This is the newest version. Pyup is complaining about vulnerabilities in version 1.0.1, specifically > Werkzeug version 2.0.2 improves the security of the debugger cookies. > "SameSite" attribute is set to "Strict" instead of "None", and the > secure flag is added when on HTTPS. Previously we were using whatever version of Werkzeug that Flask specified this pins it to get rid of the vulnerability without having to upgrade everything at once. This requires a few changes to tests which were relying on importing `session` and `current_user` from Flask. Previously it seemed that importing these in the tests referred to the same object that was being used in the app. This appears to no longer be the case. This commit works around that by: - using a context manager to get the contents of the session, like we already do in most tests - asserting that the mock which logs the user in is being called with the right values, rather than looking at the state of the `current_user` object (which was probably giving false certainty anyway)
notifications-admin
GOV.UK Notify admin application - https://www.notifications.service.gov.uk/
- Register and manage users
- Create and manage services
- Send batch emails and SMS by uploading a CSV
- Show history of notifications
Setting up
Python version
At the moment we run Python 3.6 in production.
NPM packages
brew install node
NPM is Node's package management tool. n is a tool for managing different versions of Node. The following installs n and uses the long term support (LTS) version of Node.
npm install -g n
n lts
environment.sh
In the root directory of the application, run:
echo "
export NOTIFY_ENVIRONMENT='development'
export FLASK_APP=application.py
export FLASK_ENV=development
export WERKZEUG_DEBUG_PIN=off
"> environment.sh
AWS credentials
To run parts of the app, such as uploading letters, you will need appropriate AWS credentials. See the Wiki for more details.
To run the application
# install dependencies, etc.
make bootstrap
# run the web app
make run-flask
Then visit localhost:6012.
Any Python code changes you make should be picked up automatically in development. If you're developing JavaScript code, run npm run watch to achieve the same.
To test the application
# install dependencies, etc.
make bootstrap
# run all the tests
make test
# continuously run js tests
npm run test-watch
To run a specific JavaScript test, you'll need to copy the full command from package.json.
To update application dependencies
requirements.txt is generated from the requirements.in in order to pin versions of all nested dependencies. If requirements.in has been changed, run make freeze-requirements to regenerate it.