Merge branch 'main' into dk/1216-first-login-logic

docs/architecture/decisions/0024-production-release-cadence.md

@@ -0,0 +1,30 @@
+# 24. Production Release Cadence
+
+Date: 2023-11-02
+
+## Status
+
+In Review
+
+## Context
+
+Going into our first production launch we need a plan describing what our release cadence for both our staging and stable envirornments will be. Currently, we release to staging whenever there are significant changes made, but we have not been making releases to stable with the same frequency.
+
+## Considered Options
+
+**Option 1:** Releasing to stable/staging once a sprint
+Releasing once a sprint would mean that we release the past sprint's work to stable at the end of the current sprint. At the same point, the current sprint's work would be pushed to staging, thus making staging a full sprint ahead of stable. While this is more straight forward, it means our users would have to wait longer to see changes that weren't deemed critical.
+**Option 2:** Releasing to stable/staging once a week
+Releasing once a week would follow the same flow but with code being released to staging one week before the same code is released to stable. This would make stable only one week behind staging and would allow us to roll out minor bug fixes and faster with greater speed. The negative side is that we have less time to see if errors occur on staging
+
+In both of the above scenarios the release date would fall on the same day of the week that the sprint starts, which is currently a Wednesday. Additionally, in both scenarios the release commits would eventually be tagged with both a staging and stable tag. Furthermore, critical bugs or features would be exempt from these restrictions based on the product owner's discretion.
+
+## Decision
+
+We decided to go with option 2 and release once a week once in production. This will allow us to give users features and bug fixes faster while still allowing enough time on staging for quality to be maintained.
+
+## Consequences
+
+Work not completed by end of the sprint will have to wait to be added to stable. Also, making quick fixes for bugs that are found on stable will be a little more complicated to fix.
+
+When first going into production, staging and stable will start with the same code base. The following week a new release will be made to staging, but not stable as no code will have been on staging long enough to warrant another release. Thus just at the start of launch stable will be essentially frozen for 2 weeks, not one.

docs/operations/README.md

@@ -43,6 +43,21 @@ For ease of use, you can run the `deploy.sh <sandbox name>` script in the `/src`
 
 Your sandbox space should've been setup as part of the onboarding process. If this was not the case, please have an admin follow the instructions [here](../../.github/ISSUE_TEMPLATE/developer-onboarding.md#setting-up-developer-sandbox).
 
+## Stable and Staging Release Rules
+
+Releases will be made for staging and stable every week starting on the first day of the sprint (Wednesday), with the second release of the sprint occuring halfway through the sprint. With the exception of first time going into production, these releases will NOT have the same code. The release to stable will be the same commit that was tagged for staging one week prior, making stable one week behind staging. Further, this means staging can be up to a week behind the main branch of code.
+
+If a bug fix or feature needs to be made to stable out of the normal cycle, this can only be done at the product owner's request.
+
+## Making bug fixes on stable during production
+
+In the case where a bug fix or feature needs to be added outside of the normal cycle, the code-fix branch and release will be handled differently than normal:
+
+1. Code will need to be branched NOT off of main, but off of the same commit as the most recent stable commit. This should be the one tagged with the most recent vX.XX.XX value.
+2. After making the bug fix, the approved PR will branch will be tagged with a new release tag, incrementing the patch value from the last commit number.
+3. This branch then needs to be merged to main per the usual process.
+4. This same branch should be merged into staging.
+
 ## Serving static assets
 We are using [WhiteNoise](http://whitenoise.evans.io/en/stable/index.html) plugin to serve our static assets on cloud.gov. This plugin is added to the `MIDDLEWARE` list in our apps `settings.py`.
 
@@ -159,3 +174,27 @@ it with the latest model schema. Once launched, this should never be used on
 the `stable` environment, but during development, it may be useful on the
 various sandbox environments. After launch, some schema changes may take the
 involvement of a skilled DBA to fix problems like this.
+
+# Bug triage
+
+Bugs on production software need to be documented quickly and triaged to determine if fixes need to be made outside of the normal release cadence. Triage levels will be Critical, High, Medium, and Low to indicate the level of priority for fix, not neccessarily the level of severity. See below for more details
+
+**Critical**- should only be determined by the product owner and means the fix for this critical bug needs to have a quick fix for it created ASAP. This is the only case where a bug fix can be added outside of the normal release cycle and directly onto the stable release.
+**High**- Can be determined by product owner or other team member, and indicates this bug is critical enough to warrant being added into the current sprint.
+**Medium**- Should be added to a sprint coming up but is not blocking users, or enough users to warrant rushing it into a sprint
+**Low**- A minor bug, that could even wait until after the next big launch date to be implemented.
+
+## Steps for Triaging
+
+1. When a bug is found, whether by a developer/designer or from feedback from an end user, a ticket should be made immediately. The actual maker of the ticket can be a member of the product team as needed.
+2. This bug ticket immediately gets a priority added Critical/High/Medium/Low, with Critical requiring the product owner's consent.
+3. Anything marked as `critical` should be refined immediately and engineering should be notified in our Slack dev channel that a Critical ticket has been created (if not already notified)
+4. All items not marked as `critical` by the product owner can wait until refinement to be refined and may have their prioirty level changed during that meeting.
+
+## Steps for dealing with Critical Bugs
+
+1. Once the critical bug ticket is refined and the bug is clear, an engineer should be assigned to work on it. (No ticket, no work)
+2. At the same point, two other engineers should be assigned to review the PR once it's made. One of the reviewing engineers can be subsititued for a designer if this is a design/content/other user facing bug fix.
+3. In the case where the engineering lead is is unresponsive or unavailable to assign the ticket immediately, the product team will make sure an engineer volunteers or is assigned to the ticket/PR review ASAP.
+4. Once done, the developer must make a PR and should tag the assigned PR reviewers in our Slack dev channel stating that the PR is now waiting on their review. These reviewers should drop other tasks in order to review this promptly.
+5. See the the section above on [Making bug fixes on stable](#making-bug-fixes-on-stable-during-production) for how to push changes to stable once the PR is approved

