zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-22 02:36:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'main' into nmb/migrate-cisa-dotgov

Browse source
This commit is contained in:
Neil Martinsen-Burrell 2023-08-22 13:13:01 -05:00
commit 0b838d6c36
No known key found for this signature in database
GPG key ID: 6A3C818CC10D0184
19 changed files with 220 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

8
.github/ISSUE_TEMPLATE/developer-onboarding.md vendored
View file

@ -24,13 +24,13 @@ There are several tools we use locally that you will need to have.
### Steps for the onboardee
- [ ] Setup [commit signing in Github](#setting-up-commit-signing) and with git locally.
- [ ] [Create a cloud.gov account](https://cloud.gov/docs/getting-started/accounts/)
- [ ] Have an admin add you to the CISA Github organization and Dotgov Team.
- [ ] Email github@cisa.dhs.gov (cc: Cameron) to add you to the [CISA Github organization](https://github.com/getgov) and [.gov Team](https://github.com/orgs/cisagov/teams/gov).
- [ ] Ensure you can login to your cloud.gov account via the CLI
```bash
cf login -a api.fr.cloud.gov --sso
```
- [ ] Have an admin add you to cloud.gov org and set up your [sandbox developer space](#setting-up-developer-sandbox). Ensure you can deploy to your sandbox space.
- [ ] Have an admin add you to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/).
- [ ] Have an admin add you to our login.gov sandbox team (`.gov Registrar`) via the [dashboard](https://dashboard.int.identitysandbox.gov/).
**Note:** As mentioned in the [Login documentation](https://developers.login.gov/testing/), the sandbox Login account is different account from your regular, production Login account. If you have not created a Login account for the sandbox before, you will need to create a new account first.
@ -39,12 +39,12 @@ cf login -a api.fr.cloud.gov --sso
### Steps for the onboarder
- [ ] Add the onboardee to cloud.gov org (cisa-dotgov)
- [ ] Setup a [developer specific space for the new developer](#setting-up-developer-sandbox)
- [ ] Add the onboardee to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/)
- [ ] Add the onboardee to our login.gov sandbox team (`.gov Registrar`) via the [dashboard](https://dashboard.int.identitysandbox.gov/)
## Documents to Review
- [ ] [Team Charter](https://docs.google.com/document/d/1xhMKlW8bMcxyF7ipsOYxw1SQYVi-lWPkcDHSUS6miNg/edit), in particular our Github Policy
- [ ] [Team Onboarding](https://docs.google.com/document/d/1ukbpW4LSqkb_CCt8LWfpehP03qqfyYfvK3Fl21NaEq8/edit?usp=sharing)
- [ ] [Architecture Decision Records](https://github.com/cisagov/dotgov/tree/main/docs/architecture/decisions)
- [ ] [Contributing Policy](https://github.com/cisagov/dotgov/tree/main/CONTRIBUTING.md)

