darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a09ac6cbf5d74efc19d51b774ff700a30e7a2dc1
notifications-admin/app/main/forms.py

226 lines
6.6 KiB
Python
Raw Normal View History

Add form field for a UK mobile phone number This field does two things: - validates the format of the phone number - outputs a consistent representation of the phone number Because of this I think it’s better represented as a new field type, rather than individual validators. I also think that it’s better to do this without regular expression(s), because it makes returning the specific error easier. This commit also adds basic pass/fail test for a series of valid/invalid phone numbers.
2016-01-12 18:10:16 +00:00
import re
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
from flask_wtf import Form
resolve merge conflicts
2016-01-12 10:43:23 +00:00
from wtforms import (
StringField,
PasswordField,
ValidationError,
TextAreaField,
FileField
)
108536366: Implement register flow Includes validation for gov.uk email address, mobile number with +44, password at least 10 char. Form validation errors will be added to template in a later story. User is created when form validates.
2015-12-01 13:23:54 +00:00
from wtforms.validators import DataRequired, Email, Length, Regexp
First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing.
2016-01-11 15:00:51 +00:00
from app.main.validators import Blacklist, ValidateUserCodes, CsvFileValidator
from app.main.dao import verify_codes_dao
from app.main.encryption import check_hash
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
def email_address():
gov_uk_email \
= "(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s]*)*.gov.uk)"
return StringField('Email address', validators=[
Length(min=5, max=255),
DataRequired(message='Email cannot be empty'),
Email(message='Enter a valid email address'),
Regexp(regex=gov_uk_email, message='Enter a gov.uk email address')])
Add form field for a UK mobile phone number This field does two things: - validates the format of the phone number - outputs a consistent representation of the phone number Because of this I think it’s better represented as a new field type, rather than individual validators. I also think that it’s better to do this without regular expression(s), because it makes returning the specific error easier. This commit also adds basic pass/fail test for a series of valid/invalid phone numbers.
2016-01-12 18:10:16 +00:00
class UKMobileNumber(StringField):
def pre_validate(self, form):
self.data = self.data.replace('(', '')
self.data = self.data.replace(')', '')
self.data = self.data.replace(' ', '')
self.data = self.data.replace('-', '')
if self.data.startswith('+'):
self.data = self.data[1:]
Test for specific error messages This commit: - improves the tests to check for specific error messages, rather than just pass/fail - makes the error messages more human, and more suggestive of what the user needs to do to fix the error
2016-01-12 20:55:46 +00:00
if not sum(
Add form field for a UK mobile phone number This field does two things: - validates the format of the phone number - outputs a consistent representation of the phone number Because of this I think it’s better represented as a new field type, rather than individual validators. I also think that it’s better to do this without regular expression(s), because it makes returning the specific error easier. This commit also adds basic pass/fail test for a series of valid/invalid phone numbers.
2016-01-12 18:10:16 +00:00
self.data.startswith(prefix) for prefix in ['07', '447', '4407', '00447']
Test for specific error messages This commit: - improves the tests to check for specific error messages, rather than just pass/fail - makes the error messages more human, and more suggestive of what the user needs to do to fix the error
2016-01-12 20:55:46 +00:00
):
raise ValidationError('Must be a UK mobile number (eg 07700 900460)')
Add form field for a UK mobile phone number This field does two things: - validates the format of the phone number - outputs a consistent representation of the phone number Because of this I think it’s better represented as a new field type, rather than individual validators. I also think that it’s better to do this without regular expression(s), because it makes returning the specific error easier. This commit also adds basic pass/fail test for a series of valid/invalid phone numbers.
2016-01-12 18:10:16 +00:00
for digit in self.data:
try:
int(digit)
except(ValueError):
raise ValidationError('Must not contain letters or symbols')
self.data = self.data.split('7', 1)[1]
if len(self.data) > 9:
raise ValidationError('Too many digits')
if len(self.data) < 9:
Test for specific error messages This commit: - improves the tests to check for specific error messages, rather than just pass/fail - makes the error messages more human, and more suggestive of what the user needs to do to fix the error
2016-01-12 20:55:46 +00:00
raise ValidationError('Not enough digits')
Add form field for a UK mobile phone number This field does two things: - validates the format of the phone number - outputs a consistent representation of the phone number Because of this I think it’s better represented as a new field type, rather than individual validators. I also think that it’s better to do this without regular expression(s), because it makes returning the specific error easier. This commit also adds basic pass/fail test for a series of valid/invalid phone numbers.
