Commit Graph

2378 Commits

Author SHA1 Message Date
Chris Hill-Scott
8655e519aa Change logic around to be clearer
Think this is a clearer expression of what the intent it.
2020-05-07 09:50:03 +01:00
Chris Hill-Scott
f30187b529 Don’t show pagination links when searching
The search form makes a post request, so that phone numbers and email
addresses don’t show up in logs or browser history.

At most the API will return 50 results, with some pagination links. We
can’t easily give you links to click in the admin app, because links can
only perform get requests.

Because the value of seeing more than 50 results feels quite low (users
will probably make their search more specific before scrolling through
all 50) let’s just show a message saying only the first 50 results are
displayed.
2020-05-06 17:33:19 +01:00
Chris Hill-Scott
3e6d9a564b Add interstitial page before using email auth token
Some email clients will pre-fetch links in emails to check whether
they’re safe. This has the unfortunate side effect of claiming the token
that’s in the link.

Long term, we don’t want to let the link be used multiple times, because
this reduces how secure it is (eg someone with access to your browser
history could re-use the link even if you’d signed out).

Instead, this commit adds an extra page which is served when the user
clicks the link from the email. This page includes a form which submits
to the actual URL that uses the token, thereby not claiming the token as
soon as the page is loaded.

For convenience, this page also includes some Javascript which clicks
the link on the user’s behalf. If the user has Javascript turned off
they will see the link and can click it themselves. This is going on the
assumption that whatever the email clients are doing when prefetching
the link doesn’t involve running any Javascript.

This Javascript is inlined so that:
- it is run as fast as possible
- it’s more resilient – even if our assets domain is unreachable or the
  connection is interrupted, it will still run
2020-05-04 15:53:27 +01:00
Chris Hill-Scott
ae2f8f9887 Add a second URL for the email auth endpoint
We’re going to add an interstitial page that redirects to this new URL.
But we don’t want that redirect to 404 while the change is deploying,
because some boxes will have the new URL and some won’t. So let’s deploy
the new URL to all the boxes first, then the redirect page can safely
take over the new one.

The new URL is going to be `post` not `get` because that feels more
HTTP-y, so we need to make sure that’s part of this change too.
2020-05-04 14:09:01 +01:00
Chris Hill-Scott
53724dacd1 Tell template preview whether a letter can be sent internationally
If a service has permission to send international letters then the admin
app should tell template preview, so that template preview knows what
rules to apply when it’s validating the address of the letter.

We don’t need to wait for template preview to start looking at this
query string argument – it will just ignore it for now.
2020-05-01 15:43:54 +01:00
Chris Hill-Scott
0ef076f59e Merge pull request #3416 from alphagov/validate-3-lines-csv
Allow all the new address goodness in spreadsheets
2020-05-01 15:37:08 +01:00
Chris Hill-Scott
06108de0f7 Allow international addresses in spreadsheets
For services with permission, they can now put international addresses
into their spreadsheets without getting a postcode error.

This also means they can start using address line 7 instead of postcode,
since it doesn’t make sense to put a country in a field called
‘postcode’. But this will be undocumented to start with, because we’re
not giving any real users the permission.

It does now mean that the number of possible placeholders (7 + postcode)
is greater than the number of allowed placeholders (7), so we have to
account for that in the one-off address flow where we’re populating the
placeholders automatically. We’re sticking with 6 + postcode here for
backwards compatibility.
2020-04-29 16:19:57 +01:00
Chris Hill-Scott
51bcf05f6e Merge pull request #3420 from alphagov/search-letters
Let users search for letters
2020-04-28 10:13:36 +01:00
Chris Hill-Scott
832445774b Add postal address row errors
Context:
- postal addresses can be made from any of the 7 address lines now, and
  the postcode can be in any one of the 7
- we can put errors across a whole row now, not just on individual cells

This commit put errors to do with the postal address as a whole across
the whole row now, rather than tying them to any one cell.
2020-04-27 16:47:50 +01:00
Chris Hill-Scott
f5649d72c9 Explain 3 required address columns
Our rules about address columns are relaxing, so that none of them are
mandatory any more. Instead you just need any 3 of the 7 to make a valid
address.

