Commit Graph

157 Commits

Author SHA1 Message Date
Chris Hill-Scott
e3089af1ef Add test coverage for configuration of autofocus
This commits adds test coverage for ther HTML in several of the forms
which had broken autofocus.

It means that if we make changes to the HTML which triggers autofocus in
the future it should be more obvious that something is depending on the
attributes being added/removed.
2021-11-04 17:34:41 +00:00
Katie Smith
761af69a00 Remove active_user_broadcast_permissions fixture
This wasn't adding anything now that we have two new and more specific
fixtures, `active_user_create_broadcasts_permission` and
`active_user_approve_broadcasts_permission`, that can be used instead.

`manage_templates` has now been removed from the `create_broadcasts`
permission, so this also adjusts the fixture for a user who can create
broadcasts.
2021-07-26 13:58:39 +01:00
Chris Hill-Scott
b71f0c6795 Disambiguate sent and created
At the moment we say that you either ‘add’ an alert or ‘send’ it.

This is confusing because:
- an alert isn’t received on people’s phones until it’s approved, so
  this is really when it is ‘sent’ conceptually
- an alert can be rejected before anyone receives it, so the UI can say
  an alert that no-one ever received was sent

This commit re-labels things so that the the first part of the process
is ‘creating’ the alert.

This makes all the permissions nice and distinct from each other. Adding
templates and adding alerts feel conceptually quite different things
(what are you adding the alert to?).
2021-07-23 10:07:05 +01:00
Chris Hill-Scott
694d7cc2ff Split the templates permission out again
It will likely be the same people who have permission to create alerts
and edit templates (maybe someone in a comms role).

But combining the two permissions makes the options presented in the
form feel clunky because ‘alerts’ and ‘templates’ are conceptually quite
different.

So I think it makes sense to keep the templates permission the same as
it is for regular Notify services.
2021-07-23 10:07:04 +01:00
Katie Smith
a84705f834 Update the broadcast roles
We've added new broadcast roles in the database (`create_broadcasts` and
`approve_broadcasts`).

Adding these has meant we've needed to do a bit of a rewrite of the roles and
permissions code since this had been based on the assumption that each
database permission only belongs to one admin role - this is no longer true.
This means that flipping the roles dict round to create a dict which
contains database permissions as the keys is no longer possible. We can't
necessarily tell which admin role someone has given a database permission.

To check if a user has an admin role given a list of database permissions,
the user must now have ALL the database permissions mapped to that role
(instead of just one). This works because no one has the `manage_users`
permission without also having the `manage_settings` (and similar for
the other admin roles which map to multiple database permissions).

Some test data was changed because it was using admin roles where
database permissions are actually used when the app is running. I've kept
the functionality of the `translate_permissions_from_db_to_admin_roles`
function passing through any unknown roles it is passed as an argument.
This is not necessary, so can be changed later if we decide it will not
ever be used. However, removing it would require updating a lot of
tests since the tests rely on this behaviour.
2021-07-19 14:40:13 +01:00
Chris Hill-Scott
93fbd1319c Merge pull request #3966 from alphagov/block-plus-addressing
Be strict about similar email addresses when inviting a user to an emergency alerts service
2021-07-16 09:16:47 +01:00
Chris Hill-Scott
c3091223a9 Be strict about similar email addresses for alerts
We don’t want a single person to have two accounts on an emergency
alerts service because it would let them circumvent the two eyes
approval process.

We can go some way to mitigating against this by stopping people using
common methods that email providers use to alias email addresses. These
are:
- being case insensitive
- being insensitive to the position or number of dots in the local part
  of an email address
- using ‘plus addressing’

We already prevent the first one, this commit adds normalisation which
strip out the second two before doing the comparision with the current
user’s email address.
2021-07-15 13:55:50 +01:00
Ben Thorner
22ac1bfcae DRY-up and enforce kwargs for most events
For most events this makes the purpose of each argument clearer at
the point the event is called. It's still worth having a function
for each event type, as this abstracts knowledge of the event label.
Using a schema approach will make adding new events easier.