ops/manifests/manifest-ab.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-ab.app.cloud.gov
   services:

ops/manifests/manifest-bl.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-bl.app.cloud.gov
   services:

ops/manifests/manifest-dk.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-dk.app.cloud.gov
   services:

ops/manifests/manifest-es.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-es.app.cloud.gov
   services:

ops/manifests/manifest-gd.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-gd.app.cloud.gov
   services:

ops/manifests/manifest-ko.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-ko.app.cloud.gov
   services:

ops/manifests/manifest-nl.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-nl.app.cloud.gov
   services:

ops/manifests/manifest-rb.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-rb.app.cloud.gov
   services:

ops/manifests/manifest-rh.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-rh.app.cloud.gov
   services:

ops/manifests/manifest-rjm.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-rjm.app.cloud.gov
   services:

ops/manifests/manifest-stable.yaml

@@ -25,6 +25,8 @@ applications:
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
     # Which OIDC provider to use
     OIDC_ACTIVE_PROVIDER: login.gov production
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: True
   routes:
     - route: getgov-stable.app.cloud.gov
   services:

ops/manifests/manifest-staging.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-staging.app.cloud.gov
   services:

ops/manifests/manifest-za.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-za.app.cloud.gov
   services:

ops/scripts/manifest-sandbox-template.yaml

@@ -23,6 +23,8 @@ applications:
     DJANGO_LOG_LEVEL: INFO
     # default public site location
     GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
+    # Flag to disable/enable features in prod environments
+    IS_PRODUCTION: False
   routes:
     - route: getgov-ENVIRONMENT.app.cloud.gov
   services:

src/Pipfile.lock

@@ -32,20 +32,20 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:85e2fa361ad3210d30800bad311688261f2673a9b301e0edab56463d89609761",
+                "sha256:02ce7dcad2d3b054cd99e7ca6df7a708e016a31b1c98b46d8df3b3891070c121",
-                "sha256:d18688bc5d688decf3cc404430a3ac3ec317be653cdcfbc51104c01f38a66434"
+                "sha256:b8acb57a124434284d6ab69c61d32d70e84e13e2c27c33b4ad3c32f15ad407d3"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.7'",
-            "version": "==1.28.76"
+            "version": "==1.28.79"
         },
         "botocore": {
             "hashes": [
-                "sha256:479abb5a1ee03eb00faa1ea176bc595b2f46f7494777807681a9df45ed99ea18",
+                "sha256:07ecb93833475dde68e5c0e02a7ccf8ca22caf68cdc892651c300529894133e1",
-                "sha256:74e0a4515d61b2860b24dc208ca89a68d79dc00147125d531746d3ba808822ad"
+                "sha256:6f1fc49e9e12f9772b4fef577837670bc84d772a7c946b4d08fe2890e34a4305"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.31.76"
+            "version": "==1.31.79"
         },
         "cachetools": {
             "hashes": [
@@ -448,7 +448,7 @@
         },
         "geventconnpool": {
             "git": "https://github.com/rasky/geventconnpool.git",
-            "ref": null
+            "ref": "1bbb93a714a331a069adf27265fe582d9ba7ecd4"
         },
         "greenlet": {
             "hashes": [
@@ -1205,12 +1205,12 @@
         },
         "boto3": {
             "hashes": [
-                "sha256:85e2fa361ad3210d30800bad311688261f2673a9b301e0edab56463d89609761",
+                "sha256:02ce7dcad2d3b054cd99e7ca6df7a708e016a31b1c98b46d8df3b3891070c121",
-                "sha256:d18688bc5d688decf3cc404430a3ac3ec317be653cdcfbc51104c01f38a66434"
+                "sha256:b8acb57a124434284d6ab69c61d32d70e84e13e2c27c33b4ad3c32f15ad407d3"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.7'",
-            "version": "==1.28.76"
+            "version": "==1.28.79"
         },
         "boto3-mocking": {
             "hashes": [
@@ -1223,28 +1223,28 @@
         },
         "boto3-stubs": {
             "hashes": [
-                "sha256:d89c3546e9e500f81ebfe78c71627e74085d3f77cd7e62830b5e48a67bce9b75",
+                "sha256:621e229ef9b394cd1f6cd5caa58a17347440b14423b01435d9f2a50031a427fc",
-                "sha256:fc57fc32d9a0c4bdd02676c37dbaa911b3e6c3857e417a229d236938d31299fe"
+                "sha256:f5986d1b09d516f58780100a3a86bfa75114370dd5dd0bdea67bfe8cda255723"
             ],
             "index": "pypi",
             "markers": "python_version >= '3.7'",
-            "version": "==1.28.76"
+            "version": "==1.28.79"
         },
         "botocore": {
             "hashes": [
-                "sha256:479abb5a1ee03eb00faa1ea176bc595b2f46f7494777807681a9df45ed99ea18",
+                "sha256:07ecb93833475dde68e5c0e02a7ccf8ca22caf68cdc892651c300529894133e1",
-                "sha256:74e0a4515d61b2860b24dc208ca89a68d79dc00147125d531746d3ba808822ad"
+                "sha256:6f1fc49e9e12f9772b4fef577837670bc84d772a7c946b4d08fe2890e34a4305"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==1.31.76"
+            "version": "==1.31.79"
         },
         "botocore-stubs": {
             "hashes": [
-                "sha256:778c6e014ae1103d546d59dffb000b0a659c9b9bbfa11050ff4a62c5adeec3a4",
+                "sha256:64488b9f38905f8a60041998f9dc945754222d900a3345b449059667890c2c17",
-                "sha256:9fd9447a28642efa35a1c5590fc35132cf0173cd12055ba9044511cb6b24dd6f"
+                "sha256:e4d8e782d774f45dbfc36d922a0a0edfffbacca2ce66bccaba02a893a38359f2"
             ],
             "markers": "python_version >= '3.7' and python_version < '4.0'",
-            "version": "==1.31.76"
+            "version": "==1.31.79"
         },
         "click": {
             "hashes": [
@@ -1429,11 +1429,11 @@
         },
         "pbr": {
             "hashes": [
-                "sha256:567f09558bae2b3ab53cb3c1e2e33e726ff3338e7bae3db5dc954b3a44eef12b",
+                "sha256:4a7317d5e3b17a3dccb6a8cfe67dab65b20551404c52c8ed41279fa4f0cb4cda",
-                "sha256:aefc51675b0b533d56bb5fd1c8c6c0522fe31896679882e1c4c63d5e4a0fccb3"
+                "sha256:d1377122a5a00e2f940ee482999518efe16d745d423a670c27773dfbc3c9a7d9"
             ],
             "markers": "python_version >= '2.6'",
-            "version": "==5.11.1"
+            "version": "==6.0.0"
         },
         "platformdirs": {
             "hashes": [

