Commit Graph

4011 Commits

Author SHA1 Message Date
Katie Smith
a84705f834 Update the broadcast roles
We've added new broadcast roles in the database (`create_broadcasts` and
`approve_broadcasts`).

Adding these has meant we've needed to do a bit of a rewrite of the roles and
permissions code since this had been based on the assumption that each
database permission only belongs to one admin role - this is no longer true.
This means that flipping the roles dict round to create a dict which
contains database permissions as the keys is no longer possible. We can't
necessarily tell which admin role someone has given a database permission.

To check if a user has an admin role given a list of database permissions,
the user must now have ALL the database permissions mapped to that role
(instead of just one). This works because no one has the `manage_users`
permission without also having the `manage_settings` (and similar for
the other admin roles which map to multiple database permissions).

Some test data was changed because it was using admin roles where
database permissions are actually used when the app is running. I've kept
the functionality of the `translate_permissions_from_db_to_admin_roles`
function passing through any unknown roles it is passed as an argument.
This is not necessary, so can be changed later if we decide it will not
ever be used. However, removing it would require updating a lot of
tests since the tests rely on this behaviour.
2021-07-19 14:40:13 +01:00
Katie Smith
a66a31c944 Allow users with new broadcast permissions access to routes
Added two new permissions - `create_broadcasts` and
`approve_broadcasts`. These new permissions get added to the
`has_permissions` decorator of the broadcast routes to allow the routes
to be accessed with either the old permissions on the new ones while we
switch over.

We were using the `send_messages` permission for the broadcast routes.
By having two new permissions we can allow a more granular control of
these routes.
2021-07-19 14:40:13 +01:00
Chris Hill-Scott
93fbd1319c Merge pull request #3966 from alphagov/block-plus-addressing
Be strict about similar email addresses when inviting a user to an emergency alerts service
2021-07-16 09:16:47 +01:00
Rebecca Law
54787689c9 Merge pull request #3953 from alphagov/show_exceeded_daily_limit_on_page
Show status when job has exceeded the daily sending limit
2021-07-15 16:03:19 +01:00
Chris Hill-Scott
c3091223a9 Be strict about similar email addresses for alerts
We don’t want a single person to have two accounts on an emergency
alerts service because it would let them circumvent the two eyes
approval process.

We can go some way to mitigating against this by stopping people using
common methods that email providers use to alias email addresses. These
are:
- being case insensitive
- being insensitive to the position or number of dots in the local part
  of an email address
- using ‘plus addressing’

We already prevent the first one, this commit adds normalisation which
strip out the second two before doing the comparision with the current
user’s email address.
2021-07-15 13:55:50 +01:00
Ben Thorner
9170c0b175 Merge pull request #3969 from alphagov/fix-suspend-archive-perm-178770416
Fix backend permissions for stopping services
2021-07-15 09:29:20 +01:00
Katie Smith
9d4095074d Merge pull request #3967 from alphagov/broadcast-form-cache-clear
Clear user cache when broadcast service settings form is submitted
2021-07-14 16:02:14 +01:00
Ben Thorner
96a87e7cf2 Fix and test archive service permissions
Previously the backend would never validate permissions because the
"not service.active" part would (usually) fail. I've updated it to
match the (inverse of the) conditional we have in the HTML [1].

[1]: 6ac593aa5f/app/templates/views/service-settings.html (L455)
2021-07-14 14:51:33 +01:00
Ben Thorner
cd95a891a7 Enforce only Platform Admin can suspend / resume
This was previously out-of-sync with the superficial restriction in
the HTML [1][2].

[1]: 6ac593aa5f/app/templates/views/service-settings.html (L462-L468)
[2]: 6ac593aa5f/app/templates/views/service-settings.html (L471)
2021-07-14 14:51:32 +01:00
Rebecca Law
cca94e956b Update content 2021-07-14 09:55:20 +01:00
Rebecca Law
af7882e5a4 Show status when job has exceeded the daily sending limit
If a job exceeds the daily sending limit, show that on the job page. The job is only created if the sending limit has been reached when the delivery app is processing the job, usually this error is caught at the time the CSV is uploaded and the job is not created.
2021-07-14 09:55:20 +01:00
Katie Smith
5b52b6f9bf Clear user cache when broadcast service settings form is submitted
When the broadcast service settings form is submitted it now removes all
permissions for users in notifications-api. This means it should be
clearing the user cache.
2021-07-13 17:06:35 +01:00
Ben Thorner
6ac593aa5f Merge pull request #3963 from alphagov/audit-service-resume-178770416
Audit when a service is resumed
2021-07-13 12:09:54 +01:00
Ben Thorner
1cde6ac686 Audit when a service is resumed
This could also be an issue if the service can send broadcasts, so
it's worth auditing who performed this action.
2021-07-13 10:57:23 +01:00
Ben Thorner
1fb529c448 Improve coverage of resume service tests
This makes the tests consistent with those for suspend / archive,
logging in with different users to make it clearer who can/not do
this action in the backend.

Note that we think this functionality may be too permissive [1],
so we may restrict it in a future PR.

