zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-06-09 22:14:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

Mr/legal (#439)

Browse source 
* Update application_wizard.py

* Newer, slimmer version of legal content

* Update form section labels

* Updated text for request for info from tribal govs

* Added text to clarify that managing elections should be primary purpose of office

* Added question about audience to align with new requirements

* Fix link in error message, tests and linting

---------

Co-authored-by: Neil Martinsen-Burrell <neil.martinsen-burrell@gsa.gov>
This commit is contained in:
Michelle Rago 2023-02-28 12:37:01 -05:00 committed by GitHub
parent 6bbe3b4a95
commit a8115a5778
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 51 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/registrar/forms/application_wizard.py
View file

@ -6,6 +6,8 @@ from phonenumber_field.formfields import PhoneNumberField # type: ignore
from django import forms
from django.core.validators import RegexValidator
from django.urls import reverse
from django.utils.safestring import mark_safe
from api.views import DOMAIN_API_MESSAGES
@ -179,11 +181,19 @@ class TribalGovernmentForm(RegistrarForm):
self.cleaned_data["federally_recognized_tribe"]
or self.cleaned_data["state_recognized_tribe"]
):
todo_url = reverse("todo")
raise forms.ValidationError(
"Only tribes recognized by the U.S. federal government or by a U.S."
" state government are eligible for .gov domains. Please email"
" registrar@dotgov.gov to tell us more about your tribe and why you"
" want a .gov domain.",
# no sec because we are using it to include an internal URL
# into a link. There should be no user-facing input in the
# HTML indicated here.
mark_safe( # nosec
"Only tribes recognized by the U.S. federal government "
"or by a U.S. state government are eligible for .gov "
'domains. Please <a href="{}">tell us more '
"about your tribe and why you want a .gov domain</a>.".format(
todo_url
)
),
code="invalid",
)
@ -682,14 +692,11 @@ class AnythingElseForm(RegistrarForm):
class RequirementsForm(RegistrarForm):
is_policy_acknowledged = forms.BooleanField(
label=(
"I read and agree to the requirements for registering "
"and operating .gov domains."
),
label=("I read and agree to the requirements for operating .gov domains."),
error_messages={
"required": (
"Check the box if you read and agree to the requirements for"
" registering and operating .gov domains."
" operating .gov domains."
)
},
)

3
src/registrar/templates/application_org_election.html
View file

@ -5,6 +5,7 @@
<h2 class="margin-bottom-05">
Is your organization an election office?
</h2>
<p>Answer “yes” if the primary purpose of your organization is to manage elections.</p>
{% endblock %}
@ -12,4 +13,4 @@
{% with add_class="usa-radio__input--tile" %}
{% input_with_errors forms.0.is_election_board %}
{% endwith %}
{% endblock %}
{% endblock %}

15
src/registrar/templates/application_purpose.html
View file

@ -2,14 +2,13 @@
{% load field_helpers %}
{% block form_instructions %}
<p>.Gov domain names are intended for use on the internet. They should be registered
with an intent to deploy services, not simply to reserve a name. .Gov domains should
not be registered for primarily internal use.</p>
<p>.Gov domain names are for use on the internet. Dont register a .gov to simply reserve a
domain name or for mainly internal use.</p>
<p>Describe the reason for your domain request. Explain how you plan to use this
domain. Will you use it for a website and/or email? Are you moving your website from
another top-level domain (like .com or .org)? Read about <a href="{% url 'todo' %}">activities that
are prohibited on .gov domains.</a></p>
<p>Describe the reason for your domain request. Explain how you plan to use this domain.
Who is your intended audience? Will you use it for a website and/or email? Are you moving
your website from another top-level domain (like .com or .org)?
Read about <a href="{% url 'todo' %}">activities that are prohibited on .gov domains.</a></p>
{% endblock %}
@ -17,4 +16,4 @@
{% with attr_maxlength=500 %}
{% input_with_errors forms.0.purpose %}
{% endwith %}
{% endblock %}
{% endblock %}

