Chris Hill-Scott cb59413581 Update email_access_validated_at on link click
When someone uses a fresh password reset link they have proved that they
have access to their inbox.

At the moment, when revalidating a user’s email address we wait until
after they’ve put in the 2FA code before updating the timestamp which
records when they last validated their email address[1].

We can’t think of a good reason that we need the extra assurance of a
valid 2FA code to assert that the user has access to their email –
they’ve done that just by clicking the link. When the user clicks the
link we already update their failed login count before they 2fa. Think
it makes sense to handle `email_access_validated_at` then too.

As a bonus, the functional tests never go as far as getting a 2FA code
after a password reset[2], so the functional test user never gets its
timestamp updated. This causes the functional tests start failing after
90 days. By moving the update to this point we ensure that the
functional tests will keep passing indefinitely.

1. This code in the API (91542ad33e/app/dao/users_dao.py (L131))
   which is called by this code in the admin app (9ba37249a4/app/utils/login.py (L26))
2. 5837eb01dc/tests/functional/preview_and_dev/test_email_auth.py (L43-L46)
2021-08-19 11:14:47 +01:00
2021-02-22 17:19:46 +00:00
2021-03-08 18:48:56 +00:00
2021-06-01 18:44:54 +01:00
2021-03-08 18:48:56 +00:00
2021-05-14 11:10:16 +03:00

notifications-admin

GOV.UK Notify admin application - https://www.notifications.service.gov.uk/

  • Register and manage users
  • Create and manage services
  • Send batch emails and SMS by uploading a CSV
  • Show history of notifications

Setting up

Python version

At the moment we run Python 3.6 in production.

NPM packages

brew install node

NPM is Node's package management tool. n is a tool for managing different versions of Node. The following installs n and uses the long term support (LTS) version of Node.

npm install -g n
n lts

environment.sh

In the root directory of the application, run:

echo "
export NOTIFY_ENVIRONMENT='development'
export FLASK_APP=application.py
export FLASK_ENV=development
export WERKZEUG_DEBUG_PIN=off
"> environment.sh

AWS credentials

To run parts of the app, such as uploading letters, you will need appropriate AWS credentials. See the Wiki for more details.

To run the application

# install dependencies, etc.
make bootstrap

# run the web app
make run-flask

Then visit localhost:6012.

Any Python code changes you make should be picked up automatically in development. If you're developing JavaScript code, run npm run watch to achieve the same.

To test the application

# install dependencies, etc.
make bootstrap

# run all the tests
make test

# continuously run js tests
npm run test-watch

To run a specific JavaScript test, you'll need to copy the full command from package.json.

To update application dependencies

requirements.txt is generated from the requirements.in in order to pin versions of all nested dependencies. If requirements.in has been changed, run make freeze-requirements to regenerate it.

Further docs

Description
The UI of Notify.gov
Readme 559 MiB
Languages
Python 69.3%
HTML 16.6%
JavaScript 11.1%
SCSS 0.9%
Nunjucks 0.7%
Other 1.4%