one off form

We should just handle whitespace gracefully, by ignoring it. Makes sense
to do this at a global level because there might be other places it’s
causing problems that we don’t know about.

The only place that users _might_ be relying on leading/trailing spaces
(and we have no way of knowing this) is in passwords or tokens. So this
filter ignores any instances of `PasswordField`.

Adapted from @pcraig3’s work on Digital Marketplace:
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/4b06f5cfb703678f5b8bb303e2f0590bb248b5f2
- https://github.com/alphagov/digitalmarketplace-supplier-frontend/commit/e761c1ce655137fed11f730da4e0a2b1893dee91

											
										
										
											2017-12-11 16:02:12 +00:00
+								class SetSenderForm(StripWhitespaceForm):
-												Allow one-off email sending to select the reply-to address

											
										
										
											2017-10-16 16:35:35 +01:00
 								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.sender.choices = kwargs['sender_choices']
 								        self.sender.label.text = kwargs['sender_label']
 								    sender = RadioField()
-												Allow letter templates to select the default contact block from the list

											
										
										
											2018-01-03 10:44:36 +00:00
 								class SetTemplateSenderForm(StripWhitespaceForm):
 								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.sender.choices = kwargs['sender_choices']
 								        self.sender.label.text = 'Select your sender'
 								    sender = RadioField()
-												link-services-to-organisations

											
										
										
											2018-02-12 09:26:13 +00:00
 								class LinkOrganisationsForm(StripWhitespaceForm):
 								    def __init__(self, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.organisations.choices = kwargs['choices']
 								    organisations = RadioField(
 								        'Select an organisation',
 								        validators=[
 								            DataRequired()
 								        ]
 								    )
-												Add page where users can say they want branding

At the moment branding is an undocumented feature. We get a bunch of
support tickets from teams asking its possible.

This commit:
- lets people know it’s possible, and what the options are
- is the first step towards making this process as self-service as
  possible

In some cases we will be able to infer a user’s organisation from there
email address, and Google image search their logo. So the experience for
them is that they press a button and government just sorts it out for
you (also known as "the dream").

In other cases we will have to get back to people asking for a copy of
their logo, or to find out about their service, but this is what we have
to do at the moment anyway.

											
										
										
											2018-05-18 14:05:48 +01:00
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								class BrandingOptions(StripWhitespaceForm):
-												Add page where users can say they want branding

At the moment branding is an undocumented feature. We get a bunch of
support tickets from teams asking its possible.

This commit:
- lets people know it’s possible, and what the options are
- is the first step towards making this process as self-service as
  possible

In some cases we will be able to infer a user’s organisation from there
email address, and Google image search their logo. So the experience for
them is that they press a button and government just sorts it out for
you (also known as "the dream").

In other cases we will have to get back to people asking for a copy of
their logo, or to find out about their service, but this is what we have
to do at the moment anyway.

											
										
										
											2018-05-18 14:05:48 +01:00
-												Allow elaboration when ‘something else’ is chosen

Letting people input a bit of free text should reduce the amount of back
and forth we have to do over support tickets when setting up someone’s
branding.

If something else is the only option then we don’t show the radio button
at all and have just the free text input on the page (not behind a
progressive disclosure).

											
										
										
											2019-09-12 14:33:11 +01:00
+								    FALLBACK_OPTION_VALUE = 'something_else'
 								    FALLBACK_OPTION = (FALLBACK_OPTION_VALUE, 'Something else')
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								    options = RadioField('Choose your new branding')
-												Allow elaboration when ‘something else’ is chosen

Letting people input a bit of free text should reduce the amount of back
and forth we have to do over support tickets when setting up someone’s
branding.

If something else is the only option then we don’t show the radio button
at all and have just the free text input on the page (not behind a
progressive disclosure).

											
										
										
											2019-09-12 14:33:11 +01:00
+								    something_else = TextAreaField('Describe the branding you want')
-												Adding views to view, add and edit service data retention policies.
Only visible to a platform admin.
A service can have a custom number of days to retain the notification data for each notification type.

											
										
										
											2018-07-17 14:39:04 +01:00
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								    def __init__(self, service, *args, branding_type="email", **kwargs):
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
+								        super().__init__(*args, **kwargs)
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								        self.options.choices = tuple(self.get_available_choices(service, branding_type))
-												Parametrized options label for the branding request form

Co-Authored-By: Chris Hill-Scott <me@quis.cc>
											
										
										
											2020-01-21 14:52:21 +00:00
+								        self.options.label.text = 'Choose your new {} branding'.format(branding_type)
-												Fix email branding request page with only textbox

If there aren’t a range of options (normally presented as radio buttons)
to show the user on the email branding request page then we just show
the textbox. But we were still doing form validation on the radio
buttons, even though the user couldn’t see them to click them. This
stopped the user from being able to submit the form.

