metadata_presenter 3.3.23 → 3.3.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/metadata_presenter/auth_controller.rb +48 -0
- data/app/controllers/metadata_presenter/engine_controller.rb +17 -1
- data/app/controllers/metadata_presenter/resume_controller.rb +5 -0
- data/app/controllers/metadata_presenter/session_controller.rb +2 -0
- data/app/models/metadata_presenter/auth_form.rb +33 -0
- data/app/models/metadata_presenter/page_answers.rb +10 -8
- data/app/views/metadata_presenter/auth/show.html.erb +37 -0
- data/app/views/metadata_presenter/page/multiplequestions.html.erb +1 -1
- data/app/views/metadata_presenter/save_and_return/email_confirmation.html.erb +1 -1
- data/app/views/metadata_presenter/save_and_return/show.html.erb +4 -3
- data/config/locales/cy.yml +17 -0
- data/config/locales/en.yml +17 -0
- data/config/routes.rb +3 -0
- data/lib/metadata_presenter/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 347d89c1a6cf428040954bdf744f2fd80ff50b8b85648f83a38b53efd21beb33
|
|
4
|
+
data.tar.gz: a864615ca521f51976b454f4a3c13b7f0ab06859405317ed3ff81bb04fee96df
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 045eab0af5c54c631ea1a5783270fa2ce154a467c9db61082022fd0800f4b6a376c70d676bfdbd874fc31d1d6b9b75dc932dcbe4f3ef48b39b4bf100848c3c4e
|
|
7
|
+
data.tar.gz: 1693be15f68a6c59d597379e4dbc51930a09dc527d25bf787322ea72645e3517723b2303b25d5054bf495e6c75ffbd78d9067ce35a9938eece7884d2c901c2c3
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
module MetadataPresenter
|
|
2
|
+
class AuthController < EngineController
|
|
3
|
+
PRODUCTION_ENVS = %w[test-production live-production].freeze
|
|
4
|
+
|
|
5
|
+
skip_before_action :require_basic_auth
|
|
6
|
+
before_action :check_session_is_authorised
|
|
7
|
+
|
|
8
|
+
def show
|
|
9
|
+
@auth_form = AuthForm.new
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def create
|
|
13
|
+
@auth_form = AuthForm.new(auth_params)
|
|
14
|
+
|
|
15
|
+
if @auth_form.valid?
|
|
16
|
+
authorised_session!
|
|
17
|
+
redirect_to root_path
|
|
18
|
+
else
|
|
19
|
+
render :show
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def allow_analytics?
|
|
26
|
+
false
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def show_cookie_request?
|
|
30
|
+
false
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def check_session_is_authorised
|
|
34
|
+
redirect_to root_path if session_authorised?
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def production_env?
|
|
38
|
+
PRODUCTION_ENVS.include?("#{ENV['PLATFORM_ENV']}-#{ENV['DEPLOYMENT_ENV']}")
|
|
39
|
+
end
|
|
40
|
+
helper_method :production_env?
|
|
41
|
+
|
|
42
|
+
def auth_params
|
|
43
|
+
params.require(:auth_form).permit(
|
|
44
|
+
:username, :password
|
|
45
|
+
)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -6,7 +6,11 @@ module MetadataPresenter
|
|
|
6
6
|
default_form_builder GOVUKDesignSystemFormBuilder::FormBuilder
|
|
7
7
|
|
|
8
8
|
around_action :switch_locale
|
|
9
|
-
before_action :show_maintenance_page
|
|
9
|
+
before_action :show_maintenance_page, :require_basic_auth
|
|
10
|
+
|
|
11
|
+
def require_basic_auth
|
|
12
|
+
redirect_to auth_path unless session_authorised?
|
|
13
|
+
end
|
|
10
14
|
|
|
11
15
|
def reload_user_data
|
|
12
16
|
# :nocov:
|
|
@@ -124,6 +128,18 @@ module MetadataPresenter
|
|
|
124
128
|
ENV['MAINTENANCE_MODE'].present? && ENV['MAINTENANCE_MODE'] == '1'
|
|
125
129
|
end
|
|
126
130
|
|
|
131
|
+
def session_authorised?
|
|
132
|
+
return true if ENV['BASIC_AUTH_USER'].blank? || ENV['BASIC_AUTH_PASS'].blank?