2016-01-12 18:10:16 +00:00
def post_validate(self, form, validation_stopped):
if len(self.data) != 9:
return
self.data = '+44 7{} {} {}'.format(*re.findall('...', self.data))
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
def mobile_number():
Add the new field to the application This commit replaces the previous `StringField` used for collecting mobile phone numbers with the `UKMobileNumber` field. This means changing a few of the preexisting tests to have more realistic mobile numbers so that they still pass.
2016-01-13 09:26:38 +00:00
return UKMobileNumber('Mobile phone number',
validators=[DataRequired(message='Cannot be empty')])
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
Add confirmation of password for important changes This commit adds an extra page or field for confirming your current password when making important changes Name | Email address | Mobile number | Password ---------------------|-------------------|-------------------|------------ No password required | As second page | As second page | On same page as new password
2016-01-12 11:25:46 +00:00
def password(label='Create a password'):
return PasswordField(label,
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
validators=[DataRequired(message='Password can not be empty'),
Length(10, 255, message='Password must be at least 10 characters'),
Blacklist(message='That password is blacklisted, too common')])
def sms_code():
verify_code = '^\d{5}$'
return StringField('Text message confirmation code',
validators=[DataRequired(message='Text message confirmation code can not be empty'),
Regexp(regex=verify_code,
message='Text message confirmation code must be 5 digits'),
ValidateUserCodes(code_type='sms')])
def email_code():
verify_code = '^\d{5}$'
return StringField("Email confirmation code",
validators=[DataRequired(message='Email confirmation code can not be empty'),
Regexp(regex=verify_code, message='Email confirmation code must be 5 digits'),
ValidateUserCodes(code_type='email')])
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
class LoginForm(Form):
email_address = StringField('Email address', validators=[
108536490: Adding the login manager and csrf token. Still need to figure out how to override the load_user method, currently it is not working.
2015-11-27 16:25:56 +00:00
Length(min=5, max=255),
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
DataRequired(message='Email cannot be empty'),
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
Email(message='Enter a valid email address')
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
])
Amend name & password labels
2015-12-02 15:23:03 +00:00
password = PasswordField('Password', validators=[
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
DataRequired(message='Enter your password')
108536490: Initial effort to implement log in Add endpoint for post to /sign-in Initialise role data
2015-11-27 09:47:29 +00:00
])
108536366: Implement register flow Includes validation for gov.uk email address, mobile number with +44, password at least 10 char. Form validation errors will be added to template in a later story. User is created when form validates.
2015-12-01 13:23:54 +00:00
class RegisterUserForm(Form):
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates.
2016-01-08 15:12:14 +00:00
def __init__(self, existing_email_addresses, *args, **kwargs):
Update register view form and template.
2016-01-05 12:41:20 +00:00
self.existing_emails = existing_email_addresses
super(RegisterUserForm, self).__init__(*args, **kwargs)
Amend name & password labels
2015-12-02 15:23:03 +00:00
name = StringField('Full name',
108536366: Implement register flow Includes validation for gov.uk email address, mobile number with +44, password at least 10 char. Form validation errors will be added to template in a later story. User is created when form validates.
2015-12-01 13:23:54 +00:00
validators=[DataRequired(message='Name can not be empty')])
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
email_address = email_address()
mobile_number = mobile_number()
password = password()
109526520: render verify template with VerifyForm
2015-12-04 16:21:01 +00:00
Update register view form and template.
2016-01-05 12:41:20 +00:00
def validate_email_address(self, field):
# Validate email address is unique.
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates.
2016-01-08 15:12:14 +00:00
if self.existing_emails(field.data):
Update register view form and template.
2016-01-05 12:41:20 +00:00
raise ValidationError('Email address already exists')
109526520: render verify template with VerifyForm
2015-12-04 16:21:01 +00:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
class TwoFactorForm(Form):
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.
2016-01-07 12:43:10 +00:00
def __init__(self, user_codes, *args, **kwargs):
'''
Keyword arguments:
user_codes -- List of user code objects which have the fields
(code_type, expiry_datetime, code)
'''
self.user_codes = user_codes
super(TwoFactorForm, self).__init__(*args, **kwargs)
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
sms_code = sms_code()
109638656: Implement two factor verify flow When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2015-12-08 12:36:54 +00:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
109526520: render verify template with VerifyForm
2015-12-04 16:21:01 +00:00
class VerifyForm(Form):
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.
2016-01-07 12:43:10 +00:00
def __init__(self, user_codes, *args, **kwargs):
'''
Keyword arguments:
user_codes -- List of user code objects which have the fields
(code_type, expiry_datetime, code)
'''
self.user_codes = user_codes
super(VerifyForm, self).__init__(*args, **kwargs)
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
sms_code = sms_code()
email_code = email_code()
110067722: Added endpoints for add-service Post is not complete as of yet.
