Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: release v6.74.0 #6680

Merged
merged 14 commits into from
Aug 31, 2023
Merged

build: release v6.74.0 #6680

merged 14 commits into from
Aug 31, 2023

Conversation

KenLSM
Copy link
Contributor

@KenLSM KenLSM commented Aug 31, 2023
edited by wanlingt
Loading

New

  • chore: remove dangling comments #6676
  • fix: platform api v1 - return appropriate status code for MissingUserError #6675
  • feat: payment quantity selector #6669
  • fix: allow submission when Myinfo child field is hidden by logic #6673
  • fix: Myinfo Child DOB #6648
  • feat: virus scanner for storage mode submissions #6642
  • chore: replace url with updated gogov links #6658
  • feat: enable myinfo child vax field #6652
  • build: merge v6.73.0 into develop #6659
  • build: release v6.73.0 #6657
  • chore: bump version to v6.73.0 1476fae
  • chore: bump version to v6.74.0 2ce5099

Dependencies

  • chore(deps): bump mongodb from 5.1.0 to 5.8.0 in /scripts/20230317_whitespace_issue #6677
  • fix(deps): bump type-fest from 4.3.0 to 4.3.1 in /shared #6674
  • fix(deps): bump libphonenumber-js from 1.10.41 to 1.10.43 in /shared #6672
  • fix(deps): bump type-fest from 4.2.0 to 4.3.0 in /shared #6668

Dev-Dependencies

Tests

fix: allow submission when Myinfo child field is hidden by logic #6673

@foochifa
For staging, these are the NRICs of profiles with children.

  • Submit a form with a hidden Myinfo child field. The child's name should be the only Myinfo child field. The email submission should have a blank beside the Myinfo child field.
  • Repeat the above, but with more child fields (BC number, DOB). The email submission should have a blank beside the Myinfo child fields.
  • Submit a form where the Myinfo child field is unhidden. The child's name should be the only Myinfo child field. The email submission's Myinfo child field should be populated.
  • Repeat the above, but with more child fields (BC number, DOB). The email submission's Myinfo child fields should be populated.
  • Repeat the above, but do not select the child's name. Try to submit. A red border should appear around the Myinfo child field, and you should not be able to submit the form.

Regression test:

  • Submit a Myinfo form without any Myinfo child fields

fix: Myinfo Child DOB #6648

@LinHuiqing

  1. Happy path test
  • On a Myinfo form, create a child field with the DOB.
  • Fill in the form (Staging Myinfo accounts here)
  • The DOB should be in the format 'dd/MM/yyyy' on the form UI.
  • Submit the form
  • Check the email submission - the DOB for the child's field should also be in the same format.
  1. Regression test
  • On a Myinfo form, add the (non-child) Myinfo fields DOB (already has existing Myinfo data) and Marriage Date (has no existing Myinfo data)
  • The dates should be in the format 'dd/MM/yyyy' on the form UI.
  • Submit the form
  • Check the email submission - the dates should show up correctly

feat: enable myinfo child vax field #6652

@KenLSM

  • Add the children beta flag to your admin user.
  • On an email mode form, add a children field and check that "Vaccination Requirements" is one of the options and can be added to the field.

feat: virus scanner for storage mode submissions #6642

@justynoh

  • Put clean file with valid uuid in quarantine bucket and trigger lambda with key: <filename>.
    • Function should return 200 with clean file key, with <1s execution time
    • File in quarantine bucket should be deleted
    • File should be in clean bucket with clean file key
  • Put infected file (e.g. from eicar) with valid uuid in quarantine bucket and trigger lambda with key: <filename>.
    • Function should return 400
      • Response body should include 'Malicious file detected'
      • Response body should include virus metadata
    • Malicious file should be deleted from the quarantine bucket.
  • Put clean file with invalid uuid key in quarantine bucket and trigger lambda with key: <filename>.
    • Function should return 400
    • Quarantined file should not be deleted
    • Clean bucket should not have new file
  • Put clean file with valid uuid in quarantine bucket. Put another different clean file with the same uuid as key in quarantine bucket. trigger lambda with key: <filename>.
    • Function should return 200 with clean file key
    • File should be in clean bucket with clean file key, and correspond to the second clean file updated.
    • File in quarantine bucket should be deleted.

fix: platform api v1 - return appropriate status code for MissingUserError #6675

@KenLSM

  • Before carrying out the tests below, add "isPlatform" : true to your user's apiToken property in the DB.

