Commit Graph

461 Commits

Author SHA1 Message Date
Leo Hemsted
5535db273c Revert "upgrade flask_login to 0.5.0" 2020-03-09 16:48:27 +00:00
Leo Hemsted
e4cd77a645 upgrade flask_login to 0.5.0
flask_login sets a bunch of variables in the session object. We only use
one of them, `user_id`. We set that to the user id from the database,
and refer to it all over the place.

However, in flask_login 0.5.0 they prefix this with an underscore to
prevent people accidentally overwriting it etc. So when a user logs in
we need to make sure that we set user_id manually so we can still use
it.

flask_login sets a bunch of variables on the `flask.session` object.
However, this session object isn't the one that gets passed in to the
request context by flask - that one can only be modified outside of
requests from within the session_transaction context manager (see [1]).
So, flask_login populates the normal session and then we need to copy
all of those values across.

We didn't need to do this previously because we already set the
`user_id` value on line 20 of tests/__init__.py, but now that
flask_login is looking for `_user_id` instead we need to do this
properly.

[1] https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions
2020-03-09 12:04:17 +00:00
Rebecca Law
ef3a4c860b Update notifications-utils library.
The SMS character count validation has been updated to exclude the service name when validating the message.
The upload CSV was the only place we were doing this.

Still to come: update the API to use the same method from the SMSTemplate class to check the message lenghth.
2020-03-04 10:52:17 +00:00
Chris Hill-Scott
55ebecbca5 Bump utils to fix bleach security vulnerability 2020-02-25 10:40:11 +00:00
Chris Hill-Scott
9590643527 Use humanize for fuzzy time differences
It seems to do a bit better than ago (e.g. 4 months vs 146 days), and
looks like it’s maintained more often.
2020-02-20 11:58:57 +00:00
Chris Hill-Scott
d4a173c78c Upgrade itsdangerous
Version 1.1.0 has reverted the breaking change (moving from sha1 to
sha256) that was introduced in version 1.0.0.

Upgrading now so that we can take advantage of this bug fix:
https://github.com/pallets/itsdangerous/issues/46
2020-02-19 13:54:22 +00:00
pyup-bot
2597a70d5f Update flask-wtf from 0.14.2 to 0.14.3 2020-02-12 13:33:25 +00:00
Leo Hemsted
4eeddb40f8 bump reqs 2020-02-04 17:16:58 +00:00
Leo Hemsted
01ba256ef9 bump utils to fix datetime formatting jinja bug 2020-01-28 10:32:21 +00:00
Leo Hemsted
5bbbdc3cd9 fix xss with service letter contact blocks
service contact blocks contain new lines - and jinja2 normally ignores
newlines (as in it keeps them as new lines) - but we need to turn them
into `<br>` tags so that we can show the formatting that the user has
added. We were previously just doing `{{ block | nl2br | safe }}`. nl2br
turns the new lines into `<br>` tags, and then `safe` tells jinja that
it doesn't need to escape the html.

this causes issues if the user adds `<script>alert(1)</script>` to their
contact block (or some other evil xss hack), where that will get let
through due to the safe flag

To solve this, use `Markup(html='escape')` to sanitise any html, and
then convert new lines to <br>.