This commit fixes the problem by, in this specific case, pre-ticking the
‘Something else’ radio button.

											
										
										
											2019-10-09 16:42:30 +01:00
+								        if self.something_else_is_only_option:
 								            self.options.data = self.FALLBACK_OPTION_VALUE
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
 								    @staticmethod
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								    def get_available_choices(service, branding_type):
 								        if branding_type == "email":
 								            organisation_branding_id = service.organisation.email_branding_id if service.organisation else None
 								            service_branding_id = service.email_branding_id
 								            service_branding_name = service.email_branding_name
 								        elif branding_type == "letter":
 								            organisation_branding_id = service.organisation.letter_branding_id if service.organisation else None
 								            service_branding_id = service.letter_branding_id
 								            service_branding_name = service.letter_branding_name
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
 								        if (
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            service.organisation_type == Organisation.TYPE_CENTRAL
 								            and organisation_branding_id is None
 								            and service_branding_id is not None
 								            and branding_type == "email"
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
+								        ):
 								            yield ('govuk', 'GOV.UK')
 								        if (
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            service.organisation_type == Organisation.TYPE_CENTRAL
 								            and service.organisation
 								            and organisation_branding_id is None
 								            and service_branding_name.lower() != 'GOV.UK and {}'.format(service.organisation.name).lower()
 								            and branding_type == "email"
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
+								        ):
 								            yield ('govuk_and_org', 'GOV.UK and {}'.format(service.organisation.name))
 								        if (
-												Use constants for organisation type

This reduces the chances of making a typo, because doing so will raise
an exception rather than fail silently.

											
										
										
											2019-09-12 15:03:32 +01:00
+								            service.organisation_type in {
 								                Organisation.TYPE_NHS_CENTRAL,
 								                Organisation.TYPE_NHS_LOCAL,
 								                Organisation.TYPE_NHS_GP,
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            }
 								            and service_branding_name != 'NHS'
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
+								        ):
 								            yield ('nhs', 'NHS')
 								        if (
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            service.organisation
 								            and service.organisation_type not in {
-												Use constants for organisation type

This reduces the chances of making a typo, because doing so will raise
an exception rather than fail silently.

											
										
										
											2019-09-12 15:03:32 +01:00
+								                Organisation.TYPE_NHS_LOCAL,
 								                Organisation.TYPE_NHS_CENTRAL,
 								                Organisation.TYPE_NHS_GP,
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            }
 								            and (
 								                service_branding_id is None
 								                or service_branding_id != organisation_branding_id
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
+								            )
 								        ):
 								            yield ('organisation', service.organisation.name)
-												Create a letter branding request flow to match email branding request

Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding

											
										
										
											2020-01-17 17:03:07 +00:00
+								        yield BrandingOptions.FALLBACK_OPTION
-												Allow elaboration when ‘something else’ is chosen

Letting people input a bit of free text should reduce the amount of back
and forth we have to do over support tickets when setting up someone’s
branding.

If something else is the only option then we don’t show the radio button
at all and have just the free text input on the page (not behind a
progressive disclosure).

											
										
										
											2019-09-12 14:33:11 +01:00
 								    @property
 								    def something_else_is_only_option(self):
 								        return self.options.choices == (self.FALLBACK_OPTION,)
 								    def validate_something_else(self, field):
 								        if (
-												Ensure gov.uk branding only available for emails and not for letters

Also align and statements

											
										
										
											2020-01-21 16:39:15 +00:00
+								            self.something_else_is_only_option
 								            or self.options.data == self.FALLBACK_OPTION_VALUE
-												Allow elaboration when ‘something else’ is chosen

Letting people input a bit of free text should reduce the amount of back
and forth we have to do over support tickets when setting up someone’s
branding.

If something else is the only option then we don’t show the radio button
at all and have just the free text input on the page (not behind a
progressive disclosure).

											
										
										
											2019-09-12 14:33:11 +01:00
+								        ) and not field.data:
-												Replace negative contraction with Cannot

In accordance with style guide
											
										
										
											2019-09-18 14:21:25 +01:00
+								            raise ValidationError('Cannot be empty')
-												Allow elaboration when ‘something else’ is chosen

Letting people input a bit of free text should reduce the amount of back
and forth we have to do over support tickets when setting up someone’s
branding.

