Merge branch 'main' of https://github.com/GSA/notifications-admin into notify-473

Pipfile

@@ -7,7 +7,7 @@ name = "pypi"
 ago = "~=0.0.95"
 blinker = "~=1.4"
 fido2 = "==0.9.3"
-flask = "~=2.2.3"
+flask = "~=2.3"
 flask-basicauth = "~=0.2"
 flask-login = "~=0.6"
 flask-wtf = "~=1.1"
@@ -30,7 +30,7 @@ pyproj = "==3.3.1"
 python-dotenv = "==0.20.0"
 pytz = "==2022.1"
 rtreelib = "==0.2.0"
-werkzeug = "~=2.2.3"
+werkzeug = "~=2.3"
 wtforms = "~=3.0"
 newrelic = "*"
 flask-talisman = "*"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "fe2119389dc4e092d307f259698f68af08717fd5bddf9388524de60fae631c1f"
+            "sha256": "59c6c377e8503bdfeb0c4b27fbc67107f14582213c191d6b3e5dec8d91be5784"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -50,19 +50,19 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:38ca632be379963f2a2749b5f63a81fe1679913b954914f470ad282c77674bbc",
-                "sha256:4d575c180312bec6108852bae12e6396b9d1bb404154d652c57ee849c62fbb83"
+                "sha256:4847855cfa4ff272eb66cf1fc9542068ada6d4816d56573cc9cafde51962d0ef",
+                "sha256:ec53175eaf818dfe1eec33f7e165eca957744c1d8a82047a9efbcce9547e5cc9"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.26.122"
+            "version": "==1.26.124"
         },
         "botocore": {
             "hashes": [
-                "sha256:9e4984a9e9777c6b949aa1e98323fa35480d9f99d447af7e179ae611f7ed5af9",
-                "sha256:c3b41078d235761b9c5dc22f534a76952622ef96787b96bbd10242ec4d73f2a5"
+                "sha256:cbcbd5b084952d332d7b8170577f10509e3e7b3b6abbc2920b1c27e93ad2ab25",
+                "sha256:ebe8a83dd1db18180774ce45b1911959c60bb1843ea0db610231495527a3518a"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.29.122"
+            "version": "==1.29.124"
         },
         "cachetools": {
             "hashes": [
@@ -248,60 +248,60 @@
         },
         "coverage": {
             "hashes": [
-                "sha256:00f8fd8a5fe1ffc3aef78ea2dbf553e5c0f4664324e878995e38d41f037eb2b3",
-                "sha256:0b65a6a5484b7f2970393d6250553c05b2ede069e0e18abe907fdc7f3528252e",
-                "sha256:12bc9127c8aca2f7c25c9acca53da3db6799b2999b40f28c2546237b7ea28459",
-                "sha256:1a3e8697cb40f28e5bcfb6f4bda7852d96dbb6f6fd7cc306aba4ae690c9905ab",
-                "sha256:1d2a9180beff1922b09bd7389e23454928e108449e646c26da5c62e29b0bf4e3",
-                "sha256:1d3893f285fd76f56651f04d1efd3bdce251c32992a64c51e5d6ec3ba9e3f9c9",
-                "sha256:2857894c22833d3da6e113623a9b7440159b2295280b4e0d954cadbfa724b85a",
-                "sha256:29c7d88468f01a75231797173b52dc66d20a8d91b8bb75c88fc5861268578f52",
-                "sha256:2d784177a7fb9d0f58d24d3e60638c8b729c3693963bf67fa919120f750db237",
-                "sha256:39747afc854a7ee14e5e132da7db179d6281faf97dc51e6d7806651811c47538",
