Merge pull request #39 from Worth-NL/security/pentest

pgaetani · web-flow · commit cdef19e1d0ca · 2024-08-16T11:21:29.000+02:00
WHS-003
diff --git a/migrations/versions/0444_pentest_whs_003.py b/migrations/versions/0444_pentest_whs_003.py
@@ -0,0 +1,239 @@
+"""
+
+Revision ID: 0444_pentest_whs_003
+Revises: 0443_add_spryng_provider
+Create Date: 2024-08-09 11:14:31.873491
+
+"""
+
+from alembic import op
+from flask import current_app
+
+# revision identifiers, used by Alembic.
+revision = "0444_pentest_whs_003"
+down_revision = "0443_add_spryng_provider"
+
+
+update = """UPDATE {}
+            SET content = '{}', created_at = current_timestamp
+            WHERE id = '{}'
+         """
+
+template_redacted_update = """UPDATE template_redacted
+                                SET updated_at = current_timestamp, updated_by_id = '{}'
+                                WHERE template_id = '{}'
+                           """
+
+
+def upgrade():
+    templates = [
+        # Create new account
+        {
+            "id": "afd325cd-c83e-4b0b-8426-7acb9c0aa62b",
+            "name": "NotifyNL email verification code",
+            "type": "email",
+            "subject": "Confirm NotifyNL registration",
+            "content": """Hi,\n\n
+                        To complete your registration for NotifyNL please click the link below\n\n((url))
+                        """,
+        },
+        # Invitation to collaborate - service
+        {
+            "id": "b24bf0fa-dd64-4105-867c-4ed529e12df3",
+            "name": "NotifyNL service invitation email",
+            "type": "email",
+            "subject": "You have been invited to collaborate on ((service_name)) on NotifyNL",
+            "content": """You have been invited to collaborate on ((service_name)) on NotifyNL.\n\n
+                        NotifyNL makes it easy to keep people updated by helping you send text messages and emails.\n\n
+                        Click this link to create an account on NotifyNL:\n((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((service_name)) secure.
+                        """,
+        },
+        # Invitation to collaborate - organisation
+        {
+            "id": "dfd254da-39d1-468f-bd0d-2c9e017c13a6",
+            "name": "NotifyNL organisation invitation email",
+            "type": "email",
+            "subject": "You have been invited to collaborate on ((organisation_name)) on NotifyNL",
+            "content": """You have been invited to collaborate on ((organisation_name)) on NotifyNL.\n\n
+                        NotifyNL makes it easy to keep people updated by helping you send text messages and emails.\n\n
+                        Click this link to create an account on NotifyNL:\n((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((organisation_name)) secure.
+                        """,
+        },
+        # Password reset
+        {
+            "id": "4cc48b09-62d0-473f-8514-3023b306a0fb",
+            "name": "NotifyNL password reset email",
+            "type": "email",
+            "subject": "Reset your NotifyNL password",
+            "content": """Hi,\n\n
+                        We received a request to reset your password on NotifyNL.\n\n
+                        If you didn''t request this email, you can ignore it –
+                        your password has not been changed.\n\n
+                        To reset your password, click this link:\n\n
+                        ((url))
+                        """,
+        },
+        # Change email address
+        {
+            "id": "9eefb5bf-f1fb-46ce-9079-691260b0af9b",
+            "name": "Confirm new email address",
+            "type": "email",
+            "subject": "Confirm new email address for NotifyNL",
+            "content": """Hi,\n\n
+                            Click this link to confirm your new email address:\n\n((url))
+                        """,
+        },
+        # Email verification code
+        {
+            "id": "320a5f19-600f-451e-9646-11206c69828d",
+            "name": "NotifyNL email verify code",
+            "type": "email",
+            "subject": "Sign in to NotifyNL",
+            "content": """Hi,\n\n
+                            To sign in to NotifyNL please open this link: ((url))
+                        """,
+        },
+        # Broadcast invitation email
+        {
+            "id": "86761e21-b39c-43e1-a06b-a3340bc2bc7a",
+            "name": "NotifyNL broadcast invitation email",
+            "type": "email",
+            "subject": "You have been invited to join ((service_name)) on NotifyNL",
+            "content": """You have been invited to join ((service_name)) on NotifyNL.\n\n
+                        In an emergency, use Notify to broadcast an alert, warning the public about an imminent risk to life.\n\n
+                        Use this link to join the team: ((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((service_name)) secure.
