Commit Graph

3534 Commits

Author SHA1 Message Date
Katie Smith
2fe6c34730 Merge pull request #4098 from alphagov/form-bug-fixes
Fix two small bugs with forms
2021-12-13 11:19:11 +00:00
Katie Smith
30824b110c Fix billing page to show correct user who signed MOU
If the organisation table contains an entry for `agreement_signed_by_id`
and for `agreement_signed_on_behalf_of_name` then we should the person
who signed the MOU as being the `agreement_signed_on_behalf_of_name`.
This was wrongly showing the `agreement_signed_by_id` as the person who
signed the agreement.
2021-12-13 09:48:41 +00:00
Katie Smith
d8ebcdce22 Stop errors when changing an email address to an invalid one
We use the `ChangeEmailForm` if you want to change your own email
address or someone else's email address. This has various validators
which get run. We check if the email address is valid (by using a
function from utils) and if the email address is already in use
(by calling API).

If the email address is not valid, we should not call API to see if it's
already in use because this will cause an exception in API leading to a
`500` in admin. We now only call API if there were no other errors with
the email address.

(The `test_should_redirect_after_name_change` test didn't need the
`mock_email_is_not_already_in_use` fixture, so this has been removed.)
2021-12-10 17:11:46 +00:00
Katie Smith
e42853205c Update govuk_text_input_field_widget to only show one error
If there were multiple errors, this widget was joining the messages
together and displaying all error messages. If a text input field does
have more than one validation error, we only want to show one.
2021-12-10 14:59:18 +00:00
Katie Smith
58532ee4ca Merge pull request #4092 from alphagov/org-billing
Add new 'Billing' page for organisations
2021-12-10 12:48:37 +00:00
Katie Smith
aef83ad261 Add link to user page to go live tickets
This adds a link to the user profile of the person who requested to go
live for "Request to go live" Zendesk tickets. Viewing a user's profile
page helps us to check for duplicate organisations and services from
that user.
2021-12-10 11:51:04 +00:00
Katie Smith
66c50abc38 Add new 'Billing' page for organisations
We want organisation team members to be able to see the MOU details for
their organisation. This change creates a new page called billing, which
contains these details. It's only visible to platform admin users now -
the plan is to add more information to this page, then to make it visible
to all organisation users.

The page showing the MOU covers the case of when agreement_signed is
True, when an agreement_signed is False, and when agreement_signed is
None. The case when an agreement_signed is None is very rare - it
signifies that the agreement is not signed but that we have some
service-specific agreements in place. We only have a few organisations
in this state, so it's unlikely that the content for this scenario will
be seen.

When an organisation has signed the agreement we may know the full
details (signing date, version signed, the person who signed it or who it
was signed on behalf of), or we may only have the name of the person who
signed the agreement. We show the more detailed content if possible, and
a less detailed version of the content if not.

There's a new route for downloading the agreement which is almost
identical to the existing `.service_download_agreement` route (plus the
test is almost the same), except that it takes an organisation ID
instead of a service ID.
2021-12-10 08:46:24 +00:00
Ben Thorner
1e63ee2d09 Merge pull request #4089 from alphagov/flash-upload-errors-177535141
Show flash instead of inline upload errors
2021-12-08 10:03:06 +00:00
Ben Thorner
b04bb51971 Merge pull request #4090 from alphagov/limit-csv-file-size-177535141
Reject CSV / Spreadsheet files larger than 10Mb
2021-12-07 17:00:05 +00:00
Ben Thorner
0ce7f72b07 Reject CSV / Spreadsheet files larger than 10Mb
This is a quick additional check to protect the user:

- From getting a CloudFront 502 error if the file takes too
long to upload. I was surprised to find it takes about 1 minute
to upload a 70Mb file to S3.*

- From getting a CloudFront 502 error when we follow the redirect
and run through the slow processing code in utils that builds a
RecipientCSV [1].

For context, a CSV with 100K rows and a few columns is around 5Mb,
so a 10Mb limit should be enough. Analysis over the past week shows
that the vast majority of CSV uploads are actually < 2.5Mb.

I haven't added any tests for this because:

- The check isn't critical, as the worst case scenario is the user
gets a worse error than this in-app one.

- There's no easy way to mock the validation, and I didn't want to
have a test that depends on a 10Mb+ file.

*We're using "key.put" to upload the file, when we could be doing
a multipart upload [2]. However, I tried this myself with a chunk
size of 1000 bytes and found it only led to a marginal improvement.

