Commit Graph

2714 Commits

Author SHA1 Message Date
Chris Hill-Scott
6bdd776780 Revert "Restyle template statistics and received text messages" 2020-02-18 14:58:33 +00:00
Pea Tyczynska
3a93fe6892 Fix reset password flow
It was broken because of mismatch in update password argument
2020-02-18 14:50:27 +00:00
Chris Hill-Scott
a86f0a6efc Merge pull request #3295 from alphagov/restyle-template-stats
Restyle template statistics and received text messages
2020-02-18 14:30:06 +00:00
Pea Tyczynska
7d460fe483 Move date-checking logic to utils and unit test it 2020-02-17 11:34:25 +00:00
Pea Tyczynska
caf77341b3 Send 2fa email and move user to waiting page when they need to re-validate email access 2020-02-17 11:34:24 +00:00
Chris Hill-Scott
42373e3615 Always use smaller font size for totals
This means the font size matches the counts on the usage section, and on
the new received text messages banner.
2020-02-17 10:31:59 +00:00
Katie Smith
a26e8c55ef Remove unused pages with buttons
We had two templates that contained a link styled as an old style
button but that weren't being used anywhere (one would actually give a
`500` if you tried to visit it). This removes them and the view function
for one of them (the other no longer had a view function).
2020-02-17 08:05:05 +00:00
Chris Hill-Scott
4f32258a7b Merge pull request #3293 from alphagov/cache-returned-letter-summary
Cache returned letter summary in Redis
2020-02-12 13:48:51 +00:00
karlchillmaid
38fd842d33 Merge pull request #3213 from alphagov/add-guidance-content
Add first iteration of guidance content, including updating navigation menus and footer.
2020-02-12 11:43:07 +00:00
Chris Hill-Scott
af8395956e Cache returned letter summary in Redis
We’re going to start using the returned letters summary to show some
info on the dashboard.

This means we will be accessing it more often than it changes. And we
know exactly when it changes because it’s us manually submitting the
references we get from DVLA.

This makes it a good candidate for being cached, and Redis is where we
cache stuff that we’d otherwise go to the API for.
2020-02-12 11:42:06 +00:00
Rebecca Law
b242467d77 Change the content for the delete template confirmation dialog.
As per https://www.pivotaltracker.com/story/show/170796514 we want to make the delete template confirmation dialog box more consistent and clear.
The API has been updated with a new endpoint that only returns the last-used date, this date is more accurate since it goes to the ft_notification_status table, if the notification table is empty.
2020-02-06 10:16:00 +00:00
Rebecca Law
143564c7f0 Update message seen when deleting a template. 2020-02-04 16:00:51 +00:00
karlchillmaid
5314ba72cc Remove 'Upload a letter'
Remove 'Upload a letter' from navigation because it's not available to all users yet.
2020-02-04 13:48:45 +00:00
Rebecca Law
8a19d9496a Check if user is authenticated before signing out, this will prevent a 500 if the user is an AnonymousUser.
I ended up creating a new test user and logged_in_client, which isn't really great. But I tried adding a current_session_id to the active user in the test, but that broke all other tests.
I tried setting current_session_id in all the users being tested but that didn't work either. I'd like to come back to fixing the tests and reducing the number of conftest methods in another PR. For now this fixes the bug.
2020-02-04 12:16:58 +00:00
karlchillmaid
b37560ebe8 Remove Send messages link 2020-02-03 16:06:32 +00:00
Rebecca Law
0e1ee504ac - Add unit test for when case when the cookie doesn't match the db.
- Move code into User.signout method to further encapsulate the code.
2020-02-03 15:08:55 +00:00
Rebecca Law
937c9f2adc Ensure that the session is logged out server side, not just client side.
Anytime a user clicks "sign out" we should be signing them out server side as well. This can be accomplished by setting the Users.current_session_id = null.
I found that the method User.logged_in_elsewhere doesn't need to check if the current_session_id is None. The current_session_ids in the cookie and db (redis or postgres) then the user should be forced to log in again.
2020-02-03 12:24:02 +00:00
Tom Byers
a4ba99b748 Redo send_messages as create_and_send_messages
Reverts changes in the following commits:
- 1e8ba88b4d
- 133a62022c
- b76066dd76

These changes `main.create_and_send_messages` to
`main.send_messages` but this name was already
taken.