|
|
133
|
+
|
|
134
|
+
!!cookies.signed[:_fb_authorised]
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def authorised_session!
|
|
138
|
+
cookies.signed[:_fb_authorised] = {
|
|
139
|
+
value: 1, same_site: :strict, httponly: true
|
|
140
|
+
}
|
|
141
|
+
end
|
|
142
|
+
|
|
127
143
|
def external_or_relative_link(link)
|
|
128
144
|
uri = URI.parse(link)
|
|
129
145
|
return link if uri.scheme.present? && uri.host.present?
|
|
@@ -4,6 +4,8 @@ module MetadataPresenter
|
|
|
4
4
|
|
|
5
5
|
helper_method :get_service_name, :get_uuid, :pages_presenters
|
|
6
6
|
|
|
7
|
+
skip_before_action :require_basic_auth
|
|
8
|
+
|
|
7
9
|
def return
|
|
8
10
|
response = get_saved_progress(get_uuid)
|
|
9
11
|
|
|
@@ -49,6 +51,9 @@ module MetadataPresenter
|
|
|
49
51
|
|
|
50
52
|
invalidate_record(@saved_form.id)
|
|
51
53
|
|
|
54
|
+
# authorise user as to not ask them again for credentials, if set
|
|
55
|
+
authorised_session! unless session_authorised?
|
|
56
|
+
|
|
52
57
|
if @saved_form.service_version == service.version_id
|
|
53
58
|
redirect_to '/resume_progress' and return
|
|
54
59
|
else
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module MetadataPresenter
|
|
2
|
+
class AuthForm
|
|
3
|
+
include ActiveModel::Model
|
|
4
|
+
|
|
5
|
+
attr_accessor :username, :password
|
|
6
|
+
|
|
7
|
+
validates :username, :password,
|
|
8
|
+
presence: true, allow_blank: false
|
|
9
|
+
|
|
10
|
+
validate :valid_credentials
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def valid_credentials
|
|
15
|
+
errors.add(:base, :unauthorised) unless errors.any? || authorised?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def authorised?
|
|
19
|
+
# This comparison uses & so that it doesn't short circuit and
|
|
20
|
+
# uses `secure_compare` so that length information isn't leaked.
|
|
21
|
+
ActiveSupport::SecurityUtils.secure_compare(env_username, username) &
|
|
22
|
+
ActiveSupport::SecurityUtils.secure_compare(env_password, password)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def env_username
|
|
26
|
+
ENV['BASIC_AUTH_USER'].to_s
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def env_password
|
|
30
|
+
ENV['BASIC_AUTH_PASS'].to_s
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -146,7 +146,7 @@ module MetadataPresenter
|
|
|
146
146
|
end
|
|
147
147
|
|
|
148
148
|
def sanitize_filename(answer)
|
|
149
|
-
sanitize(filename(
|
|
149
|
+
sanitize(filename(normalise_file_extension(answer)))
|
|
150
150
|
end
|
|
151
151
|
|
|
152
152
|
def filename(path)
|
|
@@ -165,15 +165,17 @@ module MetadataPresenter
|
|
|
165
165
|
filename
|
|
166
166
|
end
|
|
167
167
|
|
|
168
|
-
def
|
|
169
|
-
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
def jfif_or_jpg_extension?(answer)
|
|
173
|
-
return false if answer.nil?
|
|
168
|
+
def normalise_file_extension(answer)
|
|
169
|
+
return if answer.nil?
|
|
174
170
|
|
|
175
171
|
file_extension = File.extname(answer)
|
|
176
|
-
|
|
172
|
+
file_basename = answer.delete_suffix(file_extension)
|
|
173
|
+
|
|
174
|
+
# Handle less common `image/jpeg` MIME type extensions
|
|
175
|
+
file_extension.downcase!