[1]: https://github.com/alphagov/notifications-utils/pull/930
[2]: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-uploading-files.html
2021-12-07 15:33:34 +00:00
David McDonald
925f86aa70 Merge pull request #4088 from alphagov/security-policy
Add security policy page
2021-12-07 15:29:33 +00:00
Chris Hill-Scott
fb441e1f09 Merge pull request #4084 from alphagov/dont-confirm-password-service-name-change
Don’t force users to re-enter their password when renaming a service
2021-12-07 15:02:21 +00:00
David McDonald
fea5596234 Add security policy page
This follows the guidance in
https://gds-way.cloudapps.digital/standards/vulnerability-disclosure.html#vulnerability-disclosure-and-security-txt
2021-12-07 14:53:42 +00:00
Chris Hill-Scott
bf15488095 Rename test to remove ‘confirmation’ 2021-12-07 14:30:56 +00:00
Chris Hill-Scott
787cb3ef1f Merge pull request #3994 from alphagov/update-utils-coordinate-transformation
Update utils to bring in coordinate transformation
2021-12-07 11:07:07 +00:00
Ben Thorner
92549fd2d6 Show flash instead of inline upload errors
This has several advantages:

- It gives us more room to explain the error and actions. This will
be useful for upcoming work we want to do, which will add yet more
validations for CSV uploads.

- We already use a flash to show certain kinds of errors on these
pages (just above). This is more consistent.

- It's potentially more accessible. Previously the error and the
button text used to be read out as a single sentence. Now the page
reloads and reads the flash error alone.

In theory we should show an error in both places, but this can be
confusing on pages where there's only a single form control, and
especially if the error is long.
2021-12-06 17:12:27 +00:00
Ben Thorner
c0da7a27ed Fix not showing errors for invalid contact uploads
This code should behave the same way as other CSV uploads [1],
but we had to write it in a hurry [2] and the way we show an
error with the upload field was based off that for PDF uploads,
where we show custom button text instead of an error [3].

This fixes the inconsistency, so that we see the same errors
for CSV uploads here as in other parts of the app.

[1]: 6b52735dac/app/templates/views/send.html (L25)
[2]: 1c02476ee7 (diff-aedd12af78c9737f1c3344d2afbb9c00878eccbcc754b2b3d9e6864c2ad2f7c3R32)
[3]: 3b3f74bbf0
2021-12-01 16:59:30 +00:00
Chris Hill-Scott
1190e4541b Remove re-enter password step from rename service
The original idea behind was to always ask users to re-enter their
password any time:
- we want them to be sure that they want to do what they’re about to do
- we want to be sure it’s really the user trying to do the thing (and
  not someone malicious)

In reality we:
- removed this from the initial place it was added (a descendent of the
  ‘suspend service’ feature)
- only ever added it to the ‘rename service’ feature

So in reality it’s not a pattern we have persisted with. Arguably there
are several things you can now do in the admin app without re-entering
your password which are much more high consequence than changing the
service name.

Also, with browser autofill there’s a lot less chance that forcing
someone to re-enter a password really gives much defence against an
unatteneded laptop, for example.

I also wonder whether we might get people to give better service names
if we make the process of renaming the service less intimidating.

So this commit removes the need to re-enter your password when renaming
a service.

Note that re-naming an organisation still has the same check, but I
haven’t removed that too for the sake of keeping scope of the PR small.
2021-12-01 15:25:53 +00:00
Chris Hill-Scott
6cb326f153 Update utils to do linear transformation of polygons
Brings in https://github.com/alphagov/notifications-utils/pull/889/files

At the moment, we are not doing any transformation of features before
applying geometric algorithms to them. This is, in effect, assuming that
the earth is flat.

This new version of utils implements the transformation of our polygons
to a Cartesian plane. In other words, it converts them from being
defined in spherical degrees to metres.

For the admin app this means we need to convert places where the code
expects things to be measured in degrees to work in metres instead.
2021-12-01 14:10:54 +00:00
Chris Hill-Scott
c9767fc179 Remove free text allowance column from org report
We think that the API is returning incorrect data for this column.

It’s going to take a while to figure out what’s going on with the
queries in the API, so this pull request temporarily removes the column
so we’ve not giving people incorrect data.
2021-11-25 18:08:31 +00:00
David McDonald
64515555a8 Merge pull request #4079 from alphagov/2dp-performance-page
Change performance stats to be 2 decimal places
2021-11-25 16:12:11 +00:00
David McDonald
30330d86b1 Change performance stats to be 2 decimal places
We are starting to see lots of 100.0%s in the current table
and we think this looks suspiciously too good so think it is
beneficial to change it to be 2dp such that we get a few more
non 100.0% values.