139
.github/pull_request_template.md vendored
View file

@ -1,13 +1,134 @@
# <!-- Use the title to describe PR changes in the imperative mood --> #
## Ticket
## 🗣 Description ##
Resolves #00
<!--Reminder, when a code change is made that is user facing, beyond content updates, then the following are required:
- a developer approves the PR
- a designer approves the PR or checks off all relevant items in this checklist.
<!-- Describe the "what" of your changes in detail. -->
<!-- Please link to any relevant issues. -->
All other changes require just a single approving review.-->
## 💭 Motivation and context ##
## Changes
<!-- Why is this change required? -->
<!-- What problem does this change solve? How did you solve it? -->
<!-- Mention any related issue(s) here using appropriate keywords such -->
<!-- as "closes" or "resolves" to auto-close them on merge. -->
<!-- What was added, updated, or removed in this PR. -->
- Change 1
- Change 2
<!--
Please add/remove/edit any of the template below to fit the needs
of this specific PR.
--->
## Context for reviewers
<!--Background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers. -->
## Setup
<!-- Add any steps or code to run in this section to help others run your code.
Example 1:
```sh
echo "Code goes here"
```
Example 2: If the PR was to add a new link with a redirect, this section could simply be:
-go to /path/to/start/page
-click the blue link in the <insert location>
-notice user is redirected to <proper end location>
-->
## Code Review Verification Steps
### As the original developer, I have
#### Satisfied acceptance criteria and met development standards
- [ ] Met the acceptance criteria, or will meet them in a subsequent PR
- [ ] Created/modified automated tests
- [ ] Added at least 2 developers as PR reviewers (only 1 will need to approve)
- [ ] Messaged on Slack or in standup to notify the team that a PR is ready for review
- [ ] Changes to “how we do things” are documented in READMEs and or onboarding guide
- [ ] If any model was updated to modify/add/delete columns, makemigrations was ran and the assoicated migrations file has been commited.
#### Ensured code standards are met (Original Developer)
- [ ] All new functions and methods are commented using plain language
- [ ] Did dependency updates in Pipfile also get changed in requirements.txt?
- [ ] Interactions with external systems are wrapped in try/except
- [ ] Error handling exists for unusual or missing values
#### Validated user-facing changes (if applicable)
- [ ] New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
- [ ] Checked keyboard navigability
- [ ] Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
- [ ] Add at least 1 designer as PR reviewer
### As a code reviewer, I have
#### Reviewed, tested, and left feedback about the changes
- [ ] Pulled this branch locally and tested it
- [ ] Reviewed this code and left comments
- [ ] Checked that all code is adequately covered by tests
- [ ] Made it clear which comments need to be addressed before this work is merged
- [ ] If any model was updated to modify/add/delete columns, makemigrations was ran and the assoicated migrations file has been commited.
#### Ensured code standards are met (Code reviewer)
- [ ] All new functions and methods are commented using plain language
- [ ] Interactions with external systems are wrapped in try/except
- [ ] Error handling exists for unusual or missing values
- [ ] (Rarely needed) Did dependency updates in Pipfile also get changed in requirements.txt?
#### Validated user-facing changes as a developer
- [ ] New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
- [ ] Checked keyboard navigability
- [ ] Meets all designs and user flows provided by design/product
- [ ] Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
- [ ] Tested with multiple browsers, the suggestion is to use ones that the developer didn't (check off which ones were used)
- [ ] Chrome
- [ ] Microsoft Edge
- [ ] FireFox
- [ ] Safari
- [ ] (Rarely needed) Tested as both an analyst and applicant user
**Note:** Multiple code reviewers can share the checklists above, a second reviewers should not make a duplicate checklist
### As a designer reviewer, I have
#### Verified that the changes match the design intention
- [ ] Checked that the design translated visually
- [ ] Checked behavior
- [ ] Checked different states (empty, one, some, error)
- [ ] Checked for landmarks, page heading structure, and links
- [ ] Tried to break the intended flow
#### Validated user-facing changes as a designer
- [ ] Checked keyboard navigability
- [ ] Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
- [ ] Tested with multiple browsers (check off which ones were used)
- [ ] Chrome
- [ ] Microsoft Edge
- [ ] FireFox
- [ ] Safari
- [ ] (Rarely needed) Tested as both an analyst and applicant user
## Screenshots
<!-- If this PR makes visible interface changes, an image of the finished interface can help reviewers
and casual observers understand the context of the changes.
A before image is optional and can be included at the submitter's discretion.
Consider using an animated image to show an entire workflow.
You may want to use [GIPHY Capture](https://giphy.com/apps/giphycapture) for this! 📸
_Please frame images to show useful context but also highlight the affected regions._
--->

1
.github/workflows/deploy-sandbox.yaml vendored
View file

@ -18,6 +18,7 @@ jobs:
|| startsWith(github.head_ref, 'za/')
|| startsWith(github.head_ref, 'rh/')
|| startsWith(github.head_ref, 'nl/')
|| startsWith(github.head_ref, 'dk/')
outputs:
environment: ${{ steps.var.outputs.environment}}
runs-on: "ubuntu-latest"

2
.github/workflows/deploy-staging.yaml vendored
View file

@ -36,6 +36,6 @@ jobs:
with:
cf_username: ${{ secrets.CF_STAGING_USERNAME }}
cf_password: ${{ secrets.CF_STAGING_PASSWORD }}
cf_org: cisa-getgov-prototyping
cf_org: cisa-dotgov
cf_space: staging
push_arguments: "-f ops/manifests/manifest-staging.yaml"

1
.github/workflows/migrate.yaml vendored
View file

@ -25,6 +25,7 @@ on:
- ab
- bl
- rjm
- dk
jobs:
migrate:

1
.github/workflows/reset-db.yaml vendored
View file

@ -26,6 +26,7 @@ on:
- ab
- bl
- rjm
- dk
jobs:
reset-db:

16
CONTRIBUTING.md
View file

@ -9,6 +9,22 @@ There are a handful of things we do not commit to the repository:
- Compliance documentation that includes IP addresses
- Secrets of any kind
## Branch naming convention
For developers, you can auto-deploy your code to your sandbox (if applicable) by naming your branch thusly: jsd/123-feature-description
Where 'jsd' stands for your initials and sandbox environment name (if you were called John Smith Doe), and 123 matches the ticket number if applicable.
## Approvals
When a code change is made that is not user facing, then the following is required:
- a developer approves the PR
When a code change is made that is user facing, beyond content updates, then the following are required:
- a developer approves the PR
- a designer approves the PR or checks off all relevant items in this checklist
Content or document updates require a single person to approve.
## Project Management
We use [Github Projects](https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects) for project management and tracking.