|
|
176
|
+
file_extension = '.jpeg' if %w[.jpg .jpe .jif .jfif].include?(file_extension)
|
|
177
|
+
|
|
178
|
+
[file_basename, file_extension].join
|
|
177
179
|
end
|
|
178
180
|
|
|
179
181
|
# NOTE: Address component is different to other components in the sense it can
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
<div class="fb-main-grid-wrapper">
|
|
2
|
+
<div class="govuk-grid-row">
|
|
3
|
+
<div class="govuk-grid-column-two-thirds">
|
|
4
|
+
<%= form_for @auth_form, url: { action: :create } do |f| %>
|
|
5
|
+
<%= f.govuk_error_summary(t('presenter.errors.summary_heading'), link_base_errors_to: :username) %>
|
|
6
|
+
|
|
7
|
+
<h1 id="page-heading" class="govuk-heading-xl">
|
|
8
|
+
<%= t('presenter.authorisation.heading') %>
|
|
9
|
+
</h1>
|
|
10
|
+
|
|
11
|
+
<p class="govuk-body">
|
|
12
|
+
<%= t('presenter.authorisation.lede') %>
|
|
13
|
+
</p>
|
|
14
|
+
|
|
15
|
+
<% unless production_env? %>
|
|
16
|
+
<div class="govuk-warning-text">
|
|
17
|
+
<span class="govuk-warning-text__icon" aria-hidden="true">!</span>
|
|
18
|
+
<strong class="govuk-warning-text__text">
|
|
19
|
+
<span class="govuk-visually-hidden"><%= t('presenter.notification_banners.warning') %></span>
|
|
20
|
+
<%= t('presenter.authorisation.warning') %>
|
|
21
|
+
</strong>
|
|
22
|
+
</div>
|
|
23
|
+
<% end %>
|
|
24
|
+
|
|
25
|
+
<%= f.govuk_text_field :username, width: 'one-third', autocorrect: 'off',
|
|
26
|
+
label: { text: t('presenter.authorisation.labels.username') } %>
|
|
27
|
+
|
|
28
|
+
<%= f.govuk_password_field :password, width: 'one-third', autocorrect: 'off',
|
|
29
|
+
label: { text: t('presenter.authorisation.labels.password') } %>
|
|
30
|
+
|
|
31
|
+
<div class="govuk-button-group">
|
|
32
|
+
<%= f.govuk_submit t('presenter.actions.sign_in') %>
|
|
33
|
+
</div>
|
|
34
|
+
<% end %>
|
|
35
|
+
</div>
|
|
36
|
+
</div>
|
|
37
|
+
</div>
|
|
@@ -8,11 +8,11 @@
|
|
|
8
8
|
<%= render partial:'metadata_presenter/component/conditional_component_banner'%>
|
|
9
9
|
|
|
10
10
|
<%= render 'metadata_presenter/attribute/section_heading' %>
|
|
11
|
-
<%= render 'metadata_presenter/attribute/heading' %>
|
|
12
11
|
|
|
13
12
|
<%= form_for @page_answers, as: :answers, url: @page.url, method: :post, authenticity_token: false do |f| %>
|
|
14
13
|
<%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
|
|
15
14
|
<%= f.govuk_error_summary(t('presenter.errors.summary_heading')) %>
|
|
15
|
+
<%= render 'metadata_presenter/attribute/heading' %>
|
|
16
16
|
|
|
17
17
|
<%= render partial: 'metadata_presenter/component/components', locals: {
|
|
18
18
|
f: f,
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
<div class="govuk-form-group">
|
|
8
8
|
<%=
|
|
9
9
|
f.govuk_email_field :email_confirmation,
|
|
10
|
-
label: { size: 'l', text: t('presenter.save_and_return.confirm_email.heading') },
|
|
10
|
+
label: { tag: 'h1', size: 'l', text: t('presenter.save_and_return.confirm_email.heading') },
|
|
11
11
|
name: "email_confirmation",
|
|
12
12
|
spellcheck: "false",
|
|
13
13
|
autocomplete: "email"
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
<div class="fb-main-grid-wrapper">
|
|
2
2
|
<div class="govuk-grid-row">
|
|
3
3
|
<div class="govuk-grid-column-two-thirds">
|
|
4
|
-
<h1 id="page-heading" class="govuk-heading-xl"><%= t('presenter.save_and_return.show.heading') %></h1>
|
|
5
|
-
<p class="mojf-settings-screen__description"><%= t('presenter.save_and_return.show.description') %></p>
|
|
6
|
-
|
|
7
4
|
<%= form_for @saved_form do |f| %>
