def get_branding_as_dict(email_branding):
return {
branding['id']: {
'logo': 'https://{}/{}'.format(get_cdn_domain(), branding['logo']),
'colour': branding['colour']
} for branding in email_branding
}
def create_email_branding(logo=None):
form = ServiceCreateEmailBranding()
if form.validate_on_submit():
if form.file.data:
upload_filename = upload_logo(form.file.data.filename,
form.file.data,
current_app.config['AWS_REGION'],
user_id=session["user_id"])
if logo and logo.startswith(
TEMP_TAG.format(user_id=session['user_id'])):
delete_temp_file(logo)
return redirect(
url_for('.create_email_branding', logo=upload_filename))
if logo:
logo = persist_logo(logo, session["user_id"])
delete_temp_files_created_by(session["user_id"])
email_branding_client.create_email_branding(logo=logo,
name=form.name.data,
colour=form.colour.data)
return redirect(url_for('.email_branding'))
return render_template('views/email-branding/manage-branding.html',
form=form,
cdn_url=get_cdn_domain(),
logo=logo)
def get_branding_as_dict(organisations):
return {
organisation['id']: {
'logo': 'https://{}/{}'.format(get_cdn_domain(), organisation['logo']),
'colour': organisation['colour']
} for organisation in organisations
}
def manage_org(logo=None):
form = ServiceManageOrg()
org = session.get("organisation")
logo = logo if logo else org.get('logo') if org else None
if form.validate_on_submit():
if form.file.data:
upload_filename = upload_logo(
form.file.data.filename,
form.file.data,
current_app.config['AWS_REGION'],
user_id=session["user_id"]
)
if logo and logo.startswith(TEMP_TAG.format(user_id=session['user_id'])):
delete_temp_file(logo)
return redirect(
url_for('.manage_org', logo=upload_filename))
if logo:
logo = persist_logo(logo, session["user_id"])
delete_temp_files_created_by(session["user_id"])
if org:
organisations_client.update_organisation(
org_id=org['id'], logo=logo, name=form.name.data, colour=form.colour.data)
org_id = org['id']
else:
resp = organisations_client.create_organisation(
logo=logo, name=form.name.data, colour=form.colour.data)
org_id = resp['data']['id']
return redirect(url_for('.organisations', organisation_id=org_id))
if org:
form.name.data = org['name']
form.colour.data = org['colour']
return render_template(
'views/organisations/manage-org.html',
form=form,
organisation=org,
cdn_url=get_cdn_domain(),
logo=logo
)
def update_email_branding(branding_id, logo=None):
email_branding = email_branding_client.get_email_branding(branding_id)['email_branding']
form = ServiceUpdateEmailBranding()
logo = logo if logo else email_branding.get('logo') if email_branding else None
if form.validate_on_submit():
if form.file.data:
upload_filename = upload_logo(
form.file.data.filename,
form.file.data,
current_app.config['AWS_REGION'],
user_id=session["user_id"]
)
if logo and logo.startswith(TEMP_TAG.format(user_id=session['user_id'])):
delete_temp_file(logo)
return redirect(url_for('.update_email_branding', branding_id=branding_id, logo=upload_filename))
if logo:
logo = persist_logo(logo, session["user_id"])
delete_temp_files_created_by(session["user_id"])
email_branding_client.update_email_branding(
branding_id=branding_id,
logo=logo,
name=form.name.data,
text=form.text.data,
colour=form.colour.data
)
return redirect(url_for('.email_branding', branding_id=branding_id))
form.name.data = email_branding['name']
form.text.data = email_branding['text']
form.colour.data = email_branding['colour']
return render_template(
'views/email-branding/manage-branding.html',
form=form,
email_branding=email_branding,
cdn_url=get_cdn_domain(),
logo=logo
)
def useful_headers_after_request(response):
response.headers.add('X-Frame-Options', 'deny')
response.headers.add('X-Content-Type-Options', 'nosniff')
response.headers.add('X-XSS-Protection', '1; mode=block')
response.headers.add('Content-Security-Policy', (
"default-src 'self' 'unsafe-inline';"
"script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
"connect-src 'self' *.google-analytics.com;"
"object-src 'self';"