This commit updates our error messaging to reflect that.
2020-04-27 16:47:49 +01:00
Chris Hill-Scott
986f2752e0 Let users search for letters
Like we have search by email address or phone number, finding an
individual letter is a common task. At the moment users are having to
click through pages and pages of letters to find the one they’re looking
for.

Users of the API will also be able to search by reference, same as for
emails and text messages. But we only show this hint text to users who
have some API keys.
2020-04-23 16:44:41 +01:00
Chris Hill-Scott
bc4f2166cd Merge pull request #3422 from alphagov/fix-sms-preview-activity
Fix preview of text messages on activity page
2020-04-23 11:30:28 +01:00
Chris Hill-Scott
0d92664fc8 Fix preview of text messages on activity page
Also beefs up the tests a bit so we can be more confident that the right
thing is getting displayed.

Depends on:
- [ ] https://github.com/alphagov/notifications-utils/pull/725
2020-04-22 16:10:40 +01:00
Katie Smith
ffdcda02bf Show error when user cannot be archived
A user can't be archived if they are the only member of their service
with `manage_settings` permission. `notifications-api` returns a `400`
and an error message if that is the case, however this PR to remove the
`400` error handler
https://github.com/alphagov/notifications-admin/pull/3320 stopped the
error message from showing. This meant that instead of seeing a message
about why a user couldn't be archived, we would just show a `500` error
page instead. This change checks the response from `notifications-api`
and shows an error banner with a message if the user can't be archived.
2020-04-21 18:35:36 +01:00
Chris Hill-Scott
e56c2d28b0 Fix letter branding preview
Template preview requires `template_type` to be passed in now.
2020-04-21 11:21:02 +01:00
Chris Hill-Scott
202d4cdb5a Merge pull request #3414 from alphagov/moj-bank-holidays
Remove hard-coded bank holidays
2020-04-17 11:04:27 +01:00
Chris Hill-Scott
e68f9c6db9 Remove hard-coded bank holidays
Looks like someone in the Ministry of Justice has made a nice little
Python package of them.

I’ve configured it to use the cached holidays that come with the
package, rather than going to the GOV.UK website every time we start the
app. This should be more reliable, and means we’ll only get updates when
we do a version bump (PyUp should keep an eye on this for us).
2020-04-16 15:06:54 +01:00
Chris Hill-Scott
88734bb74f Bump utils to bring in recent changes to Template classes
The main things we have to account for are:
- `WithSubjectTemplate` has gone
- every template dictionary must have `template_type` set
2020-04-15 17:58:57 +01:00
Chris Hill-Scott
157ab82fea Fix back link on check notifications page
It wasn’t using the same logic around placeholders and address lines as
the rest of the send one off steps.
2020-04-15 15:42:25 +01:00
Chris Hill-Scott
f773a6ed71 Factor out skip link to reduce complexity
The code was too complex and Flake8 was complaining.

While this code isn’t related to the change we’re making it is easy
enough to factor out.
2020-04-14 15:20:03 +01:00
Chris Hill-Scott
d31c244363 Don’t send users back to a page that will send them forward again
If you’re on a page with a normal placeholder and the previous
placeholder is one that’s also in the address block then going back to
the previous page will send you immediately forward to the current page
again.

This commit makes the back link a bit smarter by skipping over pages
where it can see that they relate to a placeholder from the address
block.

