darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-20 17:20:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
c5d4bfd8efffdfbb59bd4489ec4d8e18b2fad39c
notifications-admin/app/main/validators.py

200 lines
5.8 KiB
Python
Raw Normal View History

Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
import re
Refactor for reuse
2022-01-06 11:06:55 +00:00
from abc import ABC, abstractmethod
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
Update error message about commas in placeholders We call the yellow things ‘double brackets’ on the frontend, not fields or placeholders. This error message was a bit out of date. Also refactored it to use the `Field` class; this code was probably written before `Field` was factored out of `Template`.
2017-12-05 14:48:36 +00:00
from notifications_utils.field import Field
fix xss with service letter contact blocks service contact blocks contain new lines - and jinja2 normally ignores newlines (as in it keeps them as new lines) - but we need to turn them into `<br>` tags so that we can show the formatting that the user has added. We were previously just doing `{{ block | nl2br | safe }}`. nl2br turns the new lines into `<br>` tags, and then `safe` tells jinja that it doesn't need to escape the html. this causes issues if the user adds `<script>alert(1)</script>` to their contact block (or some other evil xss hack), where that will get let through due to the safe flag To solve this, use `Markup(html='escape')` to sanitise any html, and then convert new lines to <br>. bump utils another xss
2020-01-21 16:50:44 +00:00
from notifications_utils.formatters import formatted_list
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from notifications_utils.recipients import (
InvalidEmailError,
validate_email_address,
)
Allow Welsh characters in SMS - This brings in the latest version of notifications-utils which allows Welsh characters in SMS templates. - Updated the pricing page to show the new prices for SMS with certain Welsh characters
2019-05-03 15:13:39 +01:00
from notifications_utils.sanitise_text import SanitiseSMS
Validate length of broadcast content Depends on: - [ ] https://github.com/alphagov/notifications-utils/pull/826/files Adds error messages for when the content of a broadcast template is too long. The error message is explicit when this is cause by non-GSM characters. We may not want to expose this complexity to our users, but it’s useful for now while we’re testing things out.
2020-12-24 13:56:24 +00:00
from notifications_utils.template import BroadcastMessageTemplate
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from wtforms import ValidationError
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
Remove term ‘blacklist’ from codebase ‘Commonly used passwords’ is more specific, and avoids the terminology ‘blacklist’ which the National Cyber Security Centre explain to be problematic: > It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use. > > However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
2020-06-16 18:04:29 +01:00
from app.main._commonly_used_passwords import commonly_used_passwords
Extract Spreadsheet model from app/utils.py `app/utils.py` is a bit of a dumping ground for things we don’t have a better place for. We now have a place and structure for storing ‘model’ code (‘model’ in the model, view, controller (MVC) sense of the word). This commit moves the spreadsheet model to that place.
2021-01-06 12:31:39 +00:00
from app.models.spreadsheet import Spreadsheet
Extract user utility code into own module This provides more room for expansion, and reduces the amount of arbitrary code in the __init__.py file for the new package.
2021-06-09 13:19:05 +01:00
from app.utils.user import is_gov_user
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
Remove term ‘blacklist’ from codebase ‘Commonly used passwords’ is more specific, and avoids the terminology ‘blacklist’ which the National Cyber Security Centre explain to be problematic: > It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use. > > However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
2020-06-16 18:04:29 +01:00
class CommonlyUsedPassword:
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
def __init__(self, message=None):
if not message:
Remove term ‘blacklist’ from codebase ‘Commonly used passwords’ is more specific, and avoids the terminology ‘blacklist’ which the National Cyber Security Centre explain to be problematic: > It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use. > > However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
2020-06-16 18:04:29 +01:00
message = 'Password is in list of commonly used passwords.'
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
self.message = message
def __call__(self, form, field):
Remove term ‘blacklist’ from codebase ‘Commonly used passwords’ is more specific, and avoids the terminology ‘blacklist’ which the National Cyber Security Centre explain to be problematic: > It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use. > > However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. So in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world - but to borrow a slogan from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
2020-06-16 18:04:29 +01:00
if field.data in commonly_used_passwords:
108536374: Implement a validator to exclude passwords on a blacklist
2015-12-01 15:51:09 +00:00
raise ValidationError(self.message)
Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised.
