darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-04-03 00:50:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
434 Commits 53 Branches 59 Tags
e8a22f4d094e04424ef71b1e566eacce40a59243
Commit Graph

47 Commits

Author SHA1 Message Date
Rebecca Law
f7373ee5fc Fix wording 
Changed forgot-password so that it does not expose to the user that the email address does not exist.
 2016-01-11 12:23:08 +00:00
Chris Hill-Scott
677f8891b2 Fix layout and wrong word 2016-01-11 12:23:08 +00:00
Rebecca Law
9ca2f2017f Fix argument 2016-01-11 12:23:08 +00:00
Rebecca Law
c858869a52 Removed exceptions, found a better way to handle them. 
Refactored the forms so that fields like email_address can be used in multiple forms.
Refactored form validation so that a query function is passed into the form to be run, this
way the form is not exposed to the dao layer and the query is more efficient.

This PR still requires some frontend attention. Will work with Chris to update the templates.
 2016-01-11 12:23:08 +00:00
Rebecca Law
ceb78f49b4 Take out the Canadian politeness. 
Make the error message more consistent.
Extracted common fields for the forms.
 2016-01-11 12:23:08 +00:00
Rebecca Law
a860f713d2 Implementation of the new_password endpoint. 
Found a way to create the token that does not need to persist it to the database.
This requires proper error messages, written by people who speak menglis good.
 2016-01-11 12:23:07 +00:00
Rebecca Law
b5901a1ac7 New-password endpoints are implemented. 
There should be a better way to validate the token.
 2016-01-11 12:23:07 +00:00
Rebecca Law
2cb896fa81 Completion of forgot-password endpoints. 
Start implementation for new-password endpoints.
Created PasswordResetToken model
ToDo: create and save token, send valid url to user,
check validity of token, update user's password, redirect to /two-factor.
 2016-01-11 12:23:07 +00:00
Rebecca Law
6696426dbc Add endpoints for forgot-password. 2016-01-11 12:22:39 +00:00
Nicholas Staples
7001d8261d Fix for security hole with setting session['user_id'] before second factor of authentication has been authorised. 2016-01-07 12:43:10 +00:00
Nicholas Staples
52df795743 Review fix. 2016-01-06 17:00:01 +00:00
Nicholas Staples
9d7c3566aa Removed validation check for unique mobile number on the system. 2016-01-06 09:54:10 +00:00
Nicholas Staples
ecc3485d72 Merge conflicts with master. 2016-01-05 17:24:13 +00:00
Nicholas Staples
0ebacd6929 Refactor for code_not_received, sign_in, two_factor and verify. 2016-01-05 17:08:50 +00:00
Rebecca Law
f1291b7c09 Adding logging. 
Raise ValidationError for validate_codes rather than returning a true or false.
 2016-01-05 13:13:06 +00:00
Nicholas Staples
7693ba8a18 Update register view form and template. 2016-01-05 12:41:20 +00:00
Rebecca Law
785c413cde Move and rename macro.html 
Remove print statements
Fix code style
 2016-01-04 15:50:26 +00:00
Rebecca Law
ac05f6931e Refactor add-service form such that the dao is not exposed in the forms. 2016-01-04 15:31:50 +00:00
Rebecca Law
fe8a1a10c5 109898688: Refactor the validate codes logic to be more susinct and easier to read. 2015-12-17 15:09:12 +00:00
Rebecca Law
010be66d31 109898688: Complete the implementation of the did not receive code. 2015-12-17 14:33:20 +00:00
Rebecca Law
64812c1614 109898688: All codes are valid until one code is used, then they are all marked used. 
Fixed the is_active() method on the Users model, if the user was pending they would come back as active, allowing a user to sign in before being active.
There is still a problem with the validate_sms_code and validate_email_code method.
 2015-12-17 14:33:20 +00:00
Rebecca Law
bd8bb3c926 109898688: Implementation of text-not-received and email-not-received 2015-12-17 14:33:20 +00:00
