app/main/validators.py

import re
from wtforms import ValidationError
from datetime import datetime
from app.main.encryption import check_hash


class Blacklist(object):
    def __init__(self, message=None):
        if not message:
            message = 'Password is blacklisted.'
        self.message = message

    def __call__(self, form, field):
        if field.data in ['password1234', 'passw0rd1234']:
            raise ValidationError(self.message)


class CsvFileValidator(object):

    def __init__(self, message='Not a csv file'):
        self.message = message

    def __call__(self, form, field):
        if not form.file.data.mimetype == 'text/csv':
            raise ValidationError(self.message)


class ValidEmailDomainRegex(object):

    def __call__(self, form, field):
        from flask import (current_app, url_for)
        message = (
            'Enter a central government email address.'
            ' If you think you should have access'
            ' <a href="{}">contact us</a>').format(
                "https://docs.google.com/forms/d/1AL8U-xJX_HAFEiQiJszGQw0PcEaEUnYATSntEghNDGo/viewform")
        valid_domains = current_app.config.get('EMAIL_DOMAIN_REGEXES', [])
        email_regex = "(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s]*)*.({}))".format("|".join(valid_domains))
        if not re.match(email_regex, field.data):
            raise ValidationError(message)
Valid email domains added and tests passing. 2016-03-18 12:05:50 +00:00			`import re`
108536374: Implement a validator to exclude passwords on a blacklist 2015-12-01 15:51:09 +00:00			`from wtforms import ValidationError`
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised. 2016-01-07 12:43:10 +00:00			`from datetime import datetime`
			`from app.main.encryption import check_hash`
108536374: Implement a validator to exclude passwords on a blacklist 2015-12-01 15:51:09 +00:00

			`class Blacklist(object):`
			`def __init__(self, message=None):`
			`if not message:`
			`message = 'Password is blacklisted.'`
			`self.message = message`

			`def __call__(self, form, field):`
			`if field.data in ['password1234', 'passw0rd1234']:`
			`raise ValidationError(self.message)`
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised. 2016-01-07 12:43:10 +00:00

First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing. 2016-01-11 15:00:51 +00:00			`class CsvFileValidator(object):`

			`def __init__(self, message='Not a csv file'):`
			`self.message = message`

			`def __call__(self, form, field):`
			`if not form.file.data.mimetype == 'text/csv':`
			`raise ValidationError(self.message)`
Valid email domains added and tests passing. 2016-03-18 12:05:50 +00:00

			`class ValidEmailDomainRegex(object):`

			`def __call__(self, form, field):`
			`from flask import (current_app, url_for)`
			`message = (`
			`'Enter a central government email address.'`
			`' If you think you should have access'`
			`' <a href="{}">contact us</a>').format(`
			`"https://docs.google.com/forms/d/1AL8U-xJX_HAFEiQiJszGQw0PcEaEUnYATSntEghNDGo/viewform")`
			`valid_domains = current_app.config.get('EMAIL_DOMAIN_REGEXES', [])`
			`email_regex = "(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s]).({}))".format("\|".join(valid_domains))`
			`if not re.match(email_regex, field.data):`
			`raise ValidationError(message)`