In the next commit we'll DRY-up the duplication in the tests as well.
2021-07-13 10:57:19 +01:00
Ben Thorner
1a4dd04ab1 Add missing tests for authentication radios
Previously we only had one test for SMS auth not being disabled on
the invite version of the form. This modifies that test to fully
check what's displayed, and adds two more for the edit version of
the form.
2021-07-07 15:04:47 +01:00
Ben Thorner
a1b4ccc246 Prevent auth type changing for any WebAuthn user
Previously we applied this restriction to Platform Admins, on the
assumption that all of them use a security key to log in. Rather
than making that assumption, we can explicitly check their login
method, which also supports rolling out the feature to more users.
2021-07-07 15:04:43 +01:00
Leo Hemsted
126f9cf6be fix bug stopping editing of permissions of webauthn platform admins
We hide the radio field in the HTML for platform admins, as we don't
want anyone to be able to change their auth type. However, when the form
is validated, the form has a field called login_authentication that it
expects a value for. It silently fails as it complains that when the
user POSTed they didn't select a value for that radio field, but the
error message is on the radio fields that don't get displayed to the
user so they'd never know.

Fixing this is actually pretty hard.

We use this form in two places, one where we have a user to edit, one
where we are creating an invite from scratch. So sometimes we don't know
about a user's auth type. In addition, radio buttons are mandatory by
design, but now sometimes we don't just want to make it optional but
explicitly ignore the value being passed in? To solve this, remove the
field entirely from the form if the user is a platform admin. This means
that if the code in manage_users.py tries to access the
login_authentication value from the form, it'll error, but I think
that's okay to leave for now given we concede that this isn't a perfect
final solution.

The tests didn't flag this previously as they tried to set from sms_auth
(the default for `platform_admin_user`) TO email_auth or sms_auth. Also,
the diagnosis of this bug was confounded further by the fact that
`mock_get_users_by_service` sets what is returned by the API - the
service model then takes the IDs out of that response and calls
`User.get_user_by_id` for the matching ID (as in, the code only uses
get_users_by_service to ensure the user belongs to that service). This
means that we accidentally set the form editing the current user, as
when we log in we set `get_user_by_id` to return the user of our choice
2021-06-29 15:53:48 +01:00
Ben Thorner
7c27646d6a Extract user utility code into own module
This provides more room for expansion, and reduces the amount of
arbitrary code in the __init__.py file for the new package.
2021-06-09 13:19:05 +01:00
Ben Thorner
6d0d9d46f7 Prevent switching auth type for Platform Admins
This closes a security loophole, where the auth type of a Platform
Admin could be unwittingly changed when they accept an invite, or
by an admin of a service they are a member of.
2021-05-25 16:01:25 +01:00
Leo Hemsted
c89be0079a rename get_invited_user funcs
make it clear they're expecting a service/org id
2021-03-12 15:59:32 +00:00
David McDonald
3e80ba4734 Fix flake8 and isort errors
Note, isort now has default behaviour of searching recursively so we no
longer need the `-rc` flag
2021-03-08 18:48:56 +00:00
David McDonald
fed40326da Fix test assertion
It wasn't varying the email address seen in the header based on the two
parametrized cases. Not the end of the world, but we should make it
correct
2021-03-08 13:40:53 +00:00
Chris Hill-Scott
fbd58ef1f8 Add separate messages for invited/team member
2 messages seems like a good idea.
2021-01-08 10:56:59 +00:00
Chris Hill-Scott
a68dfae5c2 Short circuit if team member is already invited
It would be confusing if people got invited twice, so let’s tell people
if someone’s has a pending invite.
2020-12-31 14:50:13 +00:00
Chris Hill-Scott
92c6cca6a1 Don’t populate invite with users from other orgs
We shouldn’t have a page where someone can look up any other user’s
email address based on their user ID.

We also don’t want a page where a malicious user could send someone an
link which would get them invited to the service.

Restricting the invite to be populated just from users in their own
organisation doesn’t mitigate against this stuff completely, but they
probably have a way of finding out the email address of someone in their
organisation already.
2020-12-31 14:47:00 +00:00
Chris Hill-Scott
deaf2059f5 Short circuit if already a team member
It would be confusing if people got invited twice, so let’s tell people
if someone’s already been invited.
2020-12-31 14:45:58 +00:00
Chris Hill-Scott
6edc356c22 Allow invite form to be pre-populated
At the moment users must be invited to join a service. But this means:
- users must know that a service already exists
- they need to know who to ask for an invite

If the user doesn’t know these thing then sometimes they just go ahead
and set up a new service. Which means they have to get all the way to
the point of requesting to go live before we tell them that there’s
already a service with a similar name or purpose.