Rebecca Law
eb0cff18c5 110067722: Add form validation for duplicate service name. 2015-12-15 10:32:26 +00:00
Rebecca Law
350ccda208 110067722: Added endpoints for add-service 
Post is not complete as of yet.
 2015-12-15 10:32:25 +00:00
minglis
e133baa6b3 Merge pull request #26 from alphagov/persis_verify_codes 
Persis verify codes
 2015-12-14 14:56:28 +00:00
Rebecca Law
caabda92e0 Test for VerifyForm and TwoFactorForm 2015-12-14 14:09:29 +00:00
Rebecca Law
295dbeb7d1 Create unit tests that test the forms. 2015-12-14 13:25:27 +00:00
Rebecca Law
c0550d2c61 Refactor unit tests 2015-12-14 13:25:27 +00:00
Rebecca Law
bbecc03531 109526036: Fix bug. 
If one of the codes was invalid and one was valid on the verify page the valid code would be marked as used.
 2015-12-10 16:34:29 +00:00
Rebecca Law
2b4097dd2d 109526036: Updates as per comments made on pull request. 2015-12-10 15:21:06 +00:00
Rebecca Law
588730d594 109526036: Persist the verify code to the db. 
The codes are hashed and saved to the db.
The code is marked as used once a valid code is submitted.
The code is valid for 1 hour.
The codes are no longer saved to the session.
 2015-12-10 14:48:01 +00:00
Rebecca Law
9ba229820a 109638656: Implementation of two factor verification 
Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well.
 2015-12-09 11:36:57 +00:00
Rebecca Law
1af2dd5e98 109638656: Use Regex validator for sms code to ensure it is 5 digits. 2015-12-09 10:17:50 +00:00
Rebecca Law
2e59870490 109638656: Implement two factor verify flow 
When user enters valid sms code they are redirected to the dashboard.
Otherwise, form errors are present.
 2015-12-09 10:17:09 +00:00
Rebecca Law
eae2756a5e 109638656: Initial implementation for two-factor 2015-12-09 10:15:41 +00:00
Rebecca Law
ae19161b32 109526520: Use Regex validator to test the code is 5 digits. 2015-12-09 10:12:21 +00:00
Rebecca Law
9923c14e73 109526520: Changed the code form fields to StringField 
When the codes were IntegerFields and the code started with zero, the zero was trimmed, resulting in a failed match.
 2015-12-09 10:12:21 +00:00
Rebecca Law
bef2258803 109526520: Add custom validators for the VerifyForm 
If the email_code or sms_code entered does not pass check password, then add errors to the form.
 2015-12-09 10:12:21 +00:00
Rebecca Law
16618e80f9 109526520: Implement verify flow 
When a person registers with a valid mobile number and email address,
a code will be sent to each. That person can enter the verify codes and continue to the add-service page.
 2015-12-09 10:12:21 +00:00
Rebecca Law
69da9f8f32 109526520: render verify template with VerifyForm 2015-12-09 10:12:20 +00:00
minglis
abd344fc57 Merge pull request #12 from alphagov/blacklist_password 
Blacklist password
 2015-12-04 15:53:13 +00:00
Lorena Sutherland
571f09881e Amend name & password labels 2015-12-02 15:23:03 +00:00
Lorena Sutherland
058d7c5f96 Change password label 2015-12-02 13:57:03 +00:00
Rebecca Law
3b96b6e5ca 108536374: Implement a validator to exclude passwords on a blacklist 2015-12-01 16:45:11 +00:00
Rebecca Law
64d2cbb927 108536366: Implement register flow 
Includes validation for gov.uk email address, mobile number with +44, password at least 10 char.
Form validation errors will be added to template in a later story.
User is created when form validates.
 2015-12-01 16:41:49 +00:00
Rebecca Law
48b7a7dc37 108536490: Adding the login manager and csrf token. 
Still need to figure out how to override the load_user method, currently it is not working.
 2015-12-01 10:00:06 +00:00
Rebecca Law
7f96ef5a25 108536490: Initial effort to implement log in 
Add endpoint for post to /sign-in
Initialise role data
 2015-12-01 10:00:06 +00:00