2015-12-14 17:12:28 +00:00
109898688: Implementation of text-not-received and email-not-received
2015-12-15 15:35:30 +00:00
class EmailNotReceivedForm(Form):
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
email_address = email_address()
109898688: Implementation of text-not-received and email-not-received
2015-12-15 15:35:30 +00:00
class TextNotReceivedForm(Form):
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
mobile_number = mobile_number()
109898688: Implementation of text-not-received and email-not-received
2015-12-15 15:35:30 +00:00
110067722: Added endpoints for add-service Post is not complete as of yet.
2015-12-14 17:12:28 +00:00
class AddServiceForm(Form):
Test add service completed.
2016-01-15 16:10:24 +00:00
def __init__(self, names_func, *args, **kwargs):
"""
Keyword arguments:
names_func -- Returns a list of unique service_names already registered
on the system.
"""
self._names_func = names_func
Refactor add-service form such that the dao is not exposed in the forms.
2016-01-04 15:31:50 +00:00
super(AddServiceForm, self).__init__(*args, **kwargs)
Refactor for code_not_received, sign_in, two_factor and verify.
2016-01-05 17:08:50 +00:00
service_name = StringField(validators=[
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
DataRequired(message='Service name can not be empty')])
110067722: Add form validation for duplicate service name.
2015-12-15 10:17:43 +00:00
def validate_service_name(self, a):
Test add service completed.
2016-01-15 16:10:24 +00:00
if self.service_name.data in self._names_func():
Refactor add-service form such that the dao is not exposed in the forms.
2016-01-04 15:31:50 +00:00
raise ValidationError('Service name already exists')
Add endpoints for forgot-password.
2016-01-04 14:00:39 +00:00
Add a WTForms-compatible textbox macro This macro: - accepts a WTForm form field as a parameter - renders a form field which follows the GOV.UK Elements patterns, both visually and in markup terms It then changes any page which uses either: - the old, non-WTForms macro or - the old, WTFforms `render_field` macro …to use this new macro and removes both of the old ones. It also adds the option to display hint text above the textbox.
2016-01-11 13:15:10 +00:00
class ServiceNameForm(Form):
service_name = StringField(u'New name')
class ConfirmPasswordForm(Form):
password = PasswordField(u'Enter password')
class TemplateForm(Form):
template_name = StringField(u'Template name')
template_body = TextAreaField(u'Message')
Completion of forgot-password endpoints. Start implementation for new-password endpoints. Created PasswordResetToken model ToDo: create and save token, send valid url to user, check validity of token, update user's password, redirect to /two-factor.
2016-01-05 17:52:09 +00:00
class ForgotPasswordForm(Form):
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
email_address = email_address()
Add endpoints for forgot-password.
2016-01-04 14:00:39 +00:00
New-password endpoints are implemented. There should be a better way to validate the token.
2016-01-06 17:37:07 +00:00
class NewPasswordForm(Form):
Take out the Canadian politeness. Make the error message more consistent. Extracted common fields for the forms.
2016-01-08 12:00:52 +00:00
new_password = password()
First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing.
2016-01-11 15:00:51 +00:00
Add confirmation of password for important changes This commit adds an extra page or field for confirming your current password when making important changes Name | Email address | Mobile number | Password ---------------------|-------------------|-------------------|------------ No password required | As second page | As second page | On same page as new password
2016-01-12 11:25:46 +00:00
class ChangePasswordForm(Form):
old_password = password('Current password')
new_password = password('New password')
First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing.
2016-01-11 15:00:51 +00:00
class CsvUploadForm(Form):
resolve merge conflicts
2016-01-12 10:43:23 +00:00
file = FileField('File to upload', validators=[DataRequired(
message='Please pick a file'), CsvFileValidator()])
Add loops for changing each part of your profile This commit adds a page or series of pages for changing your: Name | Email address | Mobile number | Password ------------------|-------------------|-------------------|------------ Enter new value | Enter new value | Enter new value | Enter new value | Enter 2fa code | Enter 2fa code | Return to profile | Return to profile | Return to profile | Return to profile (each row is a page)
2016-01-12 10:28:14 +00:00
class ChangeNameForm(Form):
new_name = StringField(u'Your name')
class ChangeEmailForm(Form):
email_address = email_address()
class ConfirmEmailForm(Form):
email_code = email_code()
class ChangeMobileNumberForm(Form):
mobile_number = mobile_number()
class ConfirmMobileNumberForm(Form):
sms_code = sms_code()
Reference in New Issue Copy Permalink