pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,146 Commits 1 Branch 0 Tags
e672941259eee7bdfd1b9857803ff0af46dadeb9
Commit Graph

2715 Commits

Author SHA1 Message Date
leigh-mil
6607170172 Refactor to use enums 2020-01-24 09:25:17 -05:00
leigh-mil
84d0a32694 Update TO form to account for new TO rules: alpha numeric, between 13 and 17 characters, dashes should be stripped, and coerce to uppercase 2020-01-24 09:18:22 -05:00
leigh-mil
1bad32bcdb Add success flash message 2020-01-23 16:44:27 -05:00
leigh-mil
ec56d8e38a Properly display environment role on application index page 2020-01-23 16:44:07 -05:00
leigh-mil
31b7e2f589 Create route and domain method for creating a subscription 2020-01-23 16:44:07 -05:00
dandds
944c5d3c9f Forcibly destroy existing session on logout. 
To comply with security guidelines, we need to destroy the session when
a user logs out. This means that the session's key in the Redis cache
needs to be deleted. Flask expects to _always_ have a session object. If
the current session object does not exist in the Redis cache, Flask will
reserialize and store it at the end of the request. In order for
session deletion to work, we need to delete the key for the existing
session and then replace the session object with a new, empty one.

This also updates the SessionLimiter class so that the session prefix is
configurable.
 2020-01-23 10:31:20 -05:00
Philip Kalinsky
597ea32e42 portfolio provision process. add logging, __repr___ method, fix broken tests 2020-01-23 10:14:22 -05:00
leigh-mil
158f7f43d7 Remove catch_all route 2020-01-22 16:53:28 -05:00
leigh-mil
bdc03fb0a2 Remove /help route and templates 2020-01-22 16:53:11 -05:00
leigh-mil
36fe777230 Remove delete environments from app members form 2020-01-22 15:53:40 -05:00
graham-dds
156d733aee Add missing regex and validation for StringFields 
This commit adds further validation for StringFields that were missing
it. This mostly amounted to being Regex patters and max lengths.
 2020-01-22 15:20:18 -05:00
graham-dds
b3dd32f3f7 Allow Falsey values for IsNumber validator 
We should use Required() instead to ensure data is present, if that's the
desired behavior
 2020-01-22 15:18:42 -05:00
graham-dds
d925a0a570 Change dialect from postgres:// to postgresql:// 2020-01-22 15:18:42 -05:00
tomdds
e5332897f1 Fix formatting 2020-01-22 14:52:06 -05:00
tomdds
1b1a20cf52 Restore implementations for policies and management group creation 
These were accidentally stripped out during a rebase.
 2020-01-22 14:39:30 -05:00
tomdds
f5e4b603cb Bring naming conventions for methods and classes related to CSP provisioning in line with state machine 2020-01-22 13:39:41 -05:00
tomdds
d646c3c00f Updates from Production Scripts 
Made a bunch of tweaks when using these tests to run production scripts for initial setup, this brings over a bunch of those changes
 2020-01-22 13:39:41 -05:00
Philip Kalinsky
becc3630c2 azure integration. methods to authenticate and set/get value in keyvault 2020-01-22 13:39:41 -05:00
Philip Kalinsky
67842748b8 call next on the results of filter function to get the first value 2020-01-22 13:39:41 -05:00
Philip Kalinsky
dfaea2d937 trigger_next_transition method will call the create trigger of the next stage for machines in CREATED state 2020-01-22 13:39:41 -05:00
Philip Kalinsky
743a91d658 trigger_next_transition method will call the create trigger of the next stage for machines in CREATED state 2020-01-22 13:39:41 -05:00
tomdds
b1adaf771d state machine integration wip 2020-01-22 13:39:35 -05:00
leigh-mil
ce70e44590 Update flash messages for portfolio invites to match application invite messages. 
Use None instead of an empty string for titles and messages in flash alerts.
 2020-01-21 11:57:10 -05:00
leigh-mil
6f85f6de97 Update copy for invite alert messages, CLIN error message, and use translations in flash file 2020-01-21 11:57:10 -05:00
leigh-mil
7c78e59624 Update copy on new portfolio form. Style cancel link as a button. 2020-01-21 11:57:09 -05:00
leigh-mil
9806571001 Refactoring: 
- Set dict values directly instead of creating a variable
- Comment out unused route function entirely
- Use f-strings for string interpolation
- Move div inside if statement so empty divs are not printed
 2020-01-17 10:49:05 -05:00
leigh-mil
d154b90c05 Use translations in flash messages 2020-01-17 10:49:05 -05:00
leigh-mil
0c733dd365 Update display of PPoC and remove option to edit PPoC perms 2020-01-17 10:49:05 -05:00
leigh-mil
5036504ae2 Skip coverage on unused route 2020-01-17 10:49:05 -05:00
leigh-mil
d550b4108e Remove update ppoc route from the blueprint and skip related tests 2020-01-17 10:49:05 -05:00
leigh-mil
4f345b462f Add resend invite form/modal, update routes and tests as necessary. 2020-01-17 10:49:05 -05:00
leigh-mil
56c213285f Add route to update portfolio manager perms, add modal form to update in the UI 2020-01-17 10:49:05 -05:00
raydds
1fa5de6f90 Add a configuration to totally disable the mailer 2020-01-16 11:27:14 -05:00
Philip Kalinsky
187ee0033e state machine unit tests 2020-01-16 10:32:30 -05:00
dandds
5213657b0f Additional validation and escaping for file names. 
This adds additional front and backend validations for task order file
names. We are now restricting file names to a whitelist regex of
[A-Za-z0-9\-_ \.] for simplicity.