[1]: https://github.com/alphagov/notifications-admin/pull/3959#issuecomment-878291295
2021-07-13 10:57:22 +01:00
Ben Thorner
d37c2abb9e DRY-up arg assertions in event handler tests
This will make it easier to add another handler in the next commit.
2021-07-13 10:57:21 +01:00
Ben Thorner
22ac1bfcae DRY-up and enforce kwargs for most events
For most events this makes the purpose of each argument clearer at
the point the event is called. It's still worth having a function
for each event type, as this abstracts knowledge of the event label.
Using a schema approach will make adding new events easier.

In the next commit we'll DRY-up the duplication in the tests as well.
2021-07-13 10:57:19 +01:00
Chris Hill-Scott
aefbe7709b Merge pull request #3951 from alphagov/hide-go-live-ticket-content
Hide details of go live request ticket from the user
2021-07-13 08:49:43 +01:00
Ben Thorner
9b62b7ccb0 DRY up mock event dict with a factory function 2021-07-08 17:17:25 +01:00
Ben Thorner
7e8b5d36be Remove redundant context for event handler tests
Just like the new tests for suspending and archiving services, we
can use the 'client' fixture instead of a context, which avoids
the extra nesting. Note that the first event handler doesn't use
its first argument, which I've tried to indicate with a string.
2021-07-08 17:17:24 +01:00
Ben Thorner
cd1fe0640c Improve coverage of suspend service tests
Previously these only tested with a Platform Admin user, but service
admins can suspend a service too. I've rewritten the tests to match
the 'archive_service' ones, which use the client_request fixture to
make changing the user easier.

Note that the return value of the service API client wasn't used for
anything, so it's safe to remove it from the mock.
2021-07-08 17:17:23 +01:00
Ben Thorner
301908460a Audit when a service is archived ("deleted")
This is similar to the previous commit. I've used the term 'archive'
to match the rest of the code - services aren't ever truly deleted.
2021-07-08 17:17:22 +01:00
Ben Thorner
bb4c86008a Add audit event for suspending a service
This is particularly important for broadcast services, where a rogue
service or platform admin could launch a DoS attack by suspending a
service at a critical moment when it needs to send alerts.
2021-07-08 15:29:52 +01:00
Ben Thorner
e72a260e13 Merge pull request #3947 from alphagov/allow-ccs
Allow other users to use security keys
2021-07-08 11:53:03 +01:00
Chris Hill-Scott
ceca92c84e Merge pull request #3952 from alphagov/emergency-alerts-content-review
Emergency alerts content review
2021-07-08 09:33:54 +01:00
Ben Thorner
4c2915ce86 Use API flag to give users access to WebAuthn
This allows us to roll out the feature to other users. Note that
the flag is also "True" if the user has "webauthn_auth" as their
auth type, so this is compatible with the more fine-grained check
we have on the authentication parts of the feature. We could do a
more explicit "can_use_webauthn or webauthn_auth" check here, but
the idea is that we'll be able to get rid of this flag eventually,
so I've optimised for brevity instead.

I've modified a couple of the unhappy-path tests to make it more
explicit that the flag is false, since it can be true for Platform
Admins and "normal users" alike.
2021-07-07 15:04:48 +01:00
Ben Thorner
1a4dd04ab1 Add missing tests for authentication radios
Previously we only had one test for SMS auth not being disabled on
the invite version of the form. This modifies that test to fully
check what's displayed, and adds two more for the edit version of
the form.
2021-07-07 15:04:47 +01:00
Ben Thorner
a1b4ccc246 Prevent auth type changing for any WebAuthn user
Previously we applied this restriction to Platform Admins, on the
assumption that all of them use a security key to log in. Rather
than making that assumption, we can explicitly check their login
method, which also supports rolling out the feature to more users.
2021-07-07 15:04:43 +01:00
Ben Thorner
fab58b4e4e Merge pull request #3950 from alphagov/clarify-sms-prefix
Explain about text message prefixes when editing
2021-07-07 12:35:23 +01:00
Chris Hill-Scott
cc4cc78d8c Hide details of go live request ticket from the user
We put some content in the go live ticket which is for our benefit, for
example notes about the organisation.

It’s hard for us to be able to say what we want here if we know that the
person making a go live request is going to see those notes.

This commit changes go live requests so that the initial content of the
ticket is hidden from the person raising it (in Zendesk it will appear
as an ‘internal note’, rather than a ‘public reply’).

---

Depends on:
- [ ] https://github.com/alphagov/notifications-utils/pull/877/files
2021-07-06 17:30:17 +01:00
Chris Hill-Scott
2accf8434a Remove false precision from area estimates
We give estimates of the area for those who can’t see the map. These
estimates were needlessly precise, gave a false sense of accuracy and
were causing intermittent test failures between different environments.