|
|
8
5
|
<%= f.govuk_error_summary(t('presenter.errors.summary_heading')) %>
|
|
6
|
+
|
|
7
|
+
<h1 id="page-heading" class="govuk-heading-xl"><%= t('presenter.save_and_return.show.heading') %></h1>
|
|
8
|
+
<p class="mojf-settings-screen__description"><%= t('presenter.save_and_return.show.description') %></p>
|
|
9
|
+
|
|
9
10
|
<div class="govuk-form-group">
|
|
10
11
|
<%= f.hidden_field(:page_slug, value: page_slug) %>
|
|
11
12
|
<%=
|
data/config/locales/cy.yml
CHANGED
|
@@ -14,6 +14,7 @@ cy:
|
|
|
14
14
|
start: Dechrau nawr
|
|
15
15
|
continue: Parhau
|
|
16
16
|
submit: Cyflwyno
|
|
17
|
+
sign_in: Sign in
|
|
17
18
|
upload_options: Llwytho opsiynau
|
|
18
19
|
change_html: Newid <span class="govuk-visually-hidden">eich ateb ar gyfer %{question}</span>
|
|
19
20
|
errors:
|
|
@@ -38,6 +39,13 @@ cy:
|
|
|
38
39
|
maintenance:
|
|
39
40
|
maintenance_page_heading: Mae’n ddrwg gennym, nid yw’r ffurflen hon ar gael
|
|
40
41
|
maintenance_page_content: "Os oeddech chi yng nghanol llenwi’r ffurflen, nid yw eich data wedi’i chadw.\r\n\r\nBydd y ffurflen ar gael eto o 9am ar ddydd Llun 19 Tachwedd.\r\n\r\n\r\n\r\n### Other ways to apply\r\n\r\nCysylltwch â ni os yw eich cais yn frys \r\n\r\nEmail: \r\nTelephone: \r\nDydd Llun i ddydd Gwener, 9am i 5pm \r\n[Gwybodaeth am gost galwadau](https://www.gov.uk/costau-galwadau)"
|
|
42
|
+
authorisation:
|
|
43
|
+
heading: Sign in
|
|
44
|
+
lede: This form has its own username and password. Contact the form owner if you are unsure what these are.
|
|
45
|
+
warning: This is a Test version of the form and should not be shared without the form owner’s permission.
|
|
46
|
+
labels:
|
|
47
|
+
username: Username
|
|
48
|
+
password: Password
|
|
41
49
|
session_timeout_warning:
|
|
42
50
|
heading: Ydych chi eisiau mwy o amser?
|
|
43
51
|
timer: Byddwn yn ailosod eich ffurflen ac yn dileu eich gwybodaeth os na fyddwch yn parhau mewn
|
|
@@ -169,6 +177,15 @@ cy:
|
|
|
169
177
|
errors:
|
|
170
178
|
messages:
|
|
171
179
|
blank: 'Rhowch ateb i "%{attribute}"'
|
|
180
|
+
models:
|
|
181
|
+
metadata_presenter/auth_form:
|
|
182
|
+
attributes:
|
|
183
|
+
base:
|
|
184
|
+
unauthorised: The username and password do not match. Try again
|
|
185
|
+
username:
|
|
186
|
+
blank: Enter a username
|
|
187
|
+
password:
|
|
188
|
+
blank: Enter a password
|
|
172
189
|
attributes:
|
|
173
190
|
metadata_presenter/saved_form:
|
|
174
191
|
secret_question: Cwestiwn cudd
|
data/config/locales/en.yml
CHANGED
|
@@ -5,6 +5,7 @@ en:
|
|
|
5
5
|
start: Start now
|
|
6
6
|
continue: Continue
|
|
7
7
|
submit: Submit
|
|
8
|
+
sign_in: Sign in
|
|
8
9
|
upload_options: Upload options
|
|
9
10
|
change_html: Change <span class="govuk-visually-hidden">Your answer for %{question}</span>
|
|
10
11
|
errors:
|
|
@@ -29,6 +30,13 @@ en:
|
|
|
29
30
|
maintenance:
|
|
30
31
|
maintenance_page_heading: 'Sorry, this form is unavailable'
|
|
31
32
|
maintenance_page_content: "If you were in the middle of completing the form, your data has not been saved.\r\n\r\nThe form will be available again from 9am on Monday 19 November 2018.\r\n\r\n\r\n\r\n### Other ways to apply\r\n\r\nContact us if your application is urgent \r\n\r\nEmail: \r\nTelephone: \r\nMonday to Friday, 9am to 5pm \r\n[Find out about call charges](https://www.gov.uk/call-charges)"
|
|
33
|
+
authorisation:
|
|
34
|
+
heading: Sign in
|
|
35
|
+
lede: This form has its own username and password. Contact the form owner if you are unsure what these are.
|
|
36
|
+
warning: This is a Test version of the form and should not be shared without the form owner’s permission.
|
|
37
|
+
labels:
|
|
38
|
+
username: Username
|
|
39
|
+
password: Password
|
|
32
40
|
session_timeout_warning:
|
|
33
41
|
heading: Do you need more time?
|
|
34
42
|
timer: We will reset your form and delete your information if you do not continue in
|
|
@@ -205,6 +213,15 @@ en:
|
|
|
205
213
|
errors:
|
|
206
214
|
messages:
|
|
207
215
|
blank: 'Enter an answer for "%{attribute}"'
|
|
216
|
+
models:
|
|
217
|
+
metadata_presenter/auth_form:
|
|
218
|
+
attributes:
|
|
219
|
+
base:
|
|
220
|
+
unauthorised: The username and password do not match. Try again
|
|
221
|
+
username:
|
|
222
|
+
blank: Enter a username
|
|
223
|
+
password:
|
|
224
|
+
blank: Enter a password
|
|
208
225
|
attributes:
|
|
209
226
|
metadata_presenter/saved_form:
|
|
210
227
|
secret_question: Secret question
|
data/config/routes.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
MetadataPresenter::Engine.routes.draw do
|
|
2
2
|
root to: 'service#start'
|
|
3
3
|
|
|
4
|
+
get '/auth', to: 'auth#show'
|
|
5
|
+
post '/auth', to: 'auth#create'
|
|
6
|
+
|
|
4
7
|
post '/reserved/submissions', to: 'submissions#create', as: :reserved_submissions
|
|
5
8
|
get '/reserved/change-answer', to: 'change_answer#create', as: :change_answer
|
|
6
9
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: metadata_presenter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.3.
|
|
4
|
+
version: 3.3.25
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- MoJ Forms
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: govuk_design_system_formbuilder
|
|
@@ -330,6 +330,7 @@ files:
|
|
|
330
330
|
- app/assets/config/metadata_presenter_manifest.js
|
|
331
331
|
- app/assets/stylesheets/metadata_presenter/application.css
|
|
332
332
|
- app/controllers/metadata_presenter/answers_controller.rb
|
|
333
|
+
- app/controllers/metadata_presenter/auth_controller.rb
|
|
333
334
|
- app/controllers/metadata_presenter/change_answer_controller.rb
|
|
334
335
|
- app/controllers/metadata_presenter/concerns/save_and_return.rb
|
|
335
336
|
- app/controllers/metadata_presenter/engine_controller.rb
|
|
@@ -345,6 +346,7 @@ files:
|
|
|
345
346
|
- app/helpers/metadata_presenter/default_text.rb
|
|
346
347
|
- app/jobs/metadata_presenter/application_job.rb
|
|
347
348
|
- app/models/metadata_presenter/address_fieldset.rb
|
|
349
|
+
- app/models/metadata_presenter/auth_form.rb
|
|
348
350
|
- app/models/metadata_presenter/autocomplete_item.rb
|
|
349
351
|
- app/models/metadata_presenter/branch_destinations.rb
|
|
350
352
|
- app/models/metadata_presenter/column_number.rb
|
|
@@ -432,6 +434,7 @@ files:
|
|
|
432
434
|
- app/views/metadata_presenter/attribute/_heading.html.erb
|
|
433
435
|
- app/views/metadata_presenter/attribute/_lede.html.erb
|
|
434
436
|
- app/views/metadata_presenter/attribute/_section_heading.html.erb
|
|
437
|
+
- app/views/metadata_presenter/auth/show.html.erb
|
|
435
438
|
- app/views/metadata_presenter/component/_address.html.erb
|
|
436
439
|
- app/views/metadata_presenter/component/_autocomplete.html.erb
|
|
437
440
|
- app/views/metadata_presenter/component/_checkboxes.html.erb
|