src/docker-compose.yml

@@ -25,6 +25,8 @@ services:
       - DJANGO_SECRET_KEY=really-long-random-string-BNPecI7+s8jMahQcGHZ3XQ5yUfRrSibdapVLIz0UemdktVPofDKcoy
       # Run Django in debug mode on local
       - DJANGO_DEBUG=True
+      # Run Django without production flags
+      - IS_PRODUCTION=False
       # Tell Django where it is being hosted
       - DJANGO_BASE_URL=http://localhost:8080
       # Public site URL link

src/registrar/assets/sass/_theme/_buttons.scss

@@ -26,6 +26,24 @@ a.usa-button {
   text-decoration: none;
 }
 
+a.usa-button.disabled-link {
+  background-color: #ccc !important;
+  color: #454545 !important
+}
+
+a.usa-button.disabled-link:hover {
+  background-color: #ccc !important;
+  cursor: not-allowed !important;
+  color: #454545 !important
+}
+
+a.usa-button.disabled-link:focus {
+  background-color: #ccc !important;
+  cursor: not-allowed !important;
+  outline: none !important;
+  color: #454545 !important
+}
+
 a.usa-button:not(.usa-button--unstyled, .usa-button--outline) {
   color: color('white');
 }

src/registrar/assets/sass/_theme/_uswds-theme.scss

@@ -132,4 +132,10 @@ in the form $setting: value,
   $theme-table-sorted-background-color: "accent-cool-lightest",
   $theme-table-sorted-icon-color: "primary-darker",
   $theme-table-unsorted-icon-color: "primary",
+
+  /*----------------------------
+  # Tooltip Settings
+  -----------------------------*/
+  $theme-tooltip-background-color: "accent-cool-lightest",
+  $theme-tooltip-font-color: "black"
 );

src/registrar/config/settings.py

@@ -46,6 +46,7 @@ path = Path(__file__)
 
 env_db_url = env.dj_db_url("DATABASE_URL")
 env_debug = env.bool("DJANGO_DEBUG", default=False)
+env_is_production = env.bool("IS_PRODUCTION", default=False)
 env_log_level = env.str("DJANGO_LOG_LEVEL", "DEBUG")
 env_base_url = env.str("DJANGO_BASE_URL")
 env_getgov_public_site_url = env.str("GETGOV_PUBLIC_SITE_URL", "")
@@ -73,6 +74,8 @@ BASE_DIR = path.resolve().parent.parent.parent
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = env_debug
 
+# Controls production specific feature toggles
+IS_PRODUCTION = env_is_production
 
 # Applications are modular pieces of code.
 # They are provided by Django, by third-parties, or by yourself.
@@ -300,7 +303,7 @@ CSP_FORM_ACTION = allowed_sources
 # Sets clients that allow access control to manage.get.gov
 # TODO: remove :8080 to see if we can have all localhost access
 CORS_ALLOWED_ORIGINS = ["http://localhost:8080", "https://beta.get.gov"]
-
+CORS_ALLOWED_ORIGIN_REGEXES = [r"https://[\w-]+\.sites\.pages\.cloud\.gov"]
 
 # Content-Length header is set by django.middleware.common.CommonMiddleware
 

src/registrar/management/commands/generate_test_transition_domains.py

@@ -15,7 +15,7 @@ class Command(BaseCommand):
     # Running this script removes all existing transition domains, so use with caution.
     # Transition domains are created with email addresses provided as command line
     # argument. Email addresses for testing are passed as comma delimited list of
-    # email addresses, and are required to be provided.  Email addresses from the list
+    # email addresses, and are required to be provided. Email addresses from the list
     # are assigned to transition domains at time of creation.
 
