diff --git a/.rubocop.yml b/.rubocop.yml index aff0a9a55..29db37a33 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -11,8 +11,3 @@ Rails/OutputSafety: Enabled: false Rails/HelperInstanceVariable: Enabled: false - -# Temporary - should be reverted as soon as the Verify tests finishes -AllCops: - Exclude: - - "config/initializers/csp.rb" diff --git a/app/assets/javascripts/modules/show-gov-uk-verify-hint.js b/app/assets/javascripts/modules/show-gov-uk-verify-hint.js deleted file mode 100644 index 920de820c..000000000 --- a/app/assets/javascripts/modules/show-gov-uk-verify-hint.js +++ /dev/null @@ -1,67 +0,0 @@ -window.GOVUK = window.GOVUK || {} -window.GOVUK.Modules = window.GOVUK.Modules || {}; - -(function (global, GOVUK) { - 'use strict' - - var $ = global.jQuery - var VISIBLE_ON_URL = "/personal-tax-account/sign-in/prove-identity" - - GOVUK.Modules.ShowGovUkVerifyHint = function () { - this.start = function (element) { - if (window.location.href.indexOf(VISIBLE_ON_URL) > -1) { - checkLastSuccessfulIdp(element) - } - } - - this.render = function (element, data) { - renderHint(element, data) - } - - function checkLastSuccessfulIdp (element) { - $.ajax({ - url: 'https://www.signin.service.gov.uk/successful-idp', - cache: false, - dataType: 'jsonp', - timeout: 3000 - }).then(function(data){ - renderHint(element, data); - }, function(e){console.log("error", e)}) - } - - function renderHint (element, data) { - if (data != null && data['found'] == 'true') { - $(element).html(generateHtml(data)).show() - $('button:contains("Continue")').addClass('govuk-button--secondary') - } - } - - function generateHtml(data) { - return '
' + - '

' + - 'Someone recently signed in with '+ data['displayName'] +' on this device' + - '

' + - '
' + - '' + - '' + - '
' + - '' + - 'Continue with '+ data['displayName'] +'' + - '
' + - '

If this wasn\'t you, choose one option:

