Commit Graph

3217 Commits

Author SHA1 Message Date
Leo Hemsted
1cacd92411 Merge pull request #1153 from alphagov/forget-me
Remove remember me cookie
2017-03-06 09:39:52 +00:00
Chris Hill-Scott
393cb5b2da Merge pull request #1169 from alphagov/template-name-on-send
Put template name on preview page
2017-03-03 13:10:59 +00:00
Chris Hill-Scott
ce07d929f3 Merge pull request #1165 from alphagov/bump-utils-recipient-validation
Bump utils to improve letters and validation
2017-03-03 13:10:51 +00:00
Chris Hill-Scott
457249c0fa Put template name on preview page
We’ve had a couple of instances where teams have sent the wrong template
to a …number of users.

Sometimes templates can be very similar and only have slight variations
to tailor them to a specific subset of users. So identifying the right
template by sight can be difficult.

We know that teams do give their templates meaningful names, and use
these names in other tools (spreadsheets etc) to refer to the templates.

So putting the name of the template on the page where you’re about to
send all the messages seems like it’s gives people an easier way of
double checking that they’re doing the right thing.

I umm’d and ahh’d over the wording a bit, and think ‘Preview of…’ reads
the best. It looks a bit weird because most template names are Title
Case. I think it’s better than some ambiguous punctuation (eg ‘Preview:
Template name’ or ‘Template name – preview’).

Some examples of real template names:
- Preview of Example text message templates
- Preview of Online LPA payment application reminder
- Preview of Create user account
- Preview of Split journey - Unknown credentials
- Preview of Public user: application without supporting documents
- Preview of Renewal Survey – February
- Preview of CEX New adult
- Preview of Applications are closing tomorrow
- Preview of Your application result - if successful
2017-03-02 17:29:53 +00:00
Leo Hemsted
85efe0d117 remove flask's builtin remember me functionality
we don't need it cos we do it all ourselves
2017-03-02 16:55:10 +00:00
Chris Hill-Scott
5f37fc158d Merge pull request #1166 from alphagov/scotent
Add Scottish Enterprise to list of gov domains
2017-03-02 14:55:51 +00:00
Leo Hemsted
f645aa7b23 Merge pull request #1167 from alphagov/32-33
32 services to 33 - Government Actuary's Department
2017-03-02 14:49:03 +00:00
Pete Herlihy
787288b7c7 32 services to 33 - Government Actuary's Department 2017-03-02 14:35:37 +00:00
Chris Hill-Scott
54a666e8e9 Add Scottish Enterprise to list of gov domains
> Scottish Enterprise is Scotland's main economic development agency
> and a non-departmental public body of the Scottish Government.

– https://www.scottish-enterprise.com/about-us

For some reason their email domain is `scotent.co.uk` (but it redirects
to www.scottish-enterprise.com on the web for the some reason
¯\_(ツ)_/¯)
2017-03-02 10:18:19 +00:00
Chris Hill-Scott
795f8f658e Bump utils to improve letters and validation
Brings in:
- [x] https://github.com/alphagov/notifications-utils/pull/120
- [x] https://github.com/alphagov/notifications-utils/pull/121
- [x] https://github.com/alphagov/notifications-utils/pull/122
- [x] https://github.com/alphagov/notifications-utils/pull/123
- [ ] https://github.com/alphagov/notifications-utils/pull/124

Changes:
https://github.com/alphagov/notifications-utils/compare/13.8.0...check-missing-first
2017-03-01 13:43:21 +00:00
Chris Hill-Scott
446b2191f9 Merge pull request #1164 from alphagov/nbsp-fix
Fix errant   on request to go live page
2017-03-01 12:41:31 +00:00
bandesz
aef9bb3615 Ignore docker pull errors 2017-02-28 18:26:48 +00:00
bandesz
55f2d49e25 Add termination timeout to run_app_paas.sh 2017-02-28 17:38:50 +00:00
Chris Hill-Scott
1f0fc9d26f Fix errant   on request to go live page
There’s a good reason for having the ` ` – it stops GOV.UK Notify
being split across two lines (which could happen on a smaller viewport,
eg mobile). Gotta protect the brand.

