Merge branch 'master' of github.com:alphagov/notifications-admin

2026-02-05 02:42:26 -05:00 · 2015-12-07 11:30:37 +00:00
parent 66537fca30 67af17d48e
commit d5ea99ee7b
29 changed files with 220 additions and 56 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -9,6 +9,7 @@ from flask_wtf import CsrfProtect
 from webassets.filter import get_filter
 from werkzeug.exceptions import abort

+from app.notify_client.api_client import AdminAPIClient
 from app.its_dangerous_session import ItsdangerousSessionInterface
 import app.proxy_fix
 from config import configs
@@ -18,6 +19,8 @@ db = SQLAlchemy()
 login_manager = LoginManager()
 csrf = CsrfProtect()

+admin_api_client = AdminAPIClient()
+

 def create_app(config_name):
    application = Flask(__name__)
@@ -39,6 +42,7 @@ def create_app(config_name):
    proxy_fix.init_app(application)

    application.session_interface = ItsdangerousSessionInterface()
+    admin_api_client.init_app(application)

    return application

@@ -98,7 +102,8 @@ def init_asset_environment(app):
        assets.Bundle(
            'govuk_template/govuk-template.scss',
            filters='scss',
-            output='stylesheets/govuk-template.css'
+            output='stylesheets/govuk-template.css',
+            depends='*.scss'
        )
    )

--- a/app/assets/stylesheets/app.scss
+++ b/app/assets/stylesheets/app.scss
@@ -19,4 +19,29 @@
    font-size: 19px;
    line-height: 1.31579;
  }
+}
+
+.phase-tag {
+    @include phase-tag(beta);
+}
+
+@media (min-width: 641px) {
+  .phase-tag {
+      font-size: 16px;
+      line-height: 1.25;
+      margin-top: 7px;
+
+  }
+}
+
+@media (max-width: 641px) {
+  .phase-tag {
+      margin-top: 11px;
+  }
+}
+
+
+
+#global-header #logo {
+      white-space: nowrap;
 }
--- a/app/main/exceptions.py
+++ b/app/main/exceptions.py
@@ -0,0 +1,5 @@
+
+
+class AdminApiClientException(Exception):
+    def __init__(self, message):
+        self.value = message
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -2,6 +2,8 @@ from flask_wtf import Form
 from wtforms import StringField, PasswordField
 from wtforms.validators import DataRequired, Email, Length, Regexp

+from app.main.validators import Blacklist
+

 class LoginForm(Form):
    email_address = StringField('Email address', validators=[
@@ -19,7 +21,7 @@ mobile_number = "^\\+44[\\d]{10}$"


 class RegisterUserForm(Form):
-    name = StringField('Name',
+    name = StringField('Full name',
                       validators=[DataRequired(message='Name can not be empty')])
    email_address = StringField('Email address', validators=[
        Length(min=5, max=255),
@@ -30,6 +32,7 @@ class RegisterUserForm(Form):
    mobile_number = StringField('Mobile phone number',
                                validators=[DataRequired(message='Please enter your mobile number'),
                                            Regexp(regex=mobile_number, message='Please enter a +44 mobile number')])
-    password = PasswordField('Password',
+    password = PasswordField('Create a password',
                             validators=[DataRequired(message='Please enter your password'),
-                                         Length(10, 255, message='Password must be at least 10 characters')])
+                                         Length(10, 255, message='Password must be at least 10 characters'),
+                                         Blacklist(message='That password is blacklisted, too common')])
--- a/app/main/validators.py
+++ b/app/main/validators.py
@@ -0,0 +1,12 @@
+from wtforms import ValidationError
+
+
+class Blacklist(object):
+    def __init__(self, message=None):
+        if not message:
+            message = 'Password is blacklisted.'
+        self.message = message
+
+    def __call__(self, form, field):
+        if field.data in ['password1234', 'passw0rd1234']:
+            raise ValidationError(self.message)
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -15,19 +15,16 @@ def govuk():


@main.route("/register-from-invite")
-@login_required
 def registerfrominvite():
    return render_template('register-from-invite.html')


@main.route("/verify")
-@login_required
 def verify():
    return render_template('verify.html')


@main.route("/verify-mobile")
-@login_required
 def verifymobile():
    return render_template('verify-mobile.html')

@@ -50,7 +47,6 @@ def addservice():


@main.route("/two-factor")
-@login_required
 def twofactor():
    return render_template('two-factor.html')

--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -1,9 +1,14 @@
-from datetime import datetime
+from datetime import datetime, timedelta
+from random import randint

