Hi,

There are some issues in the alert banner when a user wants to delete the templates.

The default element will be button, but we use HTML code as button value. Therefore, the button will show all the raw codes as text on the button.

We could remove the HTML code to revise the problem:

 {{ govukButton({
   "text": "" if thing else delete_button,
   "html": delete_button + " ‘" + thing + "’" if thing else "", 
   "name": "delete", 
   "classes": "govuk-button--warning govuk-!-margin-top-2", 
 }) }} 

Thanks~

Pain

Relates to: alphagov/notifications-utils#936

There are two scenarios where a user uploads a CSV of recipients:

• Bulk send of an email / SMS / letter ("send")
• Create an emergency contact list ("contact-list")

Both make an instance of RecipientCSV and render something to show some or none of the CSV and its associated errors.

Any major changes to RecipientCSV need to be reflected in both places, but they are inconsistent and confusing:

1. Some of the errors don't correspond to the template name e.g.

   • "too many rows" is an error rendered in "column-errors".

2. "send" does different checks to "contact-list" e.g.

   • "contact-list" checks for multiple (redundant) columns, but "send" allows them.
   • "send" calls missing_column_headers on RecipientCSV, whereas "contact-list" manually checks the length.

3. The set of templates is different between "send" and "contact-list":

   • "contact-list" has column-errors, row-errors, too-many-columns.
   • "send" has column-errors, rows-errors, and 7 error-specific partials.

4. The views check for errors in different places and levels of abstraction:

   • "send" renders the same template for some errors, and then again for some more.
   • sometimes we check for specific errors, or just any errors.

Cure (ideas)

In reality, there are three kinds of error we need to handle:

1. Top-level errors e.g. not enough columns, too many rows.

2. Row-wide errors e.g. address issues (since the address spans multiple columns).

3. Cell-specific errors e.g. invalid phone number.

We could consolidate the preview / validation of a RecipientCSV into a single template / partial hierarchy, so that it can be reused consistently. This would likely correspond to a common set of helper functions.

Some of the checks might be specific to one use case e.g. "letters in trial mode". This kind of check should be done and displayed separately, as it's not relevant to the processing of the CSV.

Hello,

Your email regex for validating domains matches the domain preceded by an @, a full-stop . or (mistakenly I believe) the pipe character, |.

When evaluated, the following code prints "true".

import re
email_regex = (r"[\.|@]({})$".format("|".join(["gov.uk","mod.uk"])))
print bool(re.search(email_regex, "[email protected]|gov.uk"))

That code is the code from app/utils.py lines 258,259 with the allowed domains list expanded with the examples here and an email address filled in.

I don't know how the pipe character would be handled in the case of trying to email [email protected]|gov.uk, or whether it would get through other validation but could lead to potential vulnerability if for example the pipe and anything after it were to be discarded.

I believe the regex intended was r"(?:[\.]|[@])({})$".format(...) which matches one of @ or . followed by an allowed domain. (with a non-capturing group here to preserve the previous group numbers although they aren't used anyway).

Trying to build the frontend for the first time I ran into this problem:

[15:12:55] Requiring external module babel-core/register
/Users/andyw/Repositories/alphagov/notifications-admin/gulpfile.babel.js:24
gulp.task('copy:govuk_template:template', () => gulp.src('bower_components/gov
                                           ^
SyntaxError: Unexpected token )

Which is obviously gulp choking on the ES6 syntax. To fix it I added a .babelrc file as suggested here:

{
  "presets": ["es2015"]
}

You should probably add a note about this to the README or commit the file so that others don't get tripped up.

Rough mockups/prototypes.

As title; extra spaces when copying API keys! This stops them working when pasted, obviously :)

1. Create an API key
2. Copy said API key to clipboard using the button
3. Paste API key somewhere else, observe leading and trailing spaces