Anytime a user clicks "sign out" we should be signing them out server side as well. This can be accomplished by setting the Users.current_session_id = null.
I found that the method User.logged_in_elsewhere doesn't need to check if the current_session_id is None. The current_session_ids in the cookie and db (redis or postgres) then the user should be forced to log in again.
previously it assumed that invalid_pages would always exist, however it
might be `None` if the error isn't on a specific page. Errors on
specific pages include a page not being A4 or content being outside the
boundary. Errors not on specific pages include the file not being a pdf,
or containing too many pages
make sure everything is using the `nl2br` formatter that properly wraps
it in markdown to keep everything sanitised nicely. Also write a couple
of tests
We have been clearing all the Google Analytics
cookies on each page request.
It is now possible for a user to consent to having
Google Analytics cookies so this should have been
checking for that before deleting them.
This makes that change, with tests for those
scenarios.
https://jestjs.io/docs/en/configuration#testurl-string
Affects all DOM APIs that return information about
the URL, for example window.location.
Why:
We now have tests for setting/deleting cookies.
Tough-cookie, the library JSDOM uses for cookie
handling cookies doesn't allow setting cookies
with `domain=localhost`. This is correct by
RFC6265, the standard it follows, as domains must
have 2 or more `.`s in them.
The only way to set a cookie on `localhost` is to
leave out the `domain` attribute.
The code we are testing sets and deletes cookies
set on specific domains so using `localhost` is
out.
We also cannot just set/delete cookies on the
domains used as cookies are required to match the
domain of the current page.
The solution we are left with is to set the
current page to one from production and make sure
each cookie is set relative to that domain.
Note: this introduces `testURL` in isolation to be
sure it doesn't break any existing tests.
The too many pages error was being returned when the file couldn’t be
read. This commit corrects the error message, and adds a test to make
sure this case is covered.
The API response for jobs includes a field called `job_status`. The API
response for uploads doesn’t.
The `Job` mode handles uploads and jobs, so it needs to account for the
possibility of the field not being there.
app/assets/javascripts/errorTracking.js sent
events to `window.ga`.
This extends the API of `window.GOVUK.Analytics`
to include support for sending events so all
calls to `window.ga` can use it instead of direct
access.
This use of `window.ga` was missed from the
initial work on `window.GOVUK.Anaytics`.
Includes:
- tests for the analytics interface ported from
GOVUK Frontend Toolkit
- tests for the cookie banner that appears on all
pages except the cookies page
- tests for the cookies page JS
- tests for the hasConsentFor function
- adding a deleteCookie helper to remove
cookies during tests
- polyfill for insertAdjacentText
The last one is because JSDOM doesn't support
insertAdjacentText but our target browsers
do. This polyfill also includes one for
insertAdjacentHTML.
Notifications won’t exist for a job if:
- it’s just started
- it started a long time ago (older than the retention period)
We have a bug where:
1. Job starts processing, puts notifications on queue
2. Job finishes processing, sets status to `finished`
3. First notification gets picked up off the queue and put in the
database
In between 2. and 3. it’s possible for a job to be finished, but also to
have no notifications. We’re saying this is because the notifications
have been deleted, whereas really it’s because they haven’t been created
yet.
This commit fixes that bug by introducing the concept of recency for
jobs.
‘Recent’ is defined as 1 day, which is:
- a lot longer than it takes to create any notifications
- a bit shorter than anyone’s retention time
N.B. `processing_started` is defined here:
879ba1d5f0/app/models.py (L1194)
It can be `None` for scheduled jobs that haven’t started yet.
Jobs have a `scheduled_for` field. Single letter uploads don’t.
At the moment we treat both of them as `Job`s. So the `Job` model needs
to account for when the `scheduled_for` field is missing.
The property doesn’t represent the whole client, but just one method on
it. So this commit renames the property to better describe what it is
designed to store.
This way we have a URL we can give people that always points to the
latest version of the spec.
And it makes our code more Flask-idiomatic to be using `url_for` to be
generating a URL, rather than passing around a constant.
This test looks for how many times the string `50` appears in the text
of the `<main>` element of the page. The `<main>` element also contains
some times, for example 1:23pm.
This means that when the time reaches 1:50pm, 2:50pm, etc the number of
times the string `50` appears in the page changes. Which causes the test
assertions to fail.
It’s hard to read the tests when they have HTML bundled up with content.
So this commit:
- introduces BeautifulSoup to parse the HTML
- asserts separately on the text and any links found in the HTML
We show letter validation errors in two places:
1. In response to a user uploading a PDF
Here we use the error banner pattern because the problem is as a
direct consequence of a user’s action, and is blocking them from
continuing.
2. Once a PDF provided through the API has been validated
We use a less prominent pattern of red text with no border because
the message is reporting on something that’s already happened, and
which wasn’t a direct consequence of the user clicking something
Because the context and patterns used are different we need slightly
different content in each of these situations. Previously we tried to
reuse the same content to make the code cleaner and less repetitive. But
ultimately a clear interface trumps clear code.
This will make the diffs introducing substative changes easier to read.
Consistent indenting and always having trailing commas on lists and
dictionaries makes for smaller diffs.
