Deploy 2023.01.2 to test

.github/workflows/check-api.yml

@@ -75,3 +75,13 @@ jobs:
           --cacert $temp_dir/cacert.ca > $temp_dir/payload.txt
 
           test $(head -n 1 $temp_dir/payload.txt | grep -o 201)
+
+      # https://www.ravsam.in/blog/send-slack-notification-when-github-actions-fails/#using-notify-slack-action
+      - name: Report failure to Slack
+        if: always()
+        uses: ravsamhq/notify-slack-action@v2
+        with:
+          status: ${{ job.status }}
+          notify_when: "failure"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}

.github/workflows/tests-pytest.yml

@@ -1,6 +1,6 @@
 name: Pytest
 
-on: push
+on: [push, pull_request]
 
 jobs:
   pytest:

.pre-commit-config.yaml

@@ -61,6 +61,6 @@ repos:
         types_or: [javascript, css]
 
   - repo: https://github.com/Riverside-Healthcare/djLint
-    rev: v1.19.10
+    rev: v1.19.12
     hooks:
       - id: djlint-django

appcontainer/requirements.txt

@@ -1,8 +1,8 @@
 Authlib==1.2.0
 Django==4.1.5
 django-csp==3.7
-git+https://github.com/cal-itp/eligibility-api#egg=eligibility_api
+eligibility-api==2023.01.1
 opencensus-ext-azure==1.1.6
 opencensus-ext-django==0.8.0
-requests==2.28.1
+requests==2.28.2
 six==1.16.0

benefits/__init__.py

@@ -1,3 +1,3 @@
-__version__ = "2023.01.1"
+__version__ = "2023.01.2"
 
 VERSION = __version__

benefits/core/migrations/0001_initial.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.1.1 on 2022-11-02 23:46
+# Generated by Django 4.1.5 on 2023-01-11 23:23
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -48,7 +48,6 @@ class Migration(migrations.Migration):
                 ("selection_label_description", models.TextField(null=True)),
                 ("start_title", models.TextField()),
                 ("start_headline", models.TextField()),
-                ("start_sub_headline", models.TextField()),
                 ("start_item_heading", models.TextField()),
                 ("start_item_details", models.TextField()),
                 ("start_help_anchor", models.TextField()),
@@ -66,9 +65,7 @@ class Migration(migrations.Migration):
                 ("form_name_placeholder", models.TextField(null=True)),
                 ("form_name_max_length", models.PositiveSmallIntegerField(null=True)),
                 ("unverified_title", models.TextField()),
-                ("unverified_headline", models.TextField()),
                 ("unverified_blurb", models.TextField()),
-                ("eligibility_confirmed_headline", models.TextField()),
                 ("eligibility_confirmed_item_heading", models.TextField(null=True)),
                 ("eligibility_confirmed_item_details", models.TextField(null=True)),
                 ("enrollment_success_confirm_item_details", models.TextField()),
@@ -123,6 +120,7 @@ class Migration(migrations.Migration):
                 ("phone", models.TextField()),
                 ("active", models.BooleanField(default=False)),
                 ("jws_signing_alg", models.TextField()),
+                ("eligibility_index_intro", models.TextField()),
                 ("eligibility_types", models.ManyToManyField(to="core.eligibilitytype")),
                 ("eligibility_verifiers", models.ManyToManyField(to="core.eligibilityverifier")),
                 (

benefits/core/migrations/0002_sample_data.py

@@ -1,6 +1,8 @@
 """Data migration which loads sample data.
 Set environment variable DJANGO_LOAD_SAMPLE_DATA to False to skip loading sample data.
 """
+import os
+
 from django.conf import settings
 from django.db import migrations
 from django.utils.translation import gettext_lazy as _
@@ -13,18 +15,23 @@ def load_sample_data(app, *args, **kwargs):
 
     EligibilityType = app.get_model("core", "EligibilityType")
 
-    senior_type = EligibilityType.objects.create(name="senior", label="Senior", group_id="group1")
-    courtesy_card_type = EligibilityType.objects.create(name="courtesy_card", label="Courtesy Card", group_id="group2")
+    senior_type = EligibilityType.objects.create(
+        name="senior", label="Senior", group_id=os.environ.get("MST_SENIOR_GROUP_ID", "group1")
+    )
+    courtesy_card_type = EligibilityType.objects.create(
+        name="courtesy_card", label="Courtesy Card", group_id=os.environ.get("MST_COURTESY_CARD_GROUP_ID", "group2")
+    )
 
     PemData = app.get_model("core", "PemData")
 
     server_public_key = PemData.objects.create(
         label="Eligibility server public key",
-        remote_url="https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.pub",
+        remote_url=os.environ.get(
+            "SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/dev/keys/server.pub"
+        ),
     )
 