7
docs/architecture/decisions/0021-django-admin.md
View file

@ -34,6 +34,13 @@ In contrast to building an admin interface from scratch where development activi
involve _building up_, leveraging Django Admin will require carefully _pairing back_ the functionalities available to
users such as analysts.
On accessibility: Django admin is almost fully accessible out-of-the-box, the exceptions being tables, checkboxes, and
color contrast. We have remedied the first 2 with template overrides and the 3rd with theming (see below).
On USWDS and theming: Django admin brings its own high level design framework. We have determined that theming on top of Django (scss)
is easy and worthwhile, while overwriting Django's templates with USWDS is hard and provides little return on investment
([research PR](https://github.com/cisagov/getgov/pull/831)).
While we anticipate that Django Admin will meet (or even exceed) the user needs that we are aware of today, it is still
an open question whether Django Admin will be the long-term administrator tool of choice. A pivot away from Django Admin
in the future would of course mean starting from scratch at a later date, and potentially juggling two separate admin

2
docs/developer/README.md
View file

@ -94,6 +94,7 @@ The endpoint /admin can be used to view and manage site content, including but n
```
5. In the browser, navigate to /admin. To verify that all is working correctly, under "domain applications" you should see fake domains with various fake statuses.
6. Add an optional email key/value pair
### Adding an Analyst to /admin
Analysts are a variant of the admin role with limited permissions. The process for adding an Analyst is much the same as adding an admin:
@ -115,6 +116,7 @@ Analysts are a variant of the admin role with limited permissions. The process f
```
5. In the browser, navigate to /admin. To verify that all is working correctly, verify that you can only see a sub-section of the modules and some are set to view-only.
6. Add an optional email key/value pair
Do note that if you wish to have both an analyst and admin account, append `-Analyst` to your first and last name, or use a completely different first/last name to avoid confusion. Example: `Bob-Analyst`
## Adding to CODEOWNERS (optional)

2
ops/scripts/deploy.sh
View file

@ -4,7 +4,7 @@
../ops/scripts/build.sh
# Deploy to sandbox
cf target -o cisa-getgov-prototyping -s $1
cf target -o cisa-dotgov -s $1
cf push getgov-$1 -f ../ops/manifests/manifest-$1.yaml
# migrations need to be run manually. Developers can use this command

4
ops/scripts/rotate_cloud_secrets.sh
View file

@ -9,8 +9,8 @@ if [ -z "$1" ]; then
exit 1
fi
cf target -o cisa-getgov-prototyping -s $1
read -p "Are you logged in to the cisa-getgov-prototyping CF org above and targeting the correct space? (y/n) " -n 1 -r
cf target -o cisa-dotgov -s $1
read -p "Are you logged in to the cisa-dotgov CF org above and targeting the correct space? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then

22
src/registrar/assets/sass/_theme/_admin.scss
View file

@ -105,19 +105,29 @@ html[data-theme="light"] {
}
// Dark mode django (bug due to scss cascade) and USWDS tables
body,
.change-list .usa-table,
.change-list .usa-table--striped tbody tr:nth-child(odd) td {
color: var(--body-fg)!important;
.change-list .usa-table--striped tbody tr:nth-child(odd) td,
.change-list .usa-table--borderless thead th,
.change-list .usa-table thead td,
.change-list .usa-table thead th,
body.dashboard,
body.change-list,
body.change-form {
color: var(--body-fg);
}
}
// Firefox needs this to be specifically set
html[data-theme="dark"] {
body,
.change-list .usa-table,
.change-list .usa-table--striped tbody tr:nth-child(odd) td {
color: var(--body-fg)!important;
.change-list .usa-table--striped tbody tr:nth-child(odd) td,
.change-list .usa-table--borderless thead th,
.change-list .usa-table thead td,
.change-list .usa-table thead th,
body.dashboard,
body.change-list,
body.change-form {
color: var(--body-fg);
}
}

1
src/registrar/config/settings.py
View file

@ -581,6 +581,7 @@ ALLOWED_HOSTS = [
"getgov-ab.app.cloud.gov",
"getgov-bl.app.cloud.gov",
"getgov-rjm.app.cloud.gov",
"getgov-dk.app.cloud.gov",
"get.gov",
]