     def add_arguments(self, parser):

src/registrar/migrations/0044_create_groups_v04.py

@@ -0,0 +1,37 @@
+# This migration creates the create_full_access_group and create_cisa_analyst_group groups
+# It is dependent on 0035 (which populates ContentType and Permissions)
+# If permissions on the groups need changing, edit CISA_ANALYST_GROUP_PERMISSIONS
+# in the user_group model then:
+# [NOT RECOMMENDED]
+# step 1: docker-compose exec app ./manage.py migrate --fake registrar 0035_contenttypes_permissions
+# step 2: docker-compose exec app ./manage.py migrate registrar 0036_create_groups
+# step 3: fake run the latest migration in the migrations list
+# [RECOMMENDED]
+# Alternatively:
+# step 1: duplicate the migration that loads data
+# step 2: docker-compose exec app ./manage.py migrate
+
+from django.db import migrations
+from registrar.models import UserGroup
+from typing import Any
+
+
+# For linting: RunPython expects a function reference,
+# so let's give it one
+def create_groups(apps, schema_editor) -> Any:
+    UserGroup.create_cisa_analyst_group(apps, schema_editor)
+    UserGroup.create_full_access_group(apps, schema_editor)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("registrar", "0043_domain_expiration_date"),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            create_groups,
+            reverse_code=migrations.RunPython.noop,
+            atomic=True,
+        ),
+    ]

src/registrar/templates/401.html

@@ -26,7 +26,7 @@
         Would you like to <a href="{% url 'login' %}"> try logging in again?</a>
       </p>
       <p>
-     If you'd like help with this error <a href="{% public_site_url 'contact/' %}"> contact us </a>.
+     If you'd like help with this error <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact/' %}">contact us</a>.
       </p>
 
       {% if log_identifier %}

src/registrar/templates/403.html

@@ -26,7 +26,7 @@
         Would you like to <a href="{% url 'login' %}"> try logging in again</a>?
       </p>
       <p>
-        If you'd like help with this error <a href="{% public_site_url 'contact' %}"> contact us </a>.
+        If you'd like help with this error <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact' %}">contact us</a>.
       </p>
       
       {% if log_identifier %}

src/registrar/templates/404.html

@@ -15,7 +15,7 @@
         {% translate "Status 404" %}
       </h2>
 
-      <p> Try going to the <a href="/">homepage</a>. If you can’t find what you’re looking for, <a href="{% public_site_url 'contact' %}"> contact us </a>.
+      <p> Try going to the <a href="/">homepage</a>. If you can’t find what you’re looking for, <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact' %}">contact us</a>.
       </p>
     </div>
 

src/registrar/templates/500.html

@@ -19,7 +19,7 @@
       {% else %}
         <p>
         Sorry! Try waiting a few minutes and then reloading the page.
-        <a href="{% public_site_url 'contact' %}"> contact us </a> if you need help.
+        <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact' %}"> Contact us</a> if you need help.
         </p>
       {% endif %}
 

src/registrar/templates/application_authorizing_official.html

@@ -12,7 +12,7 @@
     {% include "includes/ao_example.html" %}
   </div>
 
-<p>We typically don’t reach out to the authorizing official, but if contact is necessary, our practice is to coordinate first with you, the requestor. Read more about <a href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
+<p>We typically don’t reach out to the authorizing official, but if contact is necessary, our practice is to coordinate first with you, the requestor. Read more about <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
 
 {% endblock %}
 

src/registrar/templates/application_dotgov_domain.html

@@ -2,7 +2,7 @@
 {% load static field_helpers url_helpers %}
 
 {% block form_instructions %}
-  <p>Before requesting a .gov domain, <a href="{% public_site_url 'domains/choosing' %}">please make sure it
+  <p>Before requesting a .gov domain, <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'domains/choosing' %}">please make sure it
   meets our naming requirements</a>. Your domain name must:
     <ul class="usa-list">
       <li>Be available </li>

src/registrar/templates/application_purpose.html

@@ -8,7 +8,7 @@ domain name or for mainly internal use.</p>
   <p>Describe the reason for your domain request. Explain how you plan to use this domain. 
 Who is your intended audience? Will you use it for a website and/or email? Are you moving 
 your website from another top-level domain (like .com or .org)? 
-Read about <a href="{% public_site_url 'domains/requirements/' %}">activities that are prohibited on .gov domains.</a></p>
+Read about <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'domains/requirements/' %}">activities that are prohibited on .gov domains.</a></p>
 
 {% endblock %}
 

src/registrar/templates/application_tribal_government.html

@@ -7,7 +7,7 @@
   {% with sublabel_text="Please include the entire name of your tribe as recognized by the Bureau of Indian Affairs." %}
     {% with link_text="Bureau of Indian Affairs" %}
       {% with link_href="https://www.federalregister.gov/documents/2023/01/12/2023-00504/indian-entities-recognized-by-and-eligible-to-receive-services-from-the-united-states-bureau-of" %}
-        {% with target_blank="true" %}
+        {% with external_link="true" target_blank="true" %}
           {% input_with_errors forms.0.tribe_name %}
         {% endwith %}
       {% endwith %}

src/registrar/templates/domain_authorizing_official.html

@@ -10,7 +10,7 @@
   <h1>Authorizing official</h1>
 
   <p>Your authorizing official is the person within your organization who can
-  authorize domain requests. This person must be in a role of significant, executive responsibility within the organization. Read more about <a class="usa-link" href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
+  authorize domain requests. This person must be in a role of significant, executive responsibility within the organization. Read more about <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'domains/eligibility/#you-must-have-approval-from-an-authorizing-official-within-your-organization' %}">who can serve as an authorizing official</a>.</p>
 
   {% include "includes/required_fields.html" %}
 

src/registrar/templates/domain_base.html

@@ -16,49 +16,60 @@
   </div>
   <div class="grid-row grid-gap">
     <div class="tablet:grid-col-3">
-      {% include 'domain_sidebar.html' %}
+      {% if domain.domain_info %}
+        {% include 'domain_sidebar.html' %}
+      {% endif %}
     </div>
 