164
src/registrar/templates/application_requirements.html
View file

@ -2,55 +2,44 @@
{% load field_helpers %}
{% block form_instructions %}
<p>The .gov domain exists to support a broad diversity of government missions and
public initiatives. Generally, the .gov registry does not review or audit how
government organizations use their domains. However, misuse of an individual .gov
domain can reflect upon the integrity of the entire .gov space. There are categories
of misuse that are statutorily prohibited or abusive in nature.</p>
<p>Please read this page. Check the box at the bottom to show that you agree to the requirements for operating .gov domains.</p>
<p>The .gov domain space exists to support a broad diversity of government missions. Generally, we dont examine how government organizations use their domains. However, misuse of a .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
<h2>Prohibited activities for .gov domains</h2>
<h3>Commercial purposes </h3>
<h2>What you cant do with .gov domains</h2>
<p>A .gov domain must not be used for commercial purposes, such as advertising
benefitting private individuals or entities.</p>
<h3>Commercial purposes</h3>
<p>.Gov domains must not be used for commercial purposes, such as advertising that benefits private individuals or entities.</p>
<h3>Political campaigns</h3>
<p>A .gov domain must not be used for political campaigns.</p>
<p>.Gov domains must not be used for political campaigns.</p>
<h3>Illegal content</h3>
<p>A .gov domain must not be used to distribute or promote material whose distribution
violates applicable law.</p>
<p>.Gov domains must not be used to distribute or promote material whose distribution violates applicable law.</p>
<h3>Malicious cyber activity </h3>
<p>.Gov is a trusted and safe space. .Gov domains must not distribute malware, host
open redirects, or otherwise engage in malicious cyber activity.</p>
<h2>Required activities for .gov domain registrants </h2>
<h2>What .gov domain registrants must do</h2>
<h3>Keep your contact information updated</h3>
<p>As a .gov domain registrant, maintain current and accurate contact information in the
.gov registrar. We strongly recommend that you create and use a security contact.</p>
<p>.Gov domain registrants must maintain accurate contact information in the .gov registrar.</p>
<h3>Be responsive if we contact you</h3>
<p>Registrants should respond in a timely manner to communications about required and
prohibited activities.</p>
<p>Registrants should respond promptly to communications about potential violations to these requirements.</p>
<h2>Domains can be suspended or terminated for violations</h2>
<h2>Failure to comply with these requirements could result in domain suspension or termination</h2>
<p>The .gov program may need to suspend or terminate a domain registration for
violations. Registrants should respond in a timely manner to communications about
prohibited activities.</p>
<p>When we discover a violation, we will make reasonable efforts to contact a
registrant, including:
<p>We may need to suspend or terminate a domain registration for violations. When we discover a violation, well make reasonable efforts to contact a registrant, including:
<ul class="usa-list">
<li>Emails to domain contacts </li>
<li>Emails to domain contacts</li>
<li>Phone calls to domain contacts</li>
<li>Email or phone call to the authorizing official</li>
<li>Emails or phone calls to the government organization, a parent organization,
@ -58,130 +47,9 @@
</ul>
</p>
<p>We understand the critical importance of the availability of .gov domains.
Suspending or terminating a .gov domain is reserved only for prolonged, unresolved
serious violations where the registrant is non-responsive. We will make extensive
efforts to contact registrants and to identify potential solutions, and will make
reasonable accommodations for remediation timelines proportional to the severity of
the issue.</p>
<h2>Requirements for authorizing officials</h2>
<p>Your authorizing official is the person within your organization who can authorize
your domain request. This is generally the highest ranking or highest elected official
in your organization.</p>
<h3>Executive branch federal agencies</h3>
<p>Domain requests from executive branch agencies must be authorized by CIOs or agency
heads.</p>
<p>Domain requests from executive branch agencies are subject to guidance issued by
the U.S. Office of Management and Budget.</p>
<h3>Judicial branch federal agencies</h3>
<p>Domain requests for judicial branch agencies, except the U.S. Supreme Court, must
be authorized by the director or CIO of the Administrative Office (AO) of the United
States Courts.</p>
<p>Domain requests from the U.S. Supreme Court must be authorized by the director of
information technology for the U.S. Supreme Court.</p>
<h3>Legislative branch federal agencies</h3>
<h4>U.S. Senate</h4>
<p>Domain requests from the U.S. Senate must come from the Senate Sergeant at Arms.</p>
<h4>U.S. House of Representatives</h4>
<p>Domain requests from the U.S. House of Representatives must come from the House
Chief Administrative Officer.</p>
<h4>Other legislative branch agencies</h4>
<p>Domain requests from legislative branch agencies must come from the agencys head
or CIO.</p>
<p>Domain requests from legislative commissions must come from the head of the
commission, or the head or CIO of the parent agency, if there is one.</p>
<h3>Interstate</h3>
<p>Domain requests from interstate organizations must be authorized by the
highest-ranking executive (president, director, chair, or equivalent) or one of the
states governors or CIOs.</p>
<h3>U.S. states and territories</h3>
<h4>States and territories: executive branch</h4>
<p>Domain requests from states and territories must be authorized by the governor or
the state CIO.</p>
<h4>States and territories: judicial and legislative branches</h4>
<p>Domain requests from state legislatures and courts must be authorized by an
agencys CIO or highest-ranking executive.</p>
<h3>Tribal governments</h3>
<p>Domain requests from federally-recognized tribal governments must be authorized by
tribal chiefs as noted by the
<a href="https://www.bia.gov/service/tribal-leaders-directory">Bureau of Indian
Affairs</a>.</p>
<h3>Counties</h3>
<p>Domain requests from counties must be authorized by the chair of the county
commission or the equivalent highest elected official.</p>
<h3>Cities</h3>
<p>Domain requests from cities must be authorized by the mayor or the equivalent
highest elected official.</p>
<h3>Special districts</h3>
<p>Domain requests from special districts must be authorized by the highest-ranking
executive (president, director, chair, or equivalent) or state CIOs for state-based
organizations.</p>
<h3>School districts</h3>
<p>Domain requests from school district governments must be authorized by the highest-ranking
executive (the chair of a school districts board or a superintendent).</p>
<h2>Requirements for .gov domain names</h2>
<p>.Gov domains must:
<ul class="usa-list">
<li>Be available</li>
<li>Be unique</li>
<li>Relate to your organizations name, location, and/or services</li>
<li>Be clear to the general public. Your domain name must not be easily confused
with other organizations.</li>
</ul>
</p>
<h2>HSTS preloading</h2>
<p>The .gov program will preload all newly registered .gov domains for HTTP Strict
Transport Security (HSTS).</p>
<p>HSTS is a simple and widely-supported standard that protects visitors by ensuring
that their browsers always connect to a website over HTTPS. HSTS removes the need to
redirect users from http:// to https:// URLs. (This redirection is a security risk
that HSTS eliminates.)</p>
<p>HSTS preloading impacts web traffic only. Once a domain is on the HSTS preload
list, modern web browsers will enforce HTTPS connections for all websites hosted on
the .gov domain. Users will not be able to click through warnings to reach a site.
Non-web uses of .gov (email, VPN, APIs, etc.) are not affected.</p>
<p>We understand the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved for prolonged, unresolved, serious violations where the registrant is non-responsive. We'll make extensive efforts to contact registrants and to identify potential solutions. We'll make reasonable accommodations for remediation timelines based on the severity of the issue.</p>
{% endblock %}
{% block form_fields %}
<fieldset class="usa-fieldset">
<legend>
@ -191,4 +59,4 @@
{% input_with_errors forms.0.is_policy_acknowledged %}
</fieldset>
{% endblock %}
{% endblock %}

