darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-07 20:03:33 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
d7cf28c07e6ee0807ea121e19dd74601577febce
notifications-admin/app/main/validators.py
Chris Hill-Scott 34ed0da362 Validate non canonical domains 
At the moment we transform what the user gives us, so if someone enters
`digital.cabinet-office.gov.uk` it will automagically be saved as
`cabinet-office.gov.uk`. This happens without the user knowing, and
might have unintended consequences.

So let’s tell them what the problem is, and let them decide what to do
about it (which might be accepting the canonical domain, or adding a
new organisation to domains.yml first).
2018-09-06 12:35:52 +01:00

136 lines
4.0 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import re
from notifications_utils.field import Field
from notifications_utils.recipients import (
InvalidEmailError,
validate_email_address,
)
from notifications_utils.sanitise_text import SanitiseGSM
from wtforms import ValidationError
from wtforms.validators import Email
from app import formatted_list
from app.main._blacklisted_passwords import blacklisted_passwords
from app.utils import AgreementInfo, Spreadsheet, is_gov_user
class Blacklist:
def __init__(self, message=None):
if not message:
message = 'Password is blacklisted.'
self.message = message
def __call__(self, form, field):
if field.data in blacklisted_passwords:
raise ValidationError(self.message)
class CsvFileValidator:
def __init__(self, message='Not a csv file'):
self.message = message
def __call__(self, form, field):
if not Spreadsheet.can_handle(field.data.filename):
raise ValidationError("{} isnt a spreadsheet that Notify can read".format(field.data.filename))
class ValidGovEmail:
def __call__(self, form, field):
from flask import url_for
message = (
'Enter a government email address.'
' If you think you should have access'
' <a href="{}">contact us</a>').format(url_for('main.support'))
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
class ValidEmail(Email):
def __init__(self):
super().__init__('Enter a valid email address')
def __call__(self, form, field):
try:
validate_email_address(field.data)
except InvalidEmailError:
raise ValidationError(self.message)
return super().__call__(form, field)
class NoCommasInPlaceHolders:
def __init__(self, message='You cant put commas between double brackets'):
self.message = message
def __call__(self, form, field):
if ',' in ''.join(Field(field.data).placeholders):
raise ValidationError(self.message)
class OnlyGSMCharacters:
def __call__(self, form, field):
non_gsm_characters = sorted(list(SanitiseGSM.get_non_compatible_characters(field.data)))
if non_gsm_characters:
raise ValidationError(
'You cant use {} in text messages. {} wont show up properly on everyones phones.'.format(
formatted_list(non_gsm_characters, conjunction='or', before_each='', after_each=''),
('It' if len(non_gsm_characters) == 1 else 'They')
)
)
class LettersNumbersAndFullStopsOnly:
regex = re.compile(r'^[a-zA-Z0-9\s\.]+$')
def __init__(self, message='Use letters and numbers only'):
self.message = message
def __call__(self, form, field):
if field.data and not re.match(self.regex, field.data):
raise ValidationError(self.message)
class DoesNotStartWithDoubleZero:
def __init__(self, message="Can't start with 00"):
self.message = message
def __call__(self, form, field):
if field.data and field.data.startswith("00"):
raise ValidationError(self.message)
class KnownGovernmentDomain:
message = 'Not a known government domain (you might need to update domains.yml)'
def __call__(self, form, field):
if field.data and AgreementInfo(field.data).owner is None:
raise ValidationError(self.message)
class CanonicalGovernmentDomain:
message = 'Not {} domain (use {} if appropriate)'
def __call__(self, form, field):
if not field.data:
return
domain = AgreementInfo(field.data)
if not domain.is_canonical:
raise ValidationError(
self.message.format('a canonical', domain.canonical_domain)
)
if field.data != domain.canonical_domain:
raise ValidationError(
self.message.format('an organisation-level', domain.canonical_domain)
)
Reference in New Issue View Git Blame Copy Permalink