If something else is the only option then we don’t show the radio button
at all and have just the free text input on the page (not behind a
progressive disclosure).

											
										
										
											2019-09-12 14:33:11 +01:00
 								        if self.options.data != self.FALLBACK_OPTION_VALUE:
 								            field.data = ''
-												Only show relevant choices of email branding

Users who work in local government can’t have GOV.UK branding on their
emails. And only those working for Companies House (for example) can
request the Companies House branding.

This commit adds:
- new choices of email branding, which offer the name of the branding,
  rather than the style
- logic to filter this list to only the applicable options, based on
  what we know about the user, service and organisation

This is a change from the previous approach which put the onus on users
to figure out the style of branding they wanted, when we might already
know that a lot of the options weren’t available to them, or would be
inconsistent with the branding of other services in their organisation.

											
										
										
											2019-09-12 13:45:35 +01:00
-												Adding views to view, add and edit service data retention policies.
Only visible to a platform admin.
A service can have a custom number of days to retain the notification data for each notification type.

											
										
										
											2018-07-17 14:39:04 +01:00
 								class ServiceDataRetentionForm(StripWhitespaceForm):
 								    notification_type = RadioField(
 								        'What notification type?',
 								        choices=[
 								            ('email', 'Email'),
 								            ('sms', 'SMS'),
 								            ('letter', 'Letter'),
 								        ],
 								        validators=[DataRequired()],
 								    )
 								    days_of_retention = IntegerField(label="Days of retention",
 								                                     validators=[validators.NumberRange(min=3, max=90,
 								                                                                        message="Must be between 3 and 90")],
 								                                     )
 								class ServiceDataRetentionEditForm(StripWhitespaceForm):
 								    days_of_retention = IntegerField(label="Days of retention",
 								                                     validators=[validators.NumberRange(min=3, max=90,
 								                                                                        message="Must be between 3 and 90")],
 								                                     )
-												Add a platform admin page to submit returned letter references

A platform admin form accepts a list of references (one per line)
received from DVLA and sends them to the API to update notification
statuses.

References we get from DVLA start with `NOTIFY00\d`, which isn't
part of the reference we store in the database, so we remove them
before sending the data to the API.

The new `returned-letter` status should be treated as `delivered`
for now until we decide a way to display returned letters to users.

											
										
										
											2018-09-06 16:34:23 +01:00
 								class ReturnedLettersForm(StripWhitespaceForm):
 								    references = TextAreaField(
 								        u'Letter references',
 								        validators=[
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            DataRequired(message="Cannot be empty"),
-												Add a platform admin page to submit returned letter references

A platform admin form accepts a list of references (one per line)
received from DVLA and sends them to the API to update notification
statuses.

References we get from DVLA start with `NOTIFY00\d`, which isn't
part of the reference we store in the database, so we remove them
before sending the data to the API.

The new `returned-letter` status should be treated as `delivered`
for now until we decide a way to display returned letters to users.

											
										
										
											2018-09-06 16:34:23 +01:00
+								        ]
 								    )
-												add template folder form

											
										
										
											2018-11-01 16:02:43 +00:00
 								class TemplateFolderForm(StripWhitespaceForm):
-												Show all users in folder viewing permissions, correct users checked

											
										
										
											2019-03-18 16:12:12 +00:00
+								    def __init__(self, all_service_users=None, *args, **kwargs):
-												Show checkboxes for users with permission to view the managed folder

											
										
										
											2019-03-15 14:13:27 +00:00
+								        super().__init__(*args, **kwargs)
-												Show all users in folder viewing permissions, correct users checked

											
										
										
											2019-03-18 16:12:12 +00:00
+								        if all_service_users is not None:
 								            self.users_with_permission.all_service_users = all_service_users
 								            self.users_with_permission.choices = [
 								                (item.id, item.name) for item in all_service_users
-												Show checkboxes for users with permission to view the managed folder

											
										
										
											2019-03-15 14:13:27 +00:00
+								            ]
-												Update manage folder page

											
										
										
											2020-04-09 20:56:17 +01:00
+								    users_with_permission = govukCollapsibleCheckboxesField(
 								        'Team members who can see this folder',
 								        field_label='folder')
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								    name = StringField('Folder name', validators=[DataRequired(message='Cannot be empty')])
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								def required_for_ops(*operations):
 								    operations = set(operations)
 								    def validate(form, field):
-												fix being able to add template without selecting a radio button

											
										
										
											2018-12-07 16:38:48 +00:00
+								        if form.op not in operations and any(field.raw_data):
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								            # super weird
-												fix being able to add template without selecting a radio button

											
										
