Merge pull request #980 from fecgov/release/sprint-45

Release/sprint 45

.circleci/config.yml

@@ -232,13 +232,42 @@ jobs:
           name: Deploy docs to gh-pages branch
           command: npx gh-pages --dotfiles --dist ~/project/docs/_build/html
 
+  # This job kicks off the e2e-test pipeline in the fecfile-web-app project.
+  # It is used to run the e2e tests when the api is deployed to dev/stage/prod.
+  # It uses the is-triggered-e2e-test parameter which is used in the fecfile-web-app 
+  # circleci config file to differentiate it from the nightly runs.
+  trigger-e2e-test-pipeline:
+      docker: 
+        - image: cimg/base:2021.11
+      resource_class: small
+      steps:
+        - run:
+            name: Ping another pipeline
+            command: |
+              CREATED_PIPELINE=$(
+                curl -v https://circleci.com/api/v2/project/gh/fecgov/fecfile-web-app/pipeline \
+                --header "Content-Type: application/json" \
+                --header "Accept: application/json" \
+                --header "Circle-Token: $CIRCLE_TOKEN" \
+                --data '{"branch":"'$CIRCLE_BRANCH'","parameters":{"is-triggered-e2e-test":true}}' \
+                | jq -r '.id'
+              )
+              echo "created pipeline"
+              echo $CREATED_PIPELINE
+
 # Invoke jobs via workflows
 # See: https://circleci.com/docs/2.0/configuration-reference/#workflows
 workflows:
   primary: # This is the name of the workflow, feel free to change it to better match your workflow.
     jobs:
       - test
       - dependency-check
+      # This job is triggered whenever a commit is made to the dev/stage/prod branches.
+      # It kicks off the e2e-test pipeline in the fecfile-web-app project.
+      - trigger-e2e-test-pipeline:
+          filters:
+            branches:
+              only: /develop|release\/sprint-[\.\d]+|main/
       - deploy-job:
           requires:
             - test

README.md

@@ -66,14 +66,12 @@ _Special Note:_ If the fecfile-validate repo was updated, the commit of the upda
 ### Create a feature branch
 
 Using git-flow extensions:
-` git flow feature start feature_branch
-`
+`git flow feature start feature_branch`
 
 Without the git-flow extensions:
-` git checkout develop
+`git checkout develop
     git pull
-    git checkout -b feature/feature_branch develop
-`
+    git checkout -b feature/feature_branch develop`
 
 - Developer creates a GitHub PR when ready to merge to `develop` branch
 - Reviewer reviews and merges feature branch into `develop` via GitHub
@@ -165,16 +163,19 @@ Set up git secrets to protect oneself from committing sensitive information such
 - See git-secrets README for more features: https://github.com/awslabs/git-secrets#readme
 
 ### Code formatting
+
 [Black](https://github.com/psf/black) is the Python code formatter used on the project.
 
 - Install using `pip install black`.
 - If using vscode, add (or update) the following section of your settings.json to the following so that code is formatted on save:
+
 ```
 "[python]": {
     "editor.defaultFormatter": "ms-python.black-formatter",
     "editor.formatOnSave": true
 }
 ```
+
 - To format a specific file or directory manually, use `black <file_or_directory>`
 
 ### Commit local code changes to origin daily
@@ -184,4 +185,16 @@ As a best practice policy, please commit any feature code changes made during th
 ### Google-style inline documentation
 
 The project is using the Google Python Style Guide as the baseline to keep code style consistent across project repositories.
-See here for comment style rules: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+See here for comment style rules: https://google.github.io/styleguide/pyguide.html#38-comments-and-docstrings
+
+### Snyk security scanning
+
+A Snyk online account has been set up for FEC to monitor the FECFile Online GitHub repositories. The management of vulnerability alerts will be handled as a weekly rotating task performed by a developer who will log into the [Snyk Dashboard](https://app.snyk.io/invite/link/accept?invite=93042de6-4eca-4bb5-bf76-9c2e9f895e24&utm_source=link_invite&utm_medium=referral&utm_campaign=product-link-invite&from=link_invite) and perform the following tasks:
+
+1. Review the vulnerability reports for each of the FECFile Online GitHub repository.
+2. Write up a ticket (1 for each reported "Critical" or "High" severity vulnerability) to remediate the vulnerability.
+3. Point and mark each ticket with the following tags: "security", "high priority".
+4. Move each new ticket into the current sprint and sprint backlog.
+5. Update weekly assignment log with tickets created or "None".
+
+The weekly assignment log can be found in the Google drive 🔒 [here](https://docs.google.com/spreadsheets/d/1SNMOyGS4JAKgXQ0RhhzoX7M2ib1vm14dD0LxWNpssP4) 🔒