-                "sha256:3d6f3c5b6738a494f17c73b4aa3aa899865cc33a74aa85e3b5695943b79ad3ce",
-                "sha256:3fc9cde48de956bfbacea026936fbd4974ff1dc2f83397c6f1968f0142c9d50b",
-                "sha256:4078939c4b7053e14e87c65aa68dbed7867e326e450f94038bfe1a1b22078ff9",
-                "sha256:437da7d2fcc35bf45e04b7e9cfecb7c459ec6f6dc17a8558ed52e8d666c2d9ab",
-                "sha256:4522dd9aeb9cc2c4c54ce23933beb37a4e106ec2ba94f69138c159024c8a906a",
-                "sha256:50fda3d33b705b9c01e3b772cfa7d14de8aec2ec2870e4320992c26d057fde12",
-                "sha256:56a674ad18d6b04008283ca03c012be913bf89d91c0803c54c24600b300d9e51",
-                "sha256:56d74d6fbd5a98a5629e8467b719b0abea9ca01a6b13555d125c84f8bf4ea23d",
-                "sha256:5c122d120c11a236558c339a59b4b60947b38ac9e3ad30a0e0e02540b37bf536",
-                "sha256:5c6c6e3b8fb6411a2035da78d86516bfcfd450571d167304911814407697fb7a",
-                "sha256:603a2b172126e3b08c11ca34200143089a088cd0297d4cfc4922d2c1c3a892f9",
-                "sha256:60feb703abc8d78e9427d873bcf924c9e30cf540a21971ef5a17154da763b60f",
-                "sha256:6a17bf32e9e3333d78606ac1073dd20655dc0752d5b923fa76afd3bc91674ab4",
-                "sha256:700bc9fb1074e0c67c09fe96a803de66663830420781df8dc9fb90d7421d4ccb",
-                "sha256:72751d117ceaad3b1ea3bcb9e85f5409bbe9fb8a40086e17333b994dbccc0718",
-                "sha256:7283f78d07a201ac7d9dc2ac2e4faaea99c4d302f243ee5b4e359f3e170dc008",
-                "sha256:856bcb837e96adede31018a0854ce7711a5d6174db1a84e629134970676c54fa",
-                "sha256:864e36947289be05abd83267c4bade35e772526d3e9653444a9dc891faf0d698",
-                "sha256:8769a67e8816c7e94d5bf446fc0501641fde78fdff362feb28c2c64d45d0e9b1",
-                "sha256:876e4ef3eff00b50787867c5bae84857a9af4c369a9d5b266cd9b19f61e48ef7",
-                "sha256:89e63b38c7b888e00fd42ce458f838dccb66de06baea2da71801b0fc9070bfa0",
-                "sha256:92b565c51732ea2e7e541709ccce76391b39f4254260e5922e08e00971e88e33",
-                "sha256:9e5eedde6e6e241ec3816f05767cc77e7456bf5ec6b373fb29917f0990e2078f",
-                "sha256:a5c4f2e44a2ae15fa6883898e756552db5105ca4bd918634cbd5b7c00e19e8a1",
-                "sha256:ab08af91cf4d847a6e15d7d5eeae5fead1487caf16ff3a2056dbe64d058fd246",
-                "sha256:ab08e03add2cf5793e66ac1bbbb24acfa90c125476f5724f5d44c56eeec1d635",
-                "sha256:ac4861241e693e21b280f07844ae0e0707665e1dfcbf9466b793584984ae45c4",
-                "sha256:b3023ce23e41a6f006c09f7e6d62b6c069c36bdc9f7de16a5ef823acc02e6c63",
-                "sha256:bc47015fc0455753e8aba1f38b81b731aaf7f004a0c390b404e0fcf1d6c1d72f",
-                "sha256:c2becddfcbf3d994a8f4f9dd2b6015cae3a3eff50dedc6e4a17c3cccbe8f93d4",
-                "sha256:cdee9a77fd0ce000781680b6a1f4b721c567f66f2f73a49be1843ff439d634f3",
-                "sha256:cdfb53bef4b2739ff747ebbd76d6ac5384371fd3c7a8af08899074eba034d483",
