Commit Graph

4937 Commits

Author SHA1 Message Date
Rebecca Law
114cfa6b17 Use the validation error message from the InvalidEmailError 2016-03-08 17:46:00 +00:00
Martyn Inglis
e07d16e8c6 Fixed up dates so that we respect mills 2016-03-08 17:45:37 +00:00
Chris Hill-Scott
6308a5b2ca Merge pull request #140 from alphagov/remove_delivery_config
Removed DELIVERY_CLIENT_USER_NAME and DELIVERY_CLIENT_SECRET
2016-03-08 17:10:44 +00:00
Martyn Inglis
67c4bd2263 Build rest endpoint to read service stats
- get stats by service id
- returns a list of stats objects

Not paginated - have 1 row per day.
2016-03-08 16:34:03 +00:00
Rebecca Law
29a7289d1e Use new email validation.
Use logger.exception where it makes sense, not for SqlAlchemy errors as it give too much information away.
2016-03-08 15:47:35 +00:00
Rebecca Law
cbc585a1b1 Merge branch 'master' into reset-password 2016-03-08 15:40:20 +00:00
Rebecca Law
5d7b1bc786 Removed DELIVERY_CLIENT_USER_NAME and DELIVERY_CLIENT_SECRET from configs and auth module 2016-03-08 15:27:12 +00:00
Martyn Inglis
f5f50e00ff New notification stats table
- to capture the counts of things that we do
- initial commit captures when we create an email or sms

DOES NOT know about ultimate success only that we asked our partners to ship the notification

Requires some updates when we retry sending in event of error.
2016-03-08 15:23:19 +00:00
Rebecca Law
6e17a015e8 Add missing import 2016-03-08 15:20:34 +00:00
Rebecca Law
d840b8d689 Merge branch 'master' into reset-password 2016-03-08 15:05:18 +00:00
Rebecca Law
ba337374fd - Remove password_changed_at from the update_dict in users_dao
- Format dates in UserSchema
- Properly formatted subject and message body for the password reset email
- Add name to the message for reset password
2016-03-08 14:33:06 +00:00
Chris Hill-Scott
8323757441 Accept phone numbers in any valid format
This uses the `format_phone_number` method from utils to output phone numbers
in a consistent format. It is added to the schemas, so will be applied before
the API tries to do anything with a provided phone number.

So now the API will accept any of the following:
- 07123456789
- 07123 456789
- 07123-456-789
- 00447123456789
- 00 44 7123456789
- +447123456789
- +44 7123 456 789
- +44 (0)7123 456 789

…but the API will always hand off phone numbers to 3rd party APIs in the format
- +447123456789

The test for this is slightly convoluted, because template IDs are still
database IDs, and can’t consistently be mocked, therefore we have to ignore that
part of the call to `encrypt()`.
2016-03-08 09:47:21 +00:00
Chris Hill-Scott
157b385327 Use validation of recipients from utils
This was added to utils in 5914da74f1

This means that:
- we are doing the exact same validation in the API and admin app
- we are actually validating phone numbers for the correct format (hence all the
  changes to the tests)
2016-03-08 09:47:21 +00:00
Chris Hill-Scott
7cb8450839 Use RecipientCSV from utils for processing CSVs
See https://github.com/alphagov/notifications-utils/pull/9 for details of the
changes.
2016-03-08 09:43:48 +00:00
NIcholas Staples
f931e3fca6 Merge pull request #133 from alphagov/aggregate-data
Aggregate data
2016-03-08 08:55:04 +00:00
Rebecca Law
5c4ac9d938 Include token creation date in the url token. 2016-03-07 18:20:20 +00:00
Rebecca Law
10296f0cc2 Send email address in the data rather than the user_id as a path param.
Remove unused OldRequestVerifyCodeSchema.
2016-03-07 15:21:05 +00:00
Martyn Inglis
4f8c2d31a5 Capture logged in at when password is verified 2016-03-07 15:01:40 +00:00
Rebecca Law
b15d3434c3 Added an endpoint and celery task to email a reset password url. 2016-03-07 14:34:53 +00:00
minglis
7665ec7213 Merge pull request #135 from alphagov/strip-html-from-templates
Strip HTML from template content
2016-03-07 12:40:29 +00:00
Chris Hill-Scott
b3f4e40421 Strip HTML from template content
Templates are created in the admin app and persisted in the API.

They are consumed:
- in the admin app, by requesting them from the API
- in the API, by loading them from the database

There are two potential places where unescaped HTML could be sent to a user:
- when the admin app is previewing a template (it has to render the template as
  markup in order to show the placeholders)
- in the body of an email

For all consumers to have confidence that the templates are safe, it makes sense
to santitise them at the point of creation (and modification). This also avoids
any performance issues that could come from doing it at the point of requesting
a template.

In the future they could be created by a direct API call, bypassing the admin
app. Therefore it makes sense for the API to sanitise them.

The commit sanitises templates using a Mozilla’s Bleach library[1]. It is
configured to get the text content of the template, minus any HTML tags. It is
not using a regex because[2].

