Commit Graph

4320 Commits

Author SHA1 Message Date
Ben Thorner
6d0d9d46f7 Prevent switching auth type for Platform Admins
This closes a security loophole, where the auth type of a Platform
Admin could be unwittingly changed when they accept an invite, or
by an admin of a service they are a member of.
2021-05-25 16:01:25 +01:00
Pea Tyczynska
a10304d9c6 Merge pull request #3892 from alphagov/update-remove-webauthn-cred
Let admin user update and delete their security key
2021-05-25 14:33:00 +01:00
Pea Tyczynska
8501aa4ad6 Change name of the form and form field for consistency
Following PR review.

Also update function name for update name of security key in
user api client to be more specific.
2021-05-25 11:55:48 +01:00
Pea Tyczynska
a946ad6ec2 Let admin user delete their security key
Show confiem delete dialogue first to confirm if key should be deleted.
2021-05-25 11:40:42 +01:00
Pea Tyczynska
56eac279df Show manage security key page with name change form 2021-05-25 11:40:41 +01:00
Pea Tyczynska
c33465e7cf Add link and placeholder view for managing a security key 2021-05-25 11:40:33 +01:00
Chris Hill-Scott
016f38db9b Refactor service name code to reduce duplication
This makes the code shareable between:
- the broadcast tour pages
- the broadcast settings platform admin page
- the regular service navigation

On the training mode tour pages we don’t want to confuse people with the
organisation name or _Switch service_ links, so those are omitted and
the code is therefore slightly different.
2021-05-19 11:48:59 +01:00
Chris Hill-Scott
766df5d1ca Add a version of the tour for live services
At the moment if you’re invited to a live broadcast service you get the
training mode tour. This is misleading, and could make people think they
weren’t in danger of sending a real alert.

This commit adds a short, 2 step tour for users invited to a live
broadcast service.
2021-05-19 09:41:58 +01:00
Chris Hill-Scott
7d66dadcd7 Add a confirmation checkbox for live broadcasts
We want people to be really sure before sending a live broadcast, not
just clicking through the green buttons.

This commit adds a checkbox which explains exactly the consequences of
what they’re about to do, tailored to the channel they’re on, and the
area chosen by the person creating the alert.
2021-05-18 15:58:41 +01:00
Ben Thorner
4575ad0fcd Only check for WebAuthn where it's used
This scopes the check for WebAuthn API to the page where we need
it, which will slightly reduce load times for other pages. Since
we want this script to execute ASAP, I've added a new block for
extra JS to run at the start of the body.
2021-05-18 13:01:45 +01:00
Ben Thorner
c09f0f0e06 Merge pull request #3886 from alphagov/protect-no-webauthn-js
Prevent registration if WebAuthn is not supported
2021-05-18 11:59:00 +01:00
Ben Thorner
2039d3aa45 Prevent registration if WebAuthn is not supported
This hides the "Register" button and shows an error that's specific
to one of two ways a browser may not support WebAuthn:

- JavaScript is disabled (there's no possible fallback for this).
- WebAuthn API is not supported (e.g. on Internet Explorer).

We could add a similar check for the API in the JS code to handle
the button click, but hiding it seems like enough protection.

In order to avoid elements flashing when the page loads, this uses
a view macro to embed a script at the start of the body element,
which is the same approach used for the "js-enabled" class flag [1].

Tested with Chrome and IE 11.

[1]: https://github.com/alphagov/govuk-frontend/blob/main/src/govuk/template.njk#L31
2021-05-18 10:28:25 +01:00
Chris Hill-Scott
362189d562 Merge pull request #3879 from alphagov/add-government-channel
Add an option to set a service to the government channel for emergency alerts
2021-05-13 15:10:15 +01:00
Pea Tyczynska
714afff156 Merge pull request #3884 from alphagov/add-webauthn-as-auth-type
Add webauthn as an auth type
2021-05-13 14:32:03 +01:00
Ben Thorner
a7d7cb3421 Merge pull request #3878 from alphagov/register-security-key
Allow registering WebAuthn authenticators in memory
2021-05-13 12:43:16 +01:00
Ben Thorner
e2cf3e2c70 Support registering a new authenticator
This adds Yubico's FIDO2 library and two APIs for working with the
"navigator.credentials.create()" function in JavaScript. The GET
API uses the library to generate options for the "create()" function,
and the POST API decodes and verifies the resulting credential. While
the options and response are dict-like, CBOR is necessary to encode
some of the byte-level values, which can't be represented in JSON.

Much of the code here is based on the Yubico library example [1][2].

Implementation notes:

- There are definitely better ways to alert the user about failure, but
window.alert() will do for the time being. Using location.reload() is
also a bit jarring if the page scrolls, but not a major issue.