     <div class="tablet:grid-col-9">
       <main id="main-content" class="grid-container">
-
+      {% if not domain.domain_info %}
-      {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
+        <div class="usa-alert usa-alert--error margin-bottom-2">
-      <div class="usa-alert usa-alert--warning margin-bottom-2">
-        <div class="usa-alert__body">
-          <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
-          <p class="usa-alert__text ">
-            You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates.
-          </p>
-        </div>
-      </div>
-      {% else %}
-      <a href="{% url 'home' %}" class="breadcrumb__back">
-        <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
-        <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
-        </svg>
-
-        <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
-        Back to manage your domains
-        </p>
-      </a>
-      {% endif %}
-      {# messages block is under the back breadcrumb link #}
-      {% if messages %}
-      {% for message in messages %}
-      <div class="usa-alert usa-alert--{{ message.tags }} usa-alert--slim margin-bottom-3">
           <div class="usa-alert__body">
-          {{ message }}
+            <h4 class="usa-alert__heading larger-font-sizing">Domain missing domain information</h4>
+            <p class="usa-alert__text ">
+              You are attempting to manage a domain, {{ domain.name }}, which does not have a domain information object. Please correct this in the admin by editing the domain, and adding domain information, as appropriate.
+            </p>
           </div>
-      </div>
+        </div>
-      {% endfor %}
+      {% else %}
+        {% if is_analyst_or_superuser and analyst_action == 'edit' and analyst_action_location == domain.pk %}
+        <div class="usa-alert usa-alert--warning margin-bottom-2">
+          <div class="usa-alert__body">
+            <h4 class="usa-alert__heading larger-font-sizing">Attention!</h4>
+            <p class="usa-alert__text ">
+              You are making changes to a registrant’s domain. When finished making changes, close this tab and inform the registrant of your updates.
+            </p>
+          </div>
+        </div>
+        {% else %}
+        <a href="{% url 'home' %}" class="breadcrumb__back">
+          <svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
+          <use xlink:href="{% static 'img/sprite.svg' %}#arrow_back"></use>
+          </svg>
+
+          <p class="margin-left-05 margin-top-0 margin-bottom-0 line-height-sans-1">
+          Back to manage your domains
+          </p>
+        </a>
+        {% endif %}
+        {# messages block is under the back breadcrumb link #}
+        {% if messages %}
+        {% for message in messages %}
+        <div class="usa-alert usa-alert--{{ message.tags }} usa-alert--slim margin-bottom-3">
+            <div class="usa-alert__body">
+            {{ message }}
+            </div>
+        </div>
+        {% endfor %}
+        {% endif %}
+
+        {% block domain_content %}
+
+        <h1 class="break-word">{{ domain.name }}</h1>
+
+        {% endblock %}  {# domain_content #}
       {% endif %}
-
-      {% block domain_content %}
-
-      <h1 class="break-word">{{ domain.name }}</h1>
-
-      {% endblock %}  {# domain_content #}
-
       </main>
     </div>
   </div>

src/registrar/templates/domain_security_email.html

@@ -7,7 +7,7 @@
 
   <h1>Security email</h1>
 
-  <p>We strongly recommend that you provide a security email. This email will allow the  public to report observed or suspected security issues on your domain. Security emails are made public and included in the <a href="{% public_site_url 'about/data/' %}">.gov domain data</a> we provide.</p>
+  <p>We strongly recommend that you provide a security email. This email will allow the  public to report observed or suspected security issues on your domain. Security emails are made public and included in the <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'about/data/' %}">.gov domain data</a> we provide.</p>
 
   <p>A security contact should be capable of evaluating or triaging security reports for your entire domain. Use a team email address, not an individual’s email. We recommend using an alias, like security@domain.gov.</p>
 

src/registrar/templates/emails/transition_domain_invitation.txt

@@ -1,20 +1,41 @@
 {% autoescape off %}{# In a text file, we don't want to have HTML entities escaped #}
-Hi.
+Hello from .gov.
 
-You have been added as a manager on {% if domains|length > 1 %}multiple domains (listed below){% else %}{{ domains.0 }}{% endif %}.
+Our new domain management system—the .gov registrar—is now available. The organization, contacts, and DNS information for your .gov domain{% if domains|length > 1 %}s{% endif %} have been transferred to our new registrar. 
+
+Your .gov domain{% if domains|length > 1 %}s{% endif %}:
+{% for domain in domains %} - {{ domain }}
+{% endfor %}
+If you’re not affiliated with the above domain{% if domains|length > 1 %}s{% endif %} or think you received this message in error, let us know in a reply to this email. 
+
+
+CREATE A LOGIN.GOV ACCOUNT
+
+You can’t use your old credentials to access the new registrar. Access is now managed through Login.gov, a simple and secure process for signing into many government services with one account. Follow these steps to create your Login.gov account <https://login.gov/help/get-started/create-your-account/>. 
+
+When creating an account, you’ll need to provide the same email address you used to log in to the old registrar. That will ensure your domains are linked to your Login.gov account. 
+
+If you need help finding the email address you used in the past, let us know in a reply to this email.
+
+CHECK YOUR .GOV DOMAIN CONTACTS
+
+This is a good time to check who has access to your .gov domain{% if domains|length > 1 %}s{% endif %}. The admin, technical, and billing contacts listed for your domain{% if domains|length > 1 %}s{% endif %} in our old system also received this email. In our new registrar, these contacts are all considered “domain managers.” We no longer have the admin, technical, and billing roles, and you aren’t limited to three domain managers like in the old system. 
+
+    1. Once you have your Login.gov account, sign in to the new registrar at <https://manage.get.gov>.
+    2. Click the “Manage” link next to your .gov domain, then click on “Domain managers” to see who has access to your domain. 
+    3. If any of these users should not have access to your domain, let us know in a reply to this email.
+
+After verifying who has access to your domain{% if domains|length > 1 %}s{% endif %}, we also suggest reviewing your contact information and organization mailing address to ensure those are up to date. 
+
+
+DOMAIN EXPIRATION DATES EXTENDED BY ONE YEAR
+
+Expiration dates for .gov domains in good standing have been extended for one year. Expiration dates won't be shown in the new registrar yet. 
 
