Copying what they’ve done on GOV.UK Pay, we should let users:
- generate as many keys as they want
- only see the key at time of creation
- give keys a name
- revoke any key at any time (this should be a one way operation)
And based on discussions with @minglis and @servingUpAces, the keys should be
used in conjunction with some kind of service ID, which gets encrypted with the
key. In other words the secret itself never gets sent over the wire.
This commit adds the UI (but not the underlying API integration) for doing the
above.
From the:
- dashboard
- activity page
This info will be confusing for users at the hack day, because it will say
they’ve already sent messages when they first sign up.
This involved changing the table macro to have a nice ‘no rows’ message.
This page is exactly the same as the page for adding your first service, save
the heading text.
So all this commit does is:
- set up two routes (`/add-service`, `/add-service/first`) for each of the two
journeys and change the existing journeys to use the `/add-service/first`
route
- add logic to show different heading text depending on the journey
- add a link to the new (`/add-service`) route in the service chooser dropdown
This is a link not a button because:
- it’s less prominent—delete is an infrequent action
- it’s a two-step process, and only the second part changes any data (so it has
a button)
If the templates page contains text messages and emails then there’s two ways it
could be structured:
- into two sections, all text messages first, then all emails
- emails and text messages interleaved, sorted by date
I think the second one is better. Imagine a situation where you mostly do emails
but have a few text messages. You’d have to scroll past the text messages to get
to your emails. Every time.
I reckon that the most commonly accessed templates will be the most recent ones.
Because a user can have multiple services, they need a way to navigate between
them. Normally they can use the ▶ Switcher to do this, except when:
- they first sign in
- they are on a page which isn’t associated with a service (eg user profile) in
which case we can’t use the switcher because it won’t know what the ‘current’
service is
So this commit adds a new page with a (fake) list of services.
This commit replaces the previous `StringField` used for collecting mobile
phone numbers with the `UKMobileNumber` field.
This means changing a few of the preexisting tests to have more realistic mobile
numbers so that they still pass.
This commit:
- improves the tests to check for specific error messages, rather than just
pass/fail
- makes the error messages more human, and more suggestive of what the user
needs to do to fix the error
This field does two things:
- validates the format of the phone number
- outputs a consistent representation of the phone number
Because of this I think it’s better represented as a new field type, rather
than individual validators.
I also think that it’s better to do this without regular expression(s), because
it makes returning the specific error easier.
This commit also adds basic pass/fail test for a series of valid/invalid
phone numbers.
This commit adds an extra page or field for confirming your current password
when making important changes
Name | Email address | Mobile number | Password
---------------------|-------------------|-------------------|------------
No password required | As second page | As second page | On same page as new password
This commit adds a page or series of pages for changing your:
Name | Email address | Mobile number | Password
------------------|-------------------|-------------------|------------
Enter new value | Enter new value | Enter new value | Enter new value
| Enter 2fa code | Enter 2fa code |
Return to profile | Return to profile | Return to profile | Return to profile
(each row is a page)
This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
and in markup terms
It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro
…to use this new macro and removes both of the old ones.
It also adds the option to display hint text above the textbox.
At the moment the file contents are not persisted by checked in
memory.
The first and last three records are show if all are valid.
If there are invalid rows, they are reported and the user is
prompted to go back and sort out upload file.
The storing of upload result (i.e. validation of file) in session
will be removed in next story which is about persisting of file
for later processing.