"font-src 'self' data:;"
"img-src 'self' *.google-analytics.com *.notifications.service.gov.uk {} data:;"
"frame-src www.youtube.com;".format(get_cdn_domain())))
if 'Cache-Control' in response.headers:
del response.headers['Cache-Control']
response.headers.add('Cache-Control',
'no-store, no-cache, private, must-revalidate')
return response
def useful_headers_after_request(response):
response.headers.add('X-Frame-Options', 'deny')
response.headers.add('X-Content-Type-Options', 'nosniff')
response.headers.add('X-XSS-Protection', '1; mode=block')
response.headers.add('Content-Security-Policy', (
"default-src 'self' 'unsafe-inline';"
"report-uri {0};"
"script-src 'self' *.google-analytics.com 'unsafe-inline' 'unsafe-eval' data:;"
"connect-src 'self' https://sentry.cloud.gov.au *.google-analytics.com;"
"object-src 'self';"
"font-src 'self' data:;"
"img-src 'self' *.google-analytics.com *.cld.gov.au {1} data:;"
"frame-src www.youtube.com;".format(
os.getenv("ADMIN_SENTRY_CSP_URL"),
get_cdn_domain(),
)))
if 'Cache-Control' in response.headers:
del response.headers['Cache-Control']
response.headers.add('Cache-Control',
'no-store, no-cache, private, must-revalidate')
return response
def test_get_cdn_domain(client, mocker, url):
mocker.patch.dict('app.current_app.config', values={'CDN_BASE_URL': url})
domain = get_cdn_domain()
assert domain == 'static-logos.cdn.com'
def test_get_cdn_domain_on_non_localhost(client, mocker):
mocker.patch.dict('app.current_app.config',
values={'ADMIN_BASE_URL': 'https://some.admintest.com'})
domain = get_cdn_domain()
assert domain == 'static-logos.admintest.com'
def test_get_cdn_domain_on_localhost(client, mocker):
mocker.patch.dict('app.current_app.config',
values={'ADMIN_BASE_URL': 'http://localhost:6012'})
domain = get_cdn_domain()
assert domain == 'static-logos.notify.tools'
def email_template():
branding_type = request.args.get('branding_type', 'govuk')
branding_style = request.args.get('branding_style', 'None')
if branding_type == 'govuk' or branding_style == 'None':
brand_name = None
brand_colour = None
brand_logo = None
govuk_banner = True
brand_banner = False
else:
email_branding = email_branding_client.get_email_branding(branding_style)['email_branding']
brand_name = email_branding['text']
brand_colour = email_branding['colour']
brand_logo = 'https://{}/{}'.format(get_cdn_domain(), email_branding['logo'])
govuk_banner = branding_type in ['govuk', 'both']
brand_banner = branding_type == 'org_banner'
template = {
'subject': 'foo',
'content': (
'Lorem Ipsum is simply dummy text of the printing and typesetting '
'industry.\n\nLorem Ipsum has been the industry’s standard dummy '
'text ever since the 1500s, when an unknown printer took a galley '
'of type and scrambled it to make a type specimen book. '
'\n\n'
'# History'
'\n\n'
'It has '
'survived not only'
'\n\n'
'* five centuries'
'\n'
'* but also the leap into electronic typesetting'
'\n\n'
'It was '
'popularised in the 1960s with the release of Letraset sheets '
'containing Lorem Ipsum passages, and more recently with desktop '
'publishing software like Aldus PageMaker including versions of '
'Lorem Ipsum.'
'\n\n'
'^ It is a long established fact that a reader will be distracted '
'by the readable content of a page when looking at its layout.'
'\n\n'
'The point of using Lorem Ipsum is that it has a more-or-less '
'normal distribution of letters, as opposed to using ‘Content '
'here, content here’, making it look like readable English.'
'\n\n\n'
'1. One'
'\n'
'2. Two'
'\n'
'10. Three'
'\n\n'
'This is an example of an email sent using GOV.UK Notify.'
'\n\n'
'https://www.notifications.service.gov.uk'
)
}
if not bool(request.args):
resp = make_response(str(HTMLEmailTemplate(template)))
else:
resp = make_response(str(HTMLEmailTemplate(
template,
govuk_banner=govuk_banner,
brand_name=brand_name,
brand_colour=brand_colour,
brand_logo=brand_logo,
brand_banner=brand_banner,
)))
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
return resp
