metadata_presenter 3.3.24 → 3.3.26

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c820cccd9aed599a87d7f383a7464504fb73470e11ea2aa47c107d8660474833
-  data.tar.gz: d73786672c233b5ca1371c65d24844eae9c9f63cbe7e144ed59d3dad71575a48
+  metadata.gz: c4128ca5849214bffa20458c1686435b7131ea590e5492eaf0d19e6fdf70c65d
+  data.tar.gz: ea857a69f931411cb61863f2bc132b98013f6d6ca78fa0a236ca920af760541b
 SHA512:
-  metadata.gz: 60cd34263a60622ede633dad425c2049b6df5d2dd1163674cc22eb82a68e6eaf07664bb435b93cb31af2c48aacfc3023a387fee84b170ca9b7d3a57d8bbee270
-  data.tar.gz: 4dd4eef3fe6c479c1e962bc41ca4f7db41a1e8959a19e9974319d30afa801b7e0e1352248d7184e131b44c4858cdd30a18cc02e443e0397345b14bb0c9296988
+  metadata.gz: 9f638b02ffbb4ff7d6d1d54d907c29aa66f9cc3060f2d3533b0aaf308f6441395b3b96cc90622483ec704ead43aec2110c52692344e2bff8eb2ac6a2bd8dc0be
+  data.tar.gz: c7176a4d6b65509aba6523e705fd4eb2dbbd34e1bfd551f3e1c2e0f59fea146fa216b621a5ca9afc807771364e5e84510c388fd6decd320131663ff35f7d07a7

data/app/controllers/metadata_presenter/auth_controller.rb

@@ -0,0 +1,48 @@
+module MetadataPresenter
+  class AuthController < EngineController
+    PRODUCTION_ENVS = %w[test-production live-production].freeze
+
+    skip_before_action :require_basic_auth
+    before_action :check_session_is_authorised
+
+    def show
+      @auth_form = AuthForm.new
+    end
+
+    def create
+      @auth_form = AuthForm.new(auth_params)
+
+      if @auth_form.valid?
+        authorised_session!
+        redirect_to root_path
+      else
+        render :show
+      end
+    end
+
+    private
+
+    def allow_analytics?
+      false
+    end
+
+    def show_cookie_request?
+      false
+    end
+
+    def check_session_is_authorised
+      redirect_to root_path if session_authorised?
+    end
+
+    def production_env?
+      PRODUCTION_ENVS.include?("#{ENV['PLATFORM_ENV']}-#{ENV['DEPLOYMENT_ENV']}")
+    end
+    helper_method :production_env?
+
+    def auth_params
+      params.require(:auth_form).permit(
+        :username, :password
+      )
+    end
+  end
+end

data/app/controllers/metadata_presenter/engine_controller.rb

@@ -6,7 +6,11 @@ module MetadataPresenter
     default_form_builder GOVUKDesignSystemFormBuilder::FormBuilder
 
     around_action :switch_locale
-    before_action :show_maintenance_page
+    before_action :show_maintenance_page, :require_basic_auth
+
+    def require_basic_auth
+      redirect_to auth_path unless session_authorised?
+    end
 
     def reload_user_data
       # :nocov:
@@ -124,6 +128,18 @@ module MetadataPresenter
       ENV['MAINTENANCE_MODE'].present? && ENV['MAINTENANCE_MODE'] == '1'
     end
 
+    def session_authorised?
+      return true if ENV['BASIC_AUTH_USER'].blank? || ENV['BASIC_AUTH_PASS'].blank?
+
+      !!cookies.signed[:_fb_authorised]
+    end
+
+    def authorised_session!
+      cookies.signed[:_fb_authorised] = {
+        value: 1, same_site: :strict, httponly: true
+      }
+    end
+
     def external_or_relative_link(link)
       uri = URI.parse(link)
       return link if uri.scheme.present? && uri.host.present?

data/app/controllers/metadata_presenter/resume_controller.rb

@@ -4,6 +4,8 @@ module MetadataPresenter
 
     helper_method :get_service_name, :get_uuid, :pages_presenters
 
+    skip_before_action :require_basic_auth
+
     def return
       response = get_saved_progress(get_uuid)
 
@@ -49,6 +51,9 @@ module MetadataPresenter
 
         invalidate_record(@saved_form.id)
 