This will put all the values in to having 2dp, however it will
also require the API to have a change to
https://github.com/alphagov/notifications-api/blob/master/app/performance_dashboard/rest.py#L81
where it is currently losing the granularity down to a single
decimal place (meaning that if we were really at 99.894% then that
would be shown on the page as 99.90% rather than 99.89%). However,
I don't think it is a blocker that we get that sorted before this
can be merged.
2021-11-25 14:49:38 +00:00
Chris Hill-Scott
adcd1d3e3e Merge pull request #4075 from alphagov/change-send-button-content
Update ‘Send’ button content
2021-11-25 14:42:29 +00:00
Chris Hill-Scott
5c33fbd48a Format monetary values to two decimal places
This means that the data in the report will match what’s on the page,
where the values are rounded to the nearest penny.

This uses the same string formatting to round the numbers which the
`big_number` component does, so it should round the numbers in the same
way.
2021-11-25 10:34:18 +00:00
Chris Hill-Scott
3df49acb73 Add test coverage for link button on template page 2021-11-24 16:35:34 +00:00
Pea Tyczynska
ded7fa524f Merge pull request #4071 from alphagov/downloadable-org-use-report
Add downloadable report for org usage
2021-11-23 11:10:53 +00:00
Pea Tyczynska
47e303b8c3 Add downloadable report for org usage
This is so org level users can use this data easier for things
like determining spending per service.

We do not include sms fragments sent column and remove other sms columns

consistency.

Do not add sms fragments sent column for now until we agree on an
unambiguous name for it. The data in this column is sms billing units
multiplied by international sms weighing. My favourite for a clear
name would be 'text message credits used', but we need a naming
strategy for this.
2021-11-23 10:57:48 +00:00
Pea Tyczynska
00a629befc Link to downloadable report for org usage
Link is sticky so that it is easy to spot even when
an org has many services.
2021-11-17 17:58:06 +00:00
Chris Hill-Scott
223b275507 Merge pull request #4010 from alphagov/refactor-duplicate-method
Refactor `get_simple_polygons` method for reuse
2021-11-15 11:21:50 +00:00
Chris Hill-Scott
47797cf686 Merge pull request #4034 from alphagov/refactor-services-models
Refactor services and organisations models for users
2021-11-15 11:21:43 +00:00
Chris Hill-Scott
0c2b586e40 Make organisations natively sortable 2021-11-11 14:59:06 +00:00
Chris Hill-Scott
ccebae6c75 Merge pull request #4055 from alphagov/fix-headings-choose-account
Fix headings on choose account page
2021-11-09 16:25:37 +00:00
Chris Hill-Scott
029682d561 Rename model to AllOrganisations
This makes it clearer that this model collection isn’t the organisations
for a user or a service or some other entity, like most model
collections are.

It will also lets us make a separate Organisations model, without the
name conflicting.
2021-11-09 15:05:42 +00:00
Chris Hill-Scott
18d14a06fa Refactor get_simple_polygons method for reuse
This means we:
- don’t need to pass the areas around as an argument
- keep all the complexity of combining polygons from different areas in
  one method
2021-11-09 15:05:27 +00:00
Chris Hill-Scott
d0cab60885 Merge pull request #4064 from alphagov/fix-autofocus-in-some-places
Fix autofocus in places where it wasn’t working
2021-11-09 15:04:41 +00:00
David McDonald
56d6b3e533 Merge pull request #4059 from alphagov/bump-utils-to-fix-non-break-space
Upgrade utils to 48.0.0
2021-11-05 15:13:48 +00:00
Chris Hill-Scott
67d7399018 Merge pull request #4047 from alphagov/reference-new-alert
Change ‘title’ to ‘reference’ when writing alert
2021-11-05 10:01:53 +00:00
Chris Hill-Scott
e3089af1ef Add test coverage for configuration of autofocus
This commits adds test coverage for ther HTML in several of the forms
which had broken autofocus.