-from flask import render_template, redirect, jsonify
+from flask import render_template, redirect, jsonify, session
+from sqlalchemy.exc import SQLAlchemyError

+from app import admin_api_client
 from app.main import main
 from app.main.dao import users_dao
+from app.main.encryption import hashpw
+from app.main.exceptions import AdminApiClientException
 from app.main.forms import RegisterUserForm
 from app.models import User

@@ -25,9 +30,43 @@ def process_register():
                    created_at=datetime.now(),
                    role_id=1)
        try:
+            sms_code = send_sms_code(form.mobile_number.data)
+            email_code = send_email_code(form.email_address.data)
+            session['sms_code'] = hashpw(sms_code)
+            session['email_code'] = hashpw(email_code)
+            session['expiry_date'] = str(datetime.now() + timedelta(hours=1))
            users_dao.insert_user(user)
-            return redirect('/two-factor')
-        except Exception as e:
+        except AdminApiClientException as e:
+            return jsonify(admin_api_client_error=e.value)
+        except SQLAlchemyError:
            return jsonify(database_error='encountered database error'), 400
    else:
        return jsonify(form.errors), 400
+    return redirect('/verify')
+
+
+def send_sms_code(mobile_number):
+    sms_code = _create_code()
+    try:
+        admin_api_client.send_sms(mobile_number, message=sms_code, token=admin_api_client.auth_token)
+    except:
+        raise AdminApiClientException('Exception when sending sms.')
+    return sms_code
+
+
+def send_email_code(email):
+    email_code = _create_code()
+    try:
+        admin_api_client.send_email(email_address=email,
+                                    from_str='notify@digital.cabinet-office.gov.uk',
+                                    message=email_code,
+                                    subject='Verification code',
+                                    token=admin_api_client.auth_token)
+    except:
+        raise AdminApiClientException('Exception when sending email.')
+
+    return email_code
+
+
+def _create_code():
+    return ''.join(["%s" % randint(0, 9) for _ in range(0, 5)])
--- a/app/notify_client/init.py
+++ b/app/notify_client/init.py
--- a/app/notify_client/api_client.py
+++ b/app/notify_client/api_client.py
@@ -0,0 +1,8 @@
+from __future__ import unicode_literals
+from notify_client import NotifyAPIClient
+
+
+class AdminAPIClient(NotifyAPIClient):
+    def init_app(self, app):
+        self.base_url = app.config['NOTIFY_DATA_API_URL']
+        self.auth_token = app.config['NOTIFY_DATA_API_AUTH_TOKEN']
--- a/app/templates/add-service.html
+++ b/app/templates/add-service.html
@@ -9,6 +9,12 @@ GOV.UK Notify | Set up service
 <div class="grid-row">
 	<div class="column-two-thirds">
 		<h1 class="heading-xlarge">Set up notifications for your service</h1>
+		
+		<p>Users will see your service name:</p>
+			<ul>
+				<li>at the start of every text message, eg 'Vehicle tax: we received your payment, thank you'</li>
+				<li>as your email sender name</li>
+			</ul>


 		<p>
@@ -17,11 +23,6 @@ GOV.UK Notify | Set up service
  		<span class="font-xsmall">For example, 'Vehicle tax' or 'Carer's allowance'</span>
  		</p>

-      <h2 class="heading-small">We'll create your service in test mode</h2>
-    <p>In test mode you can only send notifications to people in your team.</p>
-    <p>When you're ready to go live we'll remove this restriction.</p>
-
-
  		<p>
  		<a class="button" href="dashboard" role="button">Continue</a>
  		</p>
--- a/app/templates/admin_template.html
+++ b/app/templates/admin_template.html
@@ -7,5 +7,13 @@ GOV.UK notifications admin
 {% block cookie_message %}
 {% endblock %}

+ {% block inside_header %}
+<div class="phase-banner-beta">
+    
+      <strong class="phase-tag">BETA</strong>
+    
+</div>
+ {% endblock %}
+
 {% set global_header_text = "GOV.UK Notify" %}

--- a/app/templates/email-not-received.html
+++ b/app/templates/email-not-received.html
@@ -10,7 +10,7 @@ GOV.UK Notify
  <div class="column-two-thirds">
    <h1 class="heading-xlarge">Check your email address</h1>

-    <p>Check your email address is correct and resend a confirmation code.</p>
+    <p>Check your email address is correct and then resend the confirmation code.</p>