-    client_private_key = PemData.objects.create(
-        text="""
+    default_client_private_key = """
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on
 Ca79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY
@@ -52,12 +59,14 @@ def load_sample_data(app, *args, **kwargs):
 W3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c
 tSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA==
 -----END RSA PRIVATE KEY-----
-""",
+"""
+
+    client_private_key = PemData.objects.create(
+        text=os.environ.get("CLIENT_PRIVATE_KEY", default_client_private_key),
         label="Benefits client private key",
     )
 
-    client_public_key = PemData.objects.create(
-        text="""
+    default_client_public_key = """
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88
 4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R
@@ -67,72 +76,85 @@ def load_sample_data(app, *args, **kwargs):
 TsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV
 iwIDAQAB
 -----END PUBLIC KEY-----
-""",
+"""
+
+    client_public_key = PemData.objects.create(
+        text=os.environ.get("CLIENT_PUBLIC_KEY", default_client_public_key),
         label="Benefits client public key",
     )
 
-    dummy_cert = PemData.objects.create(
-        text="""
+    dummy_cert_text = """
 -----BEGIN CERTIFICATE-----
 PEM DATA
 -----END CERTIFICATE-----
-""",
-        label="Dummy certificate",
+"""
+
+    payment_processor_client_cert = PemData.objects.create(
+        text=os.environ.get("PAYMENT_PROCESSOR_CLIENT_CERT", dummy_cert_text),
+        label="Payment processor client certificate",
+    )
+
+    payment_processor_client_cert_private_key = PemData.objects.create(
+        text=os.environ.get("PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY", client_private_key.text),
+        label="Payment processor client certificate private key",
+    )
+
+    payment_processor_client_cert_root_ca = PemData.objects.create(
+        text=os.environ.get("PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA", dummy_cert_text),
+        label="Payment processor client certificate root CA",
     )
 
     AuthProvider = app.get_model("core", "AuthProvider")
 
     auth_provider = AuthProvider.objects.create(
         sign_in_button_label=_("eligibility.buttons.signin"),
         sign_out_button_label=_("eligibility.buttons.signout"),
-        client_name="benefits-oauth-client-name",
-        client_id="benefits-oauth-client-id",
-        authority="https://example.com",
-        scope="verify:senior",
-        claim="senior",
+        client_name=os.environ.get("AUTH_PROVIDER_CLIENT_NAME", "benefits-oauth-client-name"),
+        client_id=os.environ.get("AUTH_PROVIDER_CLIENT_ID", "benefits-oauth-client-id"),
+        authority=os.environ.get("AUTH_PROVIDER_AUTHORITY", "https://example.com"),
+        scope=os.environ.get("AUTH_PROVIDER_SCOPE", "verify:senior"),
+        claim=os.environ.get("AUTH_PROVIDER_CLAIM", "senior"),
     )
 
     EligibilityVerifier = app.get_model("core", "EligibilityVerifier")
 
-    verifier1 = EligibilityVerifier.objects.create(
-        name="OAuth claims via Login.gov",
+    oauth_claims_verifier = EligibilityVerifier.objects.create(
+        name=os.environ.get("OAUTH_VERIFIER_NAME", "OAuth claims via Login.gov"),
         eligibility_type=senior_type,
         auth_provider=auth_provider,
-        selection_label=_("eligibility.pages.index.mst_login.label"),
-        selection_label_description=_("eligibility.pages.index.mst_login.description"),
-        start_title=_("eligibility.pages.start.mst_login.title"),
-        start_headline=_("eligibility.pages.start.mst_login.headline"),
-        start_sub_headline=_("eligibility.pages.start.mst_login.sub_headline"),
-        start_item_heading=_("eligibility.pages.start.mst_login.start_item.heading"),
-        start_item_details=_("eligibility.pages.start.mst_login.start_item.details"),
+        selection_label=_("eligibility.pages.index.login_gov.label"),
+        selection_label_description=_("eligibility.pages.index.login_gov.description"),
+        start_title=_("eligibility.pages.start.login_gov.title"),
+        start_headline=_("eligibility.pages.start.login_gov.headline"),
+        start_item_heading=_("eligibility.pages.start.login_gov.start_item.heading"),
+        start_item_details=_("eligibility.pages.start.login_gov.start_item.details"),
         start_help_anchor="login-gov",
-        unverified_title=_("eligibility.pages.unverified.mst_login.title"),
-        unverified_headline=_("eligibility.pages.unverified.mst_login.headline"),
-        unverified_blurb=_("eligibility.pages.unverified.mst_login.p[0]"),
-        eligibility_confirmed_headline=_("enrollment.pages.index.mst_login.eligibility_confirmed.headline"),
-        eligibility_confirmed_item_heading=_("enrollment.pages.index.mst_login.eligibility_confirmed_item.heading"),
-        eligibility_confirmed_item_details=_("enrollment.pages.index.mst_login.eligibility_confirmed_item.details"),
-        enrollment_success_confirm_item_details=_("enrollment.pages.success.mst_login.confirm_item.details"),
+        unverified_title=_("eligibility.pages.unverified.login_gov.title"),
+        unverified_blurb=_("eligibility.pages.unverified.login_gov.p[0]"),
+        eligibility_confirmed_item_heading=_("enrollment.pages.index.login_gov.eligibility_confirmed_item.heading"),
+        eligibility_confirmed_item_details=_(
+            "enrollment.pages.index.login_gov.eligibility_confirmed_item.details%(transit_agency_short_name)s"
+        ),
+        enrollment_success_confirm_item_details=_("enrollment.pages.success.login_gov.confirm_item.details"),
         enrollment_success_expiry_item_heading=None,
         enrollment_success_expiry_item_details=None,
     )
 
