From fe6aa96a028573e321ad321f66f69ce5ad76a706 Mon Sep 17 00:00:00 2001
From: igorkorenfeld <igor.korenfeld@gsa.gov>
Date: Tue, 8 Nov 2022 17:02:49 -0500
Subject: [PATCH] Add requirements view

---
 src/registrar/forms/application_wizard.py     |  6 ++
 .../templates/application_requirements.html   | 72 +++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 src/registrar/templates/application_requirements.html

diff --git a/src/registrar/forms/application_wizard.py b/src/registrar/forms/application_wizard.py
index b5dc782ff..c861c8627 100644
--- a/src/registrar/forms/application_wizard.py
+++ b/src/registrar/forms/application_wizard.py
@@ -135,6 +135,9 @@ class AnythingElseForm(forms.Form):
             widget=forms.Textarea()
             )
 
+class RequirementsForm(forms.Form):
+    agree_check = forms.BooleanField(label="I read and agree to the .gov domain requirements.")
+
 # List of forms in our wizard. Each entry is a tuple of a name and a form
 # subclass
 FORMS = [
@@ -148,6 +151,7 @@ FORMS = [
     ("other_contacts", OtherContactsForm),
     ("security_email", SecurityEmailForm),
     ("anything_else", AnythingElseForm),
+    ("requirements", RequirementsForm),
 ]
 
 # Dict to match up the right template with the right step. Keys here must
@@ -163,6 +167,7 @@ TEMPLATES = {
     "other_contacts": "application_other_contacts.html",
     "security_email": "application_security_email.html",
     "anything_else": "application_anything_else.html",
+    "requirements": "application_requirements.html",
 }
 
 # We need to pass our page titles as context to the templates, indexed
@@ -178,6 +183,7 @@ TITLES = {
     "other_contacts": "Other contacts for your domain",
     "security_email": "Security email for public use",
     "anything_else": "Anything else we should know?",
+    "requirements": "Requirements for registration and operation of .gov domains",
 }
 
 
diff --git a/src/registrar/templates/application_requirements.html b/src/registrar/templates/application_requirements.html
new file mode 100644
index 000000000..f5f41a877
--- /dev/null
+++ b/src/registrar/templates/application_requirements.html
@@ -0,0 +1,72 @@
+<!-- Test page -->
+{% extends 'application_form.html' %}
+{% load widget_tweaks %}
+
+{% block form_content %}
+
+<p>The .gov domain exists to support a broad diversity of government missions and public initiatives. Generally, the .gov registry does not review or audit how government organizations use their domains.</p>
+
+<p>However, misuse of an individual .gov domain can reflect upon the integrity of the entire .gov space. There are categories of misuse that are statutorily prohibited or abusive in nature.</p>
+
+<h2>Prohibited activities for .gov domains</h2>
+
+<h3>Commercial purposes </h3>
+<p>A .gov domain must not be used for commercial purposes, such as advertising benefitting private individuals or entities.</p>
+
+<h3>Political campaigns</h3>
+<p>A .gov domain must not be used for political campaigns.</p>
+
+<h3>Illegal content</h3>
+<p>A .gov domain must not be used to distribute or promote material whose distribution violates applicable law.</p>
+
+<h3>Malicious cyber activity </h3>
+<p>.gov is a trusted and safe space. .gov domains must not distribute malware, host open redirects, or otherwise engage in malicious cyber activity.</p>
+
+
+<h2>Required activities for .gov domain registrants </h2>
+
+<h3>Keep your contact information update</h3>
+<p>As a .gov domain registrant, maintain current and accurate contact information in the .gov registrar. We strongly recommend that you create and use a security contact.</p>
+
+<h3>Be responsive if we contact you</h3>
+<p>Registrants should respond in a timely manner to communications about required and prohibited activities.</p>
+
+
+<h2>Domains can be suspended or terminated for violations</h2>
+<p>The .gov program may need to suspend or terminate a domain registration for violations. Registrants should respond in a timely manner to communications about prohibited activities.</p>
+<p>When we discover a violation, we will make reasonable efforts to contact a registrant, including:
+<ul class="usa-list"> 
+  <li>Emails to domain contacts </li>
+  <li>Phone calls to domain contacts</li>
+  <li>Email or phone call to the authorizing official</li>
+  <li>Email or phone call to the government organization, a parent organization, or affiliated entities</li>
+</ul>
+</p>
+
+<p>We understand the critical importance of the availability of .gov domains. Suspending or terminating a .gov domain is reserved only for prolonged, unresolved serious violations where the registrant is non-responsive. We will make extensive efforts to contact registrants and to identify potential solutions, and will make reasonable accommodations for remediation timelines proportional to the severity of the issue.</p>
+
+
+<h2>HSTS preloading</h2>
+<p>The .gov program will preload all newly registered .gov domains for HTTP Strict Transport Security (HSTS).</p> 
+<p>HSTS is a simple and widely-supported standard that protects visitors by ensuring that their browsers always connect to a website over HTTPS. HSTS removes the need to redirect users from http:// to https:// URLs. (This redirection is a security risk that HSTS eliminates.)</p>
+<p>HSTS preloading impacts web traffic only. Once a domain is on the HSTS preload list, modern web browsers will enforce HTTPS connections for all websites hosted on the .gov domain. Users will not be able to click through warnings to reach a site. Non-web uses of .gov (email, VPN, APIs, etc.) are not affected.</p>
+
+
+<h2>Acknowledgement of .gov domain requirements</h2>
+
+<form id="step__{{wizard.steps.current}}" class="usa-form usa-form--large" method="post">
+  <div class="usa-form-group">
+    {{ wizard.management_form }}
+    {% csrf_token %}
+
+    <div class="usa-checkbox"> 
+      {{ wizard.form.agree_check|add_class:"usa-checkbox__input"}}
+      {{ wizard.form.agree_check|add_label_class:"usa-checkbox__label" }}
+    </div>
+  </div>
+
+  {{ block.super }}
+
+</form>
+
+{% endblock %}