Fix merge issues and test

2025-05-19 02:49:21 +02:00 · 2023-11-08 10:40:09 -07:00 · 2023-11-08 10:40:09 -07:00 · 2c49ea97ef
commit 2c49ea97ef
parent a2f0be72ce
10 changed files with 102 additions and 53 deletions
--- a/docs/operations/runbooks/rotate_application_secrets.md
+++ b/docs/operations/runbooks/rotate_application_secrets.md
@ -76,16 +76,24 @@ These are the client certificate and its private key used to identify the regist

 The private key is protected by a passphrase for safer transport and storage.

-These were generated with:
+These were generated with the following steps:
+
+### Step 1: Generate an unencrypted private key with a named curve

 ```bash
-openssl genpkey -out client.key \
-  -algorithm EC -pkeyopt ec_paramgen_curve:P-256 \
-  -aes-256-cbc
-openssl req -new -x509 -days 365 \
-  -key client.key -out client.crt \
-  -subj "/C=US/ST=DC/L=Washington/O=GSA/OU=18F/CN=GOV Prototype Registrar"
+openssl ecparam -name prime256v1 -genkey -out client_unencrypted.key
+```

+### Step 2: Create an encrypted private key with a passphrase
+
+```bash
+openssl pkcs8 -topk8 -v2 aes-256-cbc -in client_unencrypted.key -out client.key
+```
+
+### Generate the certificate
+
+```bash
+openssl req -new -x509 -days 365 -key client.key -out client.crt -subj "/C=US/ST=DC/L=Washington/O=GSA/OU=18F/CN=GOV Prototype Registrar"
 ```

 (If you can't use openssl on your computer directly, you can access it using Docker as `docker run --platform=linux/amd64 -it --rm -v $(pwd):/apps -w /apps alpine/openssl`.)
@ -97,7 +105,14 @@ base64 client.key
 base64 client.crt
 ```

-You'll need to give the new certificate to the registry vendor _before_ rotating it in production.
+Note depending on your system you may need to instead run:
+
+```bash
+base64 -i client.key
+base64 -i client.crt
+```
+
+You'll need to give the new certificate to the registry vendor _before_ rotating it in production. Once it has been accepted by the vender, make sure to update the kdbx file on Google Drive.

 ## REGISTRY_HOSTNAME

--- a/src/registrar/assets/sass/_theme/_admin.scss
+++ b/src/registrar/assets/sass/_theme/_admin.scss
@ -187,7 +187,7 @@ h1, h2, h3 {
 .object-tools li a,
 .object-tools p a {
    font-family: "Source Sans Pro Web", "Helvetica Neue", Helvetica, Roboto, Arial, sans-serif;
-    text-transform: capitalize!important;
+    text-transform: none!important;
    font-size: 14px!important;
 }

--- a/src/registrar/assets/sass/_theme/_alerts.scss
+++ b/src/registrar/assets/sass/_theme/_alerts.scss
@ -5,7 +5,11 @@
    font-size: units(3);
  }
 }
-  
+
+.usa-alert__text.measure-none {
+  max-width: measure(none);
+}
+
 // The icon was off center for some reason
 // Fixes that issue
@media (min-width: 64em){
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@ -46,7 +46,6 @@ path = Path(__file__)

 env_db_url = env.dj_db_url("DATABASE_URL")
 env_debug = env.bool("DJANGO_DEBUG", default=False)
-env_is_production = env.bool("IS_PRODUCTION", default=False)
 env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG")
 env_base_url = env.str("DJANGO_BASE_URL")
 env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "")
@ -74,8 +73,6 @@ BASE_DIR = path.resolve().parent.parent.parent
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = env_debug

-# Controls production specific feature toggles
-IS_PRODUCTION = env_is_production

 # Applications are modular pieces of code.
 # They are provided by Django, by third-parties, or by yourself.
@ -122,6 +119,8 @@ INSTALLED_APPS = [
    "api",
    # Only for generating documentation, uncomment to run manage.py generate_puml
    # "puml_generator",
+    # supports necessary headers for Django cross origin
+    "corsheaders",
 ]