1. https://github.com/mozilla/bleach
2. http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454
2016-03-04 22:07:10 +00:00
Martyn Inglis
ae395b490e Fixed bug where I forgot to update only the right job :-( 2016-03-04 15:54:43 +00:00
Martyn Inglis
c44aaf0fdc Capture the count of sent notifications for a job 2016-03-04 14:25:28 +00:00
Martyn Inglis
024e390c2f Merge branch 'master' into aggregate-data 2016-03-04 13:43:22 +00:00
Martyn Inglis
a186e277d7 Sent count on jobs 2016-03-04 13:42:55 +00:00
Chris Hill-Scott
f7a1cfac50 Revert "Strip HTML from template content" 2016-03-04 13:23:44 +00:00
Rebecca Law
7e1f3f6180 Merge pull request #130 from alphagov/strip-html-from-templates
Strip HTML from template content
2016-03-04 11:46:52 +00:00
Chris Hill-Scott
703e513ddf Strip HTML from template content
Templates are created in the admin app and persisted in the API.

They are consumed:
- in the admin app, by requesting them from the API
- in the API, by loading them from the database

There are two potential places where unescaped HTML could be sent to a user:
- when the admin app is previewing a template (it has to render the template as
  markup in order to show the placeholders)
- in the body of an email

For all consumers to have confidence that the templates are safe, it makes sense
to santitise them at the point of creation (and modification). This also avoids
any performance issues that could come from doing it at the point of requesting
a template.

In the future they could be created by a direct API call, bypassing the admin
app. Therefore it makes sense for the API to sanitise them.

The commit sanitises templates using an XML parser. It extracts the text content
of the template, minus any HTML tags, because of this famous StackOverflow
answer:
http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454
2016-03-04 07:03:15 +00:00
Adam Shimali
f945253596 [WIP] Changed add user to service to take list of permissions instead
of invite.
2016-03-03 17:36:21 +00:00
Adam Shimali
fc8e27e582 [WIP] When user is added to a service a list of permissions groups are
used to assign the correct permissions to the user.

Last slice will be to update invite status.
2016-03-03 16:38:12 +00:00
Martyn Inglis
9b28a6d4ad Fixed version file to use new names 2016-03-03 16:27:13 +00:00
Martyn Inglis
5a2cf1baca Appeased pep8 2016-03-03 15:38:22 +00:00
Martyn Inglis
13320cbed0 Updated to populate on dev 2016-03-03 15:32:22 +00:00
Martyn Inglis
24a9487a20 Updated status page
- include travis build number
- renamed properties
- ELB version
- moved code all into health check
- changed health check to be on same URL for admin and api
2016-03-03 15:18:12 +00:00
Martyn Inglis
b818e1a535 Populate version data with build number and fixed date 2016-03-03 15:06:10 +00:00
Martyn Inglis
aaedd4d054 Removed unused notifcation status 2016-03-03 12:19:56 +00:00
Rebecca Law
2d142287c2 Merge pull request #125 from alphagov/check-restricted-services-on-tasks
Ensure restricted service are respected by tasks:
2016-03-03 12:17:52 +00:00
Martyn Inglis
800afc9e44 Ensure restricted service are respected by tasks:
This is checked on 3rd party API calls, but jobs (CSV files) were able expected to only allow valid files.

Change in tack means we want to have restricted notification failures reported in the UI.
2016-03-03 12:05:18 +00:00
Nicholas Staples
c80753bb75 Fix url for user service permissions. 2016-03-03 09:59:21 +00:00
Nicholas Staples
ebec54cb80 Permission enums corrected, all tests passing. 2016-03-02 15:34:26 +00:00
Rebecca Law
3fd3aa5b3e Merge pull request #119 from alphagov/update_permission_endpoints
Update permission endpoints
2016-03-02 14:33:18 +00:00
Rebecca Law
0c4b34d65a Merge branch 'master' into revert-queue-config 2016-03-02 13:20:55 +00:00
Rebecca Law
6a739d5ec9 Remove celery_queues from config.
Removed unused endpoint.
2016-03-02 13:15:23 +00:00
Chris Hill-Scott
b202af716d Fix bug where sending messages failed
When building the template it was looking for a placeholder called
((phone number)). This caused it to fail because the template it had did not
match the personalisation it was being given.

`Template` has an optional parameter for specifying personalisation values that
should be ignored. The recipient of a message is an example of such a value.

This commit passes that extra parameter, which fixes that bug.
2016-03-02 12:27:50 +00:00
NIcholas Staples
62f66329a9 Merge pull request #117 from alphagov/time-3rd-party-calls
Add logging around 3rd party delivery calls
2016-03-02 11:27:00 +00:00
Chris Hill-Scott
cc741003c0 Log FireText exceptions as exceptions 2016-03-02 11:14:32 +00:00
Chris Hill-Scott
0e5d72494e Prefix all SMS messages with service name
Implements https://github.com/alphagov/notifications-utils/pull/4
2016-03-02 11:14:32 +00:00
Nicholas Staples
01f616eeac Fix all tests. 2016-03-02 11:10:52 +00:00
Nicholas Staples
6f689a187e Merge remote-tracking branch 'origin/master' into update_permission_endpoints 2016-03-02 10:44:38 +00:00
Martyn Inglis
35b7b884f8 Add logging around 3rd party delivery calls
- time SES, Twilio, fire text calls
- use monotonic for accuracy
2016-03-02 09:33:20 +00:00