darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
216 Commits 51 Branches 59 Tags
1ce8170ce175bcbbdef85322fd8b188924a9a715
Commit Graph

63 Commits

Author SHA1 Message Date
Rebecca Law
1ce8170ce1 109526036:Mark the sms code as being used on the two-factor page 2015-12-10 16:38:34 +00:00
Rebecca Law
bbecc03531 109526036: Fix bug. 
If one of the codes was invalid and one was valid on the verify page the valid code would be marked as used.
 2015-12-10 16:34:29 +00:00
Rebecca Law
2b4097dd2d 109526036: Updates as per comments made on pull request. 2015-12-10 15:21:06 +00:00
Rebecca Law
20fa259316 109526036: Removed sms code from the session on sign-in 2015-12-10 14:51:20 +00:00
Rebecca Law
588730d594 109526036: Persist the verify code to the db. 
The codes are hashed and saved to the db.
The code is marked as used once a valid code is submitted.
The code is valid for 1 hour.
The codes are no longer saved to the session.
 2015-12-10 14:48:01 +00:00
minglis
3b327c9986 Merge pull request #22 from alphagov/implement_two_factor 
Implement two factor
 2015-12-09 14:20:29 +00:00
Rebecca Law
9ba229820a 109638656: Implementation of two factor verification 
Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well.
 2015-12-09 11:36:57 +00:00
Pete Herlihy
a357fea7af Added route to the edit template page [ci skip] 2015-12-09 10:50:01 +00:00
Pete Herlihy
b5f0fc3012 Added route to the manage templates page [ci skip] 2015-12-09 10:49:05 +00:00
Rebecca Law
1af2dd5e98 109638656: Use Regex validator for sms code to ensure it is 5 digits. 2015-12-09 10:17:50 +00:00
Rebecca Law
2e59870490 109638656: Implement two factor verify flow 
When user enters valid sms code they are redirected to the dashboard.
Otherwise, form errors are present.
 2015-12-09 10:17:09 +00:00
Rebecca Law
c946f85f9d 109638656: Send sms code from sign-in post. 2015-12-09 10:16:30 +00:00
Rebecca Law
eae2756a5e 109638656: Initial implementation for two-factor 2015-12-09 10:15:41 +00:00
Rebecca Law
ae19161b32 109526520: Use Regex validator to test the code is 5 digits. 2015-12-09 10:12:21 +00:00
Rebecca Law
9923c14e73 109526520: Changed the code form fields to StringField 
When the codes were IntegerFields and the code started with zero, the zero was trimmed, resulting in a failed match.
 2015-12-09 10:12:21 +00:00
Rebecca Law
bef2258803 109526520: Add custom validators for the VerifyForm 
If the email_code or sms_code entered does not pass check password, then add errors to the form.
 2015-12-09 10:12:21 +00:00
Rebecca Law
16618e80f9 109526520: Implement verify flow 
When a person registers with a valid mobile number and email address,
a code will be sent to each. That person can enter the verify codes and continue to the add-service page.
 2015-12-09 10:12:21 +00:00
Rebecca Law
56db1ad400 109526520: fix code style 2015-12-09 10:12:21 +00:00
Rebecca Law
6d47c01117 109526520: Implememt verify post method. 2015-12-09 10:12:20 +00:00
Rebecca Law
69da9f8f32 109526520: render verify template with VerifyForm 2015-12-09 10:12:20 +00:00
Rebecca Law
60ed0c541b Remove the temporary endpoint to create users. 2015-12-08 09:03:48 +00:00
Rebecca Law
2935485977 108537814: Set session expiry to 1 hour 2015-12-04 16:27:11 +00:00
Rebecca Law
a741c128da 108537814: Implementation of 3 factor authentication. 
The post register endpoint will send a random 5 digit code via sms and another via email.
If either code fails to send, the user will not be created and the person can register again.
The codes are saved to the session cookie, and expire in 1 hour.