										
											2018-12-07 16:38:48 +00:00
+								            raise validators.StopValidation('Must be empty')
 								        if form.op in operations and not any(field.raw_data):
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								            raise validators.StopValidation('Cannot be empty')
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								    return validate
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
+								class TemplateAndFoldersSelectionForm(Form):
-												add fieldsets to template/folder form and update docstrings

also remove erroneous pytest.ini cfg and reset button

											
										
										
											2018-11-27 14:33:50 +00:00
+								    """
-												fix being able to add template without selecting a radio button

											
										
										
											2018-12-07 16:38:48 +00:00
+								    This form expects the form data to include an operation, based on which submit button is clicked.
-												add fieldsets to template/folder form and update docstrings

also remove erroneous pytest.ini cfg and reset button

											
										
										
											2018-11-27 14:33:50 +00:00
+								    If enter is pressed, unknown will be sent by a hidden submit button at the top of the form.
 								    The value of this operation affects which fields are required, expected to be empty, or optional.
 								    * unknown
 								        currently not implemented, but in the future will try and work out if there are any obvious commands that can be
 								        assumed based on which fields are empty vs populated.
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								    * move-to-existing-folder
-												add fieldsets to template/folder form and update docstrings

also remove erroneous pytest.ini cfg and reset button

											
										
										
											2018-11-27 14:33:50 +00:00
+								        must have data for templates_and_folders checkboxes, and move_to radios
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								    * move-to-new-folder
-												add fieldsets to template/folder form and update docstrings

also remove erroneous pytest.ini cfg and reset button

											
										
										
											2018-11-27 14:33:50 +00:00
+								        must have data for move_to_new_folder_name, cannot have data for move_to_existing_folder_name
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								    * add-new-folder
-												add fieldsets to template/folder form and update docstrings

also remove erroneous pytest.ini cfg and reset button

											
										
										
											2018-11-27 14:33:50 +00:00
+								        must have data for move_to_existing_folder_name, cannot have data for move_to_new_folder_name
 								    """
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
 								    ALL_TEMPLATES_FOLDER = {
-												Rename ‘All templates’

											
										
										
											2019-01-04 13:34:15 +00:00
+								        'name': 'Templates',
-												Make handling of `None` values in forms clearer

If the browser posts the value of `<input value='None'>` to the server
it does so as a string.

We want to post a value of `None` (actually JSON `null`) to the API. To
do this we:
- set the value in the form class to `'None'` (ie a string)
- convert to `None` (as a type) afterwards

However seeing `x = 'None'` in code looks a bit like a mistake. So to
make sure it looks deliberate and clear what is happening this commit:
- makes a reusable constant for `'None'`
- adds a comment explaining why it’s a string

											
										
										
											2018-11-12 09:04:39 +00:00
+								        'id': RadioFieldWithNoneOption.NONE_OPTION_VALUE,
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
+								    }
 								    def __init__(
 								        self,
-												Allow any sub-items to be moved from a folder

Since you can now see them when searching you should also be able to
select and move them. Which means that they needed to be included in
the `Form`’s list of possible choices of things to move.

											
										
										
											2018-11-23 16:29:21 +00:00
+								        all_template_folders,
 								        template_list,
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								        available_template_types,
-												Let users add new template from the choose page

Since we’re letting users add new folders directly from the choose page
it makes sense that they should also be able to add templates from
there.

This resolves the problem we saw in user research where people found it
hard to know where to go to add a new folder when they were all behind
one green button.

											
										
										
											2018-11-28 13:48:13 +00:00
+								        allow_adding_copy_of_template,
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
+								        *args,
 								        **kwargs
 								    ):
 								        super().__init__(*args, **kwargs)
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								        self.available_template_types = available_template_types
-												Allow any sub-items to be moved from a folder

Since you can now see them when searching you should also be able to
select and move them. Which means that they needed to be included in
the `Form`’s list of possible choices of things to move.

											
										
										
											2018-11-23 16:29:21 +00:00
+								        self.templates_and_folders.choices = template_list.as_id_and_name
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								        self.op = None
-												Let users add new template from the choose page

Since we’re letting users add new folders directly from the choose page
it makes sense that they should also be able to add templates from
there.

This resolves the problem we saw in user research where people found it
hard to know where to go to add a new folder when they were all behind
one green button.

											
										
										
											2018-11-28 13:48:13 +00:00
+								        self.is_move_op = self.is_add_folder_op = self.is_add_template_op = False
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
-												Display the template folders nested on the move template/folder form

Before, all the folders were displayed in a list which was ordered but
not nested. This changes the move form to nest the template folders.

