This commit adds an extra page or field for confirming your current password
when making important changes
Name | Email address | Mobile number | Password
---------------------|-------------------|-------------------|------------
No password required | As second page | As second page | On same page as new password
This commit adds a page or series of pages for changing your:
Name | Email address | Mobile number | Password
------------------|-------------------|-------------------|------------
Enter new value | Enter new value | Enter new value | Enter new value
| Enter 2fa code | Enter 2fa code |
Return to profile | Return to profile | Return to profile | Return to profile
(each row is a page)
- by default, the menu is open
- if Javascript is enabled/loaded, the links are hidden, and visual cues (▶) to
show that it can be opened are added
- clicking it opens and closes it
This macro:
- accepts a WTForm form field as a parameter
- renders a form field which follows the GOV.UK Elements patterns, both visually
and in markup terms
It then changes any page which uses either:
- the old, non-WTForms macro or
- the old, WTFforms `render_field` macro
…to use this new macro and removes both of the old ones.
It also adds the option to display hint text above the textbox.
At the moment the file contents are not persisted by checked in
memory.
The first and last three records are show if all are valid.
If there are invalid rows, they are reported and the user is
prompted to go back and sort out upload file.
The storing of upload result (i.e. validation of file) in session
will be removed in next story which is about persisting of file
for later processing.
Message status was almost identical to banner, visually and semantically.
This consolidates the two into one component.
This means adding an extra parameter which controls whether or not the banner
has a tick (with and without a tick are the only two variations currently).
There are now quite a few frontend components in the app.
It’s good to have a reference for them to:
- document for developers what patterns are available and how they are used
- check for regressions
- when working on one variation of a pattern you can check that your changes
don’t break other variations of it
- when changing the arguments to a pattern you can check that this doesn’t
change the expected arguments already in use
This commit adds a single page (`/_styleguide`) which has examples of all the
patterns.
Which means the user will only be able to reset their password, and not sign-in.
Once the user resets the password the user state is set to active once more.
If the link is used a second time they will be redirected to the index page with a message
that the link in the email is not longer valid.
Refactored the forms so that fields like email_address can be used in multiple forms.
Refactored form validation so that a query function is passed into the form to be run, this
way the form is not exposed to the dao layer and the query is more efficient.
This PR still requires some frontend attention. Will work with Chris to update the templates.
Found a way to create the token that does not need to persist it to the database.
This requires proper error messages, written by people who speak menglis good.
Start implementation for new-password endpoints.
Created PasswordResetToken model
ToDo: create and save token, send valid url to user,
check validity of token, update user's password, redirect to /two-factor.
- initial versions kept it out of this class but updated as lots of duplication and errors as config
set up in multiple places and not all picking up credstash.