So we should let users:
1. discover what other services exist in their organisation
2. apply to join a service
3. automatically notify the service managers of their interest
4. be invited by a service manager
5. accept the invite

This commit implements step 4. We can just link them to the invite form
in step 3., but we should make it easy for them to send the invite,
without having to copy and paste email addresses.

So this commit let the invite form be pre-populated with an existing
user’s email address.
2020-12-31 14:35:39 +00:00
Tom Byers
676a9297fe Merge pull request #3593 from alphagov/fix-link-and-button-text-across-pages
Fix link and button text across pages
2020-09-01 15:11:09 +01:00
Pea Tyczynska
e0faad6cea Only approved email domain users can be invited
to broadcast services. This is done to improve security.
2020-08-28 14:41:03 +01:00
Tom Byers
c12b7cbb5d Fix tests from changes to link text 2020-08-26 10:10:21 +01:00
Katie Smith
e3006f62b2 Ensure H2 headings follow H1 headings
We had some cases where an H3 heading followed an H1. This was flagged
as something to change in the accessibility report.
2020-08-21 16:52:35 +01:00
Katie Smith
895a9df55a Add confirmation banner when cancelling user invites
This shows the green banner with a tick when cancelling a user's
invitation to a service or organisation. The accessibility audit noted
that 'When cancelling an invite a new page loads, however, there is no
immediate indication that the invite has been cancelled.'

In order to display the invited user's email address as part of the
flash message, this adds new methods to the api clients for invites to get
a single invite.
2020-08-19 09:05:41 +01:00
Pea Tyczynska
39bc7cf721 Convert EmailFields to GovukEmailFields
Changes those fields (and sometimes also regular text input fields)
 in the following forms:
- LoginForm
- RegisterUserForm
- ChangeEmailForm
- FeedbackOrProblem
- AcceptAgreementForm
- ChangeNameForm (only name field here, but used in the same template
field as ChangeEmailForm here: app/templates/views/user-profile/change.html)

Also includes changes to templates that use this form
and associated tests.
2020-08-12 10:34:42 +01:00
Tom Byers
468a43bd68 Revert support for old user permissions params
The fields used for user permissions on
permissions forms were changed as part of the work
converting the checkboxes to GOVUK Frontend.

This removes code added to protect against a
situation where the server-side app was running
this updated code but clients were POSTing from
pages that were not, and so sending the old HTTP
params.
2020-07-31 15:40:12 +01:00
Tom Byers
e3c434bb8f Change permissions tests to support old API
User permissions were handled by a group of
BooleanFields but introducing the new checkboxes
changed this to just one field that stores its
data in a list.

It was mentioned in a comment that there could be
a situation, when the instances roll, where clients
are using the old fields but POSTing to a server
running the new code.

https://github.com/alphagov/notifications-admin/pull/3535#discussion_r460872903

This introduces tests for that situation.
2020-07-31 15:15:26 +01:00
Tom Byers
f322229614 Change tests to check permissions_field name
A comment on this group of changes mentioned the
'name' attribute of checkboxes for the
permissions_field should be checked as well as the
'value' attribute:

https://github.com/alphagov/notifications-admin/pull/3535#discussion_r460869797

This adds checks to support that point.
2020-07-31 15:15:16 +01:00
Tom Byers
e266b11ee2 Fix tests for pages using govukCheckboxField
These fields used to use govukCheckboxesField and
so stored their data in a list. They were since
migrated to govukCheckboxField, which extends
BooleanField and so keeps its data as a boolean
value.
2020-07-31 10:20:44 +01:00
Tom Byers
e3753ae623 Fix issues in tests from new fields 2020-07-24 11:34:02 +01:00
Chris Hill-Scott
94434b36e7 Only show relevant permissions on the team members page
Since users of broadcast services will always have the view dashboard
permission and never have the API keys permission we can hide these. And
we should re-label the permissions to make sense in the context of
broadcasting.
2020-07-14 09:46:55 +01:00
Chris Hill-Scott
72c1b3d8a1 Only show relevant user permissions for broadcast services
For services with the broadcast permission this hides:
- the ‘View dashboard’ permission (and defaults it to _checked_) because
  all users of broadcast services will need to see the dashboard
- the ‘Manage API keys’ permission (and defaults it to _not checked_)
  because we don’t offer an API integration for broadcast services yet
  – if we do we won’t want existing users to automatically get the
  permission