POST /api/public/v1/admin/forms/:formId/webhooksettings to retrieve webhook settings

curl --request POST \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId"}'
  • Use a user email that is not a FormSG user. You should get a 422 "User not found" message

PATCH /api/public/v1/admin/forms/:formId/webhooksettings to update webhook settings

curl --request PATCH \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId",
"webhook": {
		"url":"https://www.webhookUrl.com",
	"isRetryEnabled": true
}}'
  • Use a user email that is not a FormSG user. You should get a 422 "User not found" message

feat: payment quantity selector #6669

@foochifa @LinHuiqing

Payment Modal

Modal x PaymentCard data mutation, on admin

  • Add product item with name: min qty 1 max qty 99, description: bar, amt: 1, multi_qty: min_qty: 1, max_qty: 99
  • Ensure that PaymentCard has a quantity button with default Qty: 1
  • Ensure that clicking on the quantity button brings up the modal
  • Change the qty input to be 99
  • Ensure that clicking on X button closes the modal
    • Quantity button on PaymentCard remains as Qty: 1
  • Change the qty input to be 99
  • Ensure that clicking on Cancel button closes the modal
    • Quantity button on PaymentCard remains as Qty: 1
  • Change the qty input to be 99
  • Ensure that clicking on 'Submit` button closes the modal
    • Quantity button on PaymentCard updates to Qty: 99
    • Total price on PaymentPreview updates to S$99.00

Modal x PaymentCard data mutation, on responder side

  • Add product item with name: min qty 1 max qty 99, description: bar, amt: 1, multi_qty: min_qty: 1, max_qty: 99
  • Make the form public and run the below tests as a responder
  • Ensure that PaymentCard has a quantity button with default Qty: 1
  • Ensure that clicking on the quantity button brings up the modal
  • Change the qty input to be 99
  • Ensure that clicking on 'Submit` button closes the modal
    • Quantity button on PaymentCard updates to Qty: 99
    • Total price on PaymentPreview updates to S$99.00
  • Verify your email and proceed to the dedicate payment page
  • Ensure that price remains as S$99.00

Item without multi_qty

  • Add product item with name: no multi_qty, description: bar, multi_qty: toggled off
  • Ensure that PaymentCard does not have any quantity button rendered

Item with min and max as 1

  • Add product item with name: min qty 1 max qty 1, description: bar, multi_qty: toggled on, min_qty: 1, max_qty: 1
  • Ensure that PaymentCard has a quantity button with default Qty: 1
  • Ensure that clicking on the quantity button brings up the modal
  • Ensure that Minus/Plus buttons are disabled and not interactable
  • Delete the value on the input, and close the modal
  • Open the modal again
  • Ensure that the input is 1
  • Delete the value on the input
  • Ensure that the Plus button is enabled
  • Click on the Plus button, and ensure that the quantity is now set to 1 (the min_qty)
  • Ensure that Minus/Plus buttons are now disabled and not interactable

Item with non min of 1

  • Add product item with name: min qty 2 max qty 99, description: bar, multi_qty: min_qty: 2, max_qty: 99
  • Ensure that PaymentCard has a quantity button with default Qty: 2
  • Ensure that Minus button is disabled and not interactable
  • Delete the value on the input, and close the modal
  • Open the modal again
  • Ensure that the input is 2
  • Delete the value on the input
  • Ensure that the Plus button is enabled
  • Click on the Plus button, and ensure that the quantity is now set to 2 (the min_qty)
  • Set the input to be 99
  • Ensure that the Plus button is now disabled, while Minus button remains enabled

Item quantity taking large width

  • Add product item with name: min qty 1 max qty 200000, description: bar, amt: 1, multi_qty: min_qty: 1, max_qty: 200000
  • Set input to be 200000
  • Ensure that input width is not changed
  • Ensure that clicking on 'Submit` button closes the modal
    • Quantity button on PaymentCard updates to Qty: 200000 with the button width increased to accommodate the values

Mobile View
On a mobile screen (<768px)

  • Open the modal
  • Observe that the modal is now at the bottom of the screen
  • Ensure that clicking on the input brings up the number input keyboard

Deploy Notes

feat: virus scanner for storage mode submissions #6642

  • Set up new env vars (below) before release
  • Set up S3 buckets corresponding to these env vars, and configure to delete after 1 day

New environment variables:

  • In /virus-scanner/[staging|production|uat], we have
    • VIRUS_SCANNER_QUARANTINE_S3_BUCKET (with bucket versioning)
    • VIRUS_SCANNER_CLEAN_S3_BUCKET
  • in general env var for the environment, also place a copy of the two bucket env vars
  • FormSg and the virus scanner lambda are different apps, hence each have their env vars

tshuli and others added 14 commits August 24, 2023 21:11
@tshuli
Merge pull request #6659 from opengovsg/release-al2
d7f4510 
build: merge v6.73.0 into develop
@dependabot
fix(deps): bump type-fest from 4.2.0 to 4.3.0 in /shared (#6668)
7c8f4c6 
Bumps [type-fest](https://github.com/sindresorhus/type-fest) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/sindresorhus/type-fest/releases)
- [Commits](sindresorhus/type-fest@v4.2.0...v4.3.0)