+        # authorise user as to not ask them again for credentials, if set
+        authorised_session! unless session_authorised?
+
         if @saved_form.service_version == service.version_id
           redirect_to '/resume_progress' and return
         else

data/app/controllers/metadata_presenter/session_controller.rb

@@ -1,5 +1,7 @@
 module MetadataPresenter
   class SessionController < EngineController
+    skip_before_action :require_basic_auth
+
     def expired; end
 
     def complete; end

data/app/models/metadata_presenter/auth_form.rb

@@ -0,0 +1,33 @@
+module MetadataPresenter
+  class AuthForm
+    include ActiveModel::Model
+
+    attr_accessor :username, :password
+
+    validates :username, :password,
+              presence: true, allow_blank: false
+
+    validate :valid_credentials
+
+    private
+
+    def valid_credentials
+      errors.add(:base, :unauthorised) unless errors.any? || authorised?
+    end
+
+    def authorised?
+      # This comparison uses & so that it doesn't short circuit and
+      # uses `secure_compare` so that length information isn't leaked.
+      ActiveSupport::SecurityUtils.secure_compare(env_username, username) &
+        ActiveSupport::SecurityUtils.secure_compare(env_password, password)
+    end
+
+    def env_username
+      ENV['BASIC_AUTH_USER'].to_s
+    end
+
+    def env_password
+      ENV['BASIC_AUTH_PASS'].to_s
+    end
+  end
+end

data/app/validators/metadata_presenter/pattern_validator.rb

@@ -0,0 +1,8 @@
+module MetadataPresenter
+  class PatternValidator < BaseValidator
+    def invalid_answer?
+      regex = component.validation[schema_key]
+      !user_answer.to_s.match(regex)
+    end
+  end
+end

data/app/views/metadata_presenter/auth/show.html.erb

@@ -0,0 +1,37 @@
+<div class="fb-main-grid-wrapper">
+  <div class="govuk-grid-row">
+    <div class="govuk-grid-column-two-thirds">
+      <%= form_for @auth_form, url: { action: :create } do |f| %>
+        <%= f.govuk_error_summary(t('presenter.errors.summary_heading'), link_base_errors_to: :username) %>
+
+        <h1 id="page-heading" class="govuk-heading-xl">
+          <%= t('presenter.authorisation.heading') %>
+        </h1>
+
+        <p class="govuk-body">
+          <%= t('presenter.authorisation.lede') %>
+        </p>
+
+        <% unless production_env? %>
+          <div class="govuk-warning-text">
+            <span class="govuk-warning-text__icon" aria-hidden="true">!</span>
+            <strong class="govuk-warning-text__text">
+              <span class="govuk-visually-hidden"><%= t('presenter.notification_banners.warning') %></span>
+              <%= t('presenter.authorisation.warning') %>
+            </strong>
+          </div>
+        <% end %>
+
+        <%= f.govuk_text_field :username, width: 'one-third', autocorrect: 'off',
+                               label: { text: t('presenter.authorisation.labels.username') } %>
+
+        <%= f.govuk_password_field :password, width: 'one-third', autocorrect: 'off',
+                                   label: { text: t('presenter.authorisation.labels.password') } %>
+
+        <div class="govuk-button-group">
+          <%= f.govuk_submit t('presenter.actions.sign_in') %>
+        </div>
+      <% end %>
+    </div>
+  </div>
+</div>