2016-01-07 12:43:10 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class CsvFileValidator:
First slice of csv upload of phone numbers for sending messages. At the moment the file contents are not persisted by checked in memory. The first and last three records are show if all are valid. If there are invalid rows, they are reported and the user is prompted to go back and sort out upload file. The storing of upload result (i.e. validation of file) in session will be removed in next story which is about persisting of file for later processing.
2016-01-11 15:00:51 +00:00
def __init__(self, message='Not a csv file'):
self.message = message
def __call__(self, form, field):
Accept common spreadsheet formats, not just CSV We require users to export their spreadsheets as CSV files before uploading them. But this seems like the sort of thing a computer should be able to do. So this commit adds a wrapper class which: - takes a the uploaded file - returns it in a normalised format, or reads it using pyexcel[1] - gives the data back in CSV format This allows us to accept `.csv`, `.xlsx`, `.xls` (97 and 95), `.ods`, `.xlsm` and `.tsv` files. We can upload the resultant CSV just like normal, and process it for errors as before. Testing --- To test this I’ve added a selection of common spreadsheet files as test data. They all contain the same data, so the tests look to see that the resultant CSV output is the same for each. UI changes --- This commit doesn’t change the UI, apart from to give a different error message if a user uploads a file type that we still don’t understand. I intend to do this as a separate pull request, in order to fulfil https://www.pivotaltracker.com/story/show/119371637
2016-05-05 15:41:11 +01:00
if not Spreadsheet.can_handle(field.data.filename):
Replace isn't with is not
2019-09-13 11:55:21 +01:00
raise ValidationError("{} is not a spreadsheet that Notify can read".format(field.data.filename))
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class ValidGovEmail:
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
def __call__(self, form, field):
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
if field.data == '':
return
Refactor to use a cleaner and lean regex
2016-10-28 10:45:05 +01:00
from flask import url_for
Link to ‘who it’s for’ when error creating account If someone enters an email address from a domain we don’t recognise we direct them straight to our support channel. This is causing increased contact from suppliers and members of the public. Now that we have a page which explains who can use Notify, let’s direct people there first. Then if they really do need to contact support (because we don’t recognise their organisation) then they can do so from that page.
2020-03-26 12:41:46 +00:00
message = '''
Enter a public sector email address or
<a class="govuk-link govuk-link--no-visited-state" href="{}">find out who can use Notify</a>
Update who_can_use_notify link
2020-05-20 15:58:36 +01:00
'''.format(url_for('main.who_can_use_notify'))
Refactor to use a cleaner and lean regex
2016-10-28 10:45:05 +01:00
if not is_gov_user(field.data.lower()):
Valid email domains added and tests passing.
2016-03-18 12:05:50 +00:00
raise ValidationError(message)
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
Bump WTForms to 2.3.1 This involves three changes which broke our code. To validate email addresses, the optional dependency `email-validator` must be installed<sup>1</sup>. But since we don’t use WTForms’ email validation, we shouldn’t need to subclass it – it can just be its own self contained thing. Then we don’t need to add the extra dependency. When rendering textareas, and extra `\r\n` is inserted at the beginning <sup>2</sup>. Browsers will strip this when displaying the textbox and submitting the form, but some of our tests need updating to account for this. The error message for when you don’t choose an option from some radio buttons has now changed. Rather than just accepting WTForms’ new message, this commit makes the error messages like the examples from the Design System<sup>3</sup>. By default it will say ‘Select an option’, but by passing in an extra parameter (`thing`) it can be customised to be more specific, for example ‘Select a type of organisation’. *** 1. https://github.com/wtforms/wtforms/pull/429 2. https://github.com/wtforms/wtforms/issues/238 3. https://design-system.service.gov.uk/components/radios/#error-messages
2020-04-22 17:49:03 +01:00
class ValidEmail:
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