-                "sha256:d4db4e6c115d869cd5397d3d21fd99e4c7053205c33a4ae725c90d19dcd178af",
-                "sha256:d9f770c6052d9b5c9b0e824fd8c003fe33276473b65b4f10ece9565ceb62438e",
-                "sha256:e41a7f44e73b37c6f0132ecfdc1c8b67722f42a3d9b979e6ebc150c8e80cf13a",
-                "sha256:ea534200efbf600e60130c48552f99f351cae2906898a9cd924c1c7f2fb02853",
-                "sha256:f19ba9301e6fb0b94ba71fda9a1b02d11f0aab7f8e2455122a4e2921b6703c2f",
-                "sha256:f37ae1804596f13d811e0247ffc8219f5261b3565bdf45fcbb4fc091b8e9ff35",
-                "sha256:f7668a621afc52db29f6867e0e9c72a1eec9f02c94a7c36599119d557cf6e471",
-                "sha256:f7ffdb3af2a01ce91577f84fc0faa056029fe457f3183007cffe7b11ea78b23c",
-                "sha256:fabd1f4d12dfd6b4f309208c2f31b116dc5900e0b42dbafe4ee1bc7c998ffbb0"
+                "sha256:0342a28617e63ad15d96dca0f7ae9479a37b7d8a295f749c14f3436ea59fdcb3",
+                "sha256:066b44897c493e0dcbc9e6a6d9f8bbb6607ef82367cf6810d387c09f0cd4fe9a",
+                "sha256:10b15394c13544fce02382360cab54e51a9e0fd1bd61ae9ce012c0d1e103c813",
+                "sha256:12580845917b1e59f8a1c2ffa6af6d0908cb39220f3019e36c110c943dc875b0",
+                "sha256:156192e5fd3dbbcb11cd777cc469cf010a294f4c736a2b2c891c77618cb1379a",
+                "sha256:1637253b11a18f453e34013c665d8bf15904c9e3c44fbda34c643fbdc9d452cd",
+                "sha256:292300f76440651529b8ceec283a9370532f4ecba9ad67d120617021bb5ef139",
+                "sha256:30dcaf05adfa69c2a7b9f7dfd9f60bc8e36b282d7ed25c308ef9e114de7fc23b",
+                "sha256:338aa9d9883aaaad53695cb14ccdeb36d4060485bb9388446330bef9c361c252",
+                "sha256:373ea34dca98f2fdb3e5cb33d83b6d801007a8074f992b80311fc589d3e6b790",
+                "sha256:38c0a497a000d50491055805313ed83ddba069353d102ece8aef5d11b5faf045",
+                "sha256:40cc0f91c6cde033da493227797be2826cbf8f388eaa36a0271a97a332bfd7ce",
+                "sha256:4436cc9ba5414c2c998eaedee5343f49c02ca93b21769c5fdfa4f9d799e84200",
+                "sha256:509ecd8334c380000d259dc66feb191dd0a93b21f2453faa75f7f9cdcefc0718",
+                "sha256:5c587f52c81211d4530fa6857884d37f514bcf9453bdeee0ff93eaaf906a5c1b",
+                "sha256:5f3671662dc4b422b15776cdca89c041a6349b4864a43aa2350b6b0b03bbcc7f",
+                "sha256:6599bf92f33ab041e36e06d25890afbdf12078aacfe1f1d08c713906e49a3fe5",
+                "sha256:6e8a95f243d01ba572341c52f89f3acb98a3b6d1d5d830efba86033dd3687ade",
+                "sha256:706ec567267c96717ab9363904d846ec009a48d5f832140b6ad08aad3791b1f5",
+                "sha256:780551e47d62095e088f251f5db428473c26db7829884323e56d9c0c3118791a",
+                "sha256:7ff8f3fb38233035028dbc93715551d81eadc110199e14bbbfa01c5c4a43f8d8",
+                "sha256:828189fcdda99aae0d6bf718ea766b2e715eabc1868670a0a07bf8404bf58c33",