-    verifier2 = EligibilityVerifier.objects.create(
-        name="Test Eligibility Verifier 2",
-        api_url="http://server:8000/verify",
-        api_auth_header="X-Server-API-Key",
-        api_auth_key="server-auth-token",
+    courtesy_card_verifier = EligibilityVerifier.objects.create(
+        name=os.environ.get("COURTESY_CARD_VERIFIER", "Eligibility Server Verifier"),
+        api_url=os.environ.get("COURTESY_CARD_VERIFIER_API_URL", "http://server:8000/verify"),
+        api_auth_header=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"),
+        api_auth_key=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_KEY", "server-auth-token"),
         eligibility_type=courtesy_card_type,
         public_key=server_public_key,
-        jwe_cek_enc="A256CBC-HS512",
-        jwe_encryption_alg="RSA-OAEP",
-        jws_signing_alg="RS256",
+        jwe_cek_enc=os.environ.get("COURTESY_CARD_VERIFIER_JWE_CEK_ENC", "A256CBC-HS512"),
+        jwe_encryption_alg=os.environ.get("COURTESY_CARD_VERIFIER_JWE_ENCRYPTION_ALG", "RSA-OAEP"),
+        jws_signing_alg=os.environ.get("COURTESY_CARD_VERIFIER_JWS_SIGNING_ALG", "RS256"),
         auth_provider=None,
         selection_label=_("eligibility.pages.index.mst_cc.label"),
         selection_label_description=_("eligibility.pages.index.mst_cc.description"),
         start_title=_("eligibility.pages.start.mst_cc.title"),
         start_headline=_("eligibility.pages.start.mst_cc.headline"),
-        start_sub_headline=_("eligibility.pages.start.mst_cc.sub_headline"),
         start_item_heading=_("eligibility.pages.start.mst_cc.start_item.heading"),
         start_item_details=_("eligibility.pages.start.mst_cc.start_item.details"),
         start_help_anchor="mst-courtesy-card",
@@ -150,9 +172,7 @@ def load_sample_data(app, *args, **kwargs):
         form_name_placeholder="Garcia",
         form_name_max_length=255,
         unverified_title=_("eligibility.pages.unverified.mst_cc.title"),
-        unverified_headline=_("eligibility.pages.unverified.mst_cc.headline"),
         unverified_blurb=_("eligibility.pages.unverified.mst_cc.p[0]"),
-        eligibility_confirmed_headline=_("enrollment.pages.index.mst_cc.eligibility_confirmed.headline"),
         eligibility_confirmed_item_heading=None,
         eligibility_confirmed_item_details=None,
         enrollment_success_confirm_item_details=_("enrollment.pages.success.mst_cc.confirm_item.details"),
@@ -163,17 +183,17 @@ def load_sample_data(app, *args, **kwargs):
     PaymentProcessor = app.get_model("core", "PaymentProcessor")
 