19
src/registrar/config/urls.py
View file

@ -4,7 +4,6 @@ For more information see:
https://docs.djangoproject.com/en/4.0/topics/http/urls/
"""
from django.conf import settings
from django.contrib import admin
from django.urls import include, path
from django.views.generic import RedirectView
@ -45,6 +44,10 @@ for step, view in [
urlpatterns = [
path("", views.index, name="home"),
path(
"admin/logout/",
RedirectView.as_view(pattern_name="logout", permanent=False),
),
path("admin/", admin.site.urls),
path(
"application/<id>/edit/",
@ -114,20 +117,6 @@ urlpatterns = [
),
]
if not settings.DEBUG:
urlpatterns += [
# redirect to login.gov
path(
"admin/login/", RedirectView.as_view(pattern_name="login", permanent=False)
),
# redirect to login.gov
path(
"admin/logout/",
RedirectView.as_view(pattern_name="logout", permanent=False),
),
]
# we normally would guard these with `if settings.DEBUG` but tests run with
# DEBUG = False even when these apps have been loaded because settings.DEBUG
# was actually True. Instead, let's add these URLs any time we are able to

5
src/registrar/fixtures.py
View file

@ -79,6 +79,7 @@ class UserFixture:
"username": "319c490d-453b-43d9-bc4d-7d6cd8ff6844",
"first_name": "Rachid-Analyst",
"last_name": "Mrad-Analyst",
"email": "rachid.mrad@gmail.com",
},
{
"username": "b6a15987-5c88-4e26-8de2-ca71a0bdb2cd",
@ -129,6 +130,8 @@ class UserFixture:
user.is_superuser = True
user.first_name = admin["first_name"]
user.last_name = admin["last_name"]
if "email" in admin.keys():
user.email = admin["email"]
user.is_staff = True
user.is_active = True
user.save()
@ -146,6 +149,8 @@ class UserFixture:
user.is_superuser = False
user.first_name = staff["first_name"]
user.last_name = staff["last_name"]
if "email" in admin.keys():
user.email = admin["email"]
user.is_staff = True
user.is_active = True

23
src/registrar/templates/admin/base_site.html
View file

@ -1,5 +1,6 @@
{% extends "admin/base.html" %}
{% load static %}
{% load i18n %}
{% block title %}{% if subtitle %}{{ subtitle }} | {% endif %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
@ -13,5 +14,25 @@
{% include "admin/color_theme_toggle.html" %}
{% endif %}
{% endblock %}
{% comment %}
This was copied from the 'userlinks' template, with a few minor changes.
You can find that here:
https://github.com/django/django/blob/d25f3892114466d689fd6936f79f3bd9a9acc30e/django/contrib/admin/templates/admin/base.html#L59
{% endcomment %}
{% block userlinks %}
{% if site_url %}
<a href="{{ site_url }}">{% translate 'View site' %}</a> /
{% endif %}
{% if user.is_active and user.is_staff %}
{% url 'django-admindocs-docroot' as docsroot %}
{% if docsroot %}
<a href="{{ docsroot }}">{% translate 'Documentation' %}</a> /
{% endif %}
{% endif %}
{% if user.has_usable_password %}
<a href="{% url 'admin:password_change' %}">{% translate 'Change password' %}</a> /
{% endif %}
<a href="{% url 'admin:logout' %}" id="admin-logout-button">{% translate 'Log out' %}</a>
{% include "admin/color_theme_toggle.html" %}
{% endblock %}
{% block nav-global %}{% endblock %}

2
src/registrar/templates/application_status.html
View file

@ -22,7 +22,7 @@
{% if domainapplication.status == 'approved' %} Approved
{% elif domainapplication.status == 'in review' %} In Review
{% elif domainapplication.status == 'rejected' %} Rejected
{% elif domainapplication.status == 'submitted' %} Received
{% elif domainapplication.status == 'submitted' %} Submitted
{% else %}ERROR Please contact technical support/dev
{% endif %}
</p>

5
src/registrar/templates/home.html
View file

@ -125,13 +125,14 @@
<p>You don't have any archived domains</p>
</section>
<section class="tablet:grid-col-11 desktop:grid-col-10">
<!-- Note: Uncomment below when this is being implemented post-MVP -->
<!-- <section class="tablet:grid-col-11 desktop:grid-col-10">
<h2 class="padding-top-1 mobile-lg:padding-top-3"> Export domains</h2>
<p>Download a list of your domains and their statuses as a csv file.</p>
<a href="{% url 'todo' %}" class="usa-button usa-button--outline">
Export domains as csv
</a>
</section>
</section> -->
</div>

2
src/zap.conf
View file

@ -31,6 +31,8 @@
10027 OUTOFSCOPE http://app:8080/public/js/uswds-init.min.js
# get-gov.js contains suspicious word "from" as in `Array.from()`
10027 OUTOFSCOPE http://app:8080/public/js/get-gov.js
# Ignore wording of "TODO"
10027 OUTOFSCOPE http://app:8080.*$
10028 FAIL (Open Redirect - Passive/beta)
10029 FAIL (Cookie Poisoning - Passive/beta)
10030 FAIL (User Controllable Charset - Passive/beta)