Not good for the brand for it to be showing up in the page though 😬

This got broken as part of 3f41090a94

The label for a form should never have user-submitted content in it, so
using `safe` is fine.
2017-02-28 17:02:09 +00:00
Rebecca Law
9308e95b02 Merge pull request #1162 from alphagov/fix-user-login-flow
Fix user login flow
2017-02-28 16:50:11 +00:00
Rebecca Law
35f61125e8 Fix the user flow when the user account is locked.
The user has 10 tries at the password, after which the account is locked.
The same is true for the verify code, the user will have 10 tries before the user account is locked.
2017-02-28 14:41:31 +00:00
bandesz
297e885d72 Fix __pycache__ exclude 2017-02-28 13:18:43 +00:00
bandesz
d3b7d1aeee Remove Docker commands for CF, clean up artifact creation 2017-02-28 12:31:56 +00:00
Rebecca Law
2d4e0a0631 Added a reset of failed_login_count when the user is activated.
Update user from the update-password api call (which resets the failed_login_count)
2017-02-28 11:56:40 +00:00
Andras Ferencz-Szabo
95748a2eb9 Merge pull request #1161 from alphagov/remove_jenkinsfiles
Remove Jenkinsfiles, add PaaS artifact tasks
2017-02-27 17:35:31 +00:00
bandesz
16a40e526b Remove Jenkinsfiles, add PaaS artifact tasks 2017-02-27 17:04:19 +00:00
Chris Hill-Scott
90da5a35da Merge pull request #1160 from alphagov/11-or-fewer
Make long SMS sender name error accurate
2017-02-27 16:09:00 +00:00
Chris Hill-Scott
570fe0e9a6 Merge pull request #1158 from alphagov/empty-csv-error
Don’t 500 when a CSV is missing rows
2017-02-27 16:05:31 +00:00
Chris Hill-Scott
e909bce928 Make long SMS sender name error accurate
`<=11` not `< 11`
2017-02-27 15:56:58 +00:00
Leo Hemsted
9fda5d1847 remove remember_me cookie and related code 2017-02-27 15:18:18 +00:00
Chris Hill-Scott
888821d1b4 Don’t 500 when a CSV is missing rows
> When the CSV is missing the header row, we get an error and the user
> will see "Sorry, we are experiencing technical difficulties..."
>
> We should return a better error message for the user.

– https://www.pivotaltracker.com/story/show/140668615

This was caused by an attempt to access the `first_recipient` variable
before it was assigned. It would only be assigned when there was at
least one row in the file.

Fixing this means doing two things:
- defaulting `first_recipient` to be `None` before looking in the file
- adding an error message for when we can’t extract any rows out of the
  file (which is more nuanced than the file just being completely empty)

(There’s a nasty `sort` in the Jinja template because when there are no
rows in the file the order of the required column headers is not
deterministic.)
2017-02-27 14:46:01 +00:00
Chris Hill-Scott
b460f5971e Merge pull request #1157 from alphagov/missing-columns-error
Fix wrong error message if file is missing columns
2017-02-27 12:52:09 +00:00
Chris Hill-Scott
e1f53760bf Fix wrong error message if file is missing columns
Accidentally got broken here:
41fa158635 (diff-bff3df90be0231a1e33e033fc51ba7f7L78)

This commit changes it back to how it was before (but keeping the new macro for formatting the list).
2017-02-27 12:43:20 +00:00
Leo Hemsted
b37e7fd188 Merge pull request #1155 from alphagov/login
ensure other 2FA pages also handle session id
2017-02-24 16:41:18 +00:00
Leo Hemsted
4df12f5f4e ensure other 2FA pages also handle session id
specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well
2017-02-24 16:32:59 +00:00
Leo Hemsted
1ec20151d0 Merge pull request #1146 from alphagov/session-id
check users' session id.
2017-02-24 14:25:06 +00:00
Chris Hill-Scott
938e5599e1 Merge pull request #1154 from alphagov/third-template-stats-fix
Fix page title on all template statistics
2017-02-24 13:03:07 +00:00
Chris Hill-Scott
fb597308ba Fix page title on all template statistics
Broke it here: https://github.com/alphagov/notifications-admin/pull/1150/files#diff-79c89468157588a8d045983245158e9bR4

