diff --git a/app/__init__.py b/app/__init__.py index 483d89ea0..64580fcc1 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -162,6 +162,17 @@ def _csp(config): def create_app(application): + application.config["FEATURE_BEST_PRACTICES_ENABLED"] = ( + os.getenv("FEATURE_BEST_PRACTICES_ENABLED", "false").lower() == "true" + ) + + @application.context_processor + def inject_feature_flags(): + feature_best_practices_enabled = application.config[ + "FEATURE_BEST_PRACTICES_ENABLED" + ] + return dict(FEATURE_BEST_PRACTICES_ENABLED=feature_best_practices_enabled) + notify_environment = os.environ["NOTIFY_ENVIRONMENT"] application.config.from_object(configs[notify_environment]) diff --git a/app/main/views/index.py b/app/main/views/index.py index 98083e046..80f8bf74d 100644 --- a/app/main/views/index.py +++ b/app/main/views/index.py @@ -21,16 +21,10 @@ from notifications_utils.url_safe_token import generate_token # Hook to check for feature flags @main.before_request -def check_feature_flags(): +def check_guidance_feature(): if ( - request.path.startswith("/best-practices") - and not current_app.config.get("FEATURE_BEST_PRACTICES_ENABLED", False) - ): - abort(404) - - if ( - request.path.startswith("/about") - and not current_app.config.get("FEATURE_ABOUT_PAGE_ENABLED", False) + request.path.startswith("/guides/best-practices") + and not current_app.config["FEATURE_BEST_PRACTICES_ENABLED"] ): abort(404) @@ -40,6 +34,8 @@ def index(): if current_user and current_user.is_authenticated: return redirect(url_for("main.choose_account")) + ttl = 24 * 60 * 60 + # make and store the state state = generate_token( str(request.remote_addr), @@ -47,12 +43,12 @@ def index(): current_app.config["DANGEROUS_SALT"], ) state_key = f"login-state-{unquote(state)}" - redis_client.set(state_key, state) + redis_client.set(state_key, state, ex=ttl) # make and store the nonce nonce = secrets.token_urlsafe() nonce_key = f"login-nonce-{unquote(nonce)}" - redis_client.set(nonce_key, nonce) + redis_client.set(nonce_key, nonce, ex=ttl) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") if url is not None: @@ -210,7 +206,7 @@ def trial_mode_new(): ) -@main.route("/best-practices") +@main.route("/guides/best-practices") @user_is_logged_in def best_practices(): return render_template( @@ -219,7 +215,7 @@ def best_practices(): ) -@main.route("/best-practices/clear-goals") +@main.route("/guides/best-practices/clear-goals") @user_is_logged_in def clear_goals(): return render_template( @@ -228,7 +224,7 @@ def clear_goals(): ) -@main.route("/best-practices/rules-and-regulations") +@main.route("/guides/best-practices/rules-and-regulations") @user_is_logged_in def rules_and_regulations(): return render_template( @@ -237,7 +233,7 @@ def rules_and_regulations(): ) -@main.route("/best-practices/establish-trust") +@main.route("/guides/best-practices/establish-trust") @user_is_logged_in def establish_trust(): return render_template( @@ -246,7 +242,7 @@ def establish_trust(): ) -@main.route("/best-practices/write-for-action") +@main.route("/guides/best-practices/write-for-action") @user_is_logged_in def write_for_action(): return render_template( @@ -255,7 +251,7 @@ def write_for_action(): ) -@main.route("/best-practices/multiple-languages") +@main.route("/guides/best-practices/multiple-languages") @user_is_logged_in def multiple_languages(): return render_template( @@ -264,7 +260,7 @@ def multiple_languages(): ) -@main.route("/best-practices/benchmark-performance") +@main.route("/guides/best-practices/benchmark-performance") @user_is_logged_in def benchmark_performance(): return render_template( @@ -273,15 +269,7 @@ def benchmark_performance(): ) -@main.route("/about") -def about_notify(): - return render_template( - "views/about/about.html", - navigation_links=about_notify_nav(), - ) - - -@main.route("/using-notify/guidance") +@main.route("/guides/using-notify/guidance") @user_is_logged_in def guidance_index(): return render_template( @@ -293,6 +281,13 @@ def guidance_index(): ) +@main.route("/about") +def about_notify(): + return render_template( + "views/about/about.html", + navigation_links=about_notify_nav(), + ) + @main.route("/using-notify/guidance/create-and-send-messages") @user_is_logged_in def create_and_send_messages(): diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index d948f459e..004dce2ae 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -25,7 +25,8 @@ from app.main.views.verify import activate_user from