From 945229cfc84f21c7c97618454f756e79bc5d4859 Mon Sep 17 00:00:00 2001
From: calerubensteingsa <108084972+calerubensteingsa@users.noreply.github.com>
Date: Mon, 13 Mar 2023 11:01:07 -0400
Subject: [PATCH 1/6] Update product_strategy.md
---
docs/product/product_strategy.md | 32 +++++++++++---------------------
1 file changed, 11 insertions(+), 21 deletions(-)
diff --git a/docs/product/product_strategy.md b/docs/product/product_strategy.md
index 2219e19a4..9f99df5c5 100644
--- a/docs/product/product_strategy.md
+++ b/docs/product/product_strategy.md
@@ -1,34 +1,24 @@
# .gov Product Strategy
Purpose: Clarify our focus for developing a new .gov TLD system and align it to the needs of its users, CISA's mission and standards, and the vision for the .gov program.
+# .gov Mission Statement
+
+.gov helps U.S.-based government organizations gain public trust by making .gov a well-known, reliable, and secure space online.
+
## Product Vision
CISA intends to create a modern, user-centered, responsive web application to enable .gov registrants to manage their domain’s registration lifecycle, DNS settings, and useful supporting services. The registrar should be the central .gov hub for CISA, supporting registrant management and tracking technical performance indicators for the TLD. For CISA and registrants, the registrar should help generate insights into the security of an organization’s internet-accessible systems.
-
-## Primary, Secondary, Tertiary Users
-### Primary:
-* US-based government organizations and publicly-controlled entities who use or should use the registrar
- * _NOTE: Segmenting our audience is a separate conversation and so this intentionally broad as placeholder_
-* CISA .gov administrators
-
-
## Problem Statements
U.S.-based government organizations and publicly controlled entities lack a clear, usable, and efficient way to apply, register, and a .gov domain and related infrastructure in order to build public trust of their website and communications.
CISA lacks a scalable, efficient, and secure method of managing the outreach and operations of .gov TLD program in order to facilitate government agencies building public trust of their website and communications.
-## Short-term Success for .gov
-* A production-ready, modern .gov registrar that can replace the current system with improved user experience and operational efficiency
- * Built in the open
- * Meeting accessibility and testing standards
-* A plan for developing capacity within the CISA organization going forward
-
-## Long-term Success for .gov
-* Increase the number of governments, currently on non-.gov TLDs, to .gov
-* Develop services to support “the security, privacy, reliability, accessibility, and speed of registered .gov internet domains” (DOTGOV ACT)
-* Sustainable long-term skills and capacity to scale up the program
-
-## Risks
-_To be prioritized and posted_
+## Objective and Key Results for .gov
+| **Objective** | **Key Result** |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Growth and Use:** Regular growth in the overall number of .gov domains registered, with clear increases in election orgs, major metro areas, and state legislatures/courts | - Raw count of registered .gov domains increases - Number of YoY applications per month increases - Percent of 100 most populous cities, counties, etc. (per Census data) using .gov domains increases |
+| **Data:** The program maintains authoritative contacts at, metadata about, and hostname information for all registered .gov domains, and is able to track that .gov domains are actually used | - Time-to-generate internal reports decreases - Results of periodic data quality audit show improvements Month-over-Month |
+| **User satisfaction:** Getting a .gov domain is as easy and intuitive as possible | - Completion rate of form improves - Time from domain request to approval decreases - Number of domains requiring analyst data changes decrease |
+| **Program reputation and Experience:** The .gov program is viewed as trustworthy and responsive | - Response time for inquiries decreases - Resolution time decreases - Rate of repeat issues for tickets decreases - Number of SLTT organizations in CoP increases |
From 06752513a380b1dafd319b6ac54c069866f99687 Mon Sep 17 00:00:00 2001
From: Michelle Rago <60157596+michelle-rago@users.noreply.github.com>
Date: Mon, 13 Mar 2023 17:07:27 -0400
Subject: [PATCH 2/6] Update product_strategy.md
Followed sentence case style and made other minor edits
---
docs/product/product_strategy.md | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/docs/product/product_strategy.md b/docs/product/product_strategy.md
index 9f99df5c5..0a78ddd63 100644
--- a/docs/product/product_strategy.md
+++ b/docs/product/product_strategy.md
@@ -1,24 +1,24 @@
-# .gov Product Strategy
-Purpose: Clarify our focus for developing a new .gov TLD system and align it to the needs of its users, CISA's mission and standards, and the vision for the .gov program.
+# .Gov product strategy
+Purpose: Clarify our focus for developing a new .gov TLD system and align it to the needs of our users, CISA's mission and standards, and the vision for the .gov program.
-# .gov Mission Statement
+# .Gov mission statement
.gov helps U.S.-based government organizations gain public trust by making .gov a well-known, reliable, and secure space online.