- Ideally we would use window.fetch() to do AJAX calls, but we don't
have a polyfill for this, and we use $.ajax() elsewhere [3]. We need
to do a few weird tricks [6] to stop jQuery trashing the data.

- The FIDO2 server doesn't serve web requests; it's just a "server" in
the sense of WebAuthn terminology. It lives in its own module, since it
needs to be initialised with the app / config.

- $.ajax returns a promise-like object. Although we've used ".fail()"
elsewhere [3], I couldn't find a stub object that supports it, so I've
gone for ".catch()", and used a Promise stub object in tests.

- WebAuthn only works over HTTPS, but there's an exception for "localhost"
[4].  However, the library is a bit too strict [5], so we have to disable
origin verification to avoid needing HTTPS for dev work.

[1]: c42d9628a4/examples/server/server.py
[2]: c42d9628a4/examples/server/static/register.html
[3]: 91453d3639/app/assets/javascripts/updateContent.js (L33)
[4]: https://stackoverflow.com/questions/55971593/navigator-credentials-is-null-on-local-server
[5]: c42d9628a4/fido2/rpid.py (L69)
[6]: https://stackoverflow.com/questions/12394622/does-jquery-ajax-or-load-allow-for-responsetype-arraybuffer
2021-05-13 10:22:23 +01:00
Pea Tyczynska
2a756f90d4 Add webauth as an auth type
When showing what auth type user uses to sign in, add a text
for users with webauthn.

On password change or sign in, throw not implemented error
if user uses webauthn auth.
2021-05-12 17:40:31 +01:00
Chris Hill-Scott
ad0b7537de Make the government channel visually distinct
It’s really serious, so this sets it apart from the other live channels.
2021-05-12 16:22:45 +01:00
Chris Hill-Scott
d38f44ec69 Be explicit that ‘test’ goes out on real networks
Adding ‘all networks’ whenever we mention the using the test channel
without a restriction to a single network should help reinforce that
this sends real alerts.
2021-05-12 16:22:45 +01:00
Chris Hill-Scott
e45bd485e8 Add conditional reveal to network selection
Rather than try to explain all/only just through words we can use some
interaction design to make the hierarchy of choices more explicit.
2021-05-12 16:22:44 +01:00
Chris Hill-Scott
d720b0e47a Rename cell broadcasts
‘Emergency alerts’ is the confirmed name of the service now.
2021-05-12 16:22:44 +01:00
Chris Hill-Scott
a0f54539cc Add a second step for choosing networks
Only the test channel has the option to isolate messages to one network.

This commits makes the choices less confusing by only showing the
network choice to those who have selected the test channel.
2021-05-12 16:22:44 +01:00
Chris Hill-Scott
f640767f3d Add government channel
We have been asked to support the government channel so that:
- it can be tested
- the option to use it is available for the most severe of emergencies,
  where the public’s choice to opt-out is outweighed by the widespread
  risk to life
2021-05-12 16:22:43 +01:00
Chris Hill-Scott
ffd844b2a7 Add confirmation step to emergency alert settings
It feels quite dangerous that it’s just one click to make an emergency
alerts service live.

This commit adds a confirmation step which explains the consequences of
what you’re about to do.
2021-05-12 14:53:49 +01:00
Ben Thorner
ebb82b2e80 Add page for security keys with stubbed data
This adds a new platform admin settings row, leading a page which
shows any existing keys and allows a new one to be registered. Until
the APIs for this are implemented, the user API client just returns
some stubbed data for manual testing.

This also includes a basic JavaScript module to do the main work of
registering a new authenticator, to be implemented in the next commits.

Some more minor notes:

- Setting the headings in the mapping_table is necessary to get the
horizontal rule along the top (to match the design).

- Setting caption to False in the mapping_table is necessary to stop
an extra margin appearing at the top.
2021-05-12 13:41:53 +01:00
Ben Thorner
d395d614b9 Use ID for row to avoid guessing position
This makes it easier to add / test other rows in future.
2021-05-11 17:53:36 +01:00
Katie Smith
f7036825df Stop checking for allowed_broadcast_provider being None
The current_service.allowed_broadcast_provider is now always "all" or
one of the four providers, which means we can simply the code by not
checking if it is None.
2021-05-11 12:20:03 +01:00
Katie Smith
3485475270 Allow provider_restriction to be None or "all"
Until all the data is updated to always be "all", we have to handle the
case of provider_restriction being set to None or "all" (which mean the
same thing).

The code can be tidied up once the broadcast provider_restriction is never None.
2021-05-10 16:18:14 +01:00
Rebecca Law
cf160c3ae1 Update labels
Use more suscinct labels for the service settings page
2021-05-06 07:29:21 +01:00
Rebecca Law
5495de0b3b Remove some of the option we have for broadcast services.
This is the first step in making the UI easier for setting the
options for a broadcast service. Here we remove the options for
"Training mode" test channels. When we create a broadcast message for a trail mode service it is marked as stubbed and does not create a broadcast event that is sent to a provider.