Note:
On the frontend, the filename string must have at least one character.
This is not true in the backend validation; because of the way the
entire task order form is validated, requiring input would break the
business logic currently implemented.
 2020-01-15 09:17:03 -05:00
tomdds
81f23ebc22 Finish first passes at baseline tenant integration 
Add last of the integrations for setting up billing and reporting a CLIN.
 2020-01-14 17:17:34 -05:00
tomdds
161462f3cb Sample create and validate billing profile integration 
Adds 2 methods to the azure csp interface to create and subsequently validate creation of the billing profile.
 2020-01-14 17:16:54 -05:00
tomdds
7c22922d6d Create new AliasModel for CSP datalcasses, ignore credentials when converting to dictionary.This will allow all of our dataclasses to convert automatically between python style snake_case and the camelCase that the Azure APIs use. This also allows us to default to that behavior while specifying aliases for any fields as necessary.Additionally, any dataclass including the creds schema will have those creds removed from their dict representation. This can help keep creds out of logs as well as making the dataclasses more consumable for API usage. 2020-01-14 17:16:54 -05:00
tomdds
2ac333e0b7 Sample create tenant itegration 
This integration works with the happy path, we'll need to expand some fields and handle error states more coherently.
 2020-01-14 17:16:54 -05:00
Philip Kalinsky
ba47053a1c provision portfolio state machine 2020-01-14 17:16:54 -05:00
tomdds
d81d953c31 Fix formatting and some typos 2020-01-14 16:36:16 -05:00
Philip Kalinsky
69bd2f43a5 provision portfolio state machine 2020-01-14 16:36:16 -05:00
leigh-mil
11b3120bfd Update filter functions to display properly when users env access has been revoked 2020-01-14 15:43:46 -05:00
leigh-mil
17864cc060 Add migration to change environment_roles role column from string to 
enum type.
Fix tests and functions affected by the column type change.
 2020-01-14 13:12:29 -05:00
dandds
0731b0519c Use simple string formatting for flash messages. 
This addresses an SSTI vulnerability in Flask's `render_template_string`
function, which we were using for rendering flash messages. The
implementation I'd built was too complicated, so I removed its reliance
on Jinja template rendering. Instead, all parts of the flash message
should be keys in the translations file. The `flash` wrapper in
`atst.utils.flash` is just a thin wrapper over our `translate` function.
The `translate` function relies on Python string formatting, which does
not evaluate expressions and so isn't vulnerable to SSTI.
 2020-01-11 15:27:34 -05:00
leigh-mil
4d8d1d8ce0 Merge branch 'staging' into portfolio-admin-styling__part-2 2020-01-10 13:27:05 -05:00
leigh-mil
1425459e35 Use permissions sets instead of portfolio.owner_role to see if a member is PPoC 2020-01-10 10:25:55 -05:00
leigh-mil
70462eee0c Display portfolio managers alphabetically instead of always having PPoC in the first table row 2020-01-10 10:25:55 -05:00
leigh-mil
da398bf1ff Add status labels to portfolio managers table. 
Update PortfolioRole.display_status() to return same type of data as
ApplicationRole.display_status().
 2020-01-10 10:25:55 -05:00
leigh-mil
abfe8663a1 Update copy in perms form 2020-01-10 10:25:55 -05:00