If it gets all the way to the start of the list of placeholders without
finding any non-address ones then it will default to generating a link
that will redirect the user to filling in the address block again.
2020-04-14 15:20:03 +01:00
Chris Hill-Scott
b68dd569fc Skip over placeholders if they’re in the address
We don’t really want you modifying lines of the address after you’ve
entered it. Especially when it might not be obvious that modifying the
address line placeholder will modify the address you’re sending the
letter to.
2020-04-14 15:19:29 +01:00
Chris Hill-Scott
6c7e6fa64e Remove the code to handle optional address placeholders
Optional address placeholders aren’t a thing for one-off letters any
more, so we can tidy up the code a bit by removing the parts of the flow
that are accounting for them.
2020-04-14 15:19:29 +01:00
Chris Hill-Scott
53918f8d9f Don’t go back to address if address placeholder in letter
If you have an placeholder from the address block elsewhere in your
letter then you currently get redirected to the address block page
instead of being offered to fill that placeholder in. This commit
tightens up the check to only do this when the placeholder is in the
first 7 placeholders, which is where we store the address placeholders.
2020-04-14 15:19:29 +01:00
Katie Smith
6b055071f4 Specify mimetype for PDF letters to be downloaded
We had a report that when clicking on the 'Download this letter' link on
the notification page the file was not being downloaded as a PDF file
but was given a `.htm` file extension instead. We should be able to stop
that happening by using Flask's `send_file` function with the right mimetype.
This change updates the `view_letter_notification_as_preview` to use
`send_file` and splits out code to get the file data into a separate
function.

Mocks in the tests have been updated and some unused mocks removed.
2020-04-09 10:35:30 +01:00
Chris Hill-Scott
f06ff5f65f Fix API call to send one off letter
As part of making the API call we extra the recipient from the first
line of the address. This code was assuming that the recipient would
always have the key `address line 1`, but we’re no longer guaranteeing
that it will be capitalised and spaced exactly like that.
2020-04-07 12:59:34 +01:00
Chris Hill-Scott
26f702ebce Refactor to use PostalAddress helper from utils
Since we’re doing normalisation and line-count-checking of addresses in
multiple places it makes sense for that code to be shared. Which is
what happened here:
https://github.com/alphagov/notifications-utils/pull/713

This commit refactors the admin code to make use of the new utils code.

Note about placeholders:
- they now go into the session as `address_line_1` instead of `address
  line 1` because this is the format the API uses, so should be
  considered canonical
- they are now fetched from the session in a way that isn’t sensitive
  to case or underscores (using the `Columns` class)
- the API doesn’t care about case or underscores vs spaces in
  placeholder names because it’s checking an instance of `Template` to
  see if all the required placeholders are present (see
  401c8e41d6/app/notifications/process_notifications.py (L40))
2020-04-07 09:00:55 +01:00
Pea M. Tyczynska
32eef2f203 Merge pull request #3401 from alphagov/tighten-erorr-check
Tighten error check for duplicate reply to email addresses
2020-04-06 11:30:27 +01:00
Pea Tyczynska
aacd96a6b9 Tighten check for reply to address conflict error
The check was made more permissive temporarily as we were changing
error code we are returning form API from 400 to 409.
2020-04-06 10:51:16 +01:00
Chris Hill-Scott
cc5701e870 Cache organisation name in Redis
A lot of pages in the admin app are now generated entirely from Redis,
without touching the API.

The one remaining API call that a lot of pages make, when the user is
platform admin or a member of an organisation, is to get the name of
the current service’s organisation.

This commit adds some code to start caching that as well, which should
speed up page load times for when we’re clicking around the admin app
(it’s typically 100ms just to get the organisation, and more than that
when the API is under load).

This means changing the service model to get the organisation from the
API by ID, not by service ID. Otherwise it would be very hard to clear
the cache if the name of the organisation ever changed.

We can’t cache the whole organisation because it has a
`count_of_live_services` field which can change at any time, without an
update being made.
2020-04-02 12:07:19 +01:00
Chris Hill-Scott
3752b44ce8 Merge pull request #3369 from alphagov/address-block-part-deux
one off letter address form part deux
2020-04-01 16:14:27 +01:00
Chris Hill-Scott
61d87bf6c0 Let platform admins delete returned letters cache
Just in case there’s ever a problem with something in these caches. We
missed this before.
2020-04-01 10:18:56 +01:00
Chris Hill-Scott
7fb8e1de92 Use statistics for returned letters on dashboard
This should be faster and more accurate than querying all the reports.
2020-04-01 10:18:55 +01:00
Leo Hemsted
3529188968 redirect from address_line_n to address textarea page
if someone starts a new one-off flow they'll get taken to the address
page. However, if someone hits the back button, they'll cycle backwards
through placeholders and will end up on the individual line pages. Lets
redirect them to the correct place.

