zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-14 08:37:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin' into ab/645-implement-test-cases-registry-integration

Browse source
This commit is contained in:
Alysia Broddrick 2023-08-23 07:54:04 -07:00
commit c9cadd3401
No known key found for this signature in database
GPG key ID: 03917052CD0F06B7
57 changed files with 2238 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/architecture/decisions/0006-cloud-gov.md
View file

@ -8,7 +8,7 @@ Accepted
## Context
We need a place to run our application for the registrar. Cloud.gov is a FIMSA Moderate Fedramped solution that supports our language and framework selections.
We need a place to run our application for the registrar. Cloud.gov is a FISMA Moderate FedRAMP'd solution that supports our language and framework selections.
## Decision
@ -16,10 +16,10 @@ To use cloud.gov to host our application(s).
## Consequences
Choosing cloud.gov for our solution means we are locked into its opinionated choices for our infrastructure. It forces us to run 12-factor applications. It doesn't support brokering for services we may need like email notifications.
It also means the compliance lift is much lighter. We do not need to prove we are compliance for the majority of our infrastructure and our runtime enviornment.
* Choosing Cloud.gov for our solution means we are assisted by its opinionated choices for our infrastructure. For example, it forces us to run 12-factor applications.
* It doesn't support brokering for services we may need like email notifications.
* The compliance lift is lighter. We can inherit Cloud.gov's controls for the majority of our infrastructure and our runtime enviornment.
## Alternatives Considered
Run our application on in either CISA's Azure or AWS environment with a continerized deployment.
Run our application on in either CISA's Azure or AWS environment with a containerized deployment.

7
docs/architecture/decisions/0021-django-admin.md
View file

@ -34,6 +34,13 @@ In contrast to building an admin interface from scratch where development activi
involve _building up_, leveraging Django Admin will require carefully _pairing back_ the functionalities available to
users such as analysts.
On accessibility: Django admin is almost fully accessible out-of-the-box, the exceptions being tables, checkboxes, and
color contrast. We have remedied the first 2 with template overrides and the 3rd with theming (see below).
On USWDS and theming: Django admin brings its own high level design framework. We have determined that theming on top of Django (scss)
is easy and worthwhile, while overwriting Django's templates with USWDS is hard and provides little return on investment
([research PR](https://github.com/cisagov/getgov/pull/831)).
While we anticipate that Django Admin will meet (or even exceed) the user needs that we are aware of today, it is still
an open question whether Django Admin will be the long-term administrator tool of choice. A pivot away from Django Admin
in the future would of course mean starting from scratch at a later date, and potentially juggling two separate admin

23
docs/architecture/decisions/0022-submit-domain-request-user-flow.md Normal file
View file

@ -0,0 +1,23 @@
# 22. Submit Domain Request User Flow
Date: 2023-07-18
## Status
Accepted
## Context
Historically, the .gov vendor managed initial identity verification and organizational affiliation for users that request a .gov domain. With the new registrar, _any user with a valid Login.gov account_ will be able to make a request. As a primary layer of abuse prevention (i.e., DDoSing the registry program with illegitimate requests), we need a way to stop new users from submitting multiple domain requests before they are known to the .gov registry. In this case, "known" means they have at least one approved domain application or existing domain.
## Considered Options
**Option 1:** Users will not be able to submit any new applications if they have 0 prior approved applications OR prior registered .gov domains. We would add a page alert informing the user that they cannot submit their application because they have an application in one of these "3" statuses (Submitted, In Review or Action Needed). They would still be able to create and edit new applications, just not submit them. The benefits of this option are that it would allow users to have multiple applications essentially in "draft mode" that are queued up and ready for submission after they are permitted to submit.
**Option 2:** Users will not be able to submit any new applications if they have 0 prior approved applications OR prior registered .gov domains. Additionally, we would remove the ability to edit any application with the started/withdrawn/rejected status, or start a new application. The benefit of this option is that a user would not be able to begin an action (submitting an application) that they are not allowed to complete.
## Decision
We have decided to go with option 1. New users of the registrar will need to have at least one approved application OR prior registered .gov domain in order to submit another application. We chose this option because we would like to allow users be able to work on applications, even if they are unable to submit them.
A [user flow diagram](https://miro.com/app/board/uXjVM3jz3Bs=/?share_link_id=875307531981) demonstrates our decision.