app.models.user import User from app.utils import hide_from_search_engines from app.utils.login import get_id_token, is_safe_redirect_url -from app.utils.time import is_less_than_days_ago + +# from app.utils.time import is_less_than_days_ago from app.utils.user import is_gov_user from notifications_utils.url_safe_token import generate_token @@ -108,11 +109,15 @@ def _do_login_dot_gov(): # $ pragma: no cover ) raise Exception(f"Could not login with login.gov {login_gov_error}") elif code and state: - state_key = f"login-state-{unquote(state)}" - stored_state = unquote(redis_client.get(state_key).decode("utf8")) - if state != stored_state: - current_app.logger.error(f"State Error: {state} != {stored_state}") - abort(403) + verify_key = f"login-verify_email-{unquote(state)}" + verify_path = bool(redis_client.get(verify_key)) + + if not verify_path: + state_key = f"login-state-{unquote(state)}" + stored_state = unquote(redis_client.get(state_key).decode("utf8")) + if state != stored_state: + current_app.logger.error(f"State Error: {state} != {stored_state}") + abort(403) # activate the user try: @@ -130,12 +135,17 @@ def _do_login_dot_gov(): # $ pragma: no cover f"Retrieved user {user['id']} from db #notify-admin-1505" ) - # Check if the email needs to be revalidated - is_fresh_email = is_less_than_days_ago( - user["email_access_validated_at"], 90 - ) - if not is_fresh_email: - return verify_email(user, redirect_url) + # Temporary disabling of this until we figure out what is happening. + # # Check if the email needs to be revalidated + # is_fresh_email = is_less_than_days_ago( + # user["email_access_validated_at"], 90 + # ) + # if not is_fresh_email: + # # send email verify + # ttl = 24 * 60 * 60 + # verify_key = f"login-verify_email-{unquote(state)}" + # redis_client.set(verify_key, state, ex=ttl) + # return verify_email(user, redirect_url) usr = User.from_email_address(user["email_address"]) current_app.logger.info(f"activating user {usr.id} #notify-admin-1505") @@ -209,17 +219,19 @@ def sign_in(): # pragma: no cover return redirect(redirect_url) return redirect(url_for("main.show_accounts_or_dashboard")) + ttl = 24 * 60 * 60 + state = generate_token( str(request.remote_addr), current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], ) state_key = f"login-state-{unquote(state)}" - redis_client.set(state_key, state) + redis_client.set(state_key, state, ex=ttl) nonce = secrets.token_urlsafe() nonce_key = f"login-nonce-{unquote(nonce)}" - redis_client.set(nonce_key, nonce) + redis_client.set(nonce_key, nonce, ex=ttl) url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") # handle unit tests diff --git a/app/main/views/sub_navigation_dictionaries.py b/app/main/views/sub_navigation_dictionaries.py index cdb793d5c..b9fb7f8ae 100644 --- a/app/main/views/sub_navigation_dictionaries.py +++ b/app/main/views/sub_navigation_dictionaries.py @@ -27,6 +27,10 @@ def using_notify_nav(): "name": "Get started", "link": "main.get_started", }, + { + "name": "Guides", + "link": "main.best_practices", + }, { "name": "Trial mode", "link": "main.trial_mode_new", diff --git a/app/navigation.py b/app/navigation.py index 6ef0907a6..a02df484d 100644 --- a/app/navigation.py +++ b/app/navigation.py @@ -46,6 +46,15 @@ class HeaderNavigation(Navigation): "roadmap", "security", }, + "best_practices": { + "best_practices", + "clear_goals", + "rules_and_regulations", + "establish_trust", + "write_for_action", + "multiple_languages", + "benchmark_performance" + }, "using_notify": { "get_started", "using_notify", diff --git a/app/notify_client/invite_api_client.py b/app/notify_client/invite_api_client.py index 39cf7dbce..4ed5eee11 100644 --- a/app/notify_client/invite_api_client.py +++ b/app/notify_client/invite_api_client.py @@ -41,6 +41,8 @@ class InviteApiClient(NotifyAdminAPIClient): } data = _attach_current_user(data) + ttl = 24 * 60 * 60 + # make and store the state state = generate_token( str(request.remote_addr), @@ -48,12 +50,12 @@ class InviteApiClient(NotifyAdminAPIClient): current_app.config["DANGEROUS_SALT"], ) state_key = f"login-state-{unquote(state)}" - redis_client.set(state_key, state) + redis_client.set(state_key, state, ex=ttl) # make and store the nonce nonce = secrets.token_urlsafe() nonce_key = f"login-nonce-{unquote(nonce)}" - redis_client.set(nonce_key, nonce) # save the nonce to redis. + redis_client.set(nonce_key, nonce, ex=ttl) # save the nonce to redis. data["nonce"] = nonce # This