It relabels:
- the ‘Send’ permission to ‘Prepare and approve’ to match the current,
  slightly clunky language on the templates page
- the ‘Manage settings’ label to not refer to ‘usage’ because broadcast
  services won’t incur cost
2020-07-14 09:45:42 +01:00
Chris Hill-Scott
0f0b2dad3f Correct whitelist to non-government in test name
See c31264d4c for why ‘whitelist’ should be avoided. The use of
whitelist here was not referring to the user-maintained list, but to
mean ‘not a government’ email address. This commit renames these tests
to make that difference clear.
2020-06-12 10:28:08 +01:00
Tom Byers
f0f461f5c9 Revert "Change checkboxes to GOVUK frontend" 2020-05-14 16:59:34 +01:00
Tom Byers
c9420418b3 Fix issues in tests from new fields 2020-05-13 17:37:44 +01:00
Chris Hill-Scott
db2d312ba7 Link to ‘who it’s for’ when error creating account
If someone enters an email address from a domain we don’t recognise we
direct them straight to our support channel. This is causing increased
contact from suppliers and members of the public.

Now that we have a page which explains who can use Notify, let’s direct
people there first. Then if they really do need to contact support
(because we don’t recognise their organisation) then they can do so from
that page.
2020-03-26 14:55:51 +00:00
David McDonald
c248fee772 Add event for remove_user_from_service
Follows our existing patterns of events for managing users
2020-03-10 13:52:39 +00:00
Tom Byers
16c1c34588 Fix tests broken by changes to HTML 2020-02-25 10:52:03 +00:00
Tom Byers
5b306dde4d Revert "Convert all links to govuk frontend" 2020-02-24 11:56:38 +00:00
Tom Byers
12c30c47a5 Fix tests broken by changes to HTML 2020-02-20 09:11:26 +00:00
Katie Smith
dca6d1690f Use govuk-button in page footer component 2020-02-17 08:05:05 +00:00
Tom Byers
28140104f1 Fix python tests broken by cookie banner 2020-01-20 10:03:19 +00:00
Chris Hill-Scott
c4818eb7f2 Rename property on ModelLists
The property doesn’t represent the whole client, but just one method on
it. So this commit renames the property to better describe what it is
designed to store.
2020-01-16 16:31:20 +00:00
Leo Hemsted
66db735e09 Revert "Merge pull request #3238 from alphagov/cookies-update"
This reverts commit eec4bec761, reversing
changes made to 64480e2fff.
2020-01-15 14:40:48 +00:00
Tom Byers
eec4bec761 Merge pull request #3238 from alphagov/cookies-update
New cookies banner and page
2020-01-15 10:37:14 +00:00
Chris Hill-Scott
72eb6ef99a Fix session bug when changing user’s email address
The session key we use is global.

This means if you open the edit page for two different users in two
different tabs the session for the first tab is overwritten with the
session from the second tab. This means the two users are both set to
the same email address, which causes an exception (email addresses are
unique).

This commit fixes that bug by including the user ID in the session ID.
2020-01-13 12:03:39 +00:00
Tom Byers
beeb273d6c Fix python tests broken by cookie banner 2020-01-03 17:28:33 +00:00
Katie Smith
e4134072d9 Reduce the errors related to user fixtures
We were using user fixtures in a lot of parameterized tests, but this is
no longer allowed in Pytest 5. To avoid having to split up the parametrized
tests (which would make the test files a lot longer and slightly more
difficult to read) this commit creates functions which return various types
of user json so that we can use these as the test parameters instead.
2019-12-19 16:59:07 +00:00