Another iteration of this story will save the codes to a database.
 2015-12-04 16:27:11 +00:00
minglis
abd344fc57 Merge pull request #12 from alphagov/blacklist_password 
Blacklist password
 2015-12-04 15:53:13 +00:00
Lorena Sutherland
571f09881e Amend name & password labels 2015-12-02 15:23:03 +00:00
Lorena Sutherland
058d7c5f96 Change password label 2015-12-02 13:57:03 +00:00
Rebecca Law
9d9b80bab7 Login user after they register 2015-12-01 16:45:11 +00:00
Rebecca Law
3b96b6e5ca 108536374: Implement a validator to exclude passwords on a blacklist 2015-12-01 16:45:11 +00:00
Rebecca Law
9e2cf2fa4c 108536366: Implement register flow 
Includes validation for gov.uk email address, mobile number with +44, password at least 10 char.
Form validation errors will be added to template in a later story.
User is created when form validates.
 2015-12-01 16:45:11 +00:00
Rebecca Law
a4cd1c644d 108536374: Change to a generic message for database errors. 
Need a story to handle db exceptions in the dao layer
 2015-12-01 16:41:49 +00:00
Rebecca Law
64d2cbb927 108536366: Implement register flow 
Includes validation for gov.uk email address, mobile number with +44, password at least 10 char.
Form validation errors will be added to template in a later story.
User is created when form validates.
 2015-12-01 16:41:49 +00:00
Rebecca Law
5879e59f34 remove login_required for register page 2015-12-01 15:59:10 +00:00
Pete Herlihy
eb5de52f39 Adding route for text not received 2 view 2015-12-01 12:41:19 +00:00
Rebecca Law
9bb683bb21 Merge branch 'master' of github.com:alphagov/notifications-admin 2015-12-01 10:36:35 +00:00
Rebecca Law
e8d2a81597 108536490: Fix bug when user does not exist and tries to sign in 2015-12-01 10:35:49 +00:00
Chris Heathcote
00efed12ec Merge pull request #9 from alphagov/ph-title 
Updates to the page titles, removed hello world things.
 2015-12-01 10:24:35 +00:00
Rebecca Law
edfc1d6efc 108536490: Implement User.is_active() 
If the state of the user is inactive the user.is_active() returns false.
 2015-12-01 10:00:07 +00:00
Rebecca Law
3b27db98ff 108536490: Implement locked out function. 
User is locked if they fail to login 10 times or more.
 2015-12-01 10:00:07 +00:00
Rebecca Law
ff9e98907e 108536490: Update encryption for password 2015-12-01 10:00:07 +00:00
Rebecca Law
3f017b30f2 108536490: add the proxy_fix 2015-12-01 10:00:07 +00:00
Rebecca Law
6f61906fd4 108536490: Implement LoginManager for the admin app. 
Also added csrf error handler, will make the session unauthorized if the csrf token is invalid.
 2015-12-01 10:00:06 +00:00
Rebecca Law
48b7a7dc37 108536490: Adding the login manager and csrf token. 
Still need to figure out how to override the load_user method, currently it is not working.
 2015-12-01 10:00:06 +00:00
Rebecca Law
7f96ef5a25 108536490: Initial effort to implement log in 
Add endpoint for post to /sign-in
Initialise role data
 2015-12-01 10:00:06 +00:00
Pete Herlihy
e1817038a7 Removed the hello world route from the index 2015-12-01 09:57:24 +00:00
Chris Heathcote
1e08c9b1a8 Added two-factor resending to sign in flow. 
Assumes user will have to get an admin to update phone number if lost.
 2015-11-30 16:41:05 +00:00
Chris Heathcote
b2ca6343a7 Merged from master 2015-11-30 16:36:07 +00:00
Pete Herlihy
b9c5c374e9 Added routes the new admin page shells 
/user-profile
/manage-users
/service-settings
/api-keys
 2015-11-30 16:28:17 +00:00
Chris Heathcote
48f722b3b9 Added forgot password / create new password screens 
Create new password would be sent in an email to the user.
 2015-11-30 16:19:59 +00:00
Chris Heathcote
b2dd3ca214 Merge branch 'master' into login-errors 
# Conflicts:
#	app/main/views/index.py
 2015-11-30 16:09:43 +00:00
Chris Heathcote
96648ed58b Added email and text message not received pages in registration flow 2015-11-30 16:08:44 +00:00