Further details on Github:

https://github.com/alphagov/notifications-admin/pull/3213#pullrequestreview-348548476
2020-01-27 11:51:24 +00:00
karlchillmaid
b76066dd76 Update link 2020-01-27 08:54:05 +00:00
karlchillmaid
133a62022c Update link 2020-01-27 08:53:29 +00:00
karlchillmaid
6d9e19a013 Update navigation links 2020-01-27 08:47:47 +00:00
Chris Hill-Scott
d29f23bfc8 Add left hand navigation
Due to the way the navigation dictionaries are built this mean being
less smart about the view method for the guidance pages.
2020-01-24 16:25:32 +00:00
Chris Hill-Scott
da2bc29b40 Merge pull request #3263 from alphagov/fix-new-jobs-showing-as-deleted
Use time to determine why notifications don’t exist
2020-01-24 15:27:29 +00:00
karlchillmaid
4d6ab92d41 Add Using Notify navigation 2020-01-24 12:15:27 +00:00
Pea M. Tyczynska
ba6b412bca Merge pull request #3268 from alphagov/proper-form-for-letter-branding
Parametrise branding request flow so it serves both email and letter branding
2020-01-23 16:50:41 +00:00
Pea Tyczynska
a578ec23a3 Redirect to template after succesful branding request
if user entered branding request flow from a template.
2020-01-23 16:35:15 +00:00
Pea M. Tyczynska
fdff9d3b83 Ensure gov.uk branding only available for emails and not for letters
Also align and statements
2020-01-23 16:34:58 +00:00
Leo Hemsted
f3fa6a67e1 fix one more place where senders weren't sanitised
make sure everything is using the `nl2br` formatter that properly wraps
it in markdown to keep everything sanitised nicely. Also write a couple
of tests
2020-01-22 17:22:01 +00:00
Chris Hill-Scott
8e5d11c70e Add a route to serve guidance pages
Rather than hard coding the page titles, let’s just accept anythin
 that’s a real template in the guidance folder – will make it easier for
 Karl to edit and create pages.
2020-01-22 14:06:14 +00:00
Leo Hemsted
5bbbdc3cd9 fix xss with service letter contact blocks
service contact blocks contain new lines - and jinja2 normally ignores
newlines (as in it keeps them as new lines) - but we need to turn them
into `<br>` tags so that we can show the formatting that the user has
added. We were previously just doing `{{ block | nl2br | safe }}`. nl2br
turns the new lines into `<br>` tags, and then `safe` tells jinja that
it doesn't need to escape the html.

this causes issues if the user adds `<script>alert(1)</script>` to their
contact block (or some other evil xss hack), where that will get let
through due to the safe flag

To solve this, use `Markup(html='escape')` to sanitise any html, and
then convert new lines to <br>.

bump utils

another xss
2020-01-21 17:34:49 +00:00
Pea Tyczynska
5a32177982 Delete old letter branding request page 2020-01-21 16:47:42 +00:00
Pea M. Tyczynska
cc61e87701 Parametrized options label for the branding request form
Co-Authored-By: Chris Hill-Scott <me@quis.cc>
2020-01-21 16:47:42 +00:00
Pea Tyczynska
02cb6c9c38 Create a letter branding request flow to match email branding request
Test if service settings links to branding request page for letters

Parametrize all branding tests so they also work for letter branding
2020-01-21 16:47:14 +00:00
Chris Hill-Scott
291734b0c4 Merge branch 'master' into fix-new-jobs-showing-as-deleted 2020-01-21 14:24:40 +00:00
Chris Hill-Scott
d93866bc7e Use utils function to parse datetime strings
Rather than hard-coding a format string in a bunch of different places
we can use the function we already have in utils.