											
										
										
											2018-12-18 14:40:53 +00:00
+								        self.move_to.all_template_folders = all_template_folders
-												Allow any sub-items to be moved from a folder

Since you can now see them when searching you should also be able to
select and move them. Which means that they needed to be included in
the `Form`’s list of possible choices of things to move.

											
										
										
											2018-11-23 16:29:21 +00:00
+								        self.move_to.choices = [
 								            (item['id'], item['name'])
 								            for item in ([self.ALL_TEMPLATES_FOLDER] + all_template_folders)
-												Show form elements for templates and folders

This commit adds:
- checkboxes to let you select a template or folder
- radio buttons to let you select where to move those template(s) and/or
  folder(s) to

It only does the `get` part of this work; handling the `post` and
calling API will be done in a subsequent commit.

											
										
										
											2018-11-08 11:56:29 +00:00
+								        ]
-												Set form choices as a list, not an iterator

Iterators can be exhausted, causing options to unexpectedly disappear
from the radio buttons.

											
										
										
											2018-11-30 15:02:55 +00:00
+								        self.add_template_by_template_type.choices = list(filter(None, [
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								            # We want to show email and text message to everyone,
 								            # whether or not the service has them switched on. The
 								            # option to add letter or broadcast templates should only
 								            # be shown to services which have that permission
-												Updated new template menu content

Updated new template menu content to make it consistent with the `New template` button and `Copy an existing template` page
											
										
										
											2019-02-20 14:39:40 +00:00
+								            ('email', 'Email'),
 								            ('sms', 'Text message'),
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								            ('letter', 'Letter') if 'letter' in available_template_types else None,
 								            ('broadcast', 'Broadcast') if 'broadcast' in available_template_types else None,
-												Updated new template menu content

Updated new template menu content to make it consistent with the `New template` button and `Copy an existing template` page
											
										
										
											2019-02-20 14:39:40 +00:00
+								            ('copy-existing', 'Copy an existing template') if allow_adding_copy_of_template else None,
-												Set form choices as a list, not an iterator

Iterators can be exhausted, causing options to unexpectedly disappear
from the radio buttons.

											
										
										
											2018-11-30 15:02:55 +00:00
+								        ]))
-												Let users add new template from the choose page

Since we’re letting users add new folders directly from the choose page
it makes sense that they should also be able to add templates from
there.

This resolves the problem we saw in user research where people found it
hard to know where to go to add a new folder when they were all behind
one green button.

											
										
										
											2018-11-28 13:48:13 +00:00
-												Allow adding broadcast templates

At the moment the page is the same as for text message templates,
except:
- different H1
- no guidance about personalisation, links, etc (until we decide how
  these should work)

For now you won’t be able to really create a broadcast template, because
the API doesn’t support it (the API will respond with a 400). But that’s
OK because no real services have the broadcast permission yet.

This required a bit of refactoring of how we check which template types
a service can use, because there were some hard-coded assumptions about
emails and text messages.

											
										
										
											2020-07-01 16:43:08 +01:00
+								    @property
 								    def trying_to_add_unavailable_template_type(self):
 								        return all((
 								            self.is_add_template_op,
 								            self.add_template_by_template_type.data,
 								            self.add_template_by_template_type.data not in self.available_template_types,
 								        ))
-												pre-check templates/folders that were checked previously

(when rendering an error)

											
										
										
											2018-11-30 16:31:42 +00:00
+								    def is_selected(self, template_folder_id):
 								        return template_folder_id in (self.templates_and_folders.data or [])
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
+								    def validate(self):
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								        self.op = request.form.get('operation')
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								        self.is_move_op = self.op in {'move-to-existing-folder', 'move-to-new-folder'}
 								        self.is_add_folder_op = self.op in {'add-new-folder', 'move-to-new-folder'}
 								        self.is_add_template_op = self.op in {'add-new-template'}
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
-												Let users add new template from the choose page

Since we’re letting users add new folders directly from the choose page
it makes sense that they should also be able to add templates from
there.

This resolves the problem we saw in user research where people found it
hard to know where to go to add a new folder when they were all behind
one green button.

											
										
										
											2018-11-28 13:48:13 +00:00
+								        if not (self.is_add_folder_op or self.is_move_op or self.is_add_template_op):
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
+								            return False
 								        return super().validate()
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								    def get_folder_name(self):
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								        if self.op == 'add-new-folder':
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								            return self.add_new_folder_name.data
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								        elif self.op == 'move-to-new-folder':
-												split out new folder into two separate forms

move_to_new_folder and add_new_folder are now two separate html fields
and form items - so that we can more easily manipulate them on the
front end

											
										
										
											2018-11-20 18:03:57 +00:00
+								            return self.move_to_new_folder_name.data
 								        return None
-												move add new folder and move to folder into one dialog box

this lets us combine the two actions to create "Move to a new folder".
If the user hits enter rather than clicking a button, there is a hidden
submit button that (for now) prevents them from taking any action.
A future commit will try and understand what the user might be doing
based on which fields are populated/selected.