It means that if we make changes to the HTML which triggers autofocus in
the future it should be more obvious that something is depending on the
attributes being added/removed.
2021-11-04 17:34:41 +00:00
David McDonald
c532e57751 Dry up and standardise GET test for edit email reply to address
This moves things out of the parametrization that didn't need to be
in there and also makes the test match the test below,
test_shows_delete_link_for_error_on_post_request_for_edit_email_reply_to_address,
more closely.
2021-11-04 11:28:32 +00:00
David McDonald
b4b124d681 Fix bug with reply to email addresses
https://www.pivotaltracker.com/story/show/180026726

There was a bug where if you enter an invalid email address in
to the edit reply to email address form and click save, the
form you get shown with your error message will always contain
the field to set as default the reply to and also delete. This should
not have been the case. If you make an error on the form when
changing a reply to that is already a default, then you should not
be given the chance to change it to not default, nor should you
be able to delete it.

This commit fixes that bug by making sure the additional form fields
are only shown if the reply to being changed is not the default.
2021-11-04 11:21:58 +00:00
Tom Byers
9d59edb3ce Replace 'x' psuedo element with SVG
The current link button for removing an area is
created using a psuedo element with an 'x' as
content.

The inline box for the 'x' overlapped its parent.
This is visible in high contrast mode, breaking the
parent's border. Despite existing in CSS, the 'x'
is also announced by screen readers, which is not
what we want.

This changes it to be an inline SVG with a role of
image. It doesn't require as large an inline box
so doesn't cause visual issues in high contrast
modes. It also means we can set it's label similar to
how you would an image's alt text, giving us
control over what is announced by screen readers.

This commit also includes some extra CSS,
targeting high contrast modes, giving the
link button the following when viewed in those
modes:
- a complete border so it is
  distinguishable from the list item
- a focus style
2021-11-02 11:51:44 +00:00
David McDonald
c6b884dcef Upgrade utils to 48.0.0
Fixes a bug with non breaking spaces being removed from templates
2021-11-01 10:22:58 +00:00
Chris Hill-Scott
bc06b47a92 Delete unexpected test case 2021-10-28 10:31:02 +01:00
Chris Hill-Scott
ca3d696bc1 Delete unexpected test case 2021-10-28 10:24:41 +01:00
Chris Hill-Scott
cd86035588 :Use more realistic test data 2021-10-28 10:24:40 +01:00
Chris Hill-Scott
1334538cad Prefer cap_event to reference when referring to an alert
`reference` isn’t very human-friendly – the Environment Agency just
supply a UUID in this field.

The Environment Agency also populate the `<event>`` field with some
human readable text, for example:

> 013 Issue Severe Flood Warning EA

(013 is an ‘area code’ which will be meaningful to the Flood Warning Service team)

This commit changes the frontend to display the value of the `cap_event`
field, if it’s present, which is where the API stores the value of the
`<event>` field from the original CAP XML.

***

Depends on:
- [x] https://github.com/alphagov/notifications-api/pull/3344/files
2021-10-28 10:24:32 +01:00
Chris Hill-Scott
151a61f7d3 Fix headings on choose account page
You’re supposed to see the two column layout on this page if you have
multiple categories of things to show.

We weren’t counting the ‘platform admin’ section as one of these
categories so platform admin users with only live services or only trial
mode services were inadvertenly seeing a mixture of the one column and
two column layout.

Also this logic around the headings wasn’t tested before – now it is.
2021-10-26 15:06:43 +01:00
Leo Hemsted
5e36061df6 fix link in delivery status page 2021-10-20 11:39:05 +01:00
Tom Byers
b968c0299e Change map key items from list to paragraphs
I recently found that there is a problem with the
overuse of lists online for sequences of content
that don't need to be in a list. I think that's
what we're doing with our map key.

The problem is large enough that browsers include
heuristics to determine if lists should be
presented as such to the accessibility API (and so
to assistive tech' like screen readers). This
thread contains more details:

https://twitter.com/cookiecrook/status/1337226933822603270

Based on the metric described in the thread:

'If all of the styles that make it “list-like”
have been removed, it’s no longer relevant to
convey it as a list.'

...or

'if a sighted user doesn’t need to know it’s a
list, why would a screen reader user need to know
or want to know?'

Based on that, I think the items in our map key
should be paragraphs, not items in a list.

Also, they read really well as sentences when
announced by a screen reader, partly because of
the extra (hidden) info @quis added to them.
This also doesn't change their visual appearance.
2021-10-19 11:09:39 +01:00
Chris Hill-Scott
af7a0a52ab Change ‘title’ to ‘reference’ when writing alert
On the screen where you write an alert without a template Andy pointed
out that ‘title’ feels  bit out of place.

We chose this because ‘Template name’ definitely didn’t fit, but I agree
that reference is better.

Via https://trello.com/c/EqUln5yD/60-changing-title-to-reference-for-alert-template-new-message
2021-10-18 15:43:01 +01:00