is passed to api for the invite url. data["state"] = state # This is passed to api for the invite url. @@ -64,7 +66,7 @@ class InviteApiClient(NotifyAdminAPIClient): invite_data_key = f"invitedata-{unquote(state)}" redis_invite_data = resp["invite"] redis_invite_data = json.dumps(redis_invite_data) - redis_client.set(invite_data_key, redis_invite_data) + redis_client.set(invite_data_key, redis_invite_data, ex=ttl) return resp_data @@ -97,6 +99,8 @@ class InviteApiClient(NotifyAdminAPIClient): self.post(url=f"/service/{service_id}/invite/{invited_user_id}", data=data) def resend_invite(self, service_id, invited_user_id): + ttl = 24 * 60 * 60 + # make and store the state state = generate_token( str(request.remote_addr), @@ -104,12 +108,12 @@ class InviteApiClient(NotifyAdminAPIClient): current_app.config["DANGEROUS_SALT"], ) state_key = f"login-state-{unquote(state)}" - redis_client.set(state_key, state) + redis_client.set(state_key, state, ex=ttl) # make and store the nonce nonce = secrets.token_urlsafe() nonce_key = f"login-nonce-{unquote(nonce)}" - redis_client.set(nonce_key, nonce) + redis_client.set(nonce_key, nonce, ex=ttl) data = { "nonce": nonce, @@ -122,7 +126,7 @@ class InviteApiClient(NotifyAdminAPIClient): invite_data_key = f"invitedata-{unquote(state)}" redis_invite_data = resp["invite"] redis_invite_data = json.dumps(redis_invite_data) - redis_client.set(invite_data_key, redis_invite_data) + redis_client.set(invite_data_key, redis_invite_data, ex=ttl) @cache.delete("service-{service_id}") @cache.delete("user-{invited_user_id}") diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py index 3514a0d6e..4a41ac28f 100644 --- a/app/notify_client/user_api_client.py +++ b/app/notify_client/user_api_client.py @@ -116,7 +116,7 @@ class UserApiClient(NotifyAdminAPIClient): data["next"] = next_string if code_type == "email": data["email_auth_link_host"] = self.admin_url - endpoint = "/user/{0}/{1}-code".format(user_id, code_type) + endpoint = f"/user/{user_id}/{code_type}-code" current_app.logger.warn(hilite(f"Sending verify_code {code_type} to {user_id}")) self.post(endpoint, data=data) diff --git a/app/templates/components/header.html b/app/templates/components/header.html index 5ae37fc71..248abf250 100644 --- a/app/templates/components/header.html +++ b/app/templates/components/header.html @@ -1,32 +1,43 @@ {% if current_user.is_authenticated %} - {% set navigation = [ - {"href": url_for("main.show_accounts_or_dashboard"), "text": "Current service", "active": header_navigation.is_selected('accounts-or-dashboard')}, - {"href": url_for('main.get_started'), "text": "Using Notify", "active": header_navigation.is_selected('using_notify')}, - {"href": url_for('main.features'), "text": "Features", "active": header_navigation.is_selected('features')}, - {"href": url_for('main.support'), "text": "Contact us", "active": header_navigation.is_selected('support')} - ] %} +{% set navigation = [ +{"href": url_for("main.show_accounts_or_dashboard"), "text": "Current service", "active": +header_navigation.is_selected('accounts-or-dashboard')}, +{"href": url_for('main.get_started'), "text": "Using Notify", "active": header_navigation.is_selected('using_notify')} +] %} - {% if current_user.platform_admin %} - {% set navigation = navigation + [{"href": url_for('main.platform_admin_splash_page'), "text": "Platform admin", "active": header_navigation.is_selected('platform-admin')}] %} - {% else %} - {% set navigation = navigation + [{"href": url_for('main.user_profile'), "text": "User profile", "active": header_navigation.is_selected('user-profile')}] %} - {% endif %} +{% if FEATURE_BEST_PRACTICES_ENABLED %} +{% set navigation = navigation + [{"href": url_for('main.best_practices'), "text": "Guides", "active": +header_navigation.is_selected('best_practices')}] %} +{% endif %} - {% if current_service %} - {% if current_user.has_permissions('manage_service') %} - {% set secondaryNavigation = [ - {"href": url_for('main.service_settings', service_id=current_service.id), "text": "Settings", "active": secondary_navigation.is_selected('settings')}, - {"href": url_for('main.sign_out'), "text": "Sign out"} - ] %} - {% else %} - {% set secondaryNavigation = [ - {"href": url_for('main.sign_out'), "text": "Sign out"} - ] %} +{% set navigation = navigation + [ +{"href": url_for('main.features'), "text": "Features", "active": header_navigation.is_selected('features')}, +{"href": url_for('main.support'), "text": "Contact