Third time lucky…
2017-02-24 11:58:34 +00:00
Chris Hill-Scott
778209394d Merge pull request #1152 from alphagov/check-table-heading
Add helpful column heading for screenreader users
2017-02-23 16:45:22 +00:00
Chris Hill-Scott
fb69533dd5 Merge pull request #1151 from alphagov/heading-level-template-stats
Fix heading level on template stats and usage pages
2017-02-23 16:45:07 +00:00
Chris Hill-Scott
ee83a645fe Merge pull request #1150 from alphagov/page-title-fixes-missed
Fix page titles that didn’t get fixed before
2017-02-23 16:44:57 +00:00
Chris Hill-Scott
40d44913b0 Merge pull request #1149 from alphagov/form-autocomplete-off
Convert all instances of autocomplete to `off`
2017-02-23 16:44:51 +00:00
Chris Hill-Scott
d84a5d4ef2 Merge pull request #1148 from alphagov/fix-html-entity-permissions
Remove HTML entity from permission choice
2017-02-23 16:44:41 +00:00
Chris Hill-Scott
d96c5c36fc Merge pull request #1147 from alphagov/fix-spacing-invite-confirmation
Fix spacing with heading/banner combination
2017-02-23 16:44:33 +00:00
Leo Hemsted
5aeaa69f5f fix logged_in_elsewhere to work when user never logged in before (new accounts) 2017-02-23 16:38:18 +00:00
Leo Hemsted
66b660cca8 make xfail passes (unexpected passes) fail test runs 2017-02-23 16:36:16 +00:00
Chris Hill-Scott
6445879a36 Fix heading level on all template stats page
It’s the heading for the whole page, should be a `<h1>`.
2017-02-23 16:32:26 +00:00
Chris Hill-Scott
416bb4d934 Revert "Add extra text to label rows for screenreaders"
This reverts commit 549695de4e.

This was not the correct solution to the problem identified.
2017-02-23 16:03:50 +00:00
Chris Hill-Scott
5c683f7946 Use better column heading for screenreaders
When a screenreader user navigates a table, they use the columns
headings to orientate themselves. A column heading of ‘1’ is not
helpful.

So this commit adds some hidden text for screenreader users, which tells
them exactly what the column contains: the number of the row in the
original file.
2017-02-23 15:56:59 +00:00
Chris Hill-Scott
f64672e23b Fix page titles that didn’t get fixed before
Did most of this work in:
https://github.com/alphagov/notifications-admin/pull/1118

> In pages specific to a service (e.g. dashboard and sub pages) the
> title needs to distinguish which service it applies to. This is mainly
> to give context to screen reader users who could be managing multiple
> services.
>
> Implementing this uses template inheritance:
>
> `page_title` includes `per_page_title` includes `service_page_title`
>
> ‘GOV.UK Notify’ is inserted into every page title.
>
> Pages that set `service_page_title` get the service name inserted too.
2017-02-23 15:34:13 +00:00
Chris Hill-Scott
54d38faad2 Convert all instances of autocomplete to off
`on` or `off` are the only valid values.

> The attribute, if present, must have a value that is an ASCII
> case-insensitive match for the string "off", or a single token that
> is an ASCII case-insensitive match for the string "on"

– https://www.w3.org/TR/html5/forms.html#autofilling-form-controls:-the-autocomplete-attribute
2017-02-23 15:26:09 +00:00
Chris Hill-Scott
d18334100e Remove HTML entity from permission choice
Not sure why we had a non-breaking space in here because it didn’t wrap
onto two lines anyway. And it wasn’t working because it was showing up
encoded, rather than as a raw entity.
2017-02-23 10:50:28 +00:00
Chris Hill-Scott
f53127c54f Fix spacing with heading/banner combination
Our CSS adjusts the spacing for the first `.heading-large` on the page
so that it aligns with the navigation. This doesn’t work when something
else comes first on the page, like a notification banner.

But since we only ever user `.heading-large` for the `<h1>`, and there
should only be one `<h1>` on the page we can just change the spacing
for _all_ `<h1>`s.
2017-02-23 10:39:26 +00:00
Leo Hemsted
f14a836baa check users' session id.
when a user enters their 2FA code, the API will store a random UUID
against them in the database - this code is then stored on the cookie
on the front end.

At the beginning of each authenticated request, we do the following
steps:
  * Retrieve the user's cookie, and get the user_id from it
  * Request that user's details from the database
  * populate current_user with the DB model
  * run the login_required decorator, which calls
    current_user.is_authenticated

is_authenticated now also checks that the database model matches the
cookie for session_id. The potential states and meanings are as follows:

 database | cookie | meaning
----------+--------+---------
 None     | None   | New user, or system just been deployed.
          |        | Redirect to start page.
----------+--------+---------
 'abc'    | None   | New browser (or cleared cookies). Redirect to
          |        | start page.
----------+--------+---------
 None     | 'abc'  | Invalid state (cookie is set from user obj, so
          |        | would only happen if DB is cleared)
----------+--------+---------
 'abc'    | 'abc'  | Same browser. Business as usual
----------+--------+---------
 'abc'    | 'def'  | Different browser in cookie - db has been changed
          |        | since then. Redirect to start
2017-02-22 17:31:13 +00:00
Pete Herlihy
aad891d4ce Merge pull request #1144 from alphagov/30-32-services
Added Census and NCSC services to counts
2017-02-21 14:58:26 +00:00