-YOU NEED A LOGIN.GOV ACCOUNT
-You’ll need a Login.gov account to manage your .gov domain{% if domains|length > 1 %}s{% endif %}. Login.gov provides a simple and secure process for signing into many government services with one account. If you don’t already have one, follow these steps to create your Login.gov account <https://login.gov/help/get-started/create-your-account/>. 
 
-DOMAIN MANAGEMENT
-As a .gov domain manager you can add or update information about your domain{% if domains|length > 1 %}s{% endif %}. You’ll also serve as a contact for your .gov domain{% if domains|length > 1 %}s{% endif %}. Please keep your contact information updated. Learn more about domain management <https://get.gov/help/>.
-{% if domains|length > 1 %}
-DOMAINS
-{% for domain in domains %} {{ domain }}
-{% endfor %}{% else %}
-{% endif %}
 SOMETHING WRONG?
-If you’re not affiliated with {{ domain }} or think you received this message in error, contact the .gov team <https://get.gov/help/#contact-us>. 
+
+If you think you received this message in error or have a question, let us know in a reply to this email. 
 
 
 THANK YOU
@@ -24,6 +45,8 @@ THANK YOU
 ----------------------------------------------------------------
 
 The .gov team
-Contact us: <https://get.gov/contact/>
+
-Visit <https://get.gov>
+.Gov blog <https://get.gov/updates/> 
+Domain management <https://manage.get.gov>
+Get.gov <https://get.gov>
 {% endautoescape %}

src/registrar/templates/emails/transition_domain_invitation_subject.txt

@@ -1 +1 @@
-You've been added to a .gov domain
+(Action required) Manage your .gov domain{% if domains|length > 1 %}s{% endif %} in the new registrar

src/registrar/templates/home.html

@@ -13,9 +13,22 @@
   <h1>Manage your domains</h2>
 
   <p class="margin-top-4">
-    <a href="{% url 'application:' %}" class="usa-button">
+    {% if is_production %}
+    <a href="javascript:void(0)" 
+    class="usa-button usa-tooltip disabled-link"
+    data-position="right"
+    title="Coming in 2024"
+    aria-disabled="true"
+    data-tooltip="true"
+    >
       Start a new domain request
     </a>
+    {% else %}
+    <a href="{% url 'application:' %}" class="usa-button"
+    >
+      Start a new domain request
+    </a>
+    {% endif %}
   </p>
 
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
@@ -130,7 +143,7 @@
     {% endif %}
   </section>
 
-  {# Note: Reimplement this after MVP.. #}
+  {# Note: Reimplement this after MVP #}
   <!--
   <section class="section--outlined tablet:grid-col-11 desktop:grid-col-10">
     <h2>Archived domains</h2>

src/registrar/templates/includes/ao_example.html

@@ -44,7 +44,7 @@
   <p>Domain requests from state legislatures and courts must be authorized by an agency’s <strong>Chief Information Officer</strong> or <strong>highest-ranking executive</strong>.</p>
 
 {% elif organization_type == 'tribal' %}
-  <p><strong>Domain requests from federally-recognized tribal governments must be authorized by the leader of the tribe</strong>, as recognized by the <a href="https://www.bia.gov/service/tribal-leaders-directory" class="usa-link">Bureau of Indian Affairs.</a></p>
+  <p><strong>Domain requests from federally-recognized tribal governments must be authorized by the leader of the tribe</strong>, as recognized by the <a class="usa-link usa-link--external" rel="noopener noreferrer" target="_blank" href="https://www.bia.gov/service/tribal-leaders-directory">Bureau of Indian Affairs</a>.</p>
 <p><strong>Domain requests from state-recognized tribal governments must be authorized by the leader of the tribe</strong>, as determined by the state’s tribal recognition initiative.</p>
 
 {% endif %}

src/registrar/templates/includes/domain_example.html

@@ -55,7 +55,7 @@
   </ul>
 
 {% elif organization_type == 'county' %}
-  <p>Most county .gov domains must include the two-letter state abbreviation or the full state name. County names that aren’t shared by any other city, county, parish, town, borough, village or equivalent in the U.S., at the time a domain is granted, can be requested without referring to the state. Counties can include “county” in their domain to distinguish it from other places with similar names. We use the <a href="https://www.census.gov/geographies/reference-files/time-series/geo/gazetteer-files.html">Census Bureau’s National Places Gazetteer Files</a> to determine if county names are unique.</p>
+  <p>Most county .gov domains must include the two-letter state abbreviation or the full state name. County names that aren’t shared by any other city, county, parish, town, borough, village or equivalent in the U.S., at the time a domain is granted, can be requested without referring to the state. Counties can include “county” in their domain to distinguish it from other places with similar names. We use the <a class="usa-link usa-link--external" rel="noopener noreferrer" target="_blank" href="https://www.census.gov/geographies/reference-files/time-series/geo/gazetteer-files.html">Census Bureau’s National Places Gazetteer Files</a> to determine if county names are unique.</p>
   <p><strong>Examples:</strong></p>
   <ul class="usa-list">
     <li>AdamsCountyMS.gov</li>
@@ -68,7 +68,7 @@
   <p>Most city domains must include the two-letter state abbreviation or clearly spell out the state name. Using phrases like “City of” or “Town of” is optional.</p>
   <p>Cities that meet one of the criteria below don’t have to refer to their state in the domain name.
     <ul class="usa-list">
-      <li>City names that are not shared by any other U.S. city, town, or village can be requested without referring to the state. We use the <a href="https://www.census.gov/geographies/reference-files/time-series/geo/gazetteer-files.html">Census Bureau’s National Places Gazetteer Files</a> to determine if names are unique.</li>
+      <li>City names that are not shared by any other U.S. city, town, or village can be requested without referring to the state. We use the <a class="usa-link usa-link--external" rel="noopener noreferrer" target="_blank" href="https://www.census.gov/geographies/reference-files/time-series/geo/gazetteer-files.html">Census Bureau’s National Places Gazetteer Files</a> to determine if names are unique.</li>
       <li>Certain cities are so well-known that they may not require a state reference to communicate location. We use the list of U.S. “dateline cities” in the Associated Press Stylebook to make this determination.</li>
       <li>The 50 largest cities, as measured by population according to the Census Bureau, can have .gov domain names that don’t refer to their state.</li>
     </ul>
@@ -81,7 +81,7 @@
   </p>
 