 # Middleware are routines for processing web requests.
@ -130,6 +129,8 @@ INSTALLED_APPS = [
 MIDDLEWARE = [
    # django-allow-cidr: enable use of CIDR IP ranges in ALLOWED_HOSTS
    "allow_cidr.middleware.AllowCIDRMiddleware",
+    # django-cors-headers: listen to cors responses
+    "corsheaders.middleware.CorsMiddleware",
    # serve static assets in production
    "whitenoise.middleware.WhiteNoiseMiddleware",
    # provide security enhancements to the request/response cycle
@ -295,6 +296,11 @@ CSP_DEFAULT_SRC = allowed_sources
 CSP_FRAME_ANCESTORS = allowed_sources
 CSP_FORM_ACTION = allowed_sources

+# Cross-Origin Resource Sharing (CORS) configuration
+# Sets clients that allow access control to manage.get.gov
+# TODO: remove :8080 to see if we can have all localhost access
+CORS_ALLOWED_ORIGINS = ["http://localhost:8080", "https://beta.get.gov"]
+

 # Content-Length header is set by django.middleware.common.CommonMiddleware

--- a/src/registrar/templates/base.html
+++ b/src/registrar/templates/base.html
@ -62,10 +62,11 @@

  {% if IS_DEMO_SITE %}
  <section aria-label="Alert" >
-      <div class="usa-alert usa-alert--warning usa-alert--no-icon">
+      <div class="usa-alert usa-alert--info">
      <div class="usa-alert__body">
-        <p class="usa-alert__text">
-        <strong>BETA SITE:</strong> We’re building a new way to get a .gov. Take a look around, but don’t rely on this site yet. This site is for testing purposes only. Don’t enter real data into any form on this site. To learn about requesting a .gov domain, visit <a href="https://get.gov" class="usa-link">get.gov</a>
+        <h4 class="usa-alert__heading">New domain requests are paused</h4>
+        <p class="usa-alert__text measure-none">
+        This is the new registrar for managing .gov domains. Note that we’re not accepting requests for new .gov domains until January 2024. Follow .gov updates at <a href="https://get.gov/updates/" class="usa-link">get.gov/updates/</a>.
        </p>
      </div>
    </div>
--- a/src/registrar/templates/django/admin/domain_change_list.html
+++ b/src/registrar/templates/django/admin/domain_change_list.html
@ -15,7 +15,7 @@
    {% if has_add_permission %}
    <li>
        <a href="{% url 'admin:registrar_domain_add' %}" class="addlink">
-            Add Domain
+            Add domain
        </a>
    </li>
    {% endif %}
--- a/src/registrar/tests/data/test_migrationFilepaths.json
+++ b/src/registrar/tests/data/test_migrationFilepaths.json
@ -0,0 +1,12 @@
+{
+    "directory": "registrar/tests/data",
+    "agency_adhoc_filename": "test_agency_adhoc.txt",
+    "authority_adhoc_filename": "test_authority_adhoc.txt",
+    "organization_adhoc_filename": "test_organization_adhoc.txt",
+    "domain_adhoc_filename": "test_domain_types_adhoc.txt",
+    "domain_additional_filename": "test_domain_additional.txt",
+    "domain_contacts_filename": "test_domain_contacts.txt",
+    "domain_escrow_filename": "test_escrow_domains_daily.txt",
+    "domain_statuses_filename": "test_domain_statuses.txt",
+    "contacts_filename": "test_contacts.txt"
+}
--- a/src/registrar/tests/data/test_organization_adhoc.txt
+++ b/src/registrar/tests/data/test_organization_adhoc.txt
@ -1,6 +1,6 @@
 orgid|orgname|orgstreet|orgcity|orgstate|orgzip|orgcountrycode
 1|Flashdog|298 Monument Hill|Lakeland|Florida|33805|US
 2|Gigaclub|782 Mosinee Lane|Alexandria|Louisiana|71307|US
-3|Midel|376 Joe Pass|Waco|Texas|76705|US
+3|corrupt data|376 Joe Pass|Waco | corruption|Texas|76705|US
 4|Fanoodle|93001 Arizona Drive|Columbus|Ohio|43268|US
 5|Sushi|9999 Sushi Way|Columbus|Ohio|43268|US
--- a/src/registrar/tests/test_transition_domain_migrations.py
+++ b/src/registrar/tests/test_transition_domain_migrations.py
@ -1,4 +1,4 @@
-from io import StringIO
+import datetime
 from django.test import TestCase

 from registrar.models import (
@ -20,7 +20,7 @@ class TestMigrations(TestCase):
        # self.transfer_script = "transfer_transition_domains_to_domains",
        # self.master_script = "load_transition_domain",

-        self.test_data_file_location = "/app/registrar/tests/data"
+        self.test_data_file_location = "registrar/tests/data"
        self.test_domain_contact_filename = "test_domain_contacts.txt"
        self.test_contact_filename = "test_contacts.txt"
        self.test_domain_status_filename = "test_domain_statuses.txt"
@ -32,6 +32,7 @@ class TestMigrations(TestCase):
        self.test_domain_types_adhoc = "test_domain_types_adhoc.txt"
        self.test_escrow_domains_daily = "test_escrow_domains_daily"
        self.test_organization_adhoc = "test_organization_adhoc.txt"
+        self.migration_json_filename = "test_migrationFilepaths.json"

    def tearDown(self):
        # Delete domain information
@ -48,16 +49,8 @@ class TestMigrations(TestCase):
        with patch('registrar.management.commands.utility.terminal_helper.TerminalHelper.query_yes_no_exit', return_value=True):
            call_command(
                "load_transition_domain",
-                f"{self.test_data_file_location}/{self.test_domain_contact_filename}",
-                f"{self.test_data_file_location}/{self.test_contact_filename}",
-                f"{self.test_data_file_location}/{self.test_domain_status_filename}",