bump utils

another xss
2020-01-21 17:34:49 +00:00
Leo Hemsted
9620559a55 bump requirements 2020-01-21 14:47:18 +00:00
Chris Hill-Scott
d21449c235 Lazy load letter previews
Brings in:
- [x] https://github.com/alphagov/notifications-utils/pull/687
2020-01-03 15:58:51 +00:00
Chris Hill-Scott
b9ba95daf2 Strip extra newlines from text messages
Brings in:
- [x] https://github.com/alphagov/notifications-utils/pull/680
2019-12-18 10:33:18 +00:00
David McDonald
235378cec5 Bump utils to 36.3.1 2019-12-09 13:08:14 +00:00
Katie Smith
2794187e2d Bump utils to 33.3.0 2019-12-03 13:25:06 +00:00
Chris Hill-Scott
bf385486cf Update test with multiple placeholders added
It wasn’t possible to test for this before because the order of
placeholders was non-deterministic. The order has been made
deterministic in https://github.com/alphagov/notifications-utils/pull/674
2019-11-27 11:30:14 +00:00
Leo Hemsted
f85bd3a8dd bump reqs
utils bump, and a bunch of test dependencies
can't bump pytest-xdist as it requires pytest>4
2019-11-18 14:59:02 +00:00
Leo Hemsted
846895dca2 frozen reqs 2019-11-11 12:05:32 +00:00
David McDonald
11a271b6c5 Bump requirements to use 36.0.0 of utils 2019-11-01 10:47:42 +00:00
Pea Tyczynska
2ed1e382b4 Move letter length check to utils repo so template-preview can use it, too
Update requirements
2019-10-10 14:25:19 +01:00
Tom Byers
3204200fc2 Add GOVUK Frontend Jinja extension 2019-10-07 13:12:26 +01:00
Katie Smith
f04512a31d Bump utils 2019-09-12 09:54:35 +01:00
Leo Hemsted
6f99e55594 utils bump 2019-09-04 10:57:48 +01:00
Chris Hill-Scott
2fe7887ec6 Merge pull request #3113 from alphagov/remove-expanded
Update utils to remove toggle for expanding email previews
2019-09-03 09:15:28 +01:00
Chris Hill-Scott
1f2863a48d Merge pull request #3102 from alphagov/pyup-scheduled-update-2019-08-26
Scheduled weekly dependency update for week 34
2019-09-03 09:15:16 +01:00
Chris Hill-Scott
17b8c0194b Update utils and remove expanded argument
This argument was removed in https://github.com/alphagov/notifications-utils/pull/643
2019-09-02 17:04:53 +01:00
Athanasios Voutsadakis
f0011cbd58 Bump rest of the packages 2019-08-29 14:47:15 +01:00
Athanasios Voutsadakis
c35e2c1270 Bump utils to 33.2.9 2019-08-29 14:46:59 +01:00
Chris Hill-Scott
55de46976c Freeze requirements 2019-08-29 13:50:28 +01:00
Athanasios Voutsadakis
3c588bbbed Freeze requirements 2019-08-14 16:39:02 +01:00
Athanasios Voutsadakis
13816183df Bump utils to 33.2.9 for better error handling
alphagov/notifications-utils#640
2019-08-14 16:33:32 +01:00
Leo Hemsted
1d67c82f0f utils bump
also dont use splitlines on csv data, there might be quoted newlines we dont want to split on
2019-08-02 14:34:05 +01:00
Katie Smith
f50dc29e92 Bump utils to 33.2.4 2019-07-18 15:30:09 +01:00
Pea Tyczynska
b5db1ce61e Pull in latest utils 2019-07-04 14:44:21 +01:00
Chris Hill-Scott
849a04d283 Freeze requirements 2019-07-03 13:52:58 +01:00
Katie Smith
a9ff4b1d48 Bump utils to add alt text to email branding
Utils 33.0.0 adds alt text to email branding - the HTMLEmailTemplate now
initializes slightly differently as a result (with both `branding_name`
and `branding_text`).
2019-06-25 16:56:45 +01:00
Chris Hill-Scott
9ff33df61d Freeze requirements 2019-06-19 13:35:12 +01:00
Chris Hill-Scott
3a63634925 Freeze requirements 2019-06-04 14:51:27 +01:00
Katie Smith
53fb9197e3 Bump utils to 32.0.1
This updates requirements and brings in the change to preserve trailing semicolons
on URLs.
2019-06-03 16:14:46 +01:00
Chris Hill-Scott
34f0c83690 Don’t bother with YAML syntax
Since this file doesn’t have any complicated data types, plain text with
one line per domain is fine.
2019-06-03 13:21:29 +01:00
Chris Hill-Scott
431a966dee Freeze requirements 2019-05-20 16:08:00 +01:00
Katie Smith
5be6b41195 Allow Welsh characters in SMS
- This brings in the latest version of notifications-utils which
allows Welsh characters in SMS templates.
- Updated the pricing page to show the new prices for SMS with certain
Welsh characters
2019-05-15 14:20:49 +01:00
Pea Tyczynska
a99a08ebf2 Update utils version to fix duplicate columns in csv upload bug
When one of our users uploaded a csv with two phone number columns
and missing data for one of those duplicate columns, our app
crashed. We fixed the code in utils that was crashing now and
we are propagating this change to our service through updating
utils version in this commit.
2019-05-09 14:54:38 +01:00
Katie Smith
b9648d3129 Bump utils to 31.2.5 2019-04-25 11:13:48 +01:00
Chris Hill-Scott
b48393fbb6 Freeze requirements 2019-04-16 15:50:11 +01:00
Alexey Bezhan
3c302e4595 Stop pyup from trying to upgrade gunicorn 2019-04-10 11:04:55 +01:00
Leo Hemsted
16d1526c46 bump utils to 31.2.4
brings in dev logging filter
2019-04-04 14:05:15 +01:00
Chris Hill-Scott
022d080ea6 Freeze requirements 2019-03-25 11:23:58 +00:00
Katie Smith
615abf21e5 Upgrade pyexcel from 0.5.10 to 0.5.13 2019-03-22 14:18:44 +00:00
Katie Smith
c675925fd1 Upgrade pyexcel-io, which also upgrades Werkzeug
Upgraded pyexcel-io from 0.5.14 to 0.5.16. This change causes Werkzeug
to be upgraded from 0.14.1 to 0.15.1 which requires some changes:

* ProxyFix now needs to be imported from a different location
* The status code of RequestRedirect has changed from 301 to 308. Since
status code 308 is not currently supported on Internet Explorer with
Windows 7 and 8.1, this subclasses RequestRedirect to keep the status
code of 301.

changelog: https://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-0
2019-03-22 14:18:44 +00:00