Commit Graph

42 Commits

Author SHA1 Message Date
Leo Hemsted
f14a836baa check users' session id.
when a user enters their 2FA code, the API will store a random UUID
against them in the database - this code is then stored on the cookie
on the front end.

At the beginning of each authenticated request, we do the following
steps:
  * Retrieve the user's cookie, and get the user_id from it
  * Request that user's details from the database
  * populate current_user with the DB model
  * run the login_required decorator, which calls
    current_user.is_authenticated

is_authenticated now also checks that the database model matches the
cookie for session_id. The potential states and meanings are as follows:

 database | cookie | meaning
----------+--------+---------
 None     | None   | New user, or system just been deployed.
          |        | Redirect to start page.
----------+--------+---------
 'abc'    | None   | New browser (or cleared cookies). Redirect to
          |        | start page.
----------+--------+---------
 None     | 'abc'  | Invalid state (cookie is set from user obj, so
          |        | would only happen if DB is cleared)
----------+--------+---------
 'abc'    | 'abc'  | Same browser. Business as usual
----------+--------+---------
 'abc'    | 'def'  | Different browser in cookie - db has been changed
          |        | since then. Redirect to start
2017-02-22 17:31:13 +00:00
Chris Hill-Scott
fb33255bd0 Show a more useful message if you get signed out
> Users that allow their session to expire, or access a bookmarked link
> are told they need to "Sign in to access this page" - we should
> explain that it's because they've been away a while, so that they
> understand why they're being asked to log in again.

– https://www.pivotaltracker.com/story/show/140016919

The message we were showing before (Please log in to access this page is
the default message from Flask Login).

In order to stop this flash message from appearing, we need to override
the default handler for when a user is unauthorised. We’re overriding it
with the same behaviour, minus the flash message.

If you navigate deliberately to the sign in page it’s unchanged.

Content is Sheryll-approved.
2017-02-16 13:33:32 +00:00
Chris Hill-Scott
f3b0c0a556 Use client and logged_in_client fixtures
Wherever possible, because Don’t Repeat Yourself.
2017-02-06 10:44:38 +00:00
Chris Hill-Scott
929dc45224 Normalize whitespace in test arguments
We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.
2017-02-06 10:44:37 +00:00
Leo Hemsted
57e03349d2 remove get_statistics_for_service from statistics_api_client 2016-07-20 15:54:30 +01:00
Leo Hemsted
fade656e3b add new get_detailed_service mock to tests that the dashboard 2016-07-20 14:12:22 +01:00
Adam Shimali
0544ea776b Change when invite gets marked as accepeted. 2016-06-08 11:52:26 +01:00
Rebecca Law
a183d8d366 Missed the anchor tag in the mark up - oops. 2016-04-26 12:15:25 +01:00
Rebecca Law
60c55ca9e2 Fix anchor tag in flash message.
https://www.pivotaltracker.com/story/show/117513779
2016-04-26 12:03:35 +01:00
NIcholas Staples
4f71c40735 Merge pull request #466 from alphagov/desktop_feedback
Feedback page added. All tests working.
2016-04-20 11:17:55 +01:00
Nicholas Staples
da536bbd2e Feedback page working with all tests passing.
Updated to include team id.

Give Feedback -> Give feedback
2016-04-20 10:17:09 +01:00
Chris Hill-Scott
b75ab7c3df Make new service current service on first use
When you add a new service, it’s probably the one you want to do stuff
with.

When you get invited, the service you’ve been invited to is probably the
one you want to use.

This commit adds the ID of the new service or service you’ve been
invited to to the session.
2016-04-19 11:04:00 +01:00
Chris Hill-Scott
25079464b0 More helpful error when signed in an accept invite 2016-04-08 10:55:20 +01:00
Chris Hill-Scott
686493ed8f When a user accepts an invite, show them the tour
It’s jarring to be sent right into the dashboard.

We think the tour makes things less jarring.
2016-04-05 16:21:06 +01:00
Adam Shimali
159fe60c1a Template statistics now surfaced on dashboard.
Job list removed.

Template statistics retrieved at same time as
notification stats.
2016-04-05 11:47:24 +01:00
Nicholas Staples
c31c55666b Added current_service to flask context and template context.
Fix all tests and conflicts.

Removed comment line.
2016-04-04 17:01:20 +01:00
Adam Shimali
3f57aa917c Updated from git comments 2016-03-31 10:23:13 +01:00
Adam Shimali
5346367866 updated mock expectations 2016-03-31 10:14:49 +01:00
Adam Shimali
fc01735d70 Removed some un needed flash messages raised as bugs.
In the process found a couple of edge cases of incorrect
use of invitation links by other users which are now
handled.
2016-03-31 09:44:01 +01:00
Nicholas Staples
961ed6b362 Functionality added to existing endpoint without a user_has_permission decorator, tests passing.
Fix tests.
2016-03-23 14:26:12 +00:00
Adam Shimali
7ee173de51 Merge pull request #293 from alphagov/single-verify-code
Changed registration flow to first send email verification link that
2016-03-18 11:03:27 +00:00
Adam Shimali
2792bece54 Changed registration flow to first send email verification link that
when visited sends sms code for second step of account verification.