This commit rounds them in the same way that we round the count of
phones.
2021-07-06 17:00:51 +01:00
Chris Hill-Scott
e4ca78634d Bump utils to bring in new polygon simplification
We’ve changed our simplification a bit so:
- polygons have slightly more points (see https://github.com/alphagov/notifications-utils/pull/873)
- the individual points have less precision (see https://github.com/alphagov/notifications-utils/pull/872)

Overall this reduces the size of the data we’re storing from 74MB to
63MB, and should make any pages where we are rendering lots of
coordinates load a bit quicker.
2021-07-06 17:00:50 +01:00
Katie Smith
59ed8b0f8b Update tests for new content 2021-07-06 16:42:54 +01:00
Ben Thorner
b4bd978289 Update content following review with Karl 2021-07-06 16:30:24 +01:00
Leo Hemsted
416b5c3e26 Merge pull request #3926 from alphagov/sign-in-bug
ensure user details are always in the session after entering password
2021-07-06 11:56:24 +01:00
karlchillmaid
d90d0d632e Change 'cancel' to 'reject' 2021-07-05 17:21:57 +01:00
karlchillmaid
18800a9cec Change 'withdraw' to 'discard' 2021-07-05 17:11:26 +01:00
karlchillmaid
60d8734f79 Replace use of 'broadcast' 2021-07-05 16:39:48 +01:00
Chris Hill-Scott
960d2b8bf1 Merge pull request #3954 from alphagov/no-empty-state-choose-areas
Remove empty state step before choosing areas
2021-07-05 16:01:49 +01:00
Chris Hill-Scott
2cfd22b20c Remove empty state step before choosing areas
We had some kind of idea that having this empty page would introduce the
idea of choosing areas and reinforce that you are building up a list of
areas.

But since the journey is now so simple with the button to create an
alert directly on the dashboard page, maybe people don’t need this extra
orientation.
2021-07-05 14:33:02 +01:00
karlchillmaid
a8bd65254e Change previous to past 2021-07-05 13:49:36 +01:00
Leo Hemsted
74b5d8f3cd add test for when trying to sign in as another invited user 2021-07-02 18:11:53 +01:00
Ben Thorner
2355d1e0e6 Explain about text message prefixes when editing
Previously this lead to 2 support tickets because the user didn't
understand why their messages was being split into 2 fragments. We
tried modifying the message about charges, but that made it more
complicated. Adding a hint should hopefully be enough.
2021-07-02 16:25:45 +01:00
Chris Hill-Scott
5a378fe51f Use CustomBroadcastArea to estimate phones in bleed area
Our current assumption is that the bleed area has the same population
density as the broadcast area.

This is particularly naïve when:
- the bleed area overlaps the sea – no-one lives in the sea
- the broadcast area is a village and the bleed area is the surrounding
  countryside
- the broadcast area is adjacent to a densely populated area like a city

We can be smarter about this now that we have a way of determining the
number of phones in an arbitrary area, based on the known areas that we
have population data about.

Calculating the population in an overlap is a slightly more intensive
calculation. So we only doing it for areas which are smaller enough that
it doesn’t slow things down too much. For larger areas we still use the
more naïve algorithm.
2021-07-02 10:36:25 +01:00
Ben Thorner
1f33924ceb Send upload_id to Template Preview for logging
This means we can include the anonymous ID for the file in the log
we have about Type3 fonts [1]. Currently, we have no way of tracing
manually uploaded files with this potential defect.

[1]: https://github.com/alphagov/notifications-template-preview/pull/557
2021-07-01 12:09:47 +01:00
Ben Thorner
43afcd1064 Remove redundant restrictions for WebAuthn feature
Since the register and authentication APIs work in pairs, we can
just put the restrictions on the "begin" API. We weren't testing
the restrictions on the "complete" API anyway.

For authentication, it's also enough to check if the user has
WebAuthn as their auth type, as it's not a big deal if a user
continues to login with a security key indefinitely.
2021-06-30 16:19:12 +01:00
Ben Thorner
7fafc18fb3 Remove unnecessary restriction for 2FA WebAuthn
It should be enough to check the user has it set as their auth type.
Even if a user is no longer eligible to register a security key, it
should still be OK for them to continue using the feature.
2021-06-30 14:54:20 +01:00
Leo Hemsted
7b3751240c ensure user details are always in the session after entering password
We signal that we're mid-way through the sign-in flow by adding a
`user_details` dict to the session.

previously, we'd only put a user's details in the session in `User.sign_in`,
just before sending any 2fa prompt and redirecting to the two factor
pages.

However, we found a bug where a user with no session (eg, using a fresh
browser) tried to log in, but they had never clicked the link to
validate their email address when registering. Their user's state was
still in "pending", so we redirected to `main.resend_email_verification`
as intended - however, they didn't have anything in the session and the
resend page expected to get the email address to resend to out of that.

To be safe, as soon as we've confirmed the user has entered their
password correctly, lets save the session data at that point. That way
any redirects will be fine.
2021-06-29 18:13:25 +01:00
Leo Hemsted
71613dd942 remove old /two-factor endpoint and update test names
we redirect people to `/two-factor-sms` since #26ad20719
2021-06-29 16:19:24 +01:00
Leo Hemsted
c439cafd37 always create platform admin users with webauthn in tests 2021-06-29 16:19:22 +01:00