55
docs/developer/README.md
View file

@ -18,6 +18,20 @@ If you're new to Django, see [Getting Started with Django](https://www.djangopro
Visit the running application at [http://localhost:8080](http://localhost:8080).
### Troubleshooting
* If you are using Windows, you may need to change your [line endings](https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings). If not, you may not be able to run manage.py.
* Unix based operating systems (like macOS or Linux) handle line separators [differently than Windows does](https://superuser.com/questions/374028/how-are-n-and-r-handled-differently-on-linux-and-windows). This can break bash scripts in particular. In the case of manage.py, it uses *#!/usr/bin/env python* to access the Python executable. Since the script is still thinking in terms of unix line seperators, it may look for the executable *python\r* rather than *python* (since Windows cannot read the carriage return on its own) - thus leading to the error `usr/bin/env: 'python\r' no such file or directory`
* If you'd rather not change this globally, add a `.gitattributes` file in the project root with `* text eol=lf` as the text content, and [refresh the repo](https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings#refreshing-a-repository-after-changing-line-endings)
* If you are using a Mac with a M1 chip, and see this error `The chromium binary is not available for arm64.` or an error involving `puppeteer`, try adding this line below into your `.bashrc` or `.zshrc`.
```
export DOCKER_DEFAULT_PLATFORM=linux/amd64
```
When completed, don't forget to rerun `docker-compose up`!
## Branch Conventions
We use the branch convention of `initials/branch-topic` (ex: `lmm/fix-footer`). This allows for automated deployment to a developer sandbox namespaced to the initials.
@ -66,7 +80,7 @@ The endpoint /admin can be used to view and manage site content, including but n
1. Login via login.gov
2. Go to the home page and make sure you can see the part where you can submit an application
3. Go to /admin and it will tell you that UUID is not authorized, copy that UUID for use in 4
4. in src/registrar/fixtures.py add to the ADMINS list in that file by adding your UUID as your username along with your first and last name. See below:
4. in src/registrar/fixtures.py add to the `ADMINS` list in that file by adding your UUID as your username along with your first and last name. See below:
```
ADMINS = [
@ -79,8 +93,32 @@ The endpoint /admin can be used to view and manage site content, including but n
]
```
5. In the browser, navigate to /admins. To verify that all is working correctly, under "domain applications" you should see fake domains with various fake statuses.
5. In the browser, navigate to /admin. To verify that all is working correctly, under "domain applications" you should see fake domains with various fake statuses.
6. Add an optional email key/value pair
### Adding an Analyst to /admin
Analysts are a variant of the admin role with limited permissions. The process for adding an Analyst is much the same as adding an admin:
1. Login via login.gov (if you already exist as an admin, you will need to create a separate login.gov account for this: i.e. first.last+1@email.com)
2. Go to the home page and make sure you can see the part where you can submit an application
3. Go to /admin and it will tell you that UUID is not authorized, copy that UUID for use in 4 (this will be a different UUID than the one obtained from creating an admin)
4. in src/registrar/fixtures.py add to the `STAFF` list in that file by adding your UUID as your username along with your first and last name. See below:
```
STAFF = [
{
"username": "<UUID here>",
"first_name": "",
"last_name": "",
},
...
]
```
5. In the browser, navigate to /admin. To verify that all is working correctly, verify that you can only see a sub-section of the modules and some are set to view-only.
6. Add an optional email key/value pair
Do note that if you wish to have both an analyst and admin account, append `-Analyst` to your first and last name, or use a completely different first/last name to avoid confusion. Example: `Bob-Analyst`
## Adding to CODEOWNERS (optional)
The CODEOWNERS file sets the tagged individuals as default reviewers on any Pull Request that changes files that they are marked as owners of.
@ -166,6 +204,17 @@ from .common import less_console_noise
# <test code goes here>
```
### Accessibility Testing in the browser
We use the [ANDI](https://www.ssa.gov/accessibility/andi/help/install.html) browser extension
from ssa.gov for accessibility testing outside the pipeline.
ANDI will get blocked by our CSP settings, so you will need to install the
[Disable Content-Security-Policy extension](https://chrome.google.com/webstore/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden)
and activate it for the page you'd like to test.
Note - refresh after enabling the extension on a page but before clicking ANDI.
### Accessibility Scanning
The tool `pa11y-ci` is used to scan pages for compliance with a set of
@ -203,7 +252,7 @@ Assets are stored in `registrar/assets` during development and served from `regi
We utilize the [uswds-compile tool](https://designsystem.digital.gov/documentation/getting-started/developers/phase-two-compile/) from USWDS to compile and package USWDS assets.
## Making and view style changes
## Making and viewing style changes
When you run `docker-compose up` the `node` service in the container will begin to watch for changes in the `registrar/assets` folder, and will recompile once any changes are made.

3
docs/django-admin/roles.md
View file

@ -17,4 +17,5 @@ Staff
auditlog | log entry | can view log entry
registrar | contact | can view contact
registrar | domain application | can change domain application
registrar | domain | can view domain
registrar | domain | can view domain
registrar | user | can view user