At that second step user enters just sms code sent to users mobile
number.

Also moved dao calls that simply proxied calls to client to calling
client directly.

There is still a place where a user will be a sent a code for
verification to their email namely if they update email address.
2016-03-17 15:19:51 +00:00
Chris Hill-Scott
d1becbe1e3 Add cookie banner text, page, and footer links
> Let’s start the footer links with the cookie page.
> Banner to say: "GOV.UK Notify uses cookies to make the site simpler. Find out
> more about cookies"
> Standard style one... see
> https://www.registertovote.service.gov.uk/register-to-vote/cookies or
> https://www.digitalmarketplace.service.gov.uk/cookies
>
> Let's link to the feedback form too...
> https://docs.google.com/forms/d/1AL8U-xJX_HAFEiQiJszGQw0PcEaEUnYATSntEghNDGo/viewform
> Call it Support and feedback

https://www.pivotaltracker.com/story/show/115483375
2016-03-17 14:52:34 +00:00
Chris Hill-Scott
b38ae08ad6 Put some statistics on the dashboard
This commit adds two new sections to the dashboard

1. A banner telling you about trial mode, including a count of how many messages
   you have left today, which is a restriction of trial mode

2. Panels with counts of how many emails and text messages have been sent in a
   day, plus the failure rates for each

It does **not**:
- link through to any further information about what trial mode is (coming
  later)
- link through to pages for the failure rates (coming later)
- change the ‘recent jobs’ section to ‘recent notifications’
2016-03-17 14:06:12 +00:00
Adam Shimali
4adbcebc6f Do not send email in case of invite.
The user does not have to validate the email token, but it
was still being sent.
2016-03-15 16:58:26 +00:00
Adam Shimali
7dca13407c Additional check needed to see if user was already a user for the
service that they were invited to.
2016-03-15 15:32:30 +00:00
Adam Shimali
164bdad4f2 Change new invite registration flow to only need
sms for verification.

This may change again soon with story to split 2 factor
pages, but for now is correct.
2016-03-14 09:43:34 +00:00
Adam Shimali
069a549d57 Bug fix for passing list of empty string if no permissions selected for
invite.

Send empty list instead.
2016-03-11 12:50:25 +00:00
Rebecca Law
f63a85d003 Fix bug in error handlers.
Correct spelling error
2016-03-11 10:16:06 +00:00
Adam Shimali
986edfa317 Check user invite status not accepted before proceeding with flow. 2016-03-10 11:57:40 +00:00
Adam Shimali
acc7c6cda3 Display email address that invitee will be registered with.
Also add flash message for users who already have an account.
2016-03-09 11:27:26 +00:00
Rebecca Law
4678a12d33 Revert the disabled email field on the register-invited-user page, the email address is not being submitted on the form when registering 2016-03-08 16:29:05 +00:00
NIcholas Staples
b78a321d90 Merge pull request #238 from alphagov/show-invite-email
Show invite email
2016-03-08 08:49:00 +00:00
Adam Shimali
9bc5d08d52 Flash message to confirm invitation accepted and user has been
added to service.
2016-03-08 08:18:41 +00:00
Adam Shimali
569f61578e Invited user email is shown on regiser from intive page but is not
editable.
2016-03-07 11:55:18 +00:00
Rebecca Law
41b08b7ca1 Added from_user name and service name for the cancelled invitation message. 2016-03-04 15:17:04 +00:00
Rebecca Law
8074c6ea7f Add cancelled-invite html.
If a invited user accepts a cancelled invitation they are directed to a page telling them the invitation is cancelled.
Without this they were able to register and were added to the service.
2016-03-04 14:42:52 +00:00
Adam Shimali
a974e6e157 [WIP] Add call to api to update invitation to accepted.
When flow for invited user is complete, that is
when user has been added to service, update invitation
to accepted
2016-03-03 18:13:56 +00:00
Adam Shimali
1ff9d671eb [WIP] pass invite instead of permissions to make update of invite easier if all goes well 2016-03-03 16:37:22 +00:00
Adam Shimali
6ba13a6513 [WIP] New user can now accept invite and will be made to
register. On succesful register and verfication they
will be added to service and forwarded to dashboard.

Nothing is done yet with the permissions requested in the
invite to the user.
2016-03-02 17:52:32 +00:00
Adam Shimali
5f02d4cefe [WIP] Post does not need any data
Invites rest module can use invited user object instead
of dict.
2016-03-01 17:23:23 +00:00
Adam Shimali
5f3c72729e [WIP] Start of user accepting invite.
This commit only deals with acceptance by
users who are already in system.

Changed invite client to return invited user objects
instead of dictionaries.

Added commented out test. fixed up fixtures to return invited user
object for invites
2016-03-01 14:10:35 +00:00