+                "sha256:857abe2fa6a4973f8663e039ead8d22215d31db613ace76e4a98f52ec919068e",
+                "sha256:883123d0bbe1c136f76b56276074b0c79b5817dd4238097ffa64ac67257f4b6c",
+                "sha256:8877d9b437b35a85c18e3c6499b23674684bf690f5d96c1006a1ef61f9fdf0f3",
+                "sha256:8e575a59315a91ccd00c7757127f6b2488c2f914096077c745c2f1ba5b8c0969",
+                "sha256:97072cc90f1009386c8a5b7de9d4fc1a9f91ba5ef2146c55c1f005e7b5c5e068",
+                "sha256:9a22cbb5ede6fade0482111fa7f01115ff04039795d7092ed0db43522431b4f2",
+                "sha256:a063aad9f7b4c9f9da7b2550eae0a582ffc7623dca1c925e50c3fbde7a579771",
+                "sha256:a08c7401d0b24e8c2982f4e307124b671c6736d40d1c39e09d7a8687bddf83ed",
+                "sha256:a0b273fe6dc655b110e8dc89b8ec7f1a778d78c9fd9b4bda7c384c8906072212",
+                "sha256:a2b3b05e22a77bb0ae1a3125126a4e08535961c946b62f30985535ed40e26614",
+                "sha256:a66e055254a26c82aead7ff420d9fa8dc2da10c82679ea850d8feebf11074d88",
+                "sha256:aa387bd7489f3e1787ff82068b295bcaafbf6f79c3dad3cbc82ef88ce3f48ad3",
+                "sha256:ae453f655640157d76209f42c62c64c4d4f2c7f97256d3567e3b439bd5c9b06c",
+                "sha256:b5016e331b75310610c2cf955d9f58a9749943ed5f7b8cfc0bb89c6134ab0a84",
+                "sha256:b9a4ee55174b04f6af539218f9f8083140f61a46eabcaa4234f3c2a452c4ed11",
+                "sha256:bd3b4b8175c1db502adf209d06136c000df4d245105c8839e9d0be71c94aefe1",
+                "sha256:bebea5f5ed41f618797ce3ffb4606c64a5de92e9c3f26d26c2e0aae292f015c1",
+                "sha256:c10fbc8a64aa0f3ed136b0b086b6b577bc64d67d5581acd7cc129af52654384e",
+                "sha256:c2c41c1b1866b670573657d584de413df701f482574bad7e28214a2362cb1fd1",
+                "sha256:cf97ed82ca986e5c637ea286ba2793c85325b30f869bf64d3009ccc1a31ae3fd",
+                "sha256:d1f25ee9de21a39b3a8516f2c5feb8de248f17da7eead089c2e04aa097936b47",
+                "sha256:d2fbc2a127e857d2f8898aaabcc34c37771bf78a4d5e17d3e1f5c30cd0cbc62a",
+                "sha256:dc945064a8783b86fcce9a0a705abd7db2117d95e340df8a4333f00be5efb64c",
+                "sha256:ddc5a54edb653e9e215f75de377354e2455376f416c4378e1d43b08ec50acc31",
+                "sha256:e8834e5f17d89e05697c3c043d3e58a8b19682bf365048837383abfe39adaed5",
+                "sha256:ef9659d1cda9ce9ac9585c045aaa1e59223b143f2407db0eaee0b61a4f266fb6",
+                "sha256:f6f5cab2d7f0c12f8187a376cc6582c477d2df91d63f75341307fcdcb5d60303",
+                "sha256:f81c9b4bd8aa747d417407a7f6f0b1469a43b36a85748145e144ac4e8d303cb5",
+                "sha256:f99ef080288f09ffc687423b8d60978cf3a465d3f404a18d1a05474bd8575a47"
             ],
             "index": "pypi",
-            "version": "==7.2.4"
+            "version": "==7.2.5"
         },
         "cryptography": {
             "hashes": [
@@ -366,11 +366,11 @@
         },
         "flask": {
             "hashes": [