-                directory=self.test_data_file_location,
-                agency_adhoc_filename=self.test_agency_adhoc_filename,
-                domain_additional_filename=self.test_domain_additional,
-                domain_escrow_filename=self.test_escrow_domains_daily,
-                domain_adhoc_filename=self.test_domain_types_adhoc,
-                organization_adhoc_filename=self.test_organization_adhoc,
-                authority_adhoc_filename=self.test_authority_adhoc_filename,
+                f"{self.test_data_file_location}/{self.migration_json_filename}",
+                directory=self.test_data_file_location
            )

    def run_transfer_domains(self):
@ -68,12 +61,8 @@ class TestMigrations(TestCase):
            call_command(
                "master_domain_migrations",
                runMigrations=True,
-                migrationDirectory=f"{self.test_data_file_location}",
-                migrationFilenames=(
-                    f"{self.test_domain_contact_filename},"
-                    f"{self.test_contact_filename},"
-                    f"{self.test_domain_status_filename}"
-                ),
+                migrationDirectory=self.test_data_file_location,
+                migration_json_filename=self.migration_json_filename,
            )

    def compare_tables(
@ -313,24 +302,26 @@ class TestMigrations(TestCase):
            expected_missing_domain_invitations,
        )

-        expected_anomaly_domains = Domain.objects.filter(name="anomaly.gov")
-        self.assertEqual(expected_anomaly_domains.count(), 1)
-        expected_anomaly = expected_anomaly_domains.get()
+        anomaly_domains = Domain.objects.filter(name="anomaly.gov")
+        self.assertEqual(anomaly_domains.count(), 1)
+        anomaly = anomaly_domains.get()

-        self.assertEqual(expected_anomaly.expiration_date, "test")
-        self.assertEqual(expected_anomaly.creation_date, "test")
-        self.assertEqual(expected_anomaly.name, "anomaly.gov")
-        self.assertEqual(expected_anomaly.state, "ready")
+        self.assertEqual(anomaly.expiration_date, datetime.date(2023, 3, 9))
+        self.assertEqual(
+            anomaly.created_at, datetime.datetime(2023, 11, 8, 17, 23, 46, 764663, tzinfo=datetime.timezone.utc)
+        )
+        self.assertEqual(anomaly.name, "anomaly.gov")
+        self.assertEqual(anomaly.state, "ready")

-        expected_testdomain_domains = Domain.objects.filter(name="anomaly.gov")
-        self.assertEqual(expected_testdomain_domains.count(), 1)
+        testdomain_domains = Domain.objects.filter(name="testdomain.gov")
+        self.assertEqual(testdomain_domains.count(), 1)

-        expected_testdomain = expected_testdomain_domains.get()
+        testdomain = testdomain_domains.get()

-        self.assertEqual(expected_testdomain.expiration_date, "test")
-        self.assertEqual(expected_testdomain.creation_date, "test")
-        self.assertEqual(expected_testdomain.name, "anomaly.gov")
-        self.assertEqual(expected_testdomain.state, "ready")
+        self.assertEqual(testdomain.expiration_date, datetime.date(2023, 3, 9))
+        self.assertEqual(testdomain.created_at, "test")
+        self.assertEqual(testdomain.name, "anomaly.gov")
+        self.assertEqual(testdomain.state, "ready")

        expected_domains = [
            Domain(
--- a/src/registrar/utility/csv_export.py
+++ b/src/registrar/utility/csv_export.py
@ -2,6 +2,8 @@ import csv
 from registrar.models.domain import Domain
 from registrar.models.domain_information import DomainInformation
 from registrar.models.public_contact import PublicContact
+from django.db.models import Value
+from django.db.models.functions import Coalesce


 def export_domains_to_writer(writer, columns, sort_fields, filter_condition):
@ -61,7 +63,13 @@ def export_data_type_to_csv(csv_file):
        "Status",
        "Expiration Date",
    ]
-    sort_fields = ["domain__name"]
+    # Coalesce is used to replace federal_type of None with ZZZZZ
+    sort_fields = [
+        "organization_type",
+        Coalesce("federal_type", Value("ZZZZZ")),
+        "federal_agency",
+        "domain__name",
+    ]
    filter_condition = {
        "domain__state__in": [
            Domain.State.READY,
@ -84,7 +92,13 @@ def export_data_full_to_csv(csv_file):
        "State",
        "Security Contact Email",
    ]
-    sort_fields = ["domain__name", "federal_agency", "organization_type"]
+    # Coalesce is used to replace federal_type of None with ZZZZZ
+    sort_fields = [
+        "organization_type",
+        Coalesce("federal_type", Value("ZZZZZ")),
+        "federal_agency",
+        "domain__name",
+    ]
    filter_condition = {
        "domain__state__in": [
            Domain.State.READY,
@ -107,7 +121,13 @@ def export_data_federal_to_csv(csv_file):
        "State",
        "Security Contact Email",
    ]
-    sort_fields = ["domain__name", "federal_agency", "organization_type"]
+    # Coalesce is used to replace federal_type of None with ZZZZZ
+    sort_fields = [
+        "organization_type",
+        Coalesce("federal_type", Value("ZZZZZ")),
+        "federal_agency",
+        "domain__name",
+    ]
    filter_condition = {
        "organization_type__icontains": "federal",
        "domain__state__in": [