data/config/locales/cy.yml

@@ -14,6 +14,7 @@ cy:
       start: Dechrau nawr
       continue: Parhau
       submit: Cyflwyno
+      sign_in: Sign in
       upload_options: Llwytho opsiynau
       change_html: Newid <span class="govuk-visually-hidden">eich ateb ar gyfer %{question}</span>
     errors:
@@ -38,6 +39,13 @@ cy:
     maintenance:
       maintenance_page_heading: Mae’n ddrwg gennym, nid yw’r ffurflen hon ar gael
       maintenance_page_content: "Os oeddech chi yng nghanol llenwi’r ffurflen, nid yw eich data wedi’i chadw.\r\n\r\nBydd y ffurflen ar gael eto o 9am ar ddydd Llun 19 Tachwedd.\r\n\r\n\r\n\r\n### Other ways to apply\r\n\r\nCysylltwch â ni os yw eich cais yn frys \r\n\r\nEmail:  \r\nTelephone:  \r\nDydd Llun i ddydd Gwener, 9am i 5pm  \r\n[Gwybodaeth am gost galwadau](https://www.gov.uk/costau-galwadau)"
+    authorisation:
+      heading: Sign in
+      lede: This form has its own username and password. Contact the form owner if you are unsure what these are.
+      warning: This is a Test version of the form and should not be shared without the form owner’s permission.
+      labels:
+        username: Username
+        password: Password
     session_timeout_warning:
       heading: Ydych chi eisiau mwy o amser?
       timer: Byddwn yn ailosod eich ffurflen ac yn dileu eich gwybodaeth os na fyddwch yn parhau mewn
@@ -169,6 +177,15 @@ cy:
     errors:
       messages:
         blank: 'Rhowch ateb i "%{attribute}"'
+      models:
+        metadata_presenter/auth_form:
+          attributes:
+            base:
+              unauthorised: The username and password do not match. Try again
+            username:
+              blank: Enter a username
+            password:
+              blank: Enter a password
     attributes:
       metadata_presenter/saved_form:
         secret_question: Cwestiwn cudd

data/config/locales/en.yml

@@ -5,6 +5,7 @@ en:
       start: Start now
       continue: Continue
       submit: Submit
+      sign_in: Sign in
       upload_options: Upload options
       change_html: Change <span class="govuk-visually-hidden">Your answer for %{question}</span>
     errors:
@@ -29,6 +30,13 @@ en:
     maintenance:
       maintenance_page_heading: 'Sorry, this form is unavailable'
       maintenance_page_content: "If you were in the middle of completing the form, your data has not been saved.\r\n\r\nThe form will be available again from 9am on Monday 19 November 2018.\r\n\r\n\r\n\r\n### Other ways to apply\r\n\r\nContact us if your application is urgent \r\n\r\nEmail:  \r\nTelephone:  \r\nMonday to Friday, 9am to 5pm  \r\n[Find out about call charges](https://www.gov.uk/call-charges)"
+    authorisation:
+      heading: Sign in
+      lede: This form has its own username and password. Contact the form owner if you are unsure what these are.
+      warning: This is a Test version of the form and should not be shared without the form owner’s permission.
+      labels:
+        username: Username
+        password: Password
     session_timeout_warning:
       heading: Do you need more time?
       timer: We will reset your form and delete your information if you do not continue in
@@ -205,6 +213,15 @@ en:
     errors:
       messages:
         blank: 'Enter an answer for "%{attribute}"'
+      models:
+        metadata_presenter/auth_form:
+          attributes:
+            base:
+              unauthorised: The username and password do not match. Try again
+            username:
+              blank: Enter a username
+            password:
+              blank: Enter a password
     attributes:
       metadata_presenter/saved_form:
         secret_question: Secret question

data/config/routes.rb

@@ -1,6 +1,9 @@
 MetadataPresenter::Engine.routes.draw do
   root to: 'service#start'
 
+  get  '/auth', to: 'auth#show'
+  post '/auth', to: 'auth#create'
+
   post '/reserved/submissions', to: 'submissions#create', as: :reserved_submissions
   get '/reserved/change-answer', to: 'change_answer#create', as: :change_answer
 

data/default_metadata/string/error.pattern.json

@@ -0,0 +1,7 @@
+{
+  "_id": "error.pattern",
+  "_type": "string.error",
+  "description": "Input (string) does not match with the regular expression",
+  "value:en": "Your answer for \"%{control}\" must match the required format",
+  "value:cy": "(cy) Your answer for \"%{control}\" must match the required format"
+}