      <p>
      <label class="form-label" for="email">Email address</label>
@@ -25,4 +25,4 @@ GOV.UK Notify
  </div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/new-password.html
+++ b/app/templates/new-password.html
@@ -9,10 +9,13 @@ GOV.UK Notify
 <div class="grid-row">
 	<div class="column-two-thirds">
 		<h1 class="heading-xlarge">Create a new password</h1>
+		
+		<p> You can now create a new password for your account.</p>

  		<p>
-  		<label class="form-label" for="password">Password</label>
+  		<label class="form-label" for="password">Create a password</label>
  		<input class="form-control-1-4" id="password" type="password">
+  		<span class="font-xsmall">Your password must have at least 10 characters</span></label>
  		</p>

  		<p>
@@ -21,4 +24,4 @@ GOV.UK Notify
 	</div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/register-from-invite.html
+++ b/app/templates/register-from-invite.html
@@ -13,7 +13,7 @@ GOV.UK Notify | Create a user account
 		<p>If you've used GOV.UK Notify before, <a href="">sign in to your account</a>.</p>

 		<p>
-		<label class="form-label" for="name-f1">Name</label>
+		<label class="form-label" for="name-f1">Full name</label>
  		<input class="form-control-2-3" id="name-f1" type="text">
  		</p>
  		<p>
@@ -21,8 +21,9 @@ GOV.UK Notify | Create a user account
  		<input class="form-control-1-4" id="mobile" type="text">
  		</p>
  		<p>
-  		<label class="form-label" for="password">Password</label>
+  		<label class="form-label" for="password">Create a password</label>
  		<input class="form-control-1-4" id="password" type="password">
+  		<span class="font-xsmall">Your password must have at least 10 characters</span></label>
  		</p>

  		<p>
--- a/app/templates/register.html
+++ b/app/templates/register.html
@@ -12,9 +12,7 @@ GOV.UK Notify | Create an account

 		<p>If you've used GOV.UK Notify before, <a href="">sign in to your account</a>.</p>

-    <p>You need to have access to your email account and a mobile phone to register.</p>
-
-		<form autocomplete="off" action="" method="post">
+   		<form autocomplete="off" action="" method="post">
 			{{ form.hidden_tag() }}
 			<p>
 			<label class="form-label"> {{ form.name.label }} </label>
@@ -32,6 +30,7 @@ GOV.UK Notify | Create an account
 			<p>
 			<label class="form-label"> {{ form.password.label}} </label>
 				{{ form.password(class="form-control-1-4", autocomplete="off") }} <br>
+			<span class="font-xsmall">Your password must have at least 10 characters</span></label>
 			</p>
 			<p>
 			<button class="button" role="button">Continue</button>
--- a/app/templates/signedout.html
+++ b/app/templates/signedout.html
@@ -12,13 +12,13 @@ GOV.UK Notify | Get started

 		<p>Use GOV.UK Notify to send notifications by text message, email and letter.</p>
 		<p>We're making it easy to keep your users informed.</p>
-		<p>If you work for a central UK Government department or agency you can set up a test account now.</p>
+		<p>If you work for a UK government department or agency you can set up a test account now.</p>

 		<a class="button" href="register" role="button">Set up an account</a>

 		<!-- <h2 class="heading-large">Used GOV.UK Notify before?</h2> -->

-		<p><a href="sign-in">Sign in</a></p>
+		<p>If you've used GOV.UK Notify before, <a href="sign-in">sign in to your account</a>.</p>
 	</div>
 </div>

--- a/app/templates/signin.html
+++ b/app/templates/signin.html
@@ -10,7 +10,7 @@ Sign in
 	<div class="column-two-thirds">
 		<h1 class="heading-xlarge">Sign in</h1>

-		<p>If you do not have an account, you can <a href="register">register</a>.</p>
+		<p>If you do not have an account, you can <a href="register">register for one now</a>.</p>

 		<form autocomplete="off" action="" method="post">
 			{{ form.hidden_tag() }}
@@ -33,4 +33,4 @@ Sign in
 	</div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/text-not-received-2.html
+++ b/app/templates/text-not-received-2.html
@@ -12,7 +12,7 @@ GOV.UK Notify
  <div class="column-two-thirds">
    <h1 class="heading-xlarge">Check your mobile number</h1>

-    <p>Check your mobile phone number is correct and resend a confirmation code.</p>
+    <p>Check your mobile phone number is correct and then resend the confirmation code.</p>

