Merge branch 'main' into 2104-join-notify

GSA · Dec 4, 2024 · a6a1aa0 · a6a1aa0
2 parents 8672960 + 8e896eb
commit a6a1aa0
Show file tree

Hide file tree

Showing 38 changed files with 752 additions and 361 deletions.
diff --git a/.ds.baseline b/.ds.baseline
@@ -161,7 +161,7 @@
         "filename": "app/config.py",
         "hashed_secret": "577a4c667e4af8682ca431857214b3a920883efc",
         "is_verified": false,
-        "line_number": 125,
+        "line_number": 123,
         "is_secret": false
       }
     ],
@@ -684,5 +684,5 @@
       }
     ]
   },
-  "generated_at": "2024-11-14T15:53:44Z"
+  "generated_at": "2024-11-21T23:08:45Z"
 }
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -144,6 +144,7 @@ jobs:
           inputs: requirements.txt
           ignore-vulns: |
             PYSEC-2024-60
+            PYSEC-2022-43162
       - name: Run npm audit
         run: make npm-audit
 

diff --git a/app/__init__.py b/app/__init__.py
@@ -1,8 +1,9 @@
 import os
 import pathlib
+import secrets
 from functools import partial
 from time import monotonic
-from urllib.parse import urlparse, urlunparse
+from urllib.parse import unquote, urlparse, urlunparse
 
 import jinja2
 from flask import (
@@ -114,6 +115,7 @@
     get_lines_with_normalised_whitespace,
 )
 from notifications_utils.recipients import format_phone_number_human_readable
+from notifications_utils.url_safe_token import generate_token
 
 login_manager = LoginManager()
 csrf = CSRFProtect()
@@ -168,10 +170,38 @@ def create_app(application):
 
     @application.context_processor
     def inject_feature_flags():
-        feature_best_practices_enabled = application.config[
-            "FEATURE_BEST_PRACTICES_ENABLED"
-        ]
-        return dict(FEATURE_BEST_PRACTICES_ENABLED=feature_best_practices_enabled)
+        feature_best_practices_enabled = application.config.get("FEATURE_BEST_PRACTICES_ENABLED", False)
+        feature_about_page_enabled = application.config.get("FEATURE_ABOUT_PAGE_ENABLED", False)
+        return dict(
+            FEATURE_BEST_PRACTICES_ENABLED=feature_best_practices_enabled,
+            FEATURE_ABOUT_PAGE_ENABLED=feature_about_page_enabled,
+        )
+
+    @application.context_processor
+    def inject_initial_signin_url():
+        ttl = 24 * 60 * 60
+
+        # make and store the state
+        state = generate_token(
+            str(request.remote_addr),
+            current_app.config["SECRET_KEY"],
+            current_app.config["DANGEROUS_SALT"],
+        )
+
+        state_key = f"login-state-{unquote(state)}"
+        redis_client.set(state_key, state, ex=ttl)
+
+        # make and store the nonce
+        nonce = secrets.token_urlsafe()
+        nonce_key = f"login-nonce-{unquote(nonce)}"
+        redis_client.set(nonce_key, nonce, ex=ttl)
+
+        url = os.getenv("LOGIN_DOT_GOV_INITIAL_SIGNIN_URL")
+        if url is not None:
+            url = url.replace("NONCE", nonce)
+            url = url.replace("STATE", state)
+
+        return {'initial_signin_url': url}
 
     notify_environment = os.environ["NOTIFY_ENVIRONMENT"]
 

diff --git a/app/assets/images/alarm.svg b/app/assets/images/alarm.svg
diff --git a/app/assets/images/alert.svg b/app/assets/images/alert.svg
diff --git a/app/assets/images/calendar.svg b/app/assets/images/calendar.svg
diff --git a/app/assets/sass/uswds/_uswds-theme-custom-styles.scss b/app/assets/sass/uswds/_uswds-theme-custom-styles.scss
@@ -676,28 +676,28 @@ details form {
    margin-top: 0;
 }
 
-ol.best-practices-list {
+ol.guides-list {
    counter-reset: item;
    list-style-type: none;
    padding-left: 0;
 }
 
-ol.best-practices-list.set-two {
+ol.guides-list.set-two {
    counter-reset: item 6;
 }
 
-ol.best-practices-list.set-three {
+ol.guides-list.set-three {
    counter-reset: item 10;
 }
 
-ol.best-practices-list li {
+ol.guides-list li {
    counter-increment: item;
    margin-bottom: 15px;
    position: relative;
    padding-left: 40px;
 }
 
-ol.best-practices-list li::before {
+ol.guides-list li::before {
    content: counter(item);
    background-color: #005ea2;
    color: white;
@@ -713,11 +713,11 @@ ol.best-practices-list li::before {
    top: 0;
 }
 
-li.best-practices {
+li.guides {
    padding-bottom: 50px;
 }
 
-div.best-practices {
+div.guides {
    height: 400px
 }
 
@@ -820,7 +820,7 @@ $do-dont-top-bar-width: 1;
 }
 
 @media (max-width: 758px) {
-   .best-practices-flex-container {
+   .guides-flex-container {
       flex-direction: column;
    }
 }
@@ -899,6 +899,7 @@ li.linked-card:hover svg,
 }
 
 .icon-list {
+   display: flex;
    width: 24px;
    height: 24px;
    padding: 2px 1px;

diff --git a/app/config.py b/app/config.py
@@ -91,9 +91,7 @@ class Config(object):
         getenv("FEATURE_BEST_PRACTICES_ENABLED", "false") == "true"
     )
 
-    FEATURE_ABOUT_PAGE_ENABLED = (
-        getenv("FEATURE_ABOUT_PAGE_ENABLED", "false") == "true"
-    )
+    FEATURE_ABOUT_PAGE_ENABLED = getenv("FEATURE_ABOUT_PAGE_ENABLED", "false") == "true"
 
 
 def _s3_credentials_from_env(bucket_prefix):