-                "sha256:13f6329ddbfff11340939cd11919daf150a01358ded4b7e81c03c055dfecb559",
-                "sha256:77504c4c097f56ac5f29b00f9009213010cf9d2923a288c0e0564a5db2bb53d6"
+                "sha256:77fd4e1249d8c9923de34907236b747ced06e5467ecac1a7bb7115ae0e9670b0",
+                "sha256:8c2f9abd47a9e8df7f0c3f091ce9497d011dc3b31effcf4c85a6e2b50f4114ef"
             ],
             "index": "pypi",
-            "version": "==2.2.4"
+            "version": "==2.3.2"
         },
         "flask-basicauth": {
             "hashes": [
@@ -1117,11 +1117,11 @@
         },
         "werkzeug": {
             "hashes": [
-                "sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe",
-                "sha256:56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612"
+                "sha256:4866679a0722de00796a74086238bb3b98d90f423f05de039abb09315487254a",
+                "sha256:a987caf1092edc7523edb139edb20c70571c4a8d5eed02e0b547b4739174d091"
             ],
             "index": "pypi",
-            "version": "==2.2.3"
+            "version": "==2.3.3"
         },
         "wtforms": {
             "hashes": [
@@ -1182,19 +1182,19 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:38ca632be379963f2a2749b5f63a81fe1679913b954914f470ad282c77674bbc",
-                "sha256:4d575c180312bec6108852bae12e6396b9d1bb404154d652c57ee849c62fbb83"
+                "sha256:4847855cfa4ff272eb66cf1fc9542068ada6d4816d56573cc9cafde51962d0ef",
+                "sha256:ec53175eaf818dfe1eec33f7e165eca957744c1d8a82047a9efbcce9547e5cc9"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.26.122"
+            "version": "==1.26.124"
         },
         "botocore": {
             "hashes": [
-                "sha256:9e4984a9e9777c6b949aa1e98323fa35480d9f99d447af7e179ae611f7ed5af9",
-                "sha256:c3b41078d235761b9c5dc22f534a76952622ef96787b96bbd10242ec4d73f2a5"
+                "sha256:cbcbd5b084952d332d7b8170577f10509e3e7b3b6abbc2920b1c27e93ad2ab25",
+                "sha256:ebe8a83dd1db18180774ce45b1911959c60bb1843ea0db610231495527a3518a"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.29.122"
+            "version": "==1.29.124"
         },
         "cachecontrol": {
             "extras": [
@@ -2014,11 +2014,11 @@
         },
         "werkzeug": {
             "hashes": [
-                "sha256:2e1ccc9417d4da358b9de6f174e3ac094391ea1d4fbef2d667865d819dfd0afe",
-                "sha256:56433961bc1f12533306c624f3be5e744389ac61d722175d543e1751285da612"
+                "sha256:4866679a0722de00796a74086238bb3b98d90f423f05de039abb09315487254a",
+                "sha256:a987caf1092edc7523edb139edb20c70571c4a8d5eed02e0b547b4739174d091"
             ],
             "index": "pypi",
-            "version": "==2.2.3"
+            "version": "==2.3.3"
         },
         "xmltodict": {
             "hashes": [