us", "active": header_navigation.is_selected('support')} +] %} - {% endif %} - {% else %} - {% set secondaryNavigation = [{"href": url_for('main.sign_out'), "text": "Sign out"}] %} - {% endif %} +{% if current_user.platform_admin %} +{% set navigation = navigation + [{"href": url_for('main.platform_admin_splash_page'), "text": "Platform admin", +"active": header_navigation.is_selected('platform-admin')}] %} +{% else %} +{% set navigation = navigation + [{"href": url_for('main.user_profile'), "text": "User profile", "active": +header_navigation.is_selected('user-profile')}] %} +{% endif %} + +{% if current_service %} +{% if current_user.has_permissions('manage_service') %} +{% set secondaryNavigation = [ +{"href": url_for('main.service_settings', service_id=current_service.id), "text": "Settings", "active": +secondary_navigation.is_selected('settings')}, +{"href": url_for('main.sign_out'), "text": "Sign out"} +] %} +{% else %} +{% set secondaryNavigation = [ +{"href": url_for('main.sign_out'), "text": "Sign out"} +] %} +{% endif %} +{% else %} +{% set secondaryNavigation = [{"href": url_for('main.sign_out'), "text": "Sign out"}] %} +{% endif %} {% endif %}
@@ -36,12 +47,12 @@
Notify.gov logo - - +
{% if navigation %} - + {% endif %} @@ -52,29 +63,29 @@
diff --git a/app/templates/views/best-practices/best-practices.html b/app/templates/views/best-practices/best-practices.html index a00a48660..7711dea9b 100644 --- a/app/templates/views/best-practices/best-practices.html +++ b/app/templates/views/best-practices/best-practices.html @@ -23,37 +23,37 @@ Best Practices "svg_src": "goal", "card_heading": "Establish clear goals", "p_text": "Start with a singular purpose. Make explicit what you want to achieve.", - "link": "/best-practices/clear-goals" + "link": "/guides/best-practices/clear-goals" }, { "svg_src": "compliant", "card_heading": "Follow rules & regulations", "p_text": "Understand what is required when texting the public.", - "link": "/best-practices/rules-and-regulations" + "link": "/guides/best-practices/rules-and-regulations" }, { "svg_src": "trust", "card_heading": "Establish trust", "p_text": "Help your audience anticipate and welcome your texts.", - "link": "/best-practices/establish-trust" + "link": "/guides/best-practices/establish-trust" }, { "svg_src": "runner", "card_heading": "Write texts that provoke action", "p_text": "Help your audience know what to do with the information you send.", - "link": "/best-practices/write-for-action" + "link": "/guides/best-practices/write-for-action" }, { "svg_src": "language", "card_heading": "Send texts in multiple languages", "p_text": "What to know as you plan translated texts.", - "link": "/best-practices/multiple-languages" + "link": "/guides/best-practices/multiple-languages" }, { "svg_src": "chart", "card_heading": "Measure performance with benchmarking", "p_text": "Learn how effective your texting program can be.", - "link": "/best-practices/benchmark-performance" + "link": "/guides/best-practices/benchmark-performance" } ] %} diff --git a/urls.js b/urls.js index 8ff543470..0440430ec 100644 --- a/urls.js +++ b/urls.js @@ -13,13 +13,25 @@ const sublinks = [ { label: 'Roadmap', path: '/features/roadmap' }, { label: 'Security', path: '/features/security' }, { label: 'Support', path: '/support' }, - { label: 'Best Practices', path: '/best-practices' }, - { label: 'Clear Goals', path: '/best-practices/clear-goals' }, - { label: 'Rules And Regulations', path: '/best-practices/rules-and-regulations' }, - { label: 'Establish Trust', path: '/best-practices/establish-trust' }, - { label: 'Write For Action', path: '/best-practices/write-for-action' }, - { label: 'Multiple Languages', path: '/best-practices/multiple-languages' }, - { label: 'Benchmark Performance', path: '/best-practices/benchmark-performance' }, + { label: 'Best Practices', path: '/guides/best-practices' }, + { label: 'Clear Goals', path: '/guides/best-practices/clear-goals' }, + { + label: 'Rules And Regulations', + path: '/guides/best-practices/rules-and-regulations', + }, + { label: 'Establish Trust', path: '/guides/best-practices/establish-trust' }, + { + label: 'Write For Action', + path: '/guides/best-practices/write-for-action', + }, + { + label: 'Multiple Languages', + path: '/guides/best-practices/multiple-languages', + }, + { + label: 'Benchmark Performance', + path: '/guides/best-practices/benchmark-performance', + }, // Add more links here as needed ];