+                        """,
+        },
+        # Service is live
+        {
+            "id": "ec92ba79-222b-46f1-944a-79b3c072234d",
+            "name": "Automated \"You''re now live\" message on NotifyNL",
+            "type": "email",
+            "subject": "((service name)) is now live on NotifyNL",
+            "content": """Hi,\n\n((service name)) is now live on NotifyNL.""",
+        },
+    ]
+
+    op.get_bind()
+
+    for template in templates:
+        for table_name in ["templates", "templates_history"]:
+            op.execute(
+                update.format(
+                    table_name,
+                    template["content"],
+                    template["id"],
+                )
+            )
+
+        op.execute(template_redacted_update.format(current_app.config["NOTIFY_USER_ID"], template["id"]))
+
+
+def downgrade():
+    old_templates = [
+        # Create new account
+        {
+            "id": "afd325cd-c83e-4b0b-8426-7acb9c0aa62b",
+            "name": "NotifyNL email verification code",
+            "type": "email",
+            "subject": "Confirm NotifyNL registration",
+            "content": """Hi ((name)),\n\n
+                        To complete your registration for NotifyNL please click the link below\n\n((url))
+                        """,
+        },
+        # Invitation to collaborate - service
+        {
+            "id": "b24bf0fa-dd64-4105-867c-4ed529e12df3",
+            "name": "NotifyNL service invitation email",
+            "type": "email",
+            "subject": "((user_name)) has invited you to collaborate on ((service_name)) on NotifyNL",
+            "content": """((user_name)) has invited you to collaborate on ((service_name)) on NotifyNL.\n\n
+                        NotifyNL makes it easy to keep people updated by helping you send text messages and emails.\n\n
+                        Click this link to create an account on NotifyNL:\n((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((service_name)) secure.
+                        """,
+        },
+        # Invitation to collaborate - organisation
+        {
+            "id": "dfd254da-39d1-468f-bd0d-2c9e017c13a6",
+            "name": "NotifyNL organisation invitation email",
+            "type": "email",
+            "subject": "((user_name)) has invited you to collaborate on ((organisation_name)) on NotifyNL",
+            "content": """((user_name)) has invited you to collaborate on ((organisation_name)) on NotifyNL.\n\n
+                        NotifyNL makes it easy to keep people updated by helping you send text messages and emails.\n\n
+                        Click this link to create an account on NotifyNL:\n((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((organisation_name)) secure.
+                        """,
+        },
+        # Password reset
+        {
+            "id": "4cc48b09-62d0-473f-8514-3023b306a0fb",
+            "name": "NotifyNL password reset email",
+            "type": "email",
+            "subject": "Reset your NotifyNL password",
+            "content": """Hi ((user_name)),\n\n
+                        We received a request to reset your password on NotifyNL.\n\n
+                        If you didn''t request this email, you can ignore it –
+                        your password has not been changed.\n\n
+                        To reset your password, click this link:\n\n
+                        ((url))
+                        """,
+        },
+        # Change email address
+        {
+            "id": "9eefb5bf-f1fb-46ce-9079-691260b0af9b",
+            "name": "Confirm new email address",
+            "type": "email",
+            "subject": "Confirm new email address for NotifyNL",
+            "content": """Hi ((name)),\n\n
+                            Click this link to confirm your new email address:\n\n((url))
+                        """,
+        },
+        # Email verification code
+        {
+            "id": "320a5f19-600f-451e-9646-11206c69828d",
+            "name": "NotifyNL email verify code",
+            "type": "email",
+            "subject": "Sign in to NotifyNL",
+            "content": """Hi ((name)),\n\n
+                            To sign in to NotifyNL please open this link: ((url))
+                        """,
+        },
+        # Broadcast invitation email
+        {
+            "id": "86761e21-b39c-43e1-a06b-a3340bc2bc7a",
+            "name": "NotifyNL broadcast invitation email",
+            "type": "email",
+            "subject": "((user_name)) has invited you to join ((service_name)) on NotifyNL",
+            "content": """((user_name)) has invited you to join ((service_name)) on NotifyNL.\n\n
+                        In an emergency, use Notify to broadcast an alert, warning the public about an imminent risk to life.\n\n
+                        Use this link to join the team: ((url))\n\n
+                        This invitation will stop working at midnight tomorrow. This is to keep ((service_name)) secure.
+                        """,
+        },
+        # Service is live
+        {
+            "id": "ec92ba79-222b-46f1-944a-79b3c072234d",
+            "name": "Automated \"You''re now live\" message on NotifyNL",
+            "type": "email",
+            "subject": "((service name)) is now live on NotifyNL",
+            "content": """Hi ((name)),\n\n((service name)) is now live on NotifyNL.""",
+        },
+    ]
+
+    op.get_bind()
+
+    for template in old_templates:
+        for table_name in ["templates", "templates_history"]:
+            op.execute(
+                update.format(
+                    table_name,
+                    template["content"],
+                    template["id"],
+                )
+            )
+
+        op.execute(template_redacted_update.format(current_app.config["NOTIFY_USER_ID"], template["id"]))