      <p>
      <label class="form-label" for="mobile">Mobile phone number</label>
@@ -26,4 +26,4 @@ GOV.UK Notify
  </div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/text-not-received.html
+++ b/app/templates/text-not-received.html
@@ -10,7 +10,7 @@ GOV.UK Notify
  <div class="column-two-thirds">
    <h1 class="heading-xlarge">Check your mobile number</h1>

-    <p>Check your mobile phone number is correct and resend a confirmation code.</p>
+    <p>Check your mobile phone number is correct and then resend the confirmation code.</p>

      <p>
      <label class="form-label" for="mobile">Mobile phone number</label>
@@ -24,4 +24,4 @@ GOV.UK Notify
  </div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/two-factor.html
+++ b/app/templates/two-factor.html
@@ -10,11 +10,10 @@ GOV.UK Notify | Text verification
 	<div class="column-two-thirds">
 		<h1 class="heading-xlarge">Text verification</h1>

-		<p>We've sent you a text message containing a verification code.</p>
+		<p>We've sent you a text message with a verification code.</p>

  		<p>
-  		<label class="form-label" for="email">Text message verification code<br>
-		<span class="font-xsmall">Enter the code we sent you by email</span></label>
+  		<label class="form-label" for="email">Enter verification code<br>
  		<input class="form-control-1-4" id="email" type="text"><br>
  		<span class="font-xsmall"><a href="verification-not-received">I haven't received a text</a></span>
  		</p>
--- a/app/templates/verification-not-received.html
+++ b/app/templates/verification-not-received.html
@@ -10,15 +10,15 @@ GOV.UK Notify
  <div class="column-two-thirds">
    <h1 class="heading-xlarge">Resend verification code</h1>

-    <p>Text messages sometimes take a few minutes to be received. <br> If you have not received a text message, you can resend.</p>
+    <p>Text messages sometimes take a few minutes to arrive. If you do not receive the text message, you can resend it.</p>

-    <p>If you no longer have access to your mobile phone and registered number, get in contact with your service manager to reset your number.</p>P>
+    <p>If you no longer have access to the phone with the number you registered for this service, speak to your service manager to reset the number.</p>


      <p>
-      <a class="button" href="two-factor" role="button">Resend confirmation code</a>
+      <a class="button" href="two-factor" role="button">Resend verification code</a>
      </p>
  </div>
 </div>

-{% endblock %}
+{% endblock %}
--- a/app/templates/verify-mobile.html
+++ b/app/templates/verify-mobile.html
@@ -10,12 +10,10 @@ GOV.UK Notify | Confirm mobile number
 	<div class="column-two-thirds">
 		<h1 class="heading-xlarge">Confirm your mobile number</h1>

-		<p>You need to prove the contact details you gave us are yours.</p>
-		<p>We've sent you an email and a text message containing confirmation codes.</p>
+		<p>We've sent you a confirmation code by text message.</p>

  		<p>
-  		<label class="form-label" for="email">Text message confirmation code<br>
-		<span class="font-xsmall">Enter the code we sent you by text</span></label>
+  		<label class="form-label" for="email">Enter confirmation code<br>
  		<input class="form-control-1-4" id="email" type="text"><br>
  		<span class="font-xsmall"><a href="text-not-received-2">I haven't received a text</a></span>
  		</p>
--- a/app/templates/verify.html
+++ b/app/templates/verify.html
@@ -8,20 +8,17 @@ GOV.UK Notify | Confirm email address and mobile number

 <div class="grid-row">
 	<div class="column-two-thirds">
-		<h1 class="heading-xlarge">Confirm your email address and mobile number</h1>
+		<h1 class="heading-xlarge">Activate your account</h1>

-		<p>You need to prove the contact details you gave us are yours.</p>
-		<p>We've sent you an email and a text message containing confirmation codes.</p>
+		<p>We've sent you confirmation codes by email and text message. You need to enter both codes here.</p>

 		<p>
 		<label class="form-label" for="emailverify">Email confirmation code<br>
-		<span class="font-xsmall">Enter the code we sent you by email</span></label>
  		<input class="form-control-1-4" id="emailverify" type="text"><br>
  		<span class="font-xsmall"><a href="email-not-received">I haven't received an email</a></span>
  		</p>
  		<p>
  		<label class="form-label" for="email">Text message confirmation code<br>
-		<span class="font-xsmall">Enter the code we sent you by text</span></label>
  		<input class="form-control-1-4" id="email" type="text"><br>
  		<span class="font-xsmall"><a href="text-not-received">I haven't received a text</a></span>
  		</p>