Bump WTForms to 2.3.1 This involves three changes which broke our code. To validate email addresses, the optional dependency `email-validator` must be installed<sup>1</sup>. But since we don’t use WTForms’ email validation, we shouldn’t need to subclass it – it can just be its own self contained thing. Then we don’t need to add the extra dependency. When rendering textareas, and extra `\r\n` is inserted at the beginning <sup>2</sup>. Browsers will strip this when displaying the textbox and submitting the form, but some of our tests need updating to account for this. The error message for when you don’t choose an option from some radio buttons has now changed. Rather than just accepting WTForms’ new message, this commit makes the error messages like the examples from the Design System<sup>3</sup>. By default it will say ‘Select an option’, but by passing in an extra parameter (`thing`) it can be customised to be more specific, for example ‘Select a type of organisation’. *** 1. https://github.com/wtforms/wtforms/pull/429 2. https://github.com/wtforms/wtforms/issues/238 3. https://design-system.service.gov.uk/components/radios/#error-messages
2020-04-22 17:49:03 +01:00
message = 'Enter a valid email address'
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
def __call__(self, form, field):
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
Bump WTForms and Flask-WTF to latest versions WTForms versions less than 3.0.0 have a security vulnerability where arbitrary HTML can be inserted into the label of a form, allowing the possibility of a cross-site scripting attack. I don’t know if there’s anywhere we put user-generated content into form labels but it’s possible we are vulnerable somewhere. This require moving some imports because as of https://github.com/wtforms/wtforms/pull/614/files there is no longer a separate module for HTML 5 fields, they are now considered core fields. As of https://github.com/wtforms/wtforms/issues/445/files custom implementations of `pre_validate` or `post_validate` must raise `ValidationError` to trigger a validation message, where we were raising `ValueError` this was no longer being caught. As of https://github.com/wtforms/wtforms/pull/355/files `StringField` returns `None` for empty data, not `''` but our `validate_email_address` function only accepts strings.
2021-11-30 17:17:16 +00:00
if not field.data:
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
return
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
try:
validate_email_address(field.data)
except InvalidEmailError:
raise ValidationError(self.message)
Use email fields for feedback form Otherwise we can end up collecting invalid email addresses… This required some refactoring to allow our email fields to be optional (but not by default).
2018-12-07 12:23:12 +00:00
validate email addresses in one-off flow previously we were just using the wtforms builtin email validator, which is much more relaxed than our own one. It'd catch bad emails when POSTing to the API, resulting in an ugly error message. It's easy work to make sure we validate email addresses as soon as they're entered.
2018-02-14 14:35:16 +00:00
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
class NoCommasInPlaceHolders:
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
Update tests for content changes.
2019-09-13 16:00:56 +01:00
def __init__(self, message='You cannot put commas between double brackets'):
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
self.message = message
def __call__(self, form, field):
Update error message about commas in placeholders We call the yellow things ‘double brackets’ on the frontend, not fields or placeholders. This error message was a bit out of date. Also refactored it to use the `Field` class; this code was probably written before `Field` was factored out of `Template`.
2017-12-05 14:48:36 +00:00
if ',' in ''.join(Field(field.data).placeholders):
Don’t allow commas in placeholders > If a user tries to save a template containing something like > ((name,date)) we should give a validation error. This is because it causes havoc with the column headers in CSV files. https://www.pivotaltracker.com/story/show/117043389
2016-04-07 16:02:06 +01:00
raise ValidationError(self.message)
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
Refactor for reuse
2022-01-06 11:06:55 +00:00
class NoElementInSVG(ABC):
Do not allow to upload SVG logos with embedded raster images in them Those are for example png or jpg images. They do not render properly.
2020-03-04 14:25:14 +00:00
Refactor for reuse
2022-01-06 11:06:55 +00:00
@property
@abstractmethod
def element(self):
pass
@property
@abstractmethod
def message(self):
pass
Do not allow to upload SVG logos with embedded raster images in them Those are for example png or jpg images. They do not render properly.
2020-03-04 14:25:14 +00:00
def __call__(self, form, field):
Refactor for reuse
2022-01-06 11:06:55 +00:00
svg_contents = field.data.stream.read().decode("utf-8")
Fix logo upload - we need to rewind the bytestream after we read it
2020-03-04 17:26:19 +00:00
field.data.stream.seek(0)
Refactor for reuse
2022-01-06 11:06:55 +00:00
if f'<{self.element}' in svg_contents.lower():
Do not allow to upload SVG logos with embedded raster images in them Those are for example png or jpg images. They do not render properly.