data/default_metadata/validations/pattern.json

@@ -0,0 +1 @@
+{ "pattern": "*" }

data/fixtures/regex.json

@@ -0,0 +1,211 @@
+{
+  "_id": "service.base",
+  "flow": {
+    "121183c6-7ee8-4b5d-b74a-dacee8aa4cd5": {
+      "next": {
+        "default": "2fe3302d-8398-4294-b759-eeb35846f693"
+      },
+      "_type": "flow.page"
+    },
+    "2fe3302d-8398-4294-b759-eeb35846f693": {
+      "next": {
+        "default": "6fa2cad9-1425-4759-8a0a-4e75025ae06b"
+      },
+      "_type": "flow.page"
+    },
+    "31dd081d-805e-43f2-a155-f3b336d7fec7": {
+      "next": {
+        "default": "9a5f489d-fc9c-4130-b30d-968f47e1ee7d"
+      },
+      "_type": "flow.page"
+    },
+    "6fa2cad9-1425-4759-8a0a-4e75025ae06b": {
+      "next": {
+        "default": ""
+      },
+      "_type": "flow.page"
+    },
+    "9a5f489d-fc9c-4130-b30d-968f47e1ee7d": {
+      "next": {
+        "default": "121183c6-7ee8-4b5d-b74a-dacee8aa4cd5"
+      },
+      "_type": "flow.page"
+    }
+  },
+  "_type": "service.base",
+  "pages": [
+    {
+      "_id": "page.start",
+      "url": "/",
+      "body": "Use this service to apply for a service or contact us about a case.\r\n\r\n## Before you start\r\nYou will need:\r\n\r\n* your 8-digit reference number\r\n* a copy of your photo ID\r\n* something else\r\n\r\nThis form will take around 5 minutes to complete. We will reply within 10 working days.",
+      "_type": "page.start",
+      "_uuid": "31dd081d-805e-43f2-a155-f3b336d7fec7",
+      "heading": "Service name goes here",
+      "before_you_start": "## Other ways to get in touch\r\nYou can also apply or contact us about your case by:\r\n\r\n* telephone: 01234 567889\r\n* email: <example.service@justice.gov.uk>\r\n\r\nThis form is also [available in Welsh (Cymraeg)](https://example-service.form.service.justice.gov.uk/)."
+    },
+    {
+      "_id": "page.multipage",
+      "url": "multipage",
+      "_type": "page.multiplequestions",
+      "_uuid": "9a5f489d-fc9c-4130-b30d-968f47e1ee7d",
+      "heading": "multi",
+      "components": [
+        {
+          "_id": "multipage_text_1",
+          "hint": "[A-Z]",
+          "name": "multipage_text_1",
+          "_type": "text",
+          "_uuid": "2e667725-4e71-46cf-b360-67f5b991196d",
+          "label": "capitals",
+          "errors": {
+          },
+          "collection": "components",
+          "validation": {
+            "pattern": "[A-Z]",
+            "required": true
+          }
+        },
+        {
+          "_id": "multipage_text_2",
+          "hint": "\\d+",
+          "name": "multipage_text_2",
+          "_type": "text",
+          "_uuid": "2e5ce932-5d9e-4fff-8bf9-ffecada388ae",
+          "label": "digits",
+          "errors": {
+          },
+          "collection": "components",
+          "validation": {
+            "pattern": "\\d+",
+            "required": true
+          }
+        }
+      ],
+      "add_component": "text",
+      "section_heading": ""
+    },
+    {
+      "_id": "page.regex",
+      "url": "regex",
+      "body": "",
+      "lede": "",
+      "_type": "page.singlequestion",
+      "_uuid": "121183c6-7ee8-4b5d-b74a-dacee8aa4cd5",
+      "heading": "",
+      "components": [
+        {
+          "_id": "regex_text_1",
+          "hint": "\\D+",
+          "name": "regex_text_1",
+          "_type": "text",
+          "_uuid": "375b6aa9-6548-4d71-ab69-6ff6c68a9d2f",
+          "label": "No number (optional)",
+          "errors": {
+          },
+          "collection": "components",
+          "validation": {
+            "pattern": "\\D+",
+            "required": false
+          }
+        }
+      ],
+      "section_heading": ""
+    },
+    {
+      "_id": "page.checkanswers",
+      "url": "check-answers",
+      "_type": "page.checkanswers",
+      "_uuid": "2fe3302d-8398-4294-b759-eeb35846f693",
+      "heading": "Check your answers",
+      "send_body": "By submitting this application you confirm that, to the best of your knowledge, the details you are providing are correct.",
+      "components": [
+
+      ],
+      "send_heading": "Now send your application",
+      "extra_components": [
+
+      ]
+    },
+    {
+      "_id": "page.confirmation",
+      "url": "form-sent",
+      "_type": "page.confirmation",
+      "_uuid": "6fa2cad9-1425-4759-8a0a-4e75025ae06b",
+      "heading": "Application complete",
+      "components": [
+
+      ]
+    }
+  ],
+  "locale": "en",
+  "created_at": "2024-03-12T13:11:40Z",
+  "created_by": "60bc2c45-01ca-4520-9958-866e4d0063c2",
+  "service_id": "5e64a1b4-9d5b-44f0-8fe5-d669ac0ca336",
+  "version_id": "b43ec7be-f86a-4f71-be61-4d095f10e10e",
+  "service_name": "regex",
+  "configuration": {
+    "meta": {
+      "_id": "config.meta",
+      "_type": "config.meta",
+      "items": [
+        {
+          "_id": "config.meta--link",
+          "href": "/cookies",
+          "text": "Cookies",
+          "_type": "link"
+        },
+        {
+          "_id": "config.meta--link--2",
+          "href": "/privacy",
+          "text": "Privacy",
+          "_type": "link"
+        },
+        {
+          "_id": "config.meta--link--3",
+          "href": "/accessibility",
+          "text": "Accessibility",
+          "_type": "link"
+        }
+      ]
+    },
+    "service": {
+      "_id": "config.service",
+      "_type": "config.service"
+    }
+  },
+  "standalone_pages": [
+    {
+      "_id": "page.cookies",
+      "url": "cookies",
+      "body": "This form saves small files (known as 'cookies') onto your device.\r\n \r\nCookies are used to:\r\n \r\n* remember your progress\r\n* measure how you use the form so it can be updated and improved based on your needs\r\n \r\nThese cookies are not used to identify you personally.\r\n \r\nYou will normally see a message on the form before we store a cookie on your computer. Essential cookies are necessary for the form to work but you can still complete the form if you choose not to accept analytics cookies.\r\n \r\nFind out more about [how to manage cookies](https://www.aboutcookies.org/).\r\n \r\n## Essential cookies\r\n \r\nEssential cookies are required to make this form work and keep your information secure while you use it.\r\n \r\nWe use the following essential cookies: \r\n \r\n| Name | Purpose | Expires |\r\n|---|---|---|\r\n| \\_fb\\_runner\\_session | Saves your current progress on this computer and tracks inactivity periods | After 30 minutes of inactivity or when you close your browser |\r\n| analytics | Remembers whether you accept or reject analytics cookies on this form | After 1 year |\r\n \r\n## Analytics cookies\r\n \r\nAnalytics cookies collect information about how you use this form. This helps us make sure the form is meeting the needs of its users and to help us make improvements.\r\n \r\nWe use Google Analytics to learn about:\r\n \r\n* the pages you visit\r\n* how long you spend on each page\r\n* how you got to the form\r\n* what you click on while you are using the form\r\n \r\nWe do not collect or store your personal information (for example your name or address) so this information can't be used to identify who you are. We do not allow third parties to use or share our analytics data.\r\n \r\nThis form may use different versions of Google Analytics and could save some or all of the following cookies:\r\n \r\n| Name | Purpose | Expires |\r\n|---|---|---|\r\n| \\_ga | Helps us count how many people visit this form | 2 years |\r\n| \\_gid | Helps us count how many people visit this form | 1 day   |\r\n| \\_ga\\_\\<container-id> | Used to persist session state | 2 years |\r\n| \\_gac\\_gb\\_\\<container-id> | Contains campaign-related information | 90 days |\r\n| \\_gat | Used to throttle request rate | 1 minute |\r\n| \\_dc\\_gtm\\_\\<property-id>| Used to throttle request rate | 1 minute |\r\n| AMP\\_TOKEN | Contains a token that can be used to retrieve a Client ID from AMP Client ID service | 30 seconds to 1 year |\r\n| \\_gac\\_\\<property-id> | Contains campaign related information | 90 days |\r\n \r\nYou can use a browser addon to [opt out of Google Analytics cookies](https://tools.google.com/dlpage/gaoptout) on all websites.",
+      "_type": "page.standalone",
+      "_uuid": "29778a2d-e5c2-4d97-b131-5456e3396145",
+      "heading": "Cookies",
+      "components": [
+
+      ]
+    },
+    {
+      "_id": "page.privacy",
+      "url": "privacy",
+      "body": "[[Guidance notes on completing this notice](https://intranet.justice.gov.uk/documents/2018/03/privacy-notice-guidance.pdf) - delete before publishing]\r\n\r\n## [Name of your form or service]\r\n\r\nThe Ministry of Justice (MoJ) is committed to the protection and security of your personal information.\r\n\r\nIt is important that you read this notice so that you are aware of how and why we are using such information. This privacy notice describes how we collect and use personal information during and after your relationship with us, in accordance with data protection law. \r\n\r\n[Insert name – delete if not an EA or ALB] is an Executive Agency/Arm’s Length Body of the MoJ. MoJ is the data controller for the personal data used for the purposes of [Insert overarching purpose].\r\n\r\n### The type of personal data we process\r\n\r\nWe currently collect and use the following information:\r\n\r\n[list the type of personal data used e.g. name, address, contact details etc]\r\n\r\nWe also collect special categories of information, such as [delete this section if not applicable]:\r\n\r\n* race or ethnicity \r\n* political opinions\r\n* religious or philosophical beliefs\r\n* trade union membership\r\n* health, sex life or sexual orientation \r\n* genetics or biometrics\r\n* criminal convictions\r\n\r\n\r\n### How we get your personal data and why we have it\r\n\r\nMost of the personal information we process is provided to us directly by you for one of the following reasons: [List reasons e.g. providing an online service]\r\n\r\nWe also receive personal information indirectly, from the following sources in the following scenarios: [Include details of the source of the personal data unless the data is collected directly from the data subject]\r\n\r\nWe use the personal data we receive in order to: [list how you use the personal data] \r\n\r\nWe may share this information with: [enter organisations or individuals]\r\n\r\nUnder the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: [delete as appropriate]\r\n\r\n* Your consent. You may withdraw your consent at any time by contacting [enter contact details].\r\n* We have a contractual obligation.\r\n* We have a legal obligation.\r\n* We have a vital interest.\r\n* We need it to perform a public task.\r\n* We have a legitimate interest.\r\n\r\n[Explain the purpose and lawful basis for processing the personal data you collect. If lawful basis is a legal obligation or public task, explain what this is e.g. refer to legislation or policy.]  \r\n\r\nThe legal bases on which the MoJ processes special categories of information you have provided, is on the basis of: [delete this section if not applicable]\r\n\r\n* Your explicit consent. You may withdraw your consent at any time by contacting [insert contact details].\r\n* The processing being necessary for the MoJ in the field of employment, social security and social protection law.\r\n* The information being manifestly made public by you.\r\n* The processing being necessary for the establishment, exercise or defence of legal claims.\r\n* The substantial public interest in the MoJ [tailor as required and choose relevant [substantial public interest condition](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/special-category-data/what-are-the-substantial-public-interest-conditions/)]. \r\n* The processing is necessary for historical research purposes/statistical purposes.\r\n\r\n### International data transfers\r\n\r\n[Delete one of the following paragraphs as appropriate]\r\n\r\nPersonal data is transferred to [insert name of country] for the purpose of [insert purpose]. This international transfer complies with UK data protection law [delete as appropriate].\r\n\r\n\r\nThere are no international transfers.\r\n\r\n### How we store your personal data\r\n\r\n[set out how long the information is retained, or the criteria used to determine how long the information is retained]\r\n\r\nPersonal data is stored securely and in accordance with our data retention schedule [insert link to the schedule or details of retention periods]. At the end of this period your data is [insert with it is retained as a public record or whether it is disposed of].\r\n\r\n### Your rights\r\n\r\n[This section lists all data subject rights found in the UKGDPR and the Data Protection Act 2018. You should only include those relevant to your lawful basis for processing. [Find out more about which rights apply and when](https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/)]\r\n\r\n* Your right of access - You have the right to ask us for copies of your personal information. \r\n* Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. \r\n* Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. \r\n* Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. \r\n* Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances. \r\n* Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. \r\n\r\nDepending on the lawful basis on which your personal data is being processed, not all rights will apply.\r\n\r\nYou are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If you wish to exercise your data protection rights please contact one of these teams.\r\n\r\nIf you have ever been convicted of a criminal offence, contact:\r\n\r\n\r\nBranston Registry<br> \r\nBuilding 16, S & T Store<br> \r\nBurton Road<br>\r\nBranston<br>\r\nBurton-on-Trent<br> \r\nStaffordshire<br>\r\nDE14 3EG\r\nEmail: <data.access1@justice.gov.uk>\r\n\r\nOtherwise, contact:\r\n\r\n\r\nDisclosure Team<br>\r\nPost point 10.38<br>\r\n102 petty France<br>\r\nLondon<br>\r\nSW1H 9AJ\r\nEmail: <data.access@justice.gov.uk> \r\n\r\n### How to complain\r\n\r\nIf you have any concerns about our use of your personal data, you can contact the MoJ data protection officer:\r\n\r\nData Protection Officer<br>\r\nMinistry of Justice<br>\r\n3rd Floor, Post Point 3.20<br>\r\n10 South Colonnades<br>\r\nCanary Wharf<br>\r\nLondon<br>\r\nE14 4PU\r\n\r\nEmail: <dpo@justice.gov.uk> \r\n\r\n\r\nYou can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data:\r\n\r\n\r\nInformation Commissioner’s Office<br>\r\nWycliffe House<br>\r\nWater Lane<br>\r\nWilmslow<br>\r\nCheshire<br>\r\nSK9 5AF\r\n\r\nTelephone: 0303 123 1113<br>\r\n[ICO website](https://www.ico.org.uk)\r\n\r\nDate of last review: [Insert publication or update date]",
+      "_type": "page.standalone",
+      "_uuid": "2d6ce913-5c4c-4c43-b77a-2fcda5ef06df",
+      "heading": "Privacy notice",
+      "components": [
+
+      ]
+    },
+    {
+      "_id": "page.accessibility",
+      "url": "accessibility",
+      "body": "This accessibility statement applies to [describe your form here - for example, the general enquiries form for the CICA].\r\n\r\n## Using this form\r\n\r\nThis form was built using MoJ Forms, a tool developed by the Ministry of Justice (MoJ), and uses components from the [GOV.UK Design System](https://design-system.service.gov.uk).\r\n\r\n[insert your team or organisation here] is responsible for the content of this online form. The Ministry of Justice and MoJ Forms team are responsible for its technical aspects.\r\n\r\nWe want as many people as possible to be able to use this online form. For example, that means you should be able to:\r\n\r\n- change colours, contrast levels and fonts\r\n- zoom in up to 300% without the text spilling off the screen\r\n- navigate the form using just a keyboard\r\n- navigate the form using speech recognition software\r\n- listen to the form using a screen reader (including recent versions of JAWS, NVDA and VoiceOver)\r\n\r\nWe have also made the text as simple as possible to understand.\r\n\r\n[AbilityNet](https://mcmw.abilitynet.org.uk) has advice on making your device easier to use if you have a disability.\r\n\r\n## How accessible this form is\r\n\r\nWe have tested this form for accessibility using a range of browsers and technologies including screen readers. It meets the [Web Content Accessibility Guidelines version 2.2](https://www.w3.org/TR/WCAG22/) AA standard.\r\n\r\n## Feedback and contact information\r\n\r\nIf you have problems using this form or need additional support, contact:\r\n\r\n[insert your contact details for user requests here - add other channels, such as text phones or Relay UK, as required]\r\n\r\n- email: [<your@email.address>]\r\n- call: [your telephone number]\r\n- [Hours - e.g. Monday to Friday, 9am to 5pm]\r\n\r\nWe'll consider your request and get back to you in [add your SLA - e.g. a week or 5 working days].\r\n\r\n## Reporting accessibility problems with this form\r\n\r\nWe’re always looking to improve the accessibility of this form. If you find any problems or think we’re not meeting accessibility requirements, contact the MoJ Forms team at <contact-moj-forms@digital.justice.gov.uk>.\r\n\r\n## Enforcement procedure\r\n\r\nThe Equality and Human Rights Commission (EHRC) is responsible for enforcing the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 (the ‘accessibility regulations’). If you’re not happy with how we respond to your complaint, contact the [Equality Advisory and Support Service (EASS)](https://www.equalityadvisoryservice.com).\r\n\r\n## Technical information about this online form’s accessibility\r\n\r\nWe are committed to making this form accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.\r\n\r\n### Compliance status\r\n\r\nThis website is fully compliant with the [Web Content Accessibility Guidelines version 2.2](https://www.w3.org/TR/WCAG22/) AA standard.\r\n\r\n## What we’re doing to improve accessibility\r\n\r\nWe review the content and performance of this form regularly. In addition, the MoJ Forms team monitors the accessibility of the MoJ Forms platform on an ongoing basis and fixes any accessibility issues reported to them.\r\n\r\n## Preparation of this accessibility statement\r\n\r\nThis statement was prepared on [date when it was first published]. It was last reviewed on [date when it was last reviewed. Delete this sentence if you are publishing a form for the first time].\r\n\r\nIn order to test the compliance of all forms built using the MoJ Forms tool, the Ministry of Justice commissioned User Vision to carry out a WCAG 2.1 AA level audit of a sample form. This included extensive automated and manual testing on a range of browsers and assistive technologies. The audit was performed on 24 July 2023. The audit highlighted a number of non-compliance issues which were fixed in August 2023. In addition, User Vision performed a spot check of WCAG 2.2 criteria on 7 November 2023.",
+      "_type": "page.standalone",
+      "_uuid": "b2a02f6f-7287-4d0a-973a-50af76e437e0",
+      "heading": "Accessibility statement",
+      "components": [
+
+      ]
+    }
+  ]
+}

data/lib/metadata_presenter/version.rb

@@ -1,3 +1,3 @@
 module MetadataPresenter
-  VERSION = '3.3.24'.freeze
+  VERSION = '3.3.26'.freeze
 end

data/schemas/component/text.json

@@ -15,6 +15,9 @@
     },
     {
       "$ref": "definition.width_class.input"
+    },
+    {
+      "$ref": "validations#/definitions/string_bundle"
     }
   ]
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: metadata_presenter
 version: !ruby/object:Gem::Version
-  version: 3.3.24
+  version: 3.3.26
 platform: ruby
 authors:
 - MoJ Forms
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-03-11 00:00:00.000000000 Z
+date: 2024-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: govuk_design_system_formbuilder
@@ -330,6 +330,7 @@ files:
 - app/assets/config/metadata_presenter_manifest.js
 - app/assets/stylesheets/metadata_presenter/application.css
 - app/controllers/metadata_presenter/answers_controller.rb
+- app/controllers/metadata_presenter/auth_controller.rb
 - app/controllers/metadata_presenter/change_answer_controller.rb
 - app/controllers/metadata_presenter/concerns/save_and_return.rb
 - app/controllers/metadata_presenter/engine_controller.rb
@@ -345,6 +346,7 @@ files:
 - app/helpers/metadata_presenter/default_text.rb
 - app/jobs/metadata_presenter/application_job.rb
 - app/models/metadata_presenter/address_fieldset.rb
+- app/models/metadata_presenter/auth_form.rb
 - app/models/metadata_presenter/autocomplete_item.rb
 - app/models/metadata_presenter/branch_destinations.rb
 - app/models/metadata_presenter/column_number.rb
@@ -407,6 +409,7 @@ files:
 - app/validators/metadata_presenter/minimum_validator.rb
 - app/validators/metadata_presenter/multiupload_validator.rb
 - app/validators/metadata_presenter/number_validator.rb
+- app/validators/metadata_presenter/pattern_validator.rb
 - app/validators/metadata_presenter/postcode_validator.rb
 - app/validators/metadata_presenter/required_validator.rb
 - app/validators/metadata_presenter/validate_answers.rb
@@ -432,6 +435,7 @@ files:
 - app/views/metadata_presenter/attribute/_heading.html.erb
 - app/views/metadata_presenter/attribute/_lede.html.erb
 - app/views/metadata_presenter/attribute/_section_heading.html.erb
+- app/views/metadata_presenter/auth/show.html.erb
 - app/views/metadata_presenter/component/_address.html.erb
 - app/views/metadata_presenter/component/_autocomplete.html.erb
 - app/views/metadata_presenter/component/_checkboxes.html.erb
@@ -529,6 +533,7 @@ files:
 - default_metadata/string/error.minimum.json
 - default_metadata/string/error.multiupload.json
 - default_metadata/string/error.number.json
+- default_metadata/string/error.pattern.json
 - default_metadata/string/error.postcode.json
 - default_metadata/string/error.required.json
 - default_metadata/string/error.virus_scan.json
@@ -541,6 +546,7 @@ files:
 - default_metadata/validations/min_length.json
 - default_metadata/validations/min_word.json
 - default_metadata/validations/minimum.json
+- default_metadata/validations/pattern.json
 - default_text/content.json
 - fixtures/branching.json
 - fixtures/branching_10.json
@@ -573,6 +579,7 @@ files:
 - fixtures/multiple_cya_confirmation.json
 - fixtures/no_component_page.json
 - fixtures/non_finished_service.json
+- fixtures/regex.json
 - fixtures/service.json
 - fixtures/version.json
 - lib/metadata_presenter.rb