We'll additionally need to reconstruct the address block from the
various session variables that may or may not be populated
2020-03-31 16:59:48 +01:00
Leo Hemsted
c3fa8ab2e1 Merge pull request #3368 from alphagov/address-block
one off letter address form
2020-03-31 16:08:11 +01:00
Pea M. Tyczynska
2bb47af3c3 Merge pull request #3389 from alphagov/fix-unhandled-errpr
Fix bug where adding same reply-to-email twice for the same service caused a 5xx
2020-03-31 14:08:02 +01:00
Leo Hemsted
c4d839d4f5 input letter address data in a single block
rather than in multiple placeholders - this is the first step towards
making postcodes non-required, which is the first step towards
international letters.

they still populate address_line_# and postcode fields under the hood -
to keep validation working the same, the last line always goes into
`postcode`.

the form normalises whitespace, removes extra new lines, and enforces
that you have between three and seven lines.

if the letter repeats address placeholders further down (eg "Dear
((address_line_1))"), then it'll fill those in as well. It'll still
prompt you to fill them in, but they'll be pre-filled.
2020-03-30 19:29:26 +01:00
Pea Tyczynska
ebe2c1c4ae Accept 409 conflict response code when reply-to address already exists
Also stop checking error message.
2020-03-30 17:31:00 +01:00
Chris Hill-Scott
57ec58ab4e Merge pull request #3377 from alphagov/delete-contact-list
Let users delete a contact list
2020-03-27 16:13:32 +00:00
Pea Tyczynska
6e78541008 Fix bug where adding same reply-to-email twice for the same service caused a 5xx
This was due to changed quotataion marks in error message.
2020-03-26 17:44:19 +00:00
Chris Hill-Scott
8a093fd34c Merge pull request #3338 from alphagov/remove-permission-checks-uploads
Clean up the codebase after moving everyone to the new uploads page
2020-03-26 17:00:16 +00:00
Chris Hill-Scott
41dd7a883b Add who’s its for page
We have a policy about how suppliers are allowed to use Notify. But we
don’t explain it anywhere. Which drives contact to our support form.

This commit that adds a new page that explains the policy.

I’ve moved the related content about who else can use Notify from the
get started page to this page as well, where it doesn’t need to sit in
a details element.
2020-03-26 14:55:51 +00:00
Chris Hill-Scott
7d57a4d9b8 Redirect the old jobs URL 2020-03-25 13:58:23 +00:00
Chris Hill-Scott
2ca32019e4 Go back to triage page if you’ve come from there 2020-03-25 12:21:51 +00:00
Chris Hill-Scott
34a5ddaf2c Assume email always provided
There’s no way for a user to submit the form without it now.
2020-03-24 17:56:12 +00:00
Chris Hill-Scott
8e055a4375 Remove prefilled message thing 2020-03-24 17:56:12 +00:00
Chris Hill-Scott
697803a10c Add a ‘general’ ticket type
This is for tickets coming from non-logged-in users. It’s effectively
the same as reporting a problem, but doesn’t have the banner about
the status page (because we can’t tell if they’re actually reporting a
problem now we’re not asking).

It also gives a more generic page title.
2020-03-24 17:56:11 +00:00
Chris Hill-Scott
30a3418473 Refactor so constants are used everywhere 2020-03-24 17:48:13 +00:00
Chris Hill-Scott
55e377baf6 Rename and delete form templates
`report-a-problem’ becomes `form` because it’s not just being used for
problems.

'ask-a-question' gets deleted because it’s not being used.
2020-03-24 17:48:12 +00:00
Chris Hill-Scott
17a3ee920c Use the same template for problems and questions 2020-03-24 17:48:12 +00:00