diff --git a/app/__init__.py b/app/__init__.py index 64580fcc1..4d89cd59e 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -1,8 +1,9 @@ import os import pathlib +import secrets from functools import partial from time import monotonic -from urllib.parse import urlparse, urlunparse +from urllib.parse import unquote, urlparse, urlunparse import jinja2 from flask import ( @@ -114,6 +115,7 @@ get_lines_with_normalised_whitespace, ) from notifications_utils.recipients import format_phone_number_human_readable +from notifications_utils.url_safe_token import generate_token login_manager = LoginManager() csrf = CSRFProtect() @@ -168,10 +170,38 @@ def create_app(application): @application.context_processor def inject_feature_flags(): - feature_best_practices_enabled = application.config[ - "FEATURE_BEST_PRACTICES_ENABLED" - ] - return dict(FEATURE_BEST_PRACTICES_ENABLED=feature_best_practices_enabled) + feature_best_practices_enabled = application.config.get("FEATURE_BEST_PRACTICES_ENABLED", False) + feature_about_page_enabled = application.config.get("FEATURE_ABOUT_PAGE_ENABLED", False) + return dict( + FEATURE_BEST_PRACTICES_ENABLED=feature_best_practices_enabled, + FEATURE_ABOUT_PAGE_ENABLED=feature_about_page_enabled, + ) + + @application.context_processor + def inject_initial_signin_url(): + ttl = 24 * 60 * 60 + + # make and store the state + state = generate_token( + str(request.remote_addr), + current_app.config["SECRET_KEY"], + current_app.config["DANGEROUS_SALT"], + ) + + state_key = f"login-state-{unquote(state)}" + redis_client.set(state_key, state, ex=ttl) + + # make and store the nonce + nonce = secrets.token_urlsafe() + nonce_key = f"login-nonce-{unquote(nonce)}" + redis_client.set(nonce_key, nonce, ex=ttl) + + url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") + if url is not None: + url = url.replace("NONCE", nonce) + url = url.replace("STATE", state) + + return {'initial_signin_url': url} notify_environment = os.environ["NOTIFY_ENVIRONMENT"] diff --git a/app/main/views/index.py b/app/main/views/index.py index 49eeae427..54e9d9df7 100644 --- a/app/main/views/index.py +++ b/app/main/views/index.py @@ -1,7 +1,3 @@ -import os -import secrets -from urllib.parse import unquote - from flask import ( abort, current_app, @@ -13,7 +9,7 @@ ) from flask_login import current_user -from app import redis_client, status_api_client +from app import status_api_client from app.formatters import apply_html_class, convert_markdown_template from app.main import main from app.main.views.pricing import CURRENT_SMS_RATE @@ -24,7 +20,6 @@ using_notify_nav, ) from app.utils.user import user_is_logged_in -from notifications_utils.url_safe_token import generate_token # Hook to check for feature flags @@ -57,31 +52,10 @@ def index(): if current_user and current_user.is_authenticated: return redirect(url_for("main.choose_account")) - ttl = 24 * 60 * 60 - - # make and store the state - state = generate_token( - str(request.remote_addr), - current_app.config["SECRET_KEY"], - current_app.config["DANGEROUS_SALT"], - ) - state_key = f"login-state-{unquote(state)}" - redis_client.set(state_key, state, ex=ttl) - - # make and store the nonce - nonce = secrets.token_urlsafe() - nonce_key = f"login-nonce-{unquote(nonce)}" - redis_client.set(nonce_key, nonce, ex=ttl) - - url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL") - if url is not None: - url = url.replace("NONCE", nonce) - url = url.replace("STATE", state) return render_template( "views/signedout.html", sms_rate=CURRENT_SMS_RATE, - counts=status_api_client.get_count_of_live_services_and_organizations(), - initial_signin_url=url, + counts=status_api_client.get_count_of_live_services_and_organizations() ) diff --git a/app/templates/components/header.html b/app/templates/components/header.html index 248abf250..a1c1de389 100644 --- a/app/templates/components/header.html +++ b/app/templates/components/header.html @@ -43,18 +43,29 @@
-