19
src/registrar/templates/includes/form_errors.html
View file

@ -1,23 +1,14 @@
{% comment %}
Commenting the code below to turn off the error because
we are showing the caution dialog instead. But saving in
case we want to revert this.
This only shows non-field errors at the top of form pages.
The individual field errors are not shown at the top of the
page, they are shown on each individual field.
{% endcomment %}
{% if form.errors %}
{% for error in form.non_field_errors %}
{% for error in form.non_field_errors %}
<div class="usa-alert usa-alert--error usa-alert--slim margin-bottom-2">
<div class="usa-alert__body">
{{ error|escape }}
</div>
</div>
{% endfor %}
{% for field in form %}
{% for error in field.errors %}
<div class="usa-alert usa-alert--error usa-alert--slim margin-bottom-2">
<div class="usa-alert__body">
{{ error|escape }}
</div>
</div>
{% endfor %}
{% endfor %}
{% endif %}
{% endcomment %}

6
src/registrar/tests/test_forms.py
View file

@ -123,7 +123,7 @@ class TestFormValidation(TestCase):
form.errors["is_policy_acknowledged"],
[
"Check the box if you read and agree to the requirements for"
" registering and operating .gov domains."
" operating .gov domains."
],
)
@ -134,7 +134,7 @@ class TestFormValidation(TestCase):
form.errors["is_policy_acknowledged"],
[
"Check the box if you read and agree to the requirements for"
" registering and operating .gov domains."
" operating .gov domains."
],
)
@ -145,7 +145,7 @@ class TestFormValidation(TestCase):
)
self.assertTrue(
any(
"Please email registrar@dotgov.gov" in error
"tell us more about your tribe" in error
for error in form.non_field_errors()
)
)

6
src/registrar/views/application.py
View file

@ -77,16 +77,14 @@ class ApplicationWizard(LoginRequiredMixin, TemplateView):
Step.ORGANIZATION_CONTACT: _("Organization name and mailing address"),
Step.TYPE_OF_WORK: _("Type of work"),
Step.AUTHORIZING_OFFICIAL: _("Authorizing official"),
Step.CURRENT_SITES: _("Organization website"),
Step.CURRENT_SITES: _("Current website for your organization"),
Step.DOTGOV_DOMAIN: _(".gov domain"),
Step.PURPOSE: _("Purpose of your domain"),
Step.YOUR_CONTACT: _("Your contact information"),
Step.OTHER_CONTACTS: _("Other employees from your organization"),
Step.NO_OTHER_CONTACTS: _("No other employees from your organization?"),
Step.ANYTHING_ELSE: _("Anything else we should know?"),
Step.REQUIREMENTS: _(
"Requirements for registration and operation of .gov domains"
),
Step.REQUIREMENTS: _("Requirements for operating .gov domains"),
Step.REVIEW: _("Review and submit your domain request"),
}