											
										
										
											2018-11-15 17:31:07 +00:00
-												Update templates page

Includes:
- changes to the govukCheckboxesField class
  to allow params to be extended at render time
- updates to templates and folders CSS

											
										
										
											2020-04-09 11:51:11 +01:00
+								    templates_and_folders = govukCheckboxesField(
 								        'Choose templates or folders',
 								        validators=[required_for_ops('move-to-new-folder', 'move-to-existing-folder')],
 								        choices=[],  # added to keep order of arguments, added properly in __init__
 								        param_extensions={
 								            "fieldset": {
 								                "legend": {
 								                    "classes": "govuk-visually-hidden"
 								                }
 								            }
 								        }
 								    )
-												Swap order of move_to validators

If Optional runs before required_for_ops, it stops
the validation chain so it doesn't get to
required_for_ops. The move_to field isn't required
for the 'move-to-new-folder' operation, so this has
been removed.

This also adds comments explaining why we set
default to an empty string when instantiating the
move_to field.

											
										
										
											2019-01-03 14:58:20 +00:00
+								    # if no default set, it is set to None, which process_data transforms to '__NONE__'
 								    # this means '__NONE__' (self.ALL_TEMPLATES option) is selected when no form data has been submitted
 								    # set default to empty string so process_data method doesn't perform any transformation
-												Display the template folders nested on the move template/folder form

Before, all the folders were displayed in a list which was ordered but
not nested. This changes the move form to nest the template folders.

											
										
										
											2018-12-18 14:40:53 +00:00
+								    move_to = NestedRadioField(
 								        'Choose a folder',
-												Change move folder form to not have default radio btn and to show hint

Updated the move folder form to add a hint for the radio button for the
current folder saying 'current folder'. This hint does not get shown if
you are viewing all folders (so you are not inside a folder).

Also stopped a default radio button from being selected on the form.

											
										
										
											2019-01-02 17:12:18 +00:00
+								        default='',
-												Display the template folders nested on the move template/folder form

Before, all the folders were displayed in a list which was ordered but
not nested. This changes the move form to nest the template folders.

											
										
										
											2018-12-18 14:40:53 +00:00
+								        validators=[
-												Swap order of move_to validators

If Optional runs before required_for_ops, it stops
the validation chain so it doesn't get to
required_for_ops. The move_to field isn't required
for the 'move-to-new-folder' operation, so this has
been removed.

This also adds comments explaining why we set
default to an empty string when instantiating the
move_to field.

											
										
										
											2019-01-03 14:58:20 +00:00
+								            required_for_ops('move-to-existing-folder'),
 								            Optional()
-												Display the template folders nested on the move template/folder form

Before, all the folders were displayed in a list which was ordered but
not nested. This changes the move form to nest the template folders.

											
										
										
											2018-12-18 14:40:53 +00:00
+								        ])
-												change operations to kebab-case

so that they better align with the front-end, where they'll be used in
data attributes. Also, making the kebab case is nice because it doesn't
give favouritism to either JS or python naming conventions

											
										
										
											2018-12-04 14:47:05 +00:00
+								    add_new_folder_name = StringField('Folder name', validators=[required_for_ops('add-new-folder')])
 								    move_to_new_folder_name = StringField('Folder name', validators=[required_for_ops('move-to-new-folder')])
-												Let users add new template from the choose page

Since we’re letting users add new folders directly from the choose page
it makes sense that they should also be able to add templates from
there.

This resolves the problem we saw in user research where people found it
hard to know where to go to add a new folder when they were all behind
one green button.

											
										
										
											2018-11-28 13:48:13 +00:00
-												Updated new template menu content

Updated new template menu content to make it consistent with the `New template` button and `Copy an existing template` page
											
										
										
											2019-02-20 14:39:40 +00:00
+								    add_template_by_template_type = RadioFieldWithRequiredMessage('New template', validators=[
-												fix being able to add template without selecting a radio button

											
										
										
											2018-12-07 16:38:48 +00:00
+								        required_for_ops('add-new-template'),
-												Use unambiguously magic value for `None` choices

WTForms coerces `None` as a choice to `'None'` as a string when
rendering form fields (form fields will only ever have string data
because that what the browser posts back).