' - } - } -})(window, window.GOVUK); diff --git a/app/assets/stylesheets/application.scss b/app/assets/stylesheets/application.scss index 6452ff849..c57b7470c 100644 --- a/app/assets/stylesheets/application.scss +++ b/app/assets/stylesheets/application.scss @@ -47,6 +47,5 @@ $govuk-use-legacy-palette: false; @import 'views/answer'; @import 'views/help-page'; @import "views/guide"; -@import 'views/choose_sign_in'; diff --git a/app/assets/stylesheets/views/_choose_sign_in.scss b/app/assets/stylesheets/views/_choose_sign_in.scss deleted file mode 100644 index b1b4bf078..000000000 --- a/app/assets/stylesheets/views/_choose_sign_in.scss +++ /dev/null @@ -1,21 +0,0 @@ -.verify-hint-box { - border: 5px solid $govuk-border-colour; - padding: govuk-spacing(3); - box-sizing: border-box; - margin: 0 0 govuk-spacing(6); - - .verify-hint-logos { - margin-bottom: govuk-spacing(3); - - .verify-hint-logos-idp { - height: 60px; - border-right: 1px solid $govuk-border-colour; - padding-right: govuk-spacing(3); - } - - .verify-hint-logos-verify { - height: 40px; - padding: govuk-spacing(2) 0 govuk-spacing(2) govuk-spacing(3); - } - } -} diff --git a/app/views/content_items/service_sign_in/_choose_sign_in.html.erb b/app/views/content_items/service_sign_in/_choose_sign_in.html.erb index 773aabe8f..899de11ee 100644 --- a/app/views/content_items/service_sign_in/_choose_sign_in.html.erb +++ b/app/views/content_items/service_sign_in/_choose_sign_in.html.erb @@ -27,7 +27,6 @@ <%= render "govuk_publishing_components/components/fieldset", legend_text: legend_text do %>
-
<%= render 'govuk_publishing_components/components/govspeak', content: raw(@content_item.description) %> <% if @error %> <%= render "components/error-message", text: t('service_sign_in.error.option') %> diff --git a/config/initializers/csp.rb b/config/initializers/csp.rb index 84556ec95..aa49407c8 100644 --- a/config/initializers/csp.rb +++ b/config/initializers/csp.rb @@ -1,76 +1 @@ -# GovukContentSecurityPolicy.configure -# THIS A TEMPORARY COPY OF THE POLICY FROM THE GEM ABOVE -# FOR THE TEMPORARY TEST WE NEED TO ADD A NEW DOMAIN FOR IMAGES (LINE 30) -# WILL BE REVERTED BACK TO THE GEM ONCE THE TESTS FINISHES - -GOVUK_DOMAINS = [ - '*.publishing.service.gov.uk', - "*.#{ENV['GOVUK_APP_DOMAIN_EXTERNAL'] || ENV['GOVUK_APP_DOMAIN'] || 'dev.gov.uk'}", - "*.dev.gov.uk" - ].uniq.freeze - -GOOGLE_ANALYTICS_DOMAINS = %w(www.google-analytics.com - ssl.google-analytics.com - stats.g.doubleclick.net).freeze - -Rails.application.config.content_security_policy_report_only = ENV.include?("GOVUK_CSP_REPORT_ONLY") - -Rails.application.config.content_security_policy do |policy| - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src - policy.default_src :https, :self, *GOVUK_DOMAINS - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src - policy.img_src :self, - :data, # Base64 encoded images - *GOVUK_DOMAINS, - *GOOGLE_ANALYTICS_DOMAINS, # Tracking pixels - # Some content still links to an old domain we used to use - "assets.digital.cabinet-office.gov.uk", - # For a Verify enhanced hint live test (temporary) - "gds-verify-frontend-assets.s3.amazonaws.com" - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src - policy.script_src :self, - *GOVUK_DOMAINS, - *GOOGLE_ANALYTICS_DOMAINS, - # Allow JSONP call to Verify to check whether the user is logged in - "www.signin.service.gov.uk", - # Allow YouTube Embeds (Govspeak turns YouTube links into embeds) - "*.ytimg.com", - "www.youtube.com", - "www.youtube-nocookie.com", - # Allow all inline scripts until we can conclusively - # document all the inline scripts we use, - # and there's a better way to filter out junk reports - :unsafe_inline - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src - policy.style_src :self, - *GOVUK_DOMAINS, - # We use the `style=""` attribute on some HTML elements - :unsafe_inline - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src - policy.font_src :self, - *GOVUK_DOMAINS, - :data # Used by some legacy fonts - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src - policy.connect_src :self, - *GOVUK_DOMAINS, - *GOOGLE_ANALYTICS_DOMAINS, - # Allow connecting to web chat from HMRC contact pages - "www.tax.service.gov.uk", - # Allow connecting to Verify to check whether the user is logged in - "www.signin.service.gov.uk" - - # Disallow all , , and elements - # - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src - policy.object_src :none - - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src - policy.frame_src :self, *GOVUK_DOMAINS, "www.youtube.com", "www.youtube-nocookie.com" # Allow youtube embeds - - policy.report_uri ENV["GOVUK_CSP_REPORT_URI"] if ENV.include?("GOVUK_CSP_REPORT_URI") -end \ No newline at end of file +GovukContentSecurityPolicy.configure diff --git a/spec/javascripts/show-gov-uk-verify-hint.spec.js b/spec/javascripts/show-gov-uk-verify-hint.spec.js deleted file mode 100644 index fceda91fd..000000000 --- a/spec/javascripts/show-gov-uk-verify-hint.spec.js +++ /dev/null @@ -1,56 +0,0 @@ -/* global describe beforeEach it spyOn expect */ - -var $ = window.jQuery - -describe('A GOV.UK Verify hint box', function () { - - var GOVUK = window.GOVUK - var element - var hint - - beforeEach(function () { - - element = $('
') - - hint = new GOVUK.Modules.ShowGovUkVerifyHint() - hint.start(element) - }) - - - it('renders when a positive response is received', function () { - var data = { - found: 'true', - displayName: 'Stub IDP', - simpleId: 'stub-idp' - } - - hint.render(element, data) - heading = element.find('h2').text() - idp_logo_path = element.find('img.verify-hint-logos-idp')[0].src - button_path = element.find('a.govuk-button')[0].href - expect(heading).toBe('Someone recently signed in with '+ data['displayName'] +' on this device') - expect(idp_logo_path).toBe('https://gds-verify-frontend-assets.s3.amazonaws.com/4af94ca-c1e26b4/' + data['simpleId'] + '.png') - expect(button_path).toBe('https://www.signin.service.gov.uk/initiate-journey/hmrc-personal-tax-account?journey_hint=idp_' + data['simpleId']) - expect(element.css('display')).not.toBe('none'); - }) - - it('does not render when a negative response is received', function () { - var data = { - found: 'false' - } - - expect($(element)).toBeHidden() - hint.render(element, data) - expect(element.css('display')).toBe('none'); - expect($(element)).toBeEmpty() - }) - - it('does not render when a null response is received', function () { - var data = null - - expect($(element)).toBeHidden() - hint.render(element, data) - expect(element.css('display')).toBe('none'); - expect($(element)).toBeEmpty() - }) -})