-## Product Vision
+## Product vision
-CISA intends to create a modern, user-centered, responsive web application to enable .gov registrants to manage their domain’s registration lifecycle, DNS settings, and useful supporting services. The registrar should be the central .gov hub for CISA, supporting registrant management and tracking technical performance indicators for the TLD. For CISA and registrants, the registrar should help generate insights into the security of an organization’s internet-accessible systems.
+CISA intends to create a modern, user-centered, responsive web application to enable .gov registrants to manage their domain’s registration lifecycle, DNS settings, and useful supporting services. The registrar should be the central .gov hub for CISA, supporting registrant management, and tracking technical performance indicators for the TLD. For CISA and registrants, the registrar should help generate insights into the security of an organization’s internet-accessible systems.
-## Problem Statements
-U.S.-based government organizations and publicly controlled entities lack a clear, usable, and efficient way to apply, register, and a .gov domain and related infrastructure in order to build public trust of their website and communications.
+## Problem statements
+U.S.-based government organizations and publicly controlled entities lack a clear, usable, and efficient way to apply for, register, and manage .gov domains and related infrastructure to build public trust of their website and communications.
-CISA lacks a scalable, efficient, and secure method of managing the outreach and operations of .gov TLD program in order to facilitate government agencies building public trust of their website and communications.
+CISA lacks a scalable, efficient, and secure method of managing the .gov TLD program that helps government agencies build public trust of their website and communications.
-## Objective and Key Results for .gov
+## Objective and key results for .gov
-| **Objective** | **Key Result** |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| **Growth and Use:** Regular growth in the overall number of .gov domains registered, with clear increases in election orgs, major metro areas, and state legislatures/courts | - Raw count of registered .gov domains increases - Number of YoY applications per month increases - Percent of 100 most populous cities, counties, etc. (per Census data) using .gov domains increases |
-| **Data:** The program maintains authoritative contacts at, metadata about, and hostname information for all registered .gov domains, and is able to track that .gov domains are actually used | - Time-to-generate internal reports decreases - Results of periodic data quality audit show improvements Month-over-Month |
-| **User satisfaction:** Getting a .gov domain is as easy and intuitive as possible | - Completion rate of form improves - Time from domain request to approval decreases - Number of domains requiring analyst data changes decrease |
-| **Program reputation and Experience:** The .gov program is viewed as trustworthy and responsive | - Response time for inquiries decreases - Resolution time decreases - Rate of repeat issues for tickets decreases - Number of SLTT organizations in CoP increases |
+| **Objective** | **Key result** |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Growth and use:** Regular growth in the overall number of .gov domains registered, with clear increases in election orgs, major metro areas, and state legislatures/courts | - Raw count of registered .gov domains increases
- Number of YoY applications per month increases
- Percent of 100 most populous cities, counties, etc. (per Census data) using .gov domains increases |
+| **Data:** The program maintains authoritative contacts at, metadata about, and hostname information for all registered .gov domains, and is able to track that .gov domains are actually used | - Time-to-generate internal reports decreases
- Results of periodic data quality audit show improvements month-over-month |
+| **User satisfaction:** Getting a .gov domain is as easy and intuitive as possible | - Completion rate of form improves
- Time from domain request to approval decreases
- Number of domains requiring analyst data changes decreases |
+| **Program reputation and experience:** The .gov program is viewed as trustworthy and responsive | - Response time for inquiries decreases
- Resolution time decreases
- Rate of repeat issues for tickets decreases
- Number of SLTT organizations in CoP increases |
From 228ac35b6ec5291eb63b61fcabeb25fa86a87a99 Mon Sep 17 00:00:00 2001
From: calerubensteingsa <108084972+calerubensteingsa@users.noreply.github.com>
Date: Wed, 15 Mar 2023 14:44:22 -0400
Subject: [PATCH 3/6] Update product_strategy.md
---
docs/product/product_strategy.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/product/product_strategy.md b/docs/product/product_strategy.md
index 0a78ddd63..9b7bba301 100644
--- a/docs/product/product_strategy.md
+++ b/docs/product/product_strategy.md
@@ -10,9 +10,9 @@ Purpose: Clarify our focus for developing a new .gov TLD system and align it to
CISA intends to create a modern, user-centered, responsive web application to enable .gov registrants to manage their domain’s registration lifecycle, DNS settings, and useful supporting services. The registrar should be the central .gov hub for CISA, supporting registrant management, and tracking technical performance indicators for the TLD. For CISA and registrants, the registrar should help generate insights into the security of an organization’s internet-accessible systems.
## Problem statements
-U.S.-based government organizations and publicly controlled entities lack a clear, usable, and efficient way to apply for, register, and manage .gov domains and related infrastructure to build public trust of their website and communications.
