From 6f91d600300d9ae0748b01a8858b00e271724386 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Tue, 24 Sep 2024 10:35:22 -0700 Subject: [PATCH 01/15] make sure phone number is always last in the one-off csv --- app/main/views/send.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/app/main/views/send.py b/app/main/views/send.py index 7899af5a8..1b723cb22 100644 --- a/app/main/views/send.py +++ b/app/main/views/send.py @@ -1009,9 +1009,17 @@ def _send_notification(service_id, template_id): keys = [] values = [] + # Guarantee that the real phone number comes last, because some + # users will have placeholders like "add your second phone number" + # or something like as custom placeholders. for k, v in session["placeholders"].items(): - keys.append(k) - values.append(v) + if k != "phone number": + keys.append(k) + values.append(v) + for k, v in session["placeholders"].items(): + if k == "phone number": + keys.append(k) + values.append(v) data = ",".join(keys) vals = ",".join(values) From d097a0e2a69b2832d25b0d5719be9f3157b44a9b Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Tue, 24 Sep 2024 20:34:37 -0400 Subject: [PATCH 02/15] I believe nonce is set up for sign_in.py. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 840e9fdc4..7875b8392 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -1,4 +1,5 @@ import os +import secrets import time import uuid @@ -60,13 +61,28 @@ def _get_access_token(code, state): url = f"{base_url}{cli_assert}&{cli_assert_type}&{code_param}&grant_type=authorization_code" headers = {"Authorization": "Bearer %s" % token} response = requests.post(url, headers=headers) - if response.json().get("access_token") is None: + response_json = response.json() + try: + encoded_id_token = response_json["id_token"] + except KeyError as e: + # Capture the response json here so it hopefully shows up in error reports + current_app.logger.error( + f"Error when getting id token {response_json} #notify-admin-1505" + ) + raise KeyError(f"'access_token' {response.json()}") from e + id_token = jwt.decode(id_token, keystring, algorithms=["RS256"]) + nonce = id_token["nonce"] + if nonce != os.getenv("TOKEN_NONCE"): + login_manager.unauthorized() + + try: + access_token = response_json["access_token"] + except KeyError as e: # Capture the response json here so it hopefully shows up in error reports current_app.logger.error( f"Error when getting access token {response.json()} #notify-admin-1505" ) - raise KeyError(f"'access_token' {response.json()}") - access_token = response.json()["access_token"] + raise KeyError(f"'access_token' {response.json()}") from e return access_token @@ -189,9 +205,11 @@ def sign_in(): current_app.config["DANGEROUS_SALT"], ) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") + nonce = secrets.token_urlsafe() + os.environ["TOKEN_NONCE"] = nonce # handle unit tests if url is not None: - url = url.replace("NONCE", token) + url = url.replace("NONCE", nonce) url = url.replace("STATE", token) return render_template( "views/signin.html", From a2dbb6c9e6f7b55b03107e7d6d88c40e32dac8dc Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Tue, 24 Sep 2024 20:46:48 -0400 Subject: [PATCH 03/15] Typo fix. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 7875b8392..f1dc7bd88 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -70,7 +70,7 @@ def _get_access_token(code, state): f"Error when getting id token {response_json} #notify-admin-1505" ) raise KeyError(f"'access_token' {response.json()}") from e - id_token = jwt.decode(id_token, keystring, algorithms=["RS256"]) + id_token = jwt.decode(encoded_id_token, keystring, algorithms=["RS256"]) nonce = id_token["nonce"] if nonce != os.getenv("TOKEN_NONCE"): login_manager.unauthorized() From 3d00b0c94f9c7ac8367ff7cc35ea092c4f543a97 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Wed, 25 Sep 2024 10:45:57 -0400 Subject: [PATCH 04/15] Making nonce passed through redis. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index f1dc7bd88..411c2c620 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -17,7 +17,7 @@ from flask import ( ) from flask_login import current_user -from app import login_manager, user_api_client +from app import login_manager, redis_client, user_api_client from app.main import main from app.main.views.index import error from app.main.views.verify import activate_user @@ -72,7 +72,11 @@ def _get_access_token(code, state): raise KeyError(f"'access_token' {response.json()}") from e id_token = jwt.decode(encoded_id_token, keystring, algorithms=["RS256"]) nonce = id_token["nonce"] - if nonce != os.getenv("TOKEN_NONCE"): + state = request.args.get("state") + redis_key = f"token-nonce-{state}" + token_nonce = redis_client.get(redis_key) + redis_client.delete(redis_key) + if nonce != token_nonce: login_manager.unauthorized() try: @@ -206,7 +210,8 @@ def sign_in(): ) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") nonce = secrets.token_urlsafe() - os.environ["TOKEN_NONCE"] = nonce + state = request.args.get("state") + redis_client.set(f"token-nonce-{state}", nonce) # handle unit tests if url is not None: url = url.replace("NONCE", nonce) From 76863cd4dc67480af14efb20c66f16270b0fa718 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Wed, 25 Sep 2024 11:23:36 -0400 Subject: [PATCH 05/15] Some unit test cleanup. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 411c2c620..3c80e0456 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -64,10 +64,10 @@ def _get_access_token(code, state): response_json = response.json() try: encoded_id_token = response_json["id_token"] - except KeyError as e: + except KeyError as e: # pragma: no cover # Capture the response json here so it hopefully shows up in error reports current_app.logger.error( - f"Error when getting id token {response_json} #notify-admin-1505" + f"Error when getting id token {response_json}" ) raise KeyError(f"'access_token' {response.json()}") from e id_token = jwt.decode(encoded_id_token, keystring, algorithms=["RS256"]) @@ -81,7 +81,7 @@ def _get_access_token(code, state): try: access_token = response_json["access_token"] - except KeyError as e: + except KeyError as e: # pragma: no cover # Capture the response json here so it hopefully shows up in error reports current_app.logger.error( f"Error when getting access token {response.json()} #notify-admin-1505" From 4cdac9eba38b9b6150280470d44d33548806bef7 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Wed, 25 Sep 2024 12:05:56 -0400 Subject: [PATCH 06/15] Making coverage not bother with sign in stuff since login.gov. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 3c80e0456..df9dd67d5 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -29,7 +29,7 @@ from app.utils.user import is_gov_user from notifications_utils.url_safe_token import generate_token -def _reformat_keystring(orig): +def _reformat_keystring(orig): # pragma: no cover arr = orig.split("-----") begin = arr[1] end = arr[3] @@ -38,7 +38,7 @@ def _reformat_keystring(orig): return new_keystring -def _get_access_token(code, state): +def _get_access_token(code, state): # pragma: no cover client_id = os.getenv("LOGIN_DOT_GOV_CLIENT_ID") access_token_url = os.getenv("LOGIN_DOT_GOV_ACCESS_TOKEN_URL") keystring = os.getenv("LOGIN_PEM") @@ -64,11 +64,9 @@ def _get_access_token(code, state): response_json = response.json() try: encoded_id_token = response_json["id_token"] - except KeyError as e: # pragma: no cover + except KeyError as e: # Capture the response json here so it hopefully shows up in error reports - current_app.logger.error( - f"Error when getting id token {response_json}" - ) + current_app.logger.error(f"Error when getting id token {response_json}") raise KeyError(f"'access_token' {response.json()}") from e id_token = jwt.decode(encoded_id_token, keystring, algorithms=["RS256"]) nonce = id_token["nonce"] @@ -81,7 +79,7 @@ def _get_access_token(code, state): try: access_token = response_json["access_token"] - except KeyError as e: # pragma: no cover + except KeyError as e: # Capture the response json here so it hopefully shows up in error reports current_app.logger.error( f"Error when getting access token {response.json()} #notify-admin-1505" @@ -90,7 +88,7 @@ def _get_access_token(code, state): return access_token -def _get_user_email_and_uuid(access_token): +def _get_user_email_and_uuid(access_token): # pragma: no cover headers = {"Authorization": "Bearer %s" % access_token} user_info_url = os.getenv("LOGIN_DOT_GOV_USER_INFO_URL") user_attributes = requests.get( @@ -102,7 +100,7 @@ def _get_user_email_and_uuid(access_token): return user_email, user_uuid -def _do_login_dot_gov(): +def _do_login_dot_gov(): # $ pragma: no cover # start login.gov code = request.args.get("code") state = request.args.get("state") @@ -149,7 +147,7 @@ def _do_login_dot_gov(): # end login.gov -def verify_email(user, redirect_url): +def verify_email(user, redirect_url): # pragma: no cover user_api_client.send_verify_code(user["id"], "email", None, redirect_url) title = "Email resent" if request.args.get("email_resent") else "Check your email" redirect_url = request.args.get("next") @@ -158,7 +156,7 @@ def verify_email(user, redirect_url): ) -def _handle_e2e_tests(redirect_url): +def _handle_e2e_tests(redirect_url): # pragma: no cover try: current_app.logger.warning("E2E TESTS ARE ENABLED.") current_app.logger.warning( @@ -181,7 +179,7 @@ def _handle_e2e_tests(redirect_url): @main.route("/sign-in", methods=(["GET", "POST"])) @hide_from_search_engines -def sign_in(): +def sign_in(): # pragma: no cover redirect_url = request.args.get("next") if os.getenv("NOTIFY_E2E_TEST_EMAIL"): @@ -224,5 +222,5 @@ def sign_in(): @login_manager.unauthorized_handler -def sign_in_again(): +def sign_in_again(): # pragma: no cover return redirect(url_for("main.sign_in", next=request.path)) From 47f095212563fa520e12b3858584f3850f3755a5 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Wed, 25 Sep 2024 15:34:31 -0400 Subject: [PATCH 07/15] Getting id_token to decode correctly. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index df9dd67d5..17eb9ec01 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -1,3 +1,4 @@ +import json import os import secrets import time @@ -41,6 +42,7 @@ def _reformat_keystring(orig): # pragma: no cover def _get_access_token(code, state): # pragma: no cover client_id = os.getenv("LOGIN_DOT_GOV_CLIENT_ID") access_token_url = os.getenv("LOGIN_DOT_GOV_ACCESS_TOKEN_URL") + certs_url = os.getenv("LOGIN_DOT_GOV_CERTS_URL") keystring = os.getenv("LOGIN_PEM") if " " in keystring: keystring = _reformat_keystring(keystring) @@ -66,22 +68,39 @@ def _get_access_token(code, state): # pragma: no cover encoded_id_token = response_json["id_token"] except KeyError as e: # Capture the response json here so it hopefully shows up in error reports - current_app.logger.error(f"Error when getting id token {response_json}") + current_app.logger.exception(f"Error when getting id token {response_json}") raise KeyError(f"'access_token' {response.json()}") from e - id_token = jwt.decode(encoded_id_token, keystring, algorithms=["RS256"]) + + # Getting Login.gov signing keys for unpacking the id_token correctly. + jwks = requests.get(certs_url).json() + public_keys = { + jwk["kid"]: { + "key": jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(jwk)), + "algo": jwk["alg"], + } + for jwk in jwks["keys"] + } + kid = jwt.get_unverified_header(encoded_id_token)["kid"] + pub_key = public_keys[kid]["key"] + algo = public_keys[kid]["algo"] + id_token = jwt.decode( + encoded_id_token, pub_key, audience=client_id, algorithms=[algo] + ) + nonce = id_token["nonce"] state = request.args.get("state") redis_key = f"token-nonce-{state}" token_nonce = redis_client.get(redis_key) redis_client.delete(redis_key) if nonce != token_nonce: + current_app.logger.warning(f"{nonce} != {token_nonce}") login_manager.unauthorized() try: access_token = response_json["access_token"] except KeyError as e: # Capture the response json here so it hopefully shows up in error reports - current_app.logger.error( + current_app.logger.exception( f"Error when getting access token {response.json()} #notify-admin-1505" ) raise KeyError(f"'access_token' {response.json()}") from e @@ -140,7 +159,7 @@ def _do_login_dot_gov(): # $ pragma: no cover current_app.logger.info(f"activating user {usr.id} #notify-admin-1505") activate_user(usr.id) except BaseException as be: # noqa B036 - current_app.logger.error(f"Error signing in: {be} #notify-admin-1505 ") + current_app.logger.exception(f"Error signing in: {be} #notify-admin-1505 ") error(401) return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url)) From 7b2d495c1b55af00f5657d14473b488ce9ef8820 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Wed, 25 Sep 2024 16:01:13 -0400 Subject: [PATCH 08/15] fixing so nonce check works correctly. Signed-off-by: Cliff Hill --- app/main/views/sign_in.py | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 17eb9ec01..5c1f03855 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -1,6 +1,5 @@ import json import os -import secrets import time import uuid @@ -18,7 +17,7 @@ from flask import ( ) from flask_login import current_user -from app import login_manager, redis_client, user_api_client +from app import login_manager, user_api_client from app.main import main from app.main.views.index import error from app.main.views.verify import activate_user @@ -89,12 +88,12 @@ def _get_access_token(code, state): # pragma: no cover nonce = id_token["nonce"] state = request.args.get("state") - redis_key = f"token-nonce-{state}" - token_nonce = redis_client.get(redis_key) - redis_client.delete(redis_key) - if nonce != token_nonce: - current_app.logger.warning(f"{nonce} != {token_nonce}") - login_manager.unauthorized() + + if nonce != state: + current_app.logger.warning(f"{nonce} != {state}") + abort(403) + + # redis_client.delete(redis_key) try: access_token = response_json["access_token"] @@ -226,12 +225,10 @@ def sign_in(): # pragma: no cover current_app.config["DANGEROUS_SALT"], ) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") - nonce = secrets.token_urlsafe() state = request.args.get("state") - redis_client.set(f"token-nonce-{state}", nonce) # handle unit tests if url is not None: - url = url.replace("NONCE", nonce) + url = url.replace("NONCE", state) # We are getting the state back as the nonce. url = url.replace("STATE", token) return render_template( "views/signin.html", From 81a629935c45ed4048c5d63f9dc42e4098771246 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Thu, 26 Sep 2024 09:18:02 -0400 Subject: [PATCH 09/15] Ok, now working 100% correctly with nonce. Signed-off-by: Cliff Hill --- app/main/views/index.py | 17 +++++++++++++++-- app/main/views/sign_in.py | 19 +++++++++++-------- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/app/main/views/index.py b/app/main/views/index.py index ec489d5ac..012383f84 100644 --- a/app/main/views/index.py +++ b/app/main/views/index.py @@ -1,6 +1,15 @@ import os +import secrets -from flask import abort, current_app, redirect, render_template, request, url_for +from flask import ( + abort, + current_app, + redirect, + render_template, + request, + session, + url_for, +) from flask_login import current_user from app import status_api_client @@ -23,8 +32,12 @@ def index(): ) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") # handle unit tests + + nonce = secrets.token_urlsafe() + session["nonce"] = nonce + if url is not None: - url = url.replace("NONCE", token) + url = url.replace("NONCE", nonce) url = url.replace("STATE", token) return render_template( "views/signedout.html", diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 5c1f03855..85ea1427b 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -1,5 +1,6 @@ import json import os +import secrets import time import uuid @@ -13,6 +14,7 @@ from flask import ( redirect, render_template, request, + session, url_for, ) from flask_login import current_user @@ -87,14 +89,11 @@ def _get_access_token(code, state): # pragma: no cover ) nonce = id_token["nonce"] - state = request.args.get("state") - - if nonce != state: - current_app.logger.warning(f"{nonce} != {state}") + saved_nonce = session.pop("nonce") + if nonce != saved_nonce: + current_app.logger.error(f"Nonce Error: {nonce} != {saved_nonce}") abort(403) - # redis_client.delete(redis_key) - try: access_token = response_json["access_token"] except KeyError as e: @@ -225,11 +224,15 @@ def sign_in(): # pragma: no cover current_app.config["DANGEROUS_SALT"], ) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") - state = request.args.get("state") + + nonce = secrets.token_urlsafe() + session["nonce"] = nonce + # handle unit tests if url is not None: - url = url.replace("NONCE", state) # We are getting the state back as the nonce. + url = url.replace("NONCE", nonce) url = url.replace("STATE", token) + return render_template( "views/signin.html", again=bool(redirect_url), From 55f588f13d1dcd45b8515ac926be77804f8c72f5 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Thu, 26 Sep 2024 10:11:46 -0400 Subject: [PATCH 10/15] Updated deploy workflows with new env var. Signed-off-by: Cliff Hill --- .github/workflows/deploy-demo.yml | 2 ++ .github/workflows/deploy-prod.yml | 2 ++ .github/workflows/deploy.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index 89adc1f29..227c8f21c 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -63,6 +63,7 @@ jobs: LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://secure.login.gov/openid_connect/logout?" LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-demo.app.cloud.gov/sign-out" LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://notify-demo.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=STATE" + LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs" with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} @@ -85,6 +86,7 @@ jobs: --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL" --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT" --var LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="$LOGIN_DOT_GOV_INITIAL_SIGNIN_URL" + --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL" - name: Check for changes to egress config id: changed-egress-config diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 262079be8..b4754a101 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -63,6 +63,7 @@ jobs: LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://secure.login.gov/openid_connect/logout?" LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://beta.notify.gov/sign-out" LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://beta.notify.gov/sign-in&response_type=code&scope=openid+email&state=STATE" + LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs" with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} @@ -85,6 +86,7 @@ jobs: --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL" --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT" --var LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="$LOGIN_DOT_GOV_INITIAL_SIGNIN_URL" + --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL" - name: Check for changes to egress config id: changed-egress-config diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8cf33babc..cf7bccb59 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -69,6 +69,7 @@ jobs: LOGIN_DOT_GOV_BASE_LOGOUT_URL: "https://secure.login.gov/openid_connect/logout?" LOGIN_DOT_GOV_SIGNOUT_REDIRECT: "https://notify-staging.app.cloud.gov/sign-out" LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=NONCE&prompt=select_account&redirect_uri=https://notify-staging.app.cloud.gov/sign-in&response_type=code&scope=openid+email&state=STATEE" + LOGIN_DOT_GOV_CERTS_URL: "https://secure.login.gov/api/openid_connect/certs" with: cf_username: ${{ secrets.CLOUDGOV_USERNAME }} cf_password: ${{ secrets.CLOUDGOV_PASSWORD }} @@ -91,6 +92,7 @@ jobs: --var LOGIN_DOT_GOV_BASE_LOGOUT_URL="$LOGIN_DOT_GOV_BASE_LOGOUT_URL" --var LOGIN_DOT_GOV_SIGNOUT_REDIRECT="$LOGIN_DOT_GOV_SIGNOUT_REDIRECT" --var LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="$LOGIN_DOT_GOV_INITIAL_SIGNIN_URL" + --var LOGIN_DOT_GOV_CERTS_URL="$LOGIN_DOT_GOV_CERTS_URL" - name: Check for changes to egress config From 63747515db8e702f15023ff3352476560a0e7cde Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Thu, 26 Sep 2024 10:16:57 -0400 Subject: [PATCH 11/15] Updated the sample.env with new var. Signed-off-by: Cliff Hill --- sample.env | 1 + 1 file changed, 1 insertion(+) diff --git a/sample.env b/sample.env index 54a64cdb1..97f10dcd9 100644 --- a/sample.env +++ b/sample.env @@ -43,3 +43,4 @@ LOGIN_DOT_GOV_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/log LOGIN_DOT_GOV_BASE_LOGOUT_URL="https://idp.int.identitysandbox.gov/openid_connect/logout?" LOGIN_DOT_GOV_SIGNOUT_REDIRECT="http://localhost:6012/sign-out" LOGIN_DOT_GOV_INITIAL_SIGNIN_URL="https://idp.int.identitysandbox.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:test_notify_gov&nonce=NONCE&prompt=select_account&redirect_uri=http://localhost:6012/sign-in&response_type=code&scope=openid+email&state=STATE" +LOGIN_DOT_GOV_CERTS_URL = "https://idp.int.identitysandbox.gov/api/openid_connect/certs" From a5e72ea4eb072ef22895ea46dc221422ad85a672 Mon Sep 17 00:00:00 2001 From: Cliff Hill Date: Thu, 26 Sep 2024 12:46:07 -0400 Subject: [PATCH 12/15] manifest.yml changed. Signed-off-by: Cliff Hill --- manifest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifest.yml b/manifest.yml index 2c716ab11..b076b3b47 100644 --- a/manifest.yml +++ b/manifest.yml @@ -59,3 +59,4 @@ applications: LOGIN_DOT_GOV_BASE_LOGOUT_URL: ((LOGIN_DOT_GOV_BASE_LOGOUT_URL)) LOGIN_DOT_GOV_SIGNOUT_REDIRECT: ((LOGIN_DOT_GOV_SIGNOUT_REDIRECT)) LOGIN_DOT_GOV_INITIAL_SIGNIN_URL: ((LOGIN_DOT_GOV_INITIAL_SIGNIN_URL)) + LOGIN_DOT_GOV_CERTS_URL: ((LOGIN_DOT_GOV_CERTS_URL)) From bdc5614fff8cfc17e42f98643fc8e6009912ee6f Mon Sep 17 00:00:00 2001 From: Kenneth Kehl Date: Fri, 27 Sep 2024 07:20:40 -0700 Subject: [PATCH 13/15] Update app/main/views/send.py Co-authored-by: Carlo Costino --- app/main/views/send.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/app/main/views/send.py b/app/main/views/send.py index 1b723cb22..99e63706a 100644 --- a/app/main/views/send.py +++ b/app/main/views/send.py @@ -1016,10 +1016,9 @@ def _send_notification(service_id, template_id): if k != "phone number": keys.append(k) values.append(v) - for k, v in session["placeholders"].items(): - if k == "phone number": - keys.append(k) - values.append(v) + if "phone number" in session["placeholders"].keys(): + keys.append("phone number") + values.append(session["placeholders"]["phone number"]) data = ",".join(keys) vals = ",".join(values) From 302a79b41fae78936309de92e7205ff8ba044a89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 23:20:05 +0000 Subject: [PATCH 14/15] Bump rollup from 4.22.4 to 4.22.5 Bumps [rollup](https://github.com/rollup/rollup) from 4.22.4 to 4.22.5. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.22.4...v4.22.5) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 144 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 73 insertions(+), 73 deletions(-) diff --git a/package-lock.json b/package-lock.json index b247dc4ad..4bad8ef2a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -48,7 +48,7 @@ "jest-environment-jsdom": "^29.2.2", "jshint": "2.13.6", "jshint-stylish": "2.2.1", - "rollup": "^4.22.4", + "rollup": "^4.22.5", "rollup-plugin-commonjs": "10.1.0", "rollup-plugin-node-resolve": "5.2.0" }, @@ -2841,9 +2841,9 @@ "license": "MIT" }, "node_modules/@rollup/rollup-android-arm-eabi": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.4.tgz", - "integrity": "sha512-Fxamp4aEZnfPOcGA8KSNEohV8hX7zVHOemC8jVBoBUHu5zpJK/Eu3uJwt6BMgy9fkvzxDaurgj96F/NiLukF2w==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.5.tgz", + "integrity": "sha512-SU5cvamg0Eyu/F+kLeMXS7GoahL+OoizlclVFX3l5Ql6yNlywJJ0OuqTzUx0v+aHhPHEB/56CT06GQrRrGNYww==", "cpu": [ "arm" ], @@ -2853,9 +2853,9 @@ ] }, "node_modules/@rollup/rollup-android-arm64": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.4.tgz", - "integrity": "sha512-VXoK5UMrgECLYaMuGuVTOx5kcuap1Jm8g/M83RnCHBKOqvPPmROFJGQaZhGccnsFtfXQ3XYa4/jMCJvZnbJBdA==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.5.tgz", + "integrity": "sha512-S4pit5BP6E5R5C8S6tgU/drvgjtYW76FBuG6+ibG3tMvlD1h9LHVF9KmlmaUBQ8Obou7hEyS+0w+IR/VtxwNMQ==", "cpu": [ "arm64" ], @@ -2865,9 +2865,9 @@ ] }, "node_modules/@rollup/rollup-darwin-arm64": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.4.tgz", - "integrity": "sha512-xMM9ORBqu81jyMKCDP+SZDhnX2QEVQzTcC6G18KlTQEzWK8r/oNZtKuZaCcHhnsa6fEeOBionoyl5JsAbE/36Q==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.5.tgz", + "integrity": "sha512-250ZGg4ipTL0TGvLlfACkIxS9+KLtIbn7BCZjsZj88zSg2Lvu3Xdw6dhAhfe/FjjXPVNCtcSp+WZjVsD3a/Zlw==", "cpu": [ "arm64" ], @@ -2877,9 +2877,9 @@ ] }, "node_modules/@rollup/rollup-darwin-x64": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.4.tgz", - "integrity": "sha512-aJJyYKQwbHuhTUrjWjxEvGnNNBCnmpHDvrb8JFDbeSH3m2XdHcxDd3jthAzvmoI8w/kSjd2y0udT+4okADsZIw==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.5.tgz", + "integrity": "sha512-D8brJEFg5D+QxFcW6jYANu+Rr9SlKtTenmsX5hOSzNYVrK5oLAEMTUgKWYJP+wdKyCdeSwnapLsn+OVRFycuQg==", "cpu": [ "x64" ], @@ -2889,9 +2889,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.4.tgz", - "integrity": "sha512-j63YtCIRAzbO+gC2L9dWXRh5BFetsv0j0va0Wi9epXDgU/XUi5dJKo4USTttVyK7fGw2nPWK0PbAvyliz50SCQ==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.5.tgz", + "integrity": "sha512-PNqXYmdNFyWNg0ma5LdY8wP+eQfdvyaBAojAXgO7/gs0Q/6TQJVXAXe8gwW9URjbS0YAammur0fynYGiWsKlXw==", "cpu": [ "arm" ], @@ -2901,9 +2901,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-musleabihf": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.4.tgz", - "integrity": "sha512-dJnWUgwWBX1YBRsuKKMOlXCzh2Wu1mlHzv20TpqEsfdZLb3WoJW2kIEsGwLkroYf24IrPAvOT/ZQ2OYMV6vlrg==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.5.tgz", + "integrity": "sha512-kSSCZOKz3HqlrEuwKd9TYv7vxPYD77vHSUvM2y0YaTGnFc8AdI5TTQRrM1yIp3tXCKrSL9A7JLoILjtad5t8pQ==", "cpu": [ "arm" ], @@ -2913,9 +2913,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.4.tgz", - "integrity": "sha512-AdPRoNi3NKVLolCN/Sp4F4N1d98c4SBnHMKoLuiG6RXgoZ4sllseuGioszumnPGmPM2O7qaAX/IJdeDU8f26Aw==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.5.tgz", + "integrity": "sha512-oTXQeJHRbOnwRnRffb6bmqmUugz0glXaPyspp4gbQOPVApdpRrY/j7KP3lr7M8kTfQTyrBUzFjj5EuHAhqH4/w==", "cpu": [ "arm64" ], @@ -2925,9 +2925,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-musl": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.4.tgz", - "integrity": "sha512-Gl0AxBtDg8uoAn5CCqQDMqAx22Wx22pjDOjBdmG0VIWX3qUBHzYmOKh8KXHL4UpogfJ14G4wk16EQogF+v8hmA==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.5.tgz", + "integrity": "sha512-qnOTIIs6tIGFKCHdhYitgC2XQ2X25InIbZFor5wh+mALH84qnFHvc+vmWUpyX97B0hNvwNUL4B+MB8vJvH65Fw==", "cpu": [ "arm64" ], @@ -2937,9 +2937,9 @@ ] }, "node_modules/@rollup/rollup-linux-powerpc64le-gnu": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.4.tgz", - "integrity": "sha512-3aVCK9xfWW1oGQpTsYJJPF6bfpWfhbRnhdlyhak2ZiyFLDaayz0EP5j9V1RVLAAxlmWKTDfS9wyRyY3hvhPoOg==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.5.tgz", + "integrity": "sha512-TMYu+DUdNlgBXING13rHSfUc3Ky5nLPbWs4bFnT+R6Vu3OvXkTkixvvBKk8uO4MT5Ab6lC3U7x8S8El2q5o56w==", "cpu": [ "ppc64" ], @@ -2949,9 +2949,9 @@ ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.4.tgz", - "integrity": "sha512-ePYIir6VYnhgv2C5Xe9u+ico4t8sZWXschR6fMgoPUK31yQu7hTEJb7bCqivHECwIClJfKgE7zYsh1qTP3WHUA==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.5.tgz", + "integrity": "sha512-PTQq1Kz22ZRvuhr3uURH+U/Q/a0pbxJoICGSprNLAoBEkyD3Sh9qP5I0Asn0y0wejXQBbsVMRZRxlbGFD9OK4A==", "cpu": [ "riscv64" ], @@ -2961,9 +2961,9 @@ ] }, "node_modules/@rollup/rollup-linux-s390x-gnu": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.4.tgz", - "integrity": "sha512-GqFJ9wLlbB9daxhVlrTe61vJtEY99/xB3C8e4ULVsVfflcpmR6c8UZXjtkMA6FhNONhj2eA5Tk9uAVw5orEs4Q==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.5.tgz", + "integrity": "sha512-bR5nCojtpuMss6TDEmf/jnBnzlo+6n1UhgwqUvRoe4VIotC7FG1IKkyJbwsT7JDsF2jxR+NTnuOwiGv0hLyDoQ==", "cpu": [ "s390x" ], @@ -2973,9 +2973,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-gnu": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.4.tgz", - "integrity": "sha512-87v0ol2sH9GE3cLQLNEy0K/R0pz1nvg76o8M5nhMR0+Q+BBGLnb35P0fVz4CQxHYXaAOhE8HhlkaZfsdUOlHwg==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.5.tgz", + "integrity": "sha512-N0jPPhHjGShcB9/XXZQWuWBKZQnC1F36Ce3sDqWpujsGjDz/CQtOL9LgTrJ+rJC8MJeesMWrMWVLKKNR/tMOCA==", "cpu": [ "x64" ], @@ -2985,9 +2985,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-musl": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.4.tgz", - "integrity": "sha512-UV6FZMUgePDZrFjrNGIWzDo/vABebuXBhJEqrHxrGiU6HikPy0Z3LfdtciIttEUQfuDdCn8fqh7wiFJjCNwO+g==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.5.tgz", + "integrity": "sha512-uBa2e28ohzNNwjr6Uxm4XyaA1M/8aTgfF2T7UIlElLaeXkgpmIJ2EitVNQxjO9xLLLy60YqAgKn/AqSpCUkE9g==", "cpu": [ "x64" ], @@ -2997,9 +2997,9 @@ ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.4.tgz", - "integrity": "sha512-BjI+NVVEGAXjGWYHz/vv0pBqfGoUH0IGZ0cICTn7kB9PyjrATSkX+8WkguNjWoj2qSr1im/+tTGRaY+4/PdcQw==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.5.tgz", + "integrity": "sha512-RXT8S1HP8AFN/Kr3tg4fuYrNxZ/pZf1HemC5Tsddc6HzgGnJm0+Lh5rAHJkDuW3StI0ynNXukidROMXYl6ew8w==", "cpu": [ "arm64" ], @@ -3009,9 +3009,9 @@ ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.4.tgz", - "integrity": "sha512-SiWG/1TuUdPvYmzmYnmd3IEifzR61Tragkbx9D3+R8mzQqDBz8v+BvZNDlkiTtI9T15KYZhP0ehn3Dld4n9J5g==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.5.tgz", + "integrity": "sha512-ElTYOh50InL8kzyUD6XsnPit7jYCKrphmddKAe1/Ytt74apOxDq5YEcbsiKs0fR3vff3jEneMM+3I7jbqaMyBg==", "cpu": [ "ia32" ], @@ -3021,9 +3021,9 @@ ] }, "node_modules/@rollup/rollup-win32-x64-msvc": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.4.tgz", - "integrity": "sha512-j8pPKp53/lq9lMXN57S8cFz0MynJk8OWNuUnXct/9KCpKU7DgU3bYMJhwWmcqC0UU29p8Lr0/7KEVcaM6bf47Q==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.5.tgz", + "integrity": "sha512-+lvL/4mQxSV8MukpkKyyvfwhH266COcWlXE/1qxwN08ajovta3459zrjLghYMgDerlzNwLAcFpvU+WWE5y6nAQ==", "cpu": [ "x64" ], @@ -3119,9 +3119,9 @@ } }, "node_modules/@types/estree": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz", - "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==" + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz", + "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==" }, "node_modules/@types/expect": { "version": "1.20.4", @@ -11810,11 +11810,11 @@ "license": "Unlicense" }, "node_modules/rollup": { - "version": "4.22.4", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.4.tgz", - "integrity": "sha512-vD8HJ5raRcWOyymsR6Z3o6+RzfEPCnVLMFJ6vRslO1jt4LO6dUo5Qnpg7y4RkZFM2DMe3WUirkI5c16onjrc6A==", + "version": "4.22.5", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.5.tgz", + "integrity": "sha512-WoinX7GeQOFMGznEcWA1WrTQCd/tpEbMkc3nuMs9BT0CPjMdSjPMTVClwWd4pgSQwJdP65SK9mTCNvItlr5o7w==", "dependencies": { - "@types/estree": "1.0.5" + "@types/estree": "1.0.6" }, "bin": { "rollup": "dist/bin/rollup" @@ -11824,22 +11824,22 @@ "npm": ">=8.0.0" }, "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.22.4", - "@rollup/rollup-android-arm64": "4.22.4", - "@rollup/rollup-darwin-arm64": "4.22.4", - "@rollup/rollup-darwin-x64": "4.22.4", - "@rollup/rollup-linux-arm-gnueabihf": "4.22.4", - "@rollup/rollup-linux-arm-musleabihf": "4.22.4", - "@rollup/rollup-linux-arm64-gnu": "4.22.4", - "@rollup/rollup-linux-arm64-musl": "4.22.4", - "@rollup/rollup-linux-powerpc64le-gnu": "4.22.4", - "@rollup/rollup-linux-riscv64-gnu": "4.22.4", - "@rollup/rollup-linux-s390x-gnu": "4.22.4", - "@rollup/rollup-linux-x64-gnu": "4.22.4", - "@rollup/rollup-linux-x64-musl": "4.22.4", - "@rollup/rollup-win32-arm64-msvc": "4.22.4", - "@rollup/rollup-win32-ia32-msvc": "4.22.4", - "@rollup/rollup-win32-x64-msvc": "4.22.4", + "@rollup/rollup-android-arm-eabi": "4.22.5", + "@rollup/rollup-android-arm64": "4.22.5", + "@rollup/rollup-darwin-arm64": "4.22.5", + "@rollup/rollup-darwin-x64": "4.22.5", + "@rollup/rollup-linux-arm-gnueabihf": "4.22.5", + "@rollup/rollup-linux-arm-musleabihf": "4.22.5", + "@rollup/rollup-linux-arm64-gnu": "4.22.5", + "@rollup/rollup-linux-arm64-musl": "4.22.5", + "@rollup/rollup-linux-powerpc64le-gnu": "4.22.5", + "@rollup/rollup-linux-riscv64-gnu": "4.22.5", + "@rollup/rollup-linux-s390x-gnu": "4.22.5", + "@rollup/rollup-linux-x64-gnu": "4.22.5", + "@rollup/rollup-linux-x64-musl": "4.22.5", + "@rollup/rollup-win32-arm64-msvc": "4.22.5", + "@rollup/rollup-win32-ia32-msvc": "4.22.5", + "@rollup/rollup-win32-x64-msvc": "4.22.5", "fsevents": "~2.3.2" } }, diff --git a/package.json b/package.json index f46d72ea2..49150d206 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,7 @@ "jest-environment-jsdom": "^29.2.2", "jshint": "2.13.6", "jshint-stylish": "2.2.1", - "rollup": "^4.22.4", + "rollup": "^4.22.5", "rollup-plugin-commonjs": "10.1.0", "rollup-plugin-node-resolve": "5.2.0" } From 4f193e362ccd0588b48f4a01177338db17a6980b Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Mon, 30 Sep 2024 10:13:12 -0400 Subject: [PATCH 15/15] Add awscli tools to the admin This changeset adds the awscli tools as a development dependency so that we are able to manage local connectivity to AWS resources when needed. It is also needed to help with deploying the project to the sandbox environment and/or updating the Terraform to manage the infrastructure. Signed-off-by: Carlo Costino --- poetry.lock | 78 +++++++++++++++++++++++++++++++++++++++++--------- pyproject.toml | 3 +- 2 files changed, 66 insertions(+), 15 deletions(-) diff --git a/poetry.lock b/poetry.lock index 230d5d4bd..bc75a2271 100644 --- a/poetry.lock +++ b/poetry.lock @@ -40,6 +40,25 @@ tests = ["attrs[tests-no-zope]", "zope-interface"] tests-mypy = ["mypy (>=1.6)", "pytest-mypy-plugins"] tests-no-zope = ["attrs[tests-mypy]", "cloudpickle", "hypothesis", "pympler", "pytest (>=4.3.0)", "pytest-xdist[psutil]"] +[[package]] +name = "awscli" +version = "1.34.29" +description = "Universal Command Line Environment for AWS." +optional = false +python-versions = ">=3.8" +files = [ + {file = "awscli-1.34.29-py3-none-any.whl", hash = "sha256:a602340810385070c5d0ae2afffdb5c9778bab6eeb662150a2deffcae8d71d76"}, + {file = "awscli-1.34.29.tar.gz", hash = "sha256:db0f73e9ff1384a208484884c5e3c739b519cc1add96d3f701f66a2a1f1dd4ca"}, +] + +[package.dependencies] +botocore = "1.35.29" +colorama = ">=0.2.5,<0.4.7" +docutils = ">=0.10,<0.17" +PyYAML = ">=3.10,<6.1" +rsa = ">=3.1.2,<4.8" +s3transfer = ">=0.10.0,<0.11.0" + [[package]] name = "axe-core-python" version = "0.1.0" @@ -182,17 +201,17 @@ files = [ [[package]] name = "boto3" -version = "1.34.156" +version = "1.35.29" description = "The AWS SDK for Python" optional = false python-versions = ">=3.8" files = [ - {file = "boto3-1.34.156-py3-none-any.whl", hash = "sha256:cbbd453270b8ce94ef9da60dfbb6f9ceeb3eeee226b635aa9ec44b1def98cc96"}, - {file = "boto3-1.34.156.tar.gz", hash = "sha256:b33e9a8f8be80d3053b8418836a7c1900410b23a30c7cb040927d601a1082e68"}, + {file = "boto3-1.35.29-py3-none-any.whl", hash = "sha256:2244044cdfa8ac345d7400536dc15a4824835e7ec5c55bc267e118af66bb27db"}, + {file = "boto3-1.35.29.tar.gz", hash = "sha256:7bbb1ee649e09e956952285782cfdebd7e81fc78384f48dfab3d66c6eaf3f63f"}, ] [package.dependencies] -botocore = ">=1.34.156,<1.35.0" +botocore = ">=1.35.29,<1.36.0" jmespath = ">=0.7.1,<2.0.0" s3transfer = ">=0.10.0,<0.11.0" @@ -201,13 +220,13 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] [[package]] name = "botocore" -version = "1.34.156" +version = "1.35.29" description = "Low-level, data-driven core of boto 3." optional = false python-versions = ">=3.8" files = [ - {file = "botocore-1.34.156-py3-none-any.whl", hash = "sha256:c48f8c8996216dfdeeb0aa6d3c0f2c7ae25234766434a2ea3e57bdc08494bdda"}, - {file = "botocore-1.34.156.tar.gz", hash = "sha256:5d1478c41ab9681e660b3322432fe09c4055759c317984b7b8d3af9557ff769a"}, + {file = "botocore-1.35.29-py3-none-any.whl", hash = "sha256:f8e3ae0d84214eff3fb69cb4dc51cea6c43d3bde82027a94d00c52b941d6c3d5"}, + {file = "botocore-1.35.29.tar.gz", hash = "sha256:4ed28ab03675bb008a290c452c5ddd7aaa5d4e3fa1912aadbdf93057ee84362b"}, ] [package.dependencies] @@ -216,7 +235,7 @@ python-dateutil = ">=2.1,<3.0.0" urllib3 = {version = ">=1.25.4,<2.2.0 || >2.2.0,<3", markers = "python_version >= \"3.10\""} [package.extras] -crt = ["awscrt (==0.21.2)"] +crt = ["awscrt (==0.21.5)"] [[package]] name = "cachecontrol" @@ -677,6 +696,17 @@ files = [ {file = "docopt-0.6.2.tar.gz", hash = "sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491"}, ] +[[package]] +name = "docutils" +version = "0.16" +description = "Docutils -- Python Documentation Utilities" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +files = [ + {file = "docutils-0.16-py2.py3-none-any.whl", hash = "sha256:0c5b78adfbf7762415433f5515cd5c9e762339e23369dbe8000d84a4bf4ab3af"}, + {file = "docutils-0.16.tar.gz", hash = "sha256:c2de3a60e9e7d07be26b7f2b00ca0309c207e06c100f9cc2a94931fc75a478fc"}, +] + [[package]] name = "et-xmlfile" version = "1.1.0" @@ -1296,13 +1326,9 @@ files = [ {file = "lxml-5.2.2-cp36-cp36m-win_amd64.whl", hash = "sha256:edcfa83e03370032a489430215c1e7783128808fd3e2e0a3225deee278585196"}, {file = "lxml-5.2.2-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:28bf95177400066596cdbcfc933312493799382879da504633d16cf60bba735b"}, {file = "lxml-5.2.2-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3a745cc98d504d5bd2c19b10c79c61c7c3df9222629f1b6210c0368177589fb8"}, - {file = "lxml-5.2.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1b590b39ef90c6b22ec0be925b211298e810b4856909c8ca60d27ffbca6c12e6"}, {file = "lxml-5.2.2-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b336b0416828022bfd5a2e3083e7f5ba54b96242159f83c7e3eebaec752f1716"}, - {file = "lxml-5.2.2-cp37-cp37m-manylinux_2_28_aarch64.whl", hash = "sha256:c2faf60c583af0d135e853c86ac2735ce178f0e338a3c7f9ae8f622fd2eb788c"}, {file = "lxml-5.2.2-cp37-cp37m-manylinux_2_28_x86_64.whl", hash = "sha256:4bc6cb140a7a0ad1f7bc37e018d0ed690b7b6520ade518285dc3171f7a117905"}, - {file = "lxml-5.2.2-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:7ff762670cada8e05b32bf1e4dc50b140790909caa8303cfddc4d702b71ea184"}, {file = "lxml-5.2.2-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:57f0a0bbc9868e10ebe874e9f129d2917750adf008fe7b9c1598c0fbbfdde6a6"}, - {file = "lxml-5.2.2-cp37-cp37m-musllinux_1_2_aarch64.whl", hash = "sha256:a6d2092797b388342c1bc932077ad232f914351932353e2e8706851c870bca1f"}, {file = "lxml-5.2.2-cp37-cp37m-musllinux_1_2_x86_64.whl", hash = "sha256:60499fe961b21264e17a471ec296dcbf4365fbea611bf9e303ab69db7159ce61"}, {file = "lxml-5.2.2-cp37-cp37m-win32.whl", hash = "sha256:d9b342c76003c6b9336a80efcc766748a333573abf9350f4094ee46b006ec18f"}, {file = "lxml-5.2.2-cp37-cp37m-win_amd64.whl", hash = "sha256:b16db2770517b8799c79aa80f4053cd6f8b716f21f8aca962725a9565ce3ee40"}, @@ -2007,6 +2033,17 @@ files = [ [package.dependencies] defusedxml = ">=0.7.1,<0.8.0" +[[package]] +name = "pyasn1" +version = "0.6.1" +description = "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)" +optional = false +python-versions = ">=3.8" +files = [ + {file = "pyasn1-0.6.1-py3-none-any.whl", hash = "sha256:0d632f46f2ba09143da3a8afe9e33fb6f92fa2320ab7e886e2d0f7672af84629"}, + {file = "pyasn1-0.6.1.tar.gz", hash = "sha256:6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"}, +] + [[package]] name = "pycodestyle" version = "2.12.0" @@ -2444,7 +2481,6 @@ files = [ {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, - {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, @@ -2675,6 +2711,20 @@ pygments = ">=2.13.0,<3.0.0" [package.extras] jupyter = ["ipywidgets (>=7.5.1,<9)"] +[[package]] +name = "rsa" +version = "4.7.2" +description = "Pure-Python RSA implementation" +optional = false +python-versions = ">=3.5, <4" +files = [ + {file = "rsa-4.7.2-py3-none-any.whl", hash = "sha256:78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"}, + {file = "rsa-4.7.2.tar.gz", hash = "sha256:9d689e6ca1b3038bc82bf8d23e944b6b6037bc02301a574935b2dd946e0353b9"}, +] + +[package.dependencies] +pyasn1 = ">=0.1.3" + [[package]] name = "rtreelib" version = "0.2.0" @@ -2993,4 +3043,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12.2" -content-hash = "0a51398ca81dbbf9d370e02e248d6b3639c2e8ba6f8ecc9babd6bc3dbc64152e" +content-hash = "1de5608f14e12c1c8187864c7c3aa30b5f00a3a21152e6ed1ed1c26c28cc27ef" diff --git a/pyproject.toml b/pyproject.toml index da641326f..d197e1c72 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -72,9 +72,11 @@ webencodings = "^0.5.1" [tool.poetry.group.dev.dependencies] +awscli = "^1.34.29" bandit = "*" black = "^24.2.0" coverage = "*" +detect-secrets = "^1.5.0" freezegun = "^1.5.1" flake8 = "^7.1.0" flake8-bugbear = "^24.1.17" @@ -93,7 +95,6 @@ pytest-xdist = "^3.5.0" radon = "^6.0.1" requests-mock = "^1.11.0" vulture = "^2.11" -detect-secrets = "^1.5.0" [build-system]