This commit also refactors some logic around password resets to put the
date-parsing changes in the most sensible bit of the codebase, so it’s
clearer what the intention of the view-layer code is.
2020-01-21 13:55:57 +00:00
David McDonald
8a41b63e23 Merge pull request #3267 from alphagov/bank-hols
Add more bank holiday dates
2020-01-21 10:24:02 +00:00
Chris Hill-Scott
6ff9dac161 Merge pull request #3254 from alphagov/letter-validation-short-messages
Add separate messages for precompiled letters that have failed validation
2020-01-21 10:02:58 +00:00
David McDonald
8d2053216f Add more bank holiday dates 2020-01-20 17:14:54 +00:00
Chris Hill-Scott
721134dc17 Merge pull request #3251 from alphagov/job-model
Make models for individual jobs and collections of jobs
2020-01-16 15:52:21 +00:00
Chris Hill-Scott
3762daad84 Add a redirect for the letter specification
This way we have a URL we can give people that always points to the
latest version of the spec.

And it makes our code more Flask-idiomatic to be using `url_for` to be
generating a URL, rather than passing around a constant.
2020-01-15 11:54:14 +00:00
Chris Hill-Scott
4552587829 Merge pull request #3256 from alphagov/fix-session-bug-change-user-email
Fix session bug when changing user’s email address
2020-01-14 13:46:03 +00:00
Chris Hill-Scott
a186d0eeff Don’t repeat the letter spec URL in the code
We change this URL fairly frequently because we bump the version number.
Let’s make it easier to change by only defining it once.
2020-01-14 13:32:13 +00:00
Chris Hill-Scott
e9ad2e9c42 Only put the overlay on bad pages
This will make it easier to find errors in your file, because you won’t
spent time looking for them on pages which are OK.
2020-01-13 17:42:44 +00:00
Chris Hill-Scott
340cb33fdd Refactor ‘finished’ to the model layer
By moving it from the view we reduce the complexity of the methods in
the view layer, so it’s easier to see what they do.

This also renames the variable `finished` to the property
`processing_finished` to disambiguate from the `job_status` field in the
JSON, which can also have a value of `finished`.
2020-01-13 15:10:14 +00:00
Chris Hill-Scott
25464a141b Use a ModelList for lists of jobs
This follows the pattern of what we’ve done with services, users and
events.

It gives us a way of neatly instantiating a model for each item in the
list we get back from the API and reduces the complexity of the view
layer code.

Now is a good time to do this because we’re going to be making a bunch
of changes to the jobs pages, and those changes will be easier to code
and understand with a sensible model behind them.
2020-01-13 15:10:10 +00:00
Chris Hill-Scott
5e7ec3e30d Make a job model for individual jobs
This follows the pattern of what we’ve done with services, users and
events.

It gives us a better interface to the data we get back from the API than
dealing with the raw JSON directly.

Now is a good time to do this because we’re going to be making a bunch
of changes to the jobs pages, and those changes will be easier to code
and understand with a sesnsible model behind them.
2020-01-13 13:05:35 +00:00
Chris Hill-Scott
72eb6ef99a Fix session bug when changing user’s email address
The session key we use is global.

This means if you open the edit page for two different users in two
different tabs the session for the first tab is overwritten with the
session from the second tab. This means the two users are both set to
the same email address, which causes an exception (email addresses are
unique).

This commit fixes that bug by including the user ID in the session ID.
2020-01-13 12:03:39 +00:00
Rebecca Law
9d1f92a752 Strip the trailing comma on the first line of an address block. 2020-01-10 16:06:04 +00:00
Rebecca Law
f8e7635a1d Show the first line of the address from the to field.
Now persisting the address to the "to" field of the Notification, after the notification has been validated.
If the letter is pending validation, then "Checking..." will appear as the identifier for the letter.
If the letter has passed validation, then the first line of the address (now persisted in the "to" field) will be displayed, with the client reference underneath.
If the letter has failed validation the "Provided as PDF" will show be displayed, which is now the initial value of the "to" field.
2020-01-10 16:00:40 +00:00
Chris Hill-Scott
c270895c7f Merge pull request #3235 from alphagov/job-page-for-expired-jobs
Customise the job page for jobs whose notifications have been purged
2020-01-09 09:46:19 +00:00