+U.S.-based government organizations and publicly controlled entities lack a clear, usable, and efficient way to apply for, register, and manage .gov domains and related infrastructure to build public trust in their online services and communications.
-CISA lacks a scalable, efficient, and secure method of managing the .gov TLD program that helps government agencies build public trust of their website and communications.
+CISA lacks a scalable, efficient, and secure method of managing the .gov TLD program that helps government agencies to build public trust in their online services and communications.
## Objective and key results for .gov
From 7718dbc374661a4fc97c37ed66838a2871e88521 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell
Date: Thu, 23 Mar 2023 14:03:08 -0500
Subject: [PATCH 4/6] Review feedback: docstrings, move out form
---
src/registrar/forms/__init__.py | 1 +
src/registrar/forms/domain.py | 21 +++++++++++++++++++++
src/registrar/views/domain.py | 13 +++++++++++++
3 files changed, 35 insertions(+)
create mode 100644 src/registrar/forms/domain.py
diff --git a/src/registrar/forms/__init__.py b/src/registrar/forms/__init__.py
index bd0426884..d48dd037b 100644
--- a/src/registrar/forms/__init__.py
+++ b/src/registrar/forms/__init__.py
@@ -1 +1,2 @@
from .application_wizard import *
+from .domain import DomainAddUserForm
diff --git a/src/registrar/forms/domain.py b/src/registrar/forms/domain.py
new file mode 100644
index 000000000..6a2229961
--- /dev/null
+++ b/src/registrar/forms/domain.py
@@ -0,0 +1,21 @@
+"""Forms for domain management."""
+
+from django import forms
+
+from registrar.models import User
+
+
+class DomainAddUserForm(forms.Form):
+
+ """Form for adding a user to a domain."""
+
+ email = forms.EmailField(label="Email")
+
+ def clean_email(self):
+ requested_email = self.cleaned_data["email"]
+ try:
+ User.objects.get(email=requested_email)
+ except User.DoesNotExist:
+ # TODO: send an invitation email to a non-existent user
+ raise forms.ValidationError("That user does not exist in this system.")
+ return requested_email
diff --git a/src/registrar/views/domain.py b/src/registrar/views/domain.py
index dc8ccc369..150efab81 100644
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@@ -14,12 +14,18 @@ from .utility import DomainPermission
class DomainView(DomainPermission, DetailView):
+
+ """Domain detail overview page."""
+
model = Domain
template_name = "domain_detail.html"
context_object_name = "domain"
class DomainUsersView(DomainPermission, DetailView):
+
+ """User management page in the domain details."""
+
model = Domain
template_name = "domain_users.html"
context_object_name = "domain"
@@ -42,6 +48,13 @@ class DomainAddUserForm(DomainPermission, forms.Form):
class DomainAddUserView(DomainPermission, FormMixin, DetailView):
+
+ """Inside of a domain's user management, a form for adding users.
+
+ Multiple inheritance is used here for permissions, form handling, and
+ details of the individual domain.
+ """
+
template_name = "domain_add_user.html"
model = Domain
form_class = DomainAddUserForm
From 6f41d18deca8323f016c81d5ffaec623f7bd94b2 Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell
Date: Thu, 23 Mar 2023 14:28:34 -0500
Subject: [PATCH 5/6] Fix OWASP Zap error
---
src/zap.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/zap.conf b/src/zap.conf
index 640883adc..09d309cfe 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -48,7 +48,7 @@
10038 OUTOFSCOPE http://app:8080/public/img/.*
10038 OUTOFSCOPE http://app:8080/public/css/.*
10038 OUTOFSCOPE http://app:8080/public/js/.*
-10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml|TODO|edit/)
+10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml|TODO|edit|users/)
# This URL always returns 404, so include it as well.
10038 OUTOFSCOPE http://app:8080/todo
# OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers
From d27da27e143257194e4a0b3557a9e9cd474e25bb Mon Sep 17 00:00:00 2001
From: Neil Martinsen-Burrell
Date: Thu, 23 Mar 2023 14:42:51 -0500
Subject: [PATCH 6/6] Fix OWASP Zap error
---
src/zap.conf | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/zap.conf b/src/zap.conf
index 09d309cfe..ba0ef6a89 100644
--- a/src/zap.conf
+++ b/src/zap.conf
@@ -48,7 +48,9 @@
10038 OUTOFSCOPE http://app:8080/public/img/.*
10038 OUTOFSCOPE http://app:8080/public/css/.*
10038 OUTOFSCOPE http://app:8080/public/js/.*
-10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml|TODO|edit|users/)
+10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml|TODO|edit/)
+10038 OUTOFSCOPE http://app:8080/users
+10038 OUTOFSCOPE http://app:8080/users/add
# This URL always returns 404, so include it as well.
10038 OUTOFSCOPE http://app:8080/todo
# OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers