hof 22.1.0-timeout-warning-sign-in-beta.2 → 22.1.1

package/.github/workflows/automate-publish.yml

@@ -8,15 +8,15 @@ on:
       - completed
 jobs:
   auto-publish:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: startsWith(github.ref, 'refs/heads/master')
     steps:
-      - uses: actions/checkout@v2.2.0
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v4
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       - name: 'Get Previous tag'
         id: previoustag

package/.github/workflows/automate-tag.yml

@@ -4,14 +4,14 @@ name: Automate_Tag
 on: [push]
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
-        node-version: [14.x]
+        node-version: [20.x]
         redis-version: [4, 5, 6]
     steps:
-      - uses: actions/checkout@v2.2.0
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
       - name: Start Redis
@@ -25,16 +25,16 @@ jobs:
 
   auto-tag-patch:
     needs: test
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: |
       startsWith(github.ref, 'refs/heads/master') &&
       !contains(github.event.head_commit.message, '[MAJOR]') &&
       !contains(github.event.head_commit.message, '[MINOR]')
     steps:
-      - uses: actions/checkout@v2.2.0
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       - run: |
           git config --local user.email "$(git log --format='%ae' HEAD^!)"
@@ -43,16 +43,16 @@ jobs:
 
   auto-tag-minor:
     needs: test
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: |
       startsWith(github.ref, 'refs/heads/master') &&
       !contains(github.event.head_commit.message, '[MAJOR]') &&
       contains(github.event.head_commit.message, '[MINOR]')
     steps:
-      - uses: actions/checkout@v2.2.0
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       - run: |
           git config --local user.email "$(git log --format='%ae' HEAD^!)"
@@ -61,16 +61,16 @@ jobs:
 
   auto-tag-major:
     needs: test
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     if: |
       startsWith(github.ref, 'refs/heads/master') &&
       contains(github.event.head_commit.message, '[MAJOR]') &&
       !contains(github.event.head_commit.message, '[MINOR]')
     steps:
-      - uses: actions/checkout@v2.2.0
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 14
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       - run: |
           git config --local user.email "$(git log --format='%ae' HEAD^!)"

package/CHANGELOG.md

@@ -1,18 +1,18 @@
-## 2024, Version 22.1.0, @Rhodine-orleans-lindsay
-* Adds session timeout warning content for save and exit forms
- - user can stay signed in page or save and exit form
- - adds save-and-exit html
- - allows for customisation of save-and-exit page content
-* Fixes accessibility issues
-* Sandbox area for testing hof changes
-* Updates patch and minor dependency versions
+## 2025-01-24, Version 22.1.0 (Stable), @sulthan-ahmed
+* ⛓️‍💥 **BREAKING CHANGE** : removed `nodemailer-smtp-transport` replaced with `nodemailer`. 
+  - The nodemailer-smtp-transport package has been removed due to a critical vulnerability, and its functionality has been consolidated under nodemailer.
+  - 👊 Impact : Any functions or configurations relying on nodemailer-smtp-transport must be updated to use nodemailer.
+  - 🎬 Action: Rewrite code to utilize nodemailer as the replacement, ensuring compatibility and security.
 
-## 2024, Version 22.0.0, @Rhodine-orleans-lindsay
+## 2025-01-17, Version 22.0.0 (Stable), @Rhodine-orleans-lindsay
 * Adds session timeout warning
- - user can stay on page or exit form
- - adds exit html
- - updates confirmation html to a static page
- - allows for customisation of session timeout warning dialog content and exit page content
+  - user can stay on page or exit form
+  - adds exit html
+  - user can stay signed in or save and exit the form if the form is a save and exit form
+  - adds default save-and-exit html
+  - updates confirmation html to a static page
+  - allows for customisation of session timeout warning dialog content, exit and save-and-exit page content, and exit and save-and-exit steps
+  - Potential **_breaking change_**: Static pages should use the `{{<layout}}...{{/layout}}` tags instead of the `{{<partials-page}}...{{/partials-page}}` tags if the timeout warning should not be displayed.
 * Fixes accessibility issues
 * Sandbox area for testing hof changes
 * Updates patch and minor dependency versions
@@ -20,23 +20,23 @@
 ## 2024-07-22, Version 21.0.0 (Stable), @Rhodine-orleans-lindsay
 * Replaces deprecated request module with axios
   - refactors the hof model and apis to use axios instead of request
-*  Updates patch and minor dependency versions
+* Updates patch and minor dependency versions
 
 ## 2024-04-24, Version 20.5.0 (Stable), @mislam987
 * Add hint property to checkboxes to align with govuk design guidelines
 
 ## 2024-02-29, Version 20.4.0 (Stable), @sulthan-ahmed
 * Update version of govuk-frontend to 3.15
-- this adds the new crown for the King
-- this supports a lot of changes from the govuk design system
+  - this adds the new crown for the King
+  - this supports a lot of changes from the govuk design system
 * Adds support for Google tag manager
 * Fixes accessibility issues
 * Sandbox area for testing hof changes
 * Updates patch and minor versions including
-- libphonenumber to 1.9.44
-- nodemailer to 6.9.9
-- ip to 1.1.9
-- es5-ext to 0.10.63
+  - libphonenumber to 1.9.44
+  - nodemailer to 6.9.9
+  - ip to 1.1.9
+  - es5-ext to 0.10.63
 
 ## 2020-06-02, Version 16.0.0 (Stable), @andymoody
 * Update version of helmet to 3.22.0

package/README.md

@@ -1205,7 +1205,7 @@ The following transport options are available:
 
 #### `smtp`
 
-[nodemailer-smtp-transport](https://github.com/andris9/nodemailer-smtp-transport)
+[nodemailer](https://github.com/nodemailer/nodemailer)
 
 ##### Options
 
@@ -1261,7 +1261,7 @@ This feature allows you to customise the content related to the session timeout
 
 ### Usage
 
-To enable and customize the session timeout behavior, you need to set the component in your project's `hof.settings.json` file:
+To enable and customise the session timeout behavior, you need to set the component in your project's `hof.settings.json` file:
 ```js
  "behaviours": [
     "hof/components/session-timeout-warning"
@@ -1274,12 +1274,13 @@ By default, the framework uses the standard content provided by HOF. If you wish
  behaviours: [
     require('../').components.sessionTimeoutWarning
   ],
-  sessionTimeoutWarningContent: true,
-  exitFormContent: true
+  sessionTimeoutWarningContent: true, // allows you to customise the content in the session timeout dialog box
+  exitFormContent: true // allows you to customise the content on the exit page
+  saveExitFormContent: true // allows you to customise the content on the save-and-exit page
 ```
 
 ### Customising content in `pages.json`
-Once the variables are set, you can customize the session timeout warning and exit messages in your project's pages.json: 
+Once the variables are set, you can customise the session timeout warning and exit messages in your project's pages.json:
 
 ```json
 "exit": {
@@ -1291,10 +1292,13 @@ Once the variables are set, you can customize the session timeout warning and ex
    "timeout-continue-button": "Stay on this page",
    "dialog-exit-link": "Exit this form"
 }
+"save-and-exit": {
+  "message": "Any answers you saved have not been affected. You can sign back in to your application at any time by returning to the start page."
+},
 ```
 
-### Editing content on the Exit Page Header and Title
-To edit the exit page's header and title, create an `exit.json` file in your project and set the desired content:
+### Editing content on the Exit and Save-and-exit Page Header and Title
+To edit the exit or save-and-exit pages' header and title, create an `exit.json` or `save-and-exit.json` file in your project and set the desired content:
 ```json
 {
   "header": "You have left this form",
@@ -1302,6 +1306,39 @@ To edit the exit page's header and title, create an `exit.json` file in your pro
 }
 ```
 
+### Customising exit and save-and-exit steps
+You can customise the `exit` and `save-and-exit` steps by setting the `exitStep` or `saveAndExitStep` properties in the `apps/<app_name>/index.js` to the desired path name:
+
+```js
+// customising exit step name
+module.exports = {
+  name: 'sandbox',
+  exitStep: '/leave',
+  steps: {
+    ...
+    '/leave': {
+      template: 'exit'
+    }
+  }
+  ...
+}
+```
+
+```js
+// customising save-and-exit step name
+module.exports = {
+  name: 'sandbox',
+  saveAndExitStep: '/sign-out',
+  steps: {
+    ...
+    '/sign-out': {
+      template: 'save-and-exit'
+    }
+  }
+  ...
+}
+```
+
 # UTILITIES
 
 # Autofill Utility

package/components/emailer/transports/smtp.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const smtp = require('nodemailer-smtp-transport');
+const smtp = require('nodemailer');
 
 module.exports = options => {
   if (!options.host) {

package/components/session-timeout-warning/index.js

@@ -51,6 +51,17 @@ module.exports = superclass => class extends superclass {
       superLocals.message = req.translate('exit.message');
       return superLocals;
     }
+
+    // set the content on /save-and-exit page
+    if (req.form.options.route === '/save-and-exit' && config.saveExitFormContent === true) {
+      superLocals.saveExitFormContent = true;
+      return superLocals;
+    } else if (req.form.options.route === '/save-and-exit' && config.saveExitFormContent === false) {
+      superLocals.header = req.translate('save-and-exit.header');
+      superLocals.title = req.translate('save-and-exit.title');
+      superLocals.message = req.translate('save-and-exit.message');
+      return superLocals;
+    }
     return superLocals;
   }
 };

package/config/hof-defaults.js

@@ -16,6 +16,7 @@ const defaults = {
   getAccessibility: false,
   sessionTimeoutWarningContent: false,
   exitFormContent: false,
+  saveExitFormContent: false,
   viewEngine: 'html',
   protocol: process.env.PROTOCOL || 'http',
   noCache: process.env.NO_CACHE || false,
@@ -32,6 +33,7 @@ const defaults = {
       return convertPage(page);
     }
   },
+  deIndexForm: process.env.DEINDEX_FORM || 'false',
   gaCrossDomainTrackingTagId: process.env.GDS_CROSS_DOMAIN_GA_TAG,
   loglevel: process.env.LOG_LEVEL || 'info',
   ignoreMiddlewareLogs: ['/healthz'],

package/controller/controller.js

@@ -109,10 +109,14 @@ module.exports = class Controller extends BaseController {
     // only include fields that aren't dependents to mitigate duplicate fields on the page
     fields = fields.filter(field => !req.form.options.fields[field.key].dependent);
 
+    const exitStep = req.form.options.exitStep || '/exit';
+    const saveAndExitStep = req.form.options.saveAndExitStep || '/save-and-exit';
     return _.extend({}, locals, {
       fields,
       route,
       baseUrl: req.baseUrl,
+      exitStep,
+      saveAndExitStep,
       skipToMain: this.getFirstFormItem(req.form.options.fields),
       title: this.getTitle(route, lookup, req.form.options.fields, res.locals),
       journeyHeaderURL: this.getJourneyHeaderURL(req.baseUrl),

package/frontend/template-partials/translations/src/en/save-and-exit.json

@@ -0,0 +1,4 @@
+{
+  "header": "You have been signed out",
+  "message": "Any answers you saved have not been affected. You can sign back in to your application by returning to the <a href='/' class='govuk-link'>start page</a>."
+}

package/frontend/template-partials/views/partials/head.html

@@ -21,8 +21,11 @@
 {{/cookiesAccepted}}
 {{/gtmTagId}}
 
+{{#deIndex}}
+  <meta name="robots" content="noindex">
+{{/deIndex}}
 <meta name="format-detection" content="telephone=no">
 <noscript>
-  <meta http-equiv="refresh" content="{{sessionTimeOut}};url='/session-timeout'"/>
+  <meta http-equiv="refresh" content="{{sessionTimeOut}};url='{{baseUrl}}/session-timeout'"/>
 </noscript>
 <link rel="stylesheet" href="{{assetPath}}/css/app.css">

package/frontend/template-partials/views/partials/session-timeout-warning.html

@@ -8,7 +8,7 @@
 data-url-redirect="/session-timeout" class="modal-dialog dialog" role="dialog"
   aria-live="polite" aria-labelledby="dialog-title" aria-describedby="at-timer">
   <div class="modal-dialog__inner">
-    {{^showSaveAndExit}}
+  {{^showSaveAndExit}}
     <h2 id="dialog-title" class="govuk-heading-l">
       {{#dialogTitle}}{{#t}}pages.session-timeout-warning.dialog-title{{/t}}{{/dialogTitle}}{{^dialogTitle}}Your page will time out soon{{/dialogTitle}}
     </h2>
@@ -19,9 +19,9 @@ data-url-redirect="/session-timeout" class="modal-dialog dialog" role="dialog"
       <p class="dialog-text visually-hidden">{{#dialogText}}{{#t}}pages.session-timeout-warning.dialog-text{{/t}}{{/dialogText}}{{^dialogText}}If that happens, your progress will not be saved.{{/dialogText}}</p>
     </div>
       <button class="govuk-button dialog-button js-dialog-close" id="timeout-continue-button" data-module="govuk-button">{{#timeoutContinueButton}}{{#t}}pages.session-timeout-warning.timeout-continue-button{{/t}}{{/timeoutContinueButton}}{{^timeoutContinueButton}}Stay on this page{{/timeoutContinueButton}}</button>
-      <a href="/exit" class="govuk-link dialog-exit-link" role="button">{{#dialogExitLink}}{{#t}}pages.session-timeout-warning.dialog-exit-link{{/t}}{{/dialogExitLink}}{{^dialogExitLink}}Exit this form{{/dialogExitLink}}</a>
-    {{/showSaveAndExit}}
-    {{#showSaveAndExit}}
+      <a href="{{baseUrl}}{{exitStep}}" class="govuk-link dialog-exit-link" role="button">{{#dialogExitLink}}{{#t}}pages.session-timeout-warning.dialog-exit-link{{/t}}{{/dialogExitLink}}{{^dialogExitLink}}Exit this form{{/dialogExitLink}}</a>
+  {{/showSaveAndExit}}
+  {{#showSaveAndExit}}
     <h2 id="dialog-title" class="govuk-heading-l">
       {{#dialogTitle}}{{#t}}pages.session-timeout-warning.dialog-title{{/t}}{{/dialogTitle}}{{^dialogTitle}}You will be signed out soon{{/dialogTitle}}
     </h2>
@@ -29,9 +29,10 @@ data-url-redirect="/session-timeout" class="modal-dialog dialog" role="dialog"
       <div id="timer" class="timer" aria-hidden="true" aria-relevant="additions"></div>
       <div id="at-timer" class="at-timer govuk-visually-hidden" role="status"></div>
       <p class="dialog-text-prefix visually-hidden">To protect your information, you will be signed out in </p>
+      <p class="dialog-text visually-hidden">{{#dialogText}}{{#t}}pages.session-timeout-warning.dialog-text{{/t}}{{/dialogText}}{{^dialogText}}Any answers you have saved will not be affected, but your progress on this page will not be saved.{{/dialogText}}</p>
     </div>
       <button class="govuk-button dialog-button js-dialog-close" id="timeout-continue-button" data-module="govuk-button">{{#timeoutContinueButton}}{{#t}}pages.session-timeout-warning.timeout-continue-button{{/t}}{{/timeoutContinueButton}}{{^timeoutContinueButton}}Stay signed in{{/timeoutContinueButton}}</button>
-      <a href="{{baseUrl}}/save-and-exit" class="govuk-link dialog-exit-link" role="button">{{#dialogExitLink}}{{#t}}pages.session-timeout-warning.dialog-exit-link{{/t}}{{/dialogExitLink}}{{^dialogExitLink}}Sign out{{/dialogExitLink}}</a>
-    {{/showSaveAndExit}}
+      <a href="{{baseUrl}}{{saveAndExitStep}}" class="govuk-link dialog-exit-link" role="button">{{#dialogExitLink}}{{#t}}pages.session-timeout-warning.dialog-exit-link{{/t}}{{/dialogExitLink}}{{^dialogExitLink}}Sign out{{/dialogExitLink}}</a>
+  {{/showSaveAndExit}}
   </div>
 </dialog>

package/frontend/template-partials/views/save-and-exit.html

@@ -12,8 +12,6 @@
   {{/header}}
 
   {{$content}}
-    <p>{{#t}}pages.save-and-exit.paragraph-1{{/t}}</p>
-    <p>{{#t}}pages.save-and-exit.paragraph-2{{/t}}</p>
-    <p>{{#t}}pages.save-and-exit.paragraph-3{{/t}} <a href="/" class="govuk-link">start page.</a></p>
+   <p>{{#saveExitFormContent}}{{#t}}pages.save-and-exit.message{{/t}}{{/saveExitFormContent}}{{^saveExitFormContent}}{{{message}}}{{/saveExitFormContent}}</p>
   {{/content}}
 {{/layout}}

package/index.js

@@ -14,6 +14,7 @@ const router = require('./lib/router');
 const health = require('./lib/health');
 const serveStatic = require('./lib/serve-static');
 const gaTagSetup = require('./lib/ga-tag');
+const deIndexer = require('./lib/deindex');
 const sessionStore = require('./lib/sessions');
 const settings = require('./lib/settings');
 const defaults = require('./config/hof-defaults');
@@ -153,6 +154,7 @@ function bootstrap(options) {
     res.locals.sessionTimeOutWarning = config.sessionTimeOutWarning;
     res.locals.sessionTimeoutWarningContent = config.sessionTimeoutWarningContent;
     res.locals.exitFormContent = config.exitFormContent;
+    res.locals.saveExitFormContent = config.saveExitFormContent;
     next();
   });
 
@@ -204,6 +206,7 @@ function bootstrap(options) {
   serveStatic(app, config);
   settings(app, config);
   gaTagSetup(app, config);
+  deIndexer(app, config);
 
   const sessions = sessionStore(app, config);
   app.use('/healthz', health(sessions));

package/lib/deindex.js

@@ -0,0 +1,18 @@
+'use strict';
+
+module.exports = (app, config) => {
+  // Ensure the value of deIndex is evaluated as a boolean regardless of if single quotes are used
+  // to have the expected conditional behaviour in the Mustache template
+  const deIndex = (config.deIndexForm === 'true' || config.deIndexForm === true);
+
+  app.use((req, res, next) => {
+    // Preparing common res.locals properties
+    const properties = {
+      deIndex: deIndex
+    };
+    res.locals = Object.assign(res.locals, properties);
+    next();
+  });
+
+  return app;
+};

package/lib/router.js

@@ -30,6 +30,8 @@ function getWizardConfig(config) {
   // whitelist properties from the route's config that should be passed into the form wizard
   const props = [
     'confirmStep',
+    'exitStep',
+    'saveAndExitStep',
     'params'
   ];
   Object.assign(wizardConfig, _.pick(config.route, props));

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "hof",
   "description": "A bootstrap for HOF projects",
-  "version": "22.1.0-timeout-warning-sign-in-beta.2",
+  "version": "22.1.1",
   "license": "MIT",
   "main": "index.js",
   "author": "HomeOffice",
@@ -79,7 +79,6 @@
     "mustache": "^4.2.0",
     "nodemailer": "^6.6.3",
     "nodemailer-ses-transport": "^1.5.1",
-    "nodemailer-smtp-transport": "^2.7.4",
     "nodemailer-stub-transport": "^1.1.0",
     "notifications-node-client": "^8.2.0",
     "redis": "^3.1.2",

package/{pull-request-template.md → pull_request_template.md}

@@ -12,5 +12,5 @@
 - [ ] I have created a JIRA number for my commit
 - [ ] I have followed the chris beams method for my commit https://cbea.ms/git-commit/
 here is an [example commit](https://github.com/UKHomeOfficeForms/hof/commit/810959f391187c7c4af6db262bcd143b50093a6e)
-- [ ] Ensure drone builds are green especially tests
+- [ ] Ensure workflow jobs are passing especially tests
 - [ ] I will squash the commits before merging

package/sandbox/apps/sandbox/translations/src/en/pages.json

@@ -65,8 +65,8 @@
   },
   "save-and-exit": {
     "header": "You have been signed out",
-    "paragraph-1": "Your form doesn’t appear to have been worked on for 30 minutes so we closed it for security.",
+    "paragraph-1": "Your form doesn't appear to have been worked on for 30 minutes so we closed it for security.",
     "paragraph-2": "Any answers you saved have not been affected.",
-    "paragraph-3": "You can sign back in to your application at any time by returning to the"
+    "paragraph-3": "You can sign back in to your application at any time by returning to the <a href='/' class='govuk-link'>start page</a>."
   }
 }

package/sandbox/apps/sandbox/views/save-and-exit.html

@@ -0,0 +1,19 @@
+{{<layout}}
+  {{$journeyHeader}}
+  {{#t}}journey.header{{/t}}
+  {{/journeyHeader}}
+
+  {{$propositionHeader}}
+  {{> partials-navigation}}
+  {{/propositionHeader}}
+
+  {{$header}}
+    {{header}}
+  {{/header}}
+
+  {{$content}}
+   <p>{{#t}}pages.save-and-exit.paragraph-1{{/t}}</p>
+   <p>{{#t}}pages.save-and-exit.paragraph-2{{/t}}</p>
+   <p>{{#t}}pages.save-and-exit.paragraph-3{{/t}}</p>
+  {{/content}}
+{{/layout}}

package/wizard/index.js

@@ -67,6 +67,8 @@ const Wizard = (steps, fields, setts) => {
     options.route = route;
     options.appConfig = settings.appConfig;
     options.confirmStep = settings.confirmStep;
+    options.exitStep = settings.exitStep;
+    options.saveAndExitStep = settings.saveAndExitStep;
     options.clearSession = options.clearSession || false;
     options.fieldsConfig = _.cloneDeep(fields);
     options.sanitiseInputs = settings.sanitiseInputs;