But internally WTForms coerces `None` to mean an unset value, ie where
the user hasn’t selected a radio button:
https://github.com/wtforms/wtforms/blob/283b2803206825158834f1828bbf749c129b7c47/src/wtforms/utils.py#L1-L20

We shouldn’t use `None` to mean two different things. And in fact we
can’t, because it in effect means that we’re always getting a value
for the `move_to` field, even if the user hasn’t chosen to move any
templates. Which results in some very expected behaviour.

											
										
										
											2018-12-03 17:29:23 +00:00
+								        Optional(),
-												change error message for not selecting a template

needed to subclass RadioField for this

											
										
										
											2018-12-07 17:09:15 +00:00
+								    ], required_message='Select the type of template you want to add')
-												add clear cache platform admin page

a form that allows you to clear entries from the cache for all of
either users, services or templates. It'll tell you the largest amount
of keys deleted, since there are multiple keys associated with each
model.

											
										
										
											2019-02-15 10:27:38 +00:00
 								class ClearCacheForm(StripWhitespaceForm):
 								    model_type = RadioField(
 								        'What do you want to clear today',
 								    )
-												Allow custom notes when service goes live

This adds an option on the organisation settings page to add
'request_to_go_live_notes'. When a service belonging to this
organisation requests to go live, any go live notes for the
organisation will be added to the Zendesk ticket in the 'Agreement
signed' section.

											
										
										
											2019-05-13 14:50:40 +01:00
 								class GoLiveNotesForm(StripWhitespaceForm):
 								    request_to_go_live_notes = TextAreaField(
 								        'Go live notes',
 								        filters=[lambda x: x or None],
 								    )
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
 								class AcceptAgreementForm(StripWhitespaceForm):
-												Add validation for agreement accepted on behalf of

If the user has selected that they are accepting the agreement on behalf
of someone else then we need to make the they provide that person’s
details.

If they’ve selected that they are accepting the agreement themselves
then we have to ignore what they might have put in the ‘on behalf of
boxes’ (for example if they filled them out but then changed their
mind).

											
										
										
											2019-06-18 15:26:04 +01:00
+								    @classmethod
 								    def from_organisation(cls, org):
 								        if org.agreement_signed_on_behalf_of_name and org.agreement_signed_on_behalf_of_email_address:
 								            who = 'someone-else'
 								        elif org.agreement_signed_version:  # only set if user has submitted form previously
 								            who = 'me'
 								        else:
 								            who = None
 								        return cls(
 								            version=org.agreement_signed_version,
 								            who=who,
 								            on_behalf_of_name=org.agreement_signed_on_behalf_of_name,
 								            on_behalf_of_email=org.agreement_signed_on_behalf_of_email_address,
 								        )
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								    version = StringField(
-												Update agreement form content

Update agreement form content
											
										
										
											2019-07-18 10:46:01 +01:00
+								        'Which version of the agreement do you want to accept?'
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								    )
 								    who = RadioField(
-												Update agreement form content
											
										
										
											2019-07-18 15:58:24 +01:00
+								        'Who are you accepting the agreement for?',
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								        choices=(
 								            (
 								                'me',
-												Update agreement form content
											
										
										
											2019-07-18 15:58:24 +01:00
+								                'Yourself',
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								            ),
 								            (
 								                'someone-else',
-												Update agreement form content
											
										
										
											2019-07-18 15:58:24 +01:00
+								                'Someone else',
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								            ),
 								        ),
 								    )
 								    on_behalf_of_name = StringField(
-												Update agreement form content

Update agreement form content
											
										
										
											2019-07-18 10:46:01 +01:00
+								        'What’s their name?'
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								    )
 								    on_behalf_of_email = email_address(
 								        'What’s their email address?',
 								        required=False,
 								        gov_user=False,
 								    )
-												Add validation for agreement accepted on behalf of

If the user has selected that they are accepting the agreement on behalf
of someone else then we need to make the they provide that person’s
details.

If they’ve selected that they are accepting the agreement themselves
then we have to ignore what they might have put in the ‘on behalf of
boxes’ (for example if they filled them out but then changed their
mind).

											
										
										
											2019-06-18 15:26:04 +01:00
+								    def __validate_if_nominating(self, field):
 								        if self.who.data == 'someone-else':
 								            if not field.data:
-												Replace can't with cannot
											
										
										
											2019-09-12 16:42:33 +01:00
+								                raise ValidationError('Cannot be empty')
-												Add validation for agreement accepted on behalf of

If the user has selected that they are accepting the agreement on behalf
of someone else then we need to make the they provide that person’s
details.