 {% elif organization_type == 'special_district' %}
-  <p>Domain names must represent your organization or institutional name, not solely the services you provide. It also needs to include your two-letter state abbreviation or clearly spell out the state name unless <a href="{% public_site_url 'domains/choosing/#counties' %}">county or city exceptions apply</a>.</p>
+  <p>Domain names must represent your organization or institutional name, not solely the services you provide. It also needs to include your two-letter state abbreviation or clearly spell out the state name unless <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'domains/choosing/#counties' %}">county or city exceptions apply</a>.</p>
   <p><strong>Examples:</strong></p>
   <ul class="usa-list">
     <li>ElectionsShelbyTN.gov</li>

src/registrar/templates/includes/footer.html

@@ -27,11 +27,11 @@
             <address class="usa-footer__address">
               <div class="usa-footer__contact-info grid-row grid-gap-md">
                 <div class="grid-col-auto">
-                   <a href="{% public_site_url 'help/' %}" class="usa-link"> Help </a>
+                   <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'help/' %}">Help </a>
                 </div>
                 <span class=""> | </span>
                 <div class="grid-col-auto">
-                  <a href="{% public_site_url 'contact/' %}" class="usa-link">Contact us</a>
+                  <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact/' %}">Contact us</a>
                 </div>
               </div>
             </address>
@@ -47,7 +47,7 @@
     >
       <div class="usa-identifier__container">
         <div class="usa-identifier__logos">
-          <a href="https://www.cisa.gov" class="usa-identifier__logo"
+          <a rel="noopener noreferrer" target="_blank" href="https://www.cisa.gov" class="usa-identifier__logo"
             ><img
               class="usa-identifier__logo-img"
               src="{% static 'img/CISA_logo.png' %}"
@@ -62,7 +62,7 @@
         >
           <p class="usa-identifier__identity-domain">get.gov</p>
           <p class="usa-identifier__identity-disclaimer">
-            An official website of the <a href="https://www.cisa.gov" class="usa-link">Cybersecurity and Infrastructure Security Agency</a>
+            An official website of the <a rel="noopener noreferrer" target="_blank" href="https://www.cisa.gov" class="usa-link">Cybersecurity and Infrastructure Security Agency</a>
           </p>
         </section>
       </div>
@@ -74,35 +74,35 @@
       <div class="usa-identifier__container">
         <ul class="usa-identifier__required-links-list">
           <li class="usa-identifier__required-links-item">
-        <a href="{% public_site_url 'about/' %}"
+        <a rel="noopener noreferrer" target="_blank" href="{% public_site_url 'about/' %}"
               class="usa-identifier__required-link usa-link">About .gov</a>
           </li>
           <li class="usa-identifier__required-links-item">
-            <a
+            <a rel="noopener noreferrer" target="_blank"
               href="https://github.com/cisagov/getgov"
               class="usa-identifier__required-link usa-link usa-link--external"
               >.gov on Github</a
             >
           </li>
           <li class="usa-identifier__required-links-item">
- <a href="{% public_site_url 'privacy-policy/' %}" class="usa-identifier__required-link usa-link">Privacy policy</a>
+ <a rel="noopener noreferrer" target="_blank" href="{% public_site_url 'privacy-policy/' %}" class="usa-identifier__required-link usa-link">Privacy policy</a>
           </li>
           <li class="usa-identifier__required-links-item">
-            <a href="https://www.dhs.gov/accessibility" class="usa-identifier__required-link usa-link usa-link--external"
+            <a rel="noopener noreferrer" target="_blank" href="https://www.dhs.gov/accessibility" class="usa-identifier__required-link usa-link usa-link--external"
               >Accessibility</a
             >
           </li>
           <li class="usa-identifier__required-links-item">
-            <a href="{% public_site_url 'vulnerability-disclosure-policy/' %}" class="usa-identifier__required-link usa-link"
+            <a rel="noopener noreferrer" target="_blank" href="{% public_site_url 'vulnerability-disclosure-policy/' %}" class="usa-identifier__required-link usa-link"
               >Vulnerability disclosure policy</a>
           </li>
           <li class="usa-identifier__required-links-item">
-            <a href="https://www.cisa.gov/cisa-no-fear-act-reporting" class="usa-identifier__required-link usa-link"
+            <a rel="noopener noreferrer" target="_blank" href="https://www.cisa.gov/cisa-no-fear-act-reporting" class="usa-identifier__required-link usa-link"
               >No FEAR Act data</a
             >
           </li>
           <li class="usa-identifier__required-links-item">
-            <a href="https://www.dhs.gov/freedom-information-act-foia" class="usa-identifier__required-link usa-link usa-link--external"
+            <a rel="noopener noreferrer" target="_blank" href="https://www.dhs.gov/freedom-information-act-foia" class="usa-identifier__required-link usa-link usa-link--external"
               >FOIA requests</a
             >
           </li>
@@ -117,6 +117,6 @@
         <div class="usa-identifier__usagov-description">
           Looking for U.S. government information and services?
         </div>
-        <a href="https://www.usa.gov/" class="usa-link usa-link--external">Visit USA.gov</a>
+        <a rel="noopener noreferrer" target="_blank" href="https://www.usa.gov/" class="usa-link usa-link--external">Visit USA.gov</a>
       </div>
     </section>