The label for the form and setting page have been updated to reflect the
change.
2021-05-05 14:04:51 +01:00
Ben Thorner
bfc55b45ca Merge pull request #3863 from alphagov/show-suspended
Show service suspension in breadcrumb
2021-04-28 14:59:56 +01:00
Ben Thorner
b43eb3a591 Show service suspension in breadcrumb
Previously there was no indication that a service was suspended.
While this could also be shown for archived/deleted services, the
meaning is similar enough that it makes sense there too - the name
of the archived service should distinguish it as being archived.
2021-04-27 11:15:13 +01:00
karlchillmaid
487452b390 Fix apostrophe 2021-04-26 13:38:11 +01:00
karlchillmaid
e78c10fc40 Remove details of allowance and pricing 2021-04-22 13:27:22 +01:00
karlchillmaid
029a6ec3b5 Update text message cost and rates
Update text message cost and rates on the features page
2021-04-22 13:25:40 +01:00
Pea Tyczynska
c55cc4574e Merge pull request #3854 from alphagov/admin-cancel-broadcast
Allow platform admins to cancel broadcasts.
2021-04-21 12:52:14 +01:00
karlchillmaid
652f3f8065 Update {{ text_field(charge | safe) }} 2021-04-20 17:31:08 +01:00
karlchillmaid
94d71ca330 Update app/templates/views/message-status.html
Co-authored-by: Katie Smith <klssmith@users.noreply.github.com>
2021-04-20 17:30:03 +01:00
Pea Tyczynska
0c0d9dd72f Admins won't see buttons for broadcast actions they can't do
These actions are creating, accepting and rejecting broadcasts.
2021-04-20 17:27:56 +01:00
karlchillmaid
6782f6770b Fix error 2021-04-20 16:41:51 +01:00
karlchillmaid
0fe60c3bd8 Update content 2021-04-20 15:51:12 +01:00
karlchillmaid
77f17db9dc Update email status description
Update email status description for ‘Inbox not accepting messages right now’
2021-04-20 15:46:16 +01:00
Chris Hill-Scott
c95b2ef8b3 Allow users of the API to search templates by ID
For someone who has retrieved a template ID from their system the only
way to find it in Notify is:
- hack the URL
- click through every template, visually inspecting the ID shown on the
  page until you find the right one

Neither of these is ideal.

This commit adds searching by ID, for those services who have an API
integration. This means we don’t need to confuse teams who aren’t using
the API by talking about IDs.

This is similar to how we let these teams search for notifications by
reference[1]

1. https://github.com/alphagov/notifications-admin/pull/3223/files
2021-04-13 15:24:29 +01:00
Katie Smith
04d051df6b Merge pull request #3856 from alphagov/401-fix
Fix sign in link on 401 page
2021-04-09 08:53:30 +01:00
Chris Hill-Scott
06f2c7eaaa Remove verbs from old alerts
Now we’ve split the old alerts onto two pages the verbs (‘Broadcast’ and
‘Rejected’) will always be the same for each alert – so they’re not
adding any differentiation.

The specifics of what the datetime means is available on the page for
each alert.

Removing the verbs makes the page a bit less cluttered and makes it
easier to scan down the right hand column.
2021-04-08 14:19:36 +01:00
Chris Hill-Scott
4da38e42e3 Make alert page work for rejected broadcasts
The code for this page was making assumptions about properties which
aren’t present on rejected broadcasts.

This commit accounts for those properties and presents the relevant
elements on the page.
2021-04-08 14:19:36 +01:00
Chris Hill-Scott
dc4db4951a Add a separate page for rejected alerts
We don’t want to mix these up with alerts that actually went out.
2021-04-08 14:19:36 +01:00
Chris Hill-Scott
9977028a83 Make Jinja template generic
This will let us reuse the same code for displaying pages of previous
and rejected alerts.
2021-04-08 13:38:54 +01:00
Chris Hill-Scott
0bdd5cab2d Show rejected broadcasts on ‘Previous alerts’ page
Two reasons to not hide rejected broadcasts:
- if a broadcast was rejected by mistake then it’s useful to have an
  audit of who did that
- it means you can still see old broadcasts without having to leave
  in pending-approval, which is dangerous because they might
  accidentally be approved
2021-04-08 10:51:01 +01:00
Katie Smith
b1848b3216 Fix sign in link on 401 page
We've seen someone getting a `500` when trying to visit the `/metrics`
endpoint. This is because the metrics endpoint is not in the `main`
blueprint, so we can't use url_for with a relative endpoint.

Although only bots visit '/metrics' without authorisation, this stops
the odd `500`.
2021-04-08 08:42:02 +01:00