If they’ve selected that they are accepting the agreement themselves
then we have to ignore what they might have put in the ‘on behalf of
boxes’ (for example if they filled them out but then changed their
mind).

											
										
										
											2019-06-18 15:26:04 +01:00
+								        else:
 								            field.data = ''
 								    validate_on_behalf_of_name = __validate_if_nominating
 								    validate_on_behalf_of_email = __validate_if_nominating
-												Add pages to let users accept the agreement online

At the moment, the process for accepting the data sharing and financial
agreement is:

1. download a pdf
* print it out
* get someone to sign it
* scan it
* email it back to us
* we rename the file and save it in Google Drive
* we then update the organisation to say the MOU is signed
* sometimes we also:
 * print it out and get it counter-signed
 * scan it again
 * email it back to the service

Let's not do that any more.

When the first service for an organisation that doesn't have the
agreement in place is in the process of going live, then they should
be able to accept the agreement online as part of the go live flow. This
commit adds the pages that let someone do that.

Where the checklist shows the agreement as **[not completed]** then
they can follow a link where they can download it (as happens now).
From here, they should then also be able to provide some info to accept
it. The info that we need is:

**Version** – because we version the agreements occasionally, we need to
know which version they are accepting.  It may not be the latest one if
they downloaded it a while ago and it took time to be signed off

**Who is accepting the agreement** – this will often be someone in the
finance team, and not necessarily a team member, so we should let the
person either accept as themselves, or on behalf of someone else. If
it's on behalf of someone else we need to the name and email address of
that person so we have that on record. Obvs if it's them accepting it
themselves, we have that already (so we just store their user ID and
not their name or email address).

We then replay the collected info back in a sort of legally
binding kind of way pulling in the organisation name too. The wording
we’re using is inspired by what GOV.UK Pay have. Then there’s a big
green button they can click to accept the agreement, which stores their
user ID and and timestamp.

											
										
										
											2019-06-18 14:24:29 +01:00
+								    def validate_version(self, field):
 								        try:
 								            float(field.data)
 								        except (TypeError, ValueError):
 								            raise ValidationError("Must be a number")
-												Add a form for choosing areas

Picking multiple areas at once definitely feels like a need, so let’s
make them checkboxes.

											
										
										
											2020-07-06 10:53:16 +01:00
 								class BroadcastAreaForm(StripWhitespaceForm):
-												Convert checkboxes for broadcast areas

Includes removal of MultiCheckboxField due to it
no longer being used elsewhere in this file.

											
										
										
											2020-07-09 12:04:18 +01:00
+								    areas = govukCheckboxesField('Choose areas to broadcast to')
-												Add a form for choosing areas

Picking multiple areas at once definitely feels like a need, so let’s
make them checkboxes.

											
										
										
											2020-07-06 10:53:16 +01:00
 								    def __init__(self, choices, *args, **kwargs):
 								        super().__init__(*args, **kwargs)
 								        self.areas.choices = choices
-												Convert checkboxes for broadcast areas

Includes removal of MultiCheckboxField due to it
no longer being used elsewhere in this file.

											
										
										
											2020-07-09 12:04:18 +01:00
+								        self.areas.render_as_list = True
 								        self.areas.param_extensions = {'fieldset': {'legend': {'classes': 'govuk-visually-hidden'}}}
-												Add a form for choosing areas

Picking multiple areas at once definitely feels like a need, so let’s
make them checkboxes.

											
										
										
											2020-07-06 10:53:16 +01:00
 								    @classmethod
 								    def from_library(cls, library):
 								        return cls(choices=[
 								            (area.id, area.name) for area in sorted(library)
 								        ])
-												Let users select electoral wards of local authorities

If a library has groups, we should show a link instead of selecting the
group directly.

Then we can give the user the choice of selecting the whole of that
group, or specific areas within the group.

For now the only libraries we have with groups are local authorities,
which group electoral wards.

											
										
										
											2020-07-31 16:20:37 +01:00
 								class BroadcastAreaFormWithSelectAll(BroadcastAreaForm):
 								    select_all = govukCheckboxField('Select all')
 								    @classmethod
 								    def from_library(cls, library, select_all_choice):
 								        instance = super().from_library(library)
 								        (
 								            instance.select_all.area_slug,
 								            instance.select_all.label.text,
 								        ) = select_all_choice
 								        return instance
 								    @property
 								    def selected_areas(self):
 								        if self.select_all.data:
 								            return [self.select_all.area_slug]
 								        return self.areas.data