src/registrar/templates/includes/input_with_errors.html

@@ -37,7 +37,7 @@ error messages, if necessary.
         {% with link_index=sublabel_text|find_index:link_text %}
           {{ sublabel_text|slice:link_index }}
           {% comment %} HTML will convert a new line into a space, resulting with a space before the fullstop in case link_text is at the end of sublabel_text, hence the unfortunate line below {% endcomment %}
-          <a {% if target_blank == "true" %}target="_blank" {% endif %}href="{{ link_href }}">{{ link_text }}</a>{% with sublabel_part_after=sublabel_text|slice_after:link_text %}{{ sublabel_part_after }}{% endwith %}
+          <a {% if external_link == "true" %}rel="noopener noreferrer" class="usa-link usa-link--external" {% endif %}{% if target_blank == "true" %}target="_blank" {% endif %}href="{{ link_href }}">{{ link_text }}</a>{% with sublabel_part_after=sublabel_text|slice_after:link_text %}{{ sublabel_part_after }}{% endwith %}
         {% endwith %}
       {% else %}
         {{ sublabel_text }}

src/registrar/tests/common.py

@@ -453,7 +453,7 @@ def create_user():
     p = "userpass"
     user = User.objects.create_user(
         username="staffuser",
-        email="user@example.com",
+        email="staff@example.com",
         is_staff=True,
         password=p,
     )

src/registrar/tests/test_views.py

@@ -5,7 +5,7 @@ from django.conf import settings
 from django.test import Client, TestCase
 from django.urls import reverse
 from django.contrib.auth import get_user_model
-from .common import MockEppLib, completed_application  # type: ignore
+from .common import MockEppLib, completed_application, create_user  # type: ignore
 
 from django_webtest import WebTest  # type: ignore
 import boto3_mocking  # type: ignore
@@ -1105,6 +1105,9 @@ class TestWithDomainPermissions(TestWithUser):
         self.domain_just_nameserver, _ = Domain.objects.get_or_create(
             name="justnameserver.com"
         )
+        self.domain_no_information, _ = Domain.objects.get_or_create(
+            name="noinformation.gov"
+        )
 
         self.domain_dsdata, _ = Domain.objects.get_or_create(name="dnssec-dsdata.gov")
         self.domain_multdsdata, _ = Domain.objects.get_or_create(
@@ -1278,6 +1281,29 @@ class TestDomainOverview(TestWithDomainPermissions, WebTest):
         self.assertContains(detail_page, "(1.2.3.4,")
         self.assertContains(detail_page, "2.3.4.5)")
 
+    def test_domain_with_no_information_or_application(self):
+        """Test that domain management page returns 200 and displays error
+        when no domain information or domain application exist"""
+        # have to use staff user for this test
+        staff_user = create_user()
+        # staff_user.save()
+        self.client.force_login(staff_user)
+
+        # need to set the analyst_action and analyst_action_location
+        # in the session to emulate user clicking Manage Domain
+        # in the admin interface
+        session = self.client.session
+        session["analyst_action"] = "foo"
+        session["analyst_action_location"] = self.domain_no_information.id
+        session.save()
+
+        detail_page = self.client.get(
+            reverse("domain", kwargs={"pk": self.domain_no_information.id})
+        )
+
+        self.assertContains(detail_page, "noinformation.gov")
+        self.assertContains(detail_page, "Domain missing domain information")
+
 
 class TestDomainManagers(TestDomainOverview):
     def test_domain_managers(self):

src/registrar/views/index.py

@@ -2,6 +2,7 @@ from django.db.models import F
 from django.shortcuts import render
 
 from registrar.models import DomainApplication
+from django.conf import settings
 
 
 def index(request):
@@ -22,4 +23,5 @@ def index(request):
             state=F("domain__state"),
         )
         context["domains"] = domains
+        context["is_production"] = settings.IS_PRODUCTION
     return render(request, "home.html", context)

src/registrar/views/utility/mixins.py

@@ -100,7 +100,15 @@ class DomainPermission(PermissionsLoginMixin):
         if DomainInformation.objects.filter(id=pk).exists():
             requested_domain = DomainInformation.objects.get(id=pk)
 
-        if requested_domain.domain_application.status not in valid_domain_statuses:
+        # if no domain information or application exist, the user
+        # should be able to manage the domain; however, if domain information
+        # and domain application exist, and application is not in valid status,
+        # user should not be able to manage domain
+        if (
+            requested_domain
+            and requested_domain.domain_application
+            and requested_domain.domain_application.status not in valid_domain_statuses
+        ):
             return False
 
         # Valid session keys exist,

src/requirements.txt

@@ -1,8 +1,8 @@
 -i https://pypi.python.org/simple
 annotated-types==0.6.0; python_version >= '3.8'
 asgiref==3.7.2; python_version >= '3.7'
-boto3==1.28.76; python_version >= '3.7'
+boto3==1.28.79; python_version >= '3.7'
-botocore==1.31.76; python_version >= '3.7'
+botocore==1.31.79; python_version >= '3.7'
 cachetools==5.3.2; python_version >= '3.7'
 certifi==2023.7.22; python_version >= '3.6'
 cfenv==0.5.3
@@ -28,7 +28,7 @@ fred-epplib@ git+https://github.com/cisagov/epplib.git@d56d183f1664f34c40ca9716a
 furl==2.1.3
 future==0.18.3; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'
 gevent==23.9.1; python_version >= '3.8'
-geventconnpool@ git+https://github.com/rasky/geventconnpool.git
+geventconnpool@ git+https://github.com/rasky/geventconnpool.git@1bbb93a714a331a069adf27265fe582d9ba7ecd4
 greenlet==3.0.1; python_version >= '3.7'
 gunicorn==21.2.0; python_version >= '3.5'
 idna==3.4; python_version >= '3.5'