django-backend/fecfiler/middleware.py

@@ -0,0 +1,8 @@
+class HeaderMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response['cache-control'] = "no-cache, no-store"
+        return response

django-backend/fecfiler/reports/views.py

@@ -139,15 +139,10 @@ def amend(self, request, pk):
     @action(
         detail=False,
         methods=["post"],
-        url_path="hard-delete-reports",
+        url_path="e2e-delete-all-reports",
     )
-    def hard_delete_reports(self, request):
-        committee_id = request.data.get("committee_id")
-        if not committee_id:
-            return Response(
-                "No committee_id provided", status=status.HTTP_400_BAD_REQUEST
-            )
-
+    def e2e_delete_all_reports(self, request):
+        committee_id = "C99999999"
         reports = Report.objects.filter(committee_account__committee_id=committee_id)
         report_count = reports.count()
         transactions = Transaction.objects.filter(

django-backend/fecfiler/settings/base.py

@@ -27,9 +27,7 @@
 LOG_FORMAT = env.get_credential("LOG_FORMAT", LINE)
 
 CSRF_COOKIE_DOMAIN = env.get_credential("FFAPI_COOKIE_DOMAIN")
-CSRF_TRUSTED_ORIGINS = [
-    env.get_credential("CSRF_TRUSTED_ORIGINS", "http://localhost:4200")
-]
+CSRF_TRUSTED_ORIGINS = ["https://*.fecfile.fec.gov"]
 
 """
 Enables alternative log in method.
@@ -84,6 +82,7 @@
 MIDDLEWARE = [
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
+    "fecfiler.middleware.HeaderMiddleware",
     "fecfiler.authentication.middleware.TimeoutMiddleware.TimeoutMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -110,10 +109,14 @@
     },
 ]
 
-CORS_ALLOWED_ORIGINS = [
-    env.get_credential("CORS_ALLOWED_ORIGINS", "http://localhost:4200")
-]
-CORS_ALLOW_HEADERS = default_headers + ("enctype", "token")
+CORS_ALLOWED_ORIGIN_REGEXES = [r"^https://(.*?).fecfile\.fec\.gov$"]
+
+CORS_ALLOW_HEADERS = (
+    *default_headers,
+    "enctype",
+    "token",
+    "cache-control",
+)
 
 CORS_ALLOW_CREDENTIALS = True
 
@@ -359,3 +362,6 @@ def get_logging_processors():
     MOCK_OPENFEC_REDIS_URL = env.get_credential("REDIS_URL")
 else:
     MOCK_OPENFEC_REDIS_URL = None
+
+
+TEST_RUNNER = "fecfiler.test_runner.CustomTestRunner"

django-backend/fecfiler/settings/local.py

@@ -2,6 +2,8 @@
 
 # These settings are for local development only.
 
+CORS_ALLOWED_ORIGIN_REGEXES.append("http://localhost:4200")  # NOSONAR # noqa: F405
+CSRF_TRUSTED_ORIGINS.append("http://localhost:4200")  # NOSONAR # noqa: F405
 
 try:
     from .local import *  # NOSONAR # noqa: F401, F403

django-backend/fecfiler/settings/production.py

@@ -11,4 +11,4 @@
 SESSION_COOKIE_HTTPONLY = True
 CSRF_COOKIE_SECURE = True
 
-ALLOWED_HOSTS = [".fec.gov", ".app.cloud.gov"]
+ALLOWED_HOSTS = [".fecfile.fec.gov"]

django-backend/fecfiler/test_runner.py

@@ -0,0 +1,18 @@
+from django.test.runner import DiscoverRunner
+
+
+class CustomTestRunner(DiscoverRunner):
+    def __init__(self, *args, **kwargs):
+        # Automatically exclude "performance" tagged tickets unless specifically invoked
+        if (
+            "tags" not in kwargs.keys()
+            or kwargs["tags"] is None
+            or "performance" not in kwargs["tags"]
+        ):
+            exclude = kwargs["exclude_tags"]
+            if exclude is None:
+                exclude = []
+            exclude.append("performance")
+            kwargs["exclude_tags"] = exclude
+
+        super().__init__(*args, **kwargs)