This commit stops a new email verification link from being sent to a
user if they click on an email link which has expired or which has
already been used. Instead, they will be see an error message with a
link to the sign in page. This stops the situation where someone could
log in indefinitely (without the needing to enter their password) by
trying to use a used / expired email verification link and receiving a
valid link automatically.
It’s inaccurate to have an estimated delivery date for letters sent
using a test key. We shouldn’t reassure people that:
- the letter won’t be printed
- (in the case of precompiled letters) that the letter has passed
validation
We were adding invited users to services in the `main.add_service` view
function as the last step in the process of inviting users. Since this
view function is decorated with `@user_is_gov_user`, invited users with
non-governmental email addresses would never reach this point and would
be able to register an account but would not get linked to a service.
To fix this, we now add the invited user to the service at the point at
which the user gets activated and also ensure that non-gov users don't
get redirected to a page which they don't have permission to view.
This commit stops a new email verification link from being sent to a
user if they click on an email link which has expired or which has
already been used. Instead, they will be see an error message with a
link to the sign in page. This stops the situation where someone could
log in indefinitely (without the needing to enter their password) by
trying to use a used / expired email verification link and receiving a
valid link automatically.
This can happen if you click a link for a service you don’t have access
to. We shouldn’t show the back to service link in this case because:
- you shouldn’t be able to find out the service’s name from just knowing
the link
- if you click the link you only get a `403` anyway
The new API response for template statistics returns separate
count for each status. We get rid of template stats for cancelled
notifications and group the rest of the statuses together.
It had too much whitespace because it was accidentally being given the
wrong class.
This commit undoes the change that caused it (which was while working on
letters) and beefs up our tests for email and text messages (so if this
happened again the tests would catch it).
We are moving from the postage being set on the service to being set on
the template. Once a service has been migrated to have the new
permission they should no longer be able to set the postage at a service
level, only at the template level.
If PDF files have a validation error which means that they can't be
opened by PyPDF2 we would previously show the 500 status error page. We
now catch PyPDF2.utils.PdfReadErrors so that we can display a custom
error message on the notification page instead.
Changed the table for displaying all notifications to show letters which
have the status of 'validation-failed' as 'Validation failed' instead of
'Cancelled'.
The individual notification page for a letter which has failed
validation has not been changed since this already has a description
(letter has content outside the printable area).
We already have a pattern for navigation folders and searching for
templates – let’s use it for the copy page too. And I reckon we can
represent services as folders if the user has multiple services they
could copy a template from.
Updated the move folder form to add a hint for the radio button for the
current folder saying 'current folder'. This hint does not get shown if
you are viewing all folders (so you are not inside a folder).
Also stopped a default radio button from being selected on the form.
It’s confusing to have one way of adding things when your service is new
(green button) but a different way once you’ve added your first thing
(the new grey buttons).
For services that have a `edit_folders` permission, this commit
standardises on the grey buttons for a consistent experience.
specifically - don't use `pytest.mark.xfail` directly in parametrize,
instead use `pytest.param(*args, marks=pytest.mark.xfail)`. the old way
is deprecated in pytest4 - for more information see
https://docs.pytest.org/en/latest/deprecations.html#marks-in-pytest-mark-parametrize
Also, make this an error in pytest.ini so if someone adds a new xfail,
it'll crash