     payment_processor = PaymentProcessor.objects.create(
-        name="Test Payment Processor",
-        api_base_url="http://server:8000",
-        api_access_token_endpoint="access-token",
-        api_access_token_request_key="request_access",
-        api_access_token_request_val="REQUEST_ACCESS",
-        card_tokenize_url="http://server:8000/static/tokenize.js",
-        card_tokenize_func="tokenize",
-        card_tokenize_env="test",
-        client_cert=dummy_cert,
-        client_cert_private_key=client_private_key,
-        client_cert_root_ca=dummy_cert,
+        name=os.environ.get("PAYMENT_PROCESSOR_NAME", "Test Payment Processor"),
+        api_base_url=os.environ.get("PAYMENT_PROCESSOR_API_BASE_URL", "http://server:8000"),
+        api_access_token_endpoint=os.environ.get("PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT", "access-token"),
+        api_access_token_request_key=os.environ.get("PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY", "request_access"),
+        api_access_token_request_val=os.environ.get("PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL", "REQUEST_ACCESS"),
+        card_tokenize_url=os.environ.get("PAYMENT_PROCESSOR_CARD_TOKENIZE_URL", "http://server:8000/static/tokenize.js"),
+        card_tokenize_func=os.environ.get("PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC", "tokenize"),
+        card_tokenize_env=os.environ.get("PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV", "test"),
+        client_cert=payment_processor_client_cert,
+        client_cert_private_key=payment_processor_client_cert_private_key,
+        client_cert_root_ca=payment_processor_client_cert_root_ca,
         customer_endpoint="customer",
         customers_endpoint="customers",
         group_endpoint="group",
@@ -183,20 +203,39 @@ def load_sample_data(app, *args, **kwargs):
 
     mst_agency = TransitAgency.objects.create(
         slug="mst",
-        short_name="MST (sample)",
-        long_name="Monterey-Salinas Transit (sample)",
+        short_name=os.environ.get("MST_AGENCY_SHORT_NAME", "MST (sample)"),
+        long_name=os.environ.get("MST_AGENCY_LONG_NAME", "Monterey-Salinas Transit (sample)"),
         agency_id="mst",
         merchant_id="mst",
         info_url="https://mst.org/benefits",
         phone="888-678-2871",
         active=True,
         private_key=client_private_key,
         public_key=client_public_key,
-        jws_signing_alg="RS256",
+        jws_signing_alg=os.environ.get("MST_AGENCY_JWS_SIGNING_ALG", "RS256"),
         payment_processor=payment_processor,
+        eligibility_index_intro=_("eligibility.pages.index.p[0].mst"),
     )
     mst_agency.eligibility_types.set([senior_type, courtesy_card_type])
-    mst_agency.eligibility_verifiers.set([verifier1, verifier2])
+    mst_agency.eligibility_verifiers.set([oauth_claims_verifier, courtesy_card_verifier])
+
+    sacrt_agency = TransitAgency.objects.create(
+        slug="sacrt",
+        short_name=os.environ.get("SACRT_AGENCY_SHORT_NAME", "SacRT (sample)"),
+        long_name=os.environ.get("SACRT_AGENCY_LONG_NAME", "Sacramento Regional Transit (sample)"),
+        agency_id="sacrt",
+        merchant_id="sacrt",
+        info_url="https://sacrt.com/",
+        phone="916-321-2877",
+        active=True,
+        private_key=client_private_key,
+        public_key=client_public_key,
+        jws_signing_alg=os.environ.get("SACRT_AGENCY_JWS_SIGNING_ALG", "RS256"),
+        payment_processor=payment_processor,
+        eligibility_index_intro=_("eligibility.pages.index.p[0].sacrt"),
+    )
+    sacrt_agency.eligibility_types.set([senior_type])
+    sacrt_agency.eligibility_verifiers.set([oauth_claims_verifier])
 
 
 class Migration(migrations.Migration):

benefits/core/models.py

@@ -103,7 +103,6 @@ class EligibilityVerifier(models.Model):
     selection_label_description = models.TextField(null=True)
     start_title = models.TextField()
     start_headline = models.TextField()
-    start_sub_headline = models.TextField()
     start_item_heading = models.TextField()
     start_item_details = models.TextField()
     start_help_anchor = models.TextField()
@@ -125,9 +124,7 @@ class EligibilityVerifier(models.Model):
     # The maximum length accepted for the 'name' API field before sending to this verifier
     form_name_max_length = models.PositiveSmallIntegerField(null=True)
     unverified_title = models.TextField()
-    unverified_headline = models.TextField()
     unverified_blurb = models.TextField()
-    eligibility_confirmed_headline = models.TextField()
     eligibility_confirmed_item_heading = models.TextField(null=True)
     eligibility_confirmed_item_details = models.TextField(null=True)
     # Fields for the dynamic enrollment success message
@@ -207,6 +204,7 @@ class TransitAgency(models.Model):
     public_key = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT)
     # The JWS-compatible signing algorithm
     jws_signing_alg = models.TextField()
+    eligibility_index_intro = models.TextField()
 
     def __str__(self):
         return self.long_name
@@ -240,6 +238,11 @@ def index_url(self):
         """Public-facing URL to the TransitAgency's landing page."""
         return reverse("core:agency_index", args=[self.slug])
 
+    @property
+    def eligibility_index_url(self):
+        """Public facing URL to the TransitAgency's eligibility page."""
+        return reverse("eligibility:agency_index", args=[self.slug])
+
     @property
     def public_key_url(self):
         """Public-facing URL to the TransitAgency's public key."""