We only want static files to not come from the browser cache when they have
changed. The best way to do this is by cache busting the URLs.
Otherwise, we want static files to be cached for a long time. This commit sets
the `Expires` HTTP header to 1 year in the future.
Previously it was set to 12 hours, the default.
From the Flask docs:
> Default cache control max age to use with send_static_file() (the default
> static file handler) and send_file(), in seconds. Override this value on a
> per-file basis using the get_send_file_max_age() hook on Flask or Blueprint,
> respectively. Defaults to 43200 (12 hours).
https://www.pivotaltracker.com/story/show/112786779
> There's an emerging convention on admin apps, to have a red strip atop the
> page, also to have a different colour for preview environment... so let's
> adopt that and see how it feels. Red for prod and gold for preview.
This commit adds config so that:
- yellow locally
- orange on preview and staging
- red on live
It will not actually work until each AWS environment uses the right config, but
can be tested locally by setting the environment variable manually, eg:
`export HEADER_COLOUR='#F47738'`
At the moment the file contents are not persisted by checked in
memory.
The first and last three records are show if all are valid.
If there are invalid rows, they are reported and the user is
prompted to go back and sort out upload file.
The storing of upload result (i.e. validation of file) in session
will be removed in next story which is about persisting of file
for later processing.
Which means the user will only be able to reset their password, and not sign-in.
Once the user resets the password the user state is set to active once more.
If the link is used a second time they will be redirected to the index page with a message
that the link in the email is not longer valid.
Found a way to create the token that does not need to persist it to the database.
This requires proper error messages, written by people who speak menglis good.
The post register endpoint will send a random 5 digit code via sms and another via email.
If either code fails to send, the user will not be created and the person can register again.
The codes are saved to the session cookie, and expire in 1 hour.
Another iteration of this story will save the codes to a database.
