mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-18 05:30:21 -04:00
136662bd309d986a9b7c3e0ee76588612c1ab761
If a user chooses a very common password then an attacker could guess it in relatively few attempts, circumventing the lockout. CESG recommend blacklisting the most common passwords: > …enforcing the requirement for complex character sets in passwords is > not recommended. Instead, concentrate efforts on technical controls, > especially: > > - defending against automated guessing attacks by either using account > lockout, throttling, or protective monitoring > - blacklisting the most common password choices How I made this list: - went to the OWASP repository of security lists: https://github.com/danielmiessler/SecLists - downloaded `10k_most_common.txt`, `twitter-banned.txt` and `500-worst-passwords.txt` - filtered out any under 8 characters: ``` sed -r '/^.{,7}$/d' passwords-twitter.txt > passwords-combined.txt sed -r '/^.{,7}$/d' passwords-500.txt >> passwords-combined.txt sed -r '/^.{,7}$/d' passwords.txt >> passwords-combined.txt ``` - filtered out any duplicates: ``` cat passwords-combined.txt | awk '!x[$0]++' > passwords-combined-deduped.txt ```
notifications-admin
GOV.UK Notify admin application.
Features of this application
- Register and manage users
- Create and manage services
- Send batch emails and SMS by uploading a CSV
- Show history of notifications
First-time setup
Brew is a package manager for OSX. The following command installs brew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Languages needed
- Python 3.4
- Node 5.0.0 or greater
brew install node
NPM is Node's package management tool. n is a tool for managing
different versions of Node. The following installs n and uses the latest
version of Node.
npm install -g n
n latest
npm rebuild node-sass
The app runs within a virtual environment. We use mkvirtualenv for easier working with venvs
pip install virtualenvwrapper
mkvirtualenv -p /usr/local/bin/python3 notifications-admin
Install dependencies and build the frontend assets:
workon notifications-admin
./scripts/bootstrap.sh
Rebuilding the frontend assets
If you want the front end assets to re-compile on changes, leave this running in a separate terminal from the app
npm run watch
Create a local environment.sh file containing the following:
echo "
export NOTIFY_ENVIRONMENT='development'
export ADMIN_CLIENT_SECRET='notify-secret-key'
export API_HOST_NAME='http://localhost:6011'
export DANGEROUS_SALT='dev-notify-salt'
export SECRET_KEY='notify-secret-key'
export DESKPRO_API_HOST="some-host"
export DESKPRO_API_KEY="some-key"
"> environment.sh
AWS credentials
Your aws credentials should be stored in a folder located at ~/.aws. Follow Amazon's instructions for storing them correctly
Generate the application version file
make generate-version-file
Running the application
workon notifications-admin
./scripts/run_app.sh
Then visit localhost:6012
Description
Languages
Python
69.3%
HTML
16.6%
JavaScript
11.1%
SCSS
0.9%
Nunjucks
0.7%
Other
1.4%