app/__init__.py

@@ -269,7 +269,12 @@ def create_app(application):
     # make sure we handle unicode correctly
     redis_client.redis_store.decode_responses = True
 
-    setup_blueprints(application)
+    from app.main import main as main_blueprint
+    from app.status import status as status_blueprint
+
+    application.register_blueprint(main_blueprint)
+
+    application.register_blueprint(status_blueprint)
 
     add_template_filters(application)
 
@@ -282,6 +287,8 @@ def init_app(application):
     application.before_request(load_service_before_request)
     application.before_request(load_organisation_before_request)
     application.before_request(request_helper.check_proxy_header_before_request)
+    application.before_request(make_session_permanent)
+    application.after_request(save_service_or_org_after_request)
 
     font_paths = [
         str(item)[len(asset_fingerprinter._filesystem_path):]
@@ -500,36 +507,6 @@ def register_errorhandlers(application):  # noqa (C901 too complex)
         return _error_response(500)
 
 
-def setup_blueprints(application):
-    """
-    There are three blueprints: status_blueprint, no_cookie_blueprint, and main_blueprint.
-
-    main_blueprint is the default for everything.
-
-    status_blueprint is only for the status page - unauthenticated, unstyled, no cookies, etc.
-
-    no_cookie_blueprint is for subresources (things loaded asynchronously) that we might be concerned are setting
-    cookies unnecessarily and potentially getting in to strange race conditions and overwriting other cookies, as we've
-    seen in the send message flow. Currently, this includes the iframe from the platform admin email branding
-    preview pages.
-
-    This notably doesn't include the *.json ajax endpoints. If we included them in this, the cookies wouldn't be
-    updated, including the expiration date. If you have a dashboard open and in focus it'll refresh the expiration timer
-    every two seconds, and you will never log out, which is behaviour we want to preserve.
-    """
-    from app.main import main as main_blueprint
-    from app.main import no_cookie as no_cookie_blueprint
-    from app.status import status as status_blueprint
-
-    main_blueprint.before_request(make_session_permanent)
-    main_blueprint.after_request(save_service_or_org_after_request)
-
-    application.register_blueprint(main_blueprint)
-    # no_cookie_blueprint specifically doesn't have `make_session_permanent` or `save_service_or_org_after_request`
-    application.register_blueprint(no_cookie_blueprint)
-    application.register_blueprint(status_blueprint)
-
-
 def setup_event_handlers():
     from flask_login import user_logged_in
 

app/main/__init__.py

@@ -1,7 +1,6 @@
 from flask import Blueprint
 
 main = Blueprint('main', __name__)
-no_cookie = Blueprint('no_cookie', __name__)
 
 from app.main.views import (  # noqa isort:skip
     add_service,

app/templates/admin_template.html

@@ -15,7 +15,7 @@
   {%- for font in font_paths %}
   <link rel="preload" href="{{ asset_url(font, with_querystring_hash=False) }}" as="font" type="font/woff2" crossorigin>
   {%- endfor %}
-  <link rel="stylesheet" media="screen" href="{{ asset_url('css/styles.css') }}" />
+  <!-- <link rel="stylesheet" media="screen" href="{{ asset_url('css/styles.css') }}" /> -->
   <link rel="stylesheet" media="screen" href="{{ asset_url('stylesheets/main.css') }}" />
   <link rel="stylesheet" media="print" href="{{ asset_url('stylesheets/print.css') }}" />
   {% block extra_stylesheets %}

tests/app/main/views/test_index.py

@@ -233,7 +233,7 @@ def test_css_is_served_from_correct_path(client_request):
         page.select('link[rel=stylesheet]')
     ):
         assert link['href'].startswith([
-            'https://static.example.com/css/styles.css?',
+            # 'https://static.example.com/css/styles.css?',
             'https://static.example.com/stylesheets/main.css?',
             'https://static.example.com/stylesheets/print.css?',
         ][index])

tests/app/main/views/test_two_factor.py

@@ -367,7 +367,7 @@ def test_two_factor_sms_should_activate_pending_user(
 
 @pytest.mark.parametrize('extra_args, expected_encoded_next_arg', (
     ({}, ''),
-    ({'next': 'https://example.com'}, '?next=https%3A%2F%2Fexample.com')
+    ({'next': 'https://example.com'}, '?next=https://example.com')
 ))
 def test_valid_two_factor_email_link_shows_interstitial(
     client_request,