2020-03-04 14:25:14 +00:00
raise ValidationError(self.message)
Refactor for reuse
2022-01-06 11:06:55 +00:00
class NoEmbeddedImagesInSVG(NoElementInSVG):
element = 'image'
message = 'This SVG has an embedded raster image in it and will not render well'
Don’t allow `<text>` elements in letter logos To render text in an SVG consistently the system rendering the SVG must have the fonts specified by the SVG installed. If the fonts are not installed then the renderer will fall back to a system font and the text will look different. This is especially bad news for branding where the right font is an integral part of any brand. To fix this, the text should instead be converted to `<path>` elements. This process is sometimes called ‘outlining’. A few of our logos had this problem, and I’ve fixed most of them by hand. Adding this validation will stop the problem, coming up again.
2022-01-06 11:21:12 +00:00
class NoTextInSVG(NoElementInSVG):
element = 'text'
message = 'This SVG has text which has not been converted to paths and may not render well'
Allow Welsh characters in SMS - This brings in the latest version of notifications-utils which allows Welsh characters in SMS templates. - Updated the pricing page to show the new prices for SMS with certain Welsh characters
2019-05-03 15:13:39 +01:00
class OnlySMSCharacters:
Make error message specific to template type
2020-07-03 15:46:00 +01:00
def __init__(self, *args, template_type, **kwargs):
self._template_type = template_type
super().__init__(*args, **kwargs)
error when users put non-GSM chars in a sms template additionally, this moves the formatted_list jinja macro into a python function, so that it can be called from the form validator
2017-02-13 13:11:29 +00:00
def __call__(self, form, field):
Allow Welsh characters in SMS - This brings in the latest version of notifications-utils which allows Welsh characters in SMS templates. - Updated the pricing page to show the new prices for SMS with certain Welsh characters
2019-05-03 15:13:39 +01:00
non_sms_characters = sorted(list(SanitiseSMS.get_non_compatible_characters(field.data)))
if non_sms_characters:
allow downgradeable unicode characters in SMS templates
2017-02-14 17:06:32 +00:00
raise ValidationError(
Make error message specific to template type
2020-07-03 15:46:00 +01:00
'You cannot use {} in {}. {} will not show up properly on everyones phones.'.format(
Allow Welsh characters in SMS - This brings in the latest version of notifications-utils which allows Welsh characters in SMS templates. - Updated the pricing page to show the new prices for SMS with certain Welsh characters
2019-05-03 15:13:39 +01:00
formatted_list(non_sms_characters, conjunction='or', before_each='', after_each=''),
Make error message specific to template type
2020-07-03 15:46:00 +01:00
{
'broadcast': 'broadcasts',
'sms': 'text messages',
}.get(self._template_type),
Allow Welsh characters in SMS - This brings in the latest version of notifications-utils which allows Welsh characters in SMS templates. - Updated the pricing page to show the new prices for SMS with certain Welsh characters
2019-05-03 15:13:39 +01:00
('It' if len(non_sms_characters) == 1 else 'They')
allow downgradeable unicode characters in SMS templates
2017-02-14 17:06:32 +00:00
)
)
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
Don’t allow personalisation in broadcast templates Since we don’t have a way of filling in the personalisation at the moment we shouldn’t allow people to make templates that require it.
2020-10-05 17:17:21 +01:00
class NoPlaceholders:
def __init__(self, message=None):
self.message = message or (
'You cant use ((double brackets)) to personalise this message'
)
def __call__(self, form, field):
if Field(field.data).placeholders:
raise ValidationError(self.message)
Validate length of broadcast content Depends on: - [ ] https://github.com/alphagov/notifications-utils/pull/826/files Adds error messages for when the content of a broadcast template is too long. The error message is explicit when this is cause by non-GSM characters. We may not want to expose this complexity to our users, but it’s useful for now while we’re testing things out.
2020-12-24 13:56:24 +00:00
class BroadcastLength:
def __call__(self, form, field):
template = BroadcastMessageTemplate({
'template_type': 'broadcast',
'content': field.data,
})
if template.content_too_long:
non_gsm_characters = list(sorted(template.non_gsm_characters))
if non_gsm_characters:
raise ValidationError(
f'Content must be {template.max_content_count:,.0f} '
f'characters or fewer because it contains '
f'{formatted_list(non_gsm_characters, conjunction="and", before_each="", after_each="")}'
)
raise ValidationError(
f'Content must be {template.max_content_count:,.0f} '
f'characters or fewer'
)
Allow straight single quote in sms sender names This is so we can allow the sender name 'UC' for DWP. Note, this is specifically only straight single quotes and not curly quotes or double quotes. Curly quotes are not supported in the GSM character set (https://en.wikipedia.org/wiki/GSM_03.38). There is currently no defined user ask to support double quotes in sms sender names. I have tested this by sending a message through both Firetext and MMG to make sure they both support the single quote character in SMS sender names. DWP also have had no particular issues using the SMS sender name with their existing system in the past either.
2021-07-26 15:10:57 +01:00
class LettersNumbersSingleQuotesFullStopsAndUnderscoresOnly:
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
Allow straight single quote in sms sender names This is so we can allow the sender name 'UC' for DWP. Note, this is specifically only straight single quotes and not curly quotes or double quotes. Curly quotes are not supported in the GSM character set (https://en.wikipedia.org/wiki/GSM_03.38). There is currently no defined user ask to support double quotes in sms sender names. I have tested this by sending a message through both Firetext and MMG to make sure they both support the single quote character in SMS sender names. DWP also have had no particular issues using the SMS sender name with their existing system in the past either.
2021-07-26 15:10:57 +01:00
regex = re.compile(r"^[a-zA-Z0-9\s\._']+$")
Refactor to use validator class Using a separate validator class to check for appropriate characters in a text message sender means that we’re not doing this validation in a different way from the other checks (length and required). So the code is cleaner.
2018-01-31 10:26:37 +00:00
def __init__(self, message='Use letters and numbers only'):
self.message = message
def __call__(self, form, field):
if field.data and not re.match(self.regex, field.data):
raise ValidationError(self.message)
Update SMS sender validation to reject senders starting with 00 Having SMS senders that start with 00 can cause issues with Firetext due to Firetext's validation rules, so we shouldn't allow SMS senders to start with 00. Firetext treats a double 00 at the start of the senderID as an international prefix, so removes them. A sender of 00447876574016 would become 447876574016. Under Firetext's validation rules, an SMS sender of five 0s (00000) would become 4400. This is because the first 00 are removed (as the international prefix). The third 0 is seen as the start of a phone number, and becomes 44, leaving the final 00 = 4400.
2018-02-28 11:50:41 +00:00
class DoesNotStartWithDoubleZero:
Update tests for content changes.
2019-09-13 16:00:56 +01:00
def __init__(self, message="Cannot start with 00"):
Update SMS sender validation to reject senders starting with 00 Having SMS senders that start with 00 can cause issues with Firetext due to Firetext's validation rules, so we shouldn't allow SMS senders to start with 00. Firetext treats a double 00 at the start of the senderID as an international prefix, so removes them. A sender of 00447876574016 would become 447876574016. Under Firetext's validation rules, an SMS sender of five 0s (00000) would become 4400. This is because the first 00 are removed (as the international prefix). The third 0 is seen as the start of a phone number, and becomes 44, leaving the final 00 = 4400.
2018-02-28 11:50:41 +00:00
self.message = message
def __call__(self, form, field):
if field.data and field.data.startswith("00"):
raise ValidationError(self.message)
Validate service and organisation name
2019-11-08 17:12:32 +00:00
class MustContainAlphanumericCharacters:
regex = re.compile(r".*[a-zA-Z0-9].*[a-zA-Z0-9].*")
def __init__(
self,
message="Must include at least two alphanumeric characters"
):
self.message = message
def __call__(self, form, field):
if field.data and not re.match(self.regex, field.data):
raise ValidationError(self.message)
Reference in New Issue Copy Permalink