---
updated-dependencies:
- dependency-name: type-fest
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@LinHuiqing
feat: enable myinfo child vax field (#6652)
0df84a5
@KenLSM
chore: replace url with updated gogov links (#6658)
e00173e
@tshuli @LinHuiqing
feat: virus scanner for storage mode submissions (#6642)
d26db9e 
* feat: add base virus scanner

* chore: add buckets for virus scanner

* chore: update local env vars

* feat: add putS3FileStream to s3.service

* chore: add virus scanning bucket env vars to convict

* fix: correct eslint ref

* chore: add build step to dev for update

* chore: add dev env var

* chore: scanFileStream returns clean file buffer

* refactor: put s3 file buffer only after scan

* chore: add logs to clamscan

* chore: remove backend service

* feat: virus scanner feature

* chore: shift typings to types

* chore: update serverless.yml

* chore: use http-status-codes

* refactor: use promise notation for clarity

* chore: add case where key is invalid

* chore: add virus scanner to npm run dev

* feat: add scanner deploy for stg

* chore: swap prefix order for virus scanner ssm

* chore: use hyphen for path

* chore: log test params from ssm

* chore: update param parser format

* chore: use /virus-scanner prefix to scope iam perms

* feat: provisioned concurrency to keep lambda hot

* chore: use serverlessifelse

* chore: validate that key is uuid

* chore(deps): install uuid types

* chore: improve docs, fix validate

chore: docs

* chore: return virus metadata on malicious file

* chore: tighten perms

* fix: syntax

* feat: delete malicious file from quarantine bucket after logging

* chore: delete clean file from quarantine bucket

* feat: move clean file on successful scan

* chore: use cp for now

* chore: versioning enabled for local s3 bucket

* chore: add versionId to copy command

* fix: do not specify versionId in delete command

* chore: return malicious file metadata

* fix: include objectTagging perms for copy object

* fix: include s3:GetObjectVersion

* chore: check for empty body

* chore: remove unused utils

* chore: add try catch block

* chore: specify versionId when deleting

* chore: add name to workflow

* chore: fix concurrency config

* chore: add provisionedConcurrency to npm run package

* fix: extra hyphen

* chore: use param for provisionedConcurrency

* fix: use param directly

* chore: simplify logger and update docs

* chore: add tests for clamscan service

* chore: add versionId when deleting object after copy

* chore: add tests for s3.service

* chore: wrap file scanning in try catch

* chore: add tests for index handler

* chore: add log tests for s3.service

* chore: update test description

* chore: add scripts for prod and UAT

* chore: update module path for tests

* chore: add iam perms to delete object version

* chore: add jest dependencies

* chore: remove todo

* chore: check for all dev envs

* chore: error out if env name is invalid

* chore: combine tests

* chore: concise

Co-authored-by: Lin Huiqing <37061143+LinHuiqing@users.noreply.github.com>

---------

Co-authored-by: Lin Huiqing <37061143+LinHuiqing@users.noreply.github.com>
@dependabot
fix(deps): bump libphonenumber-js from 1.10.41 to 1.10.43 in /shared (#…
4d453b7 
…6672)

Bumps [libphonenumber-js](https://gitlab.com/catamphetamine/libphonenumber-js) from 1.10.41 to 1.10.43.
- [Changelog](https://gitlab.com/catamphetamine/libphonenumber-js/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/catamphetamine/libphonenumber-js/compare/v1.10.41...v1.10.43)

---
updated-dependencies:
- dependency-name: libphonenumber-js
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@wanlingt
fix: Myinfo Child DOB (#6648)
e34c951 
* ref: shift MYINFO_DATE_FORMAT const to DateField

* feat: parse and format myinfo DOB

* fix: change dateFormat of ChildDateOfBirth

* fix: add space to CHILD_PREFIX

* fix: undo date formatting

* fix: change date format

* fix: add validation to backend

* fix: move date constants to shared

* ref: use shared formatMyinfoDate function

* test: use correct import

* fix: remove unused imports

* docs: add explanation

* ref: use const for myInfoFormattedValue
@dependabot
fix(deps): bump type-fest from 4.3.0 to 4.3.1 in /shared (#6674)
af4f8f4 
Bumps [type-fest](https://github.com/sindresorhus/type-fest) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/sindresorhus/type-fest/releases)
- [Commits](sindresorhus/type-fest@v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: type-fest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@wanlingt
fix: allow submission when Myinfo child field is hidden by logic (#6673)
2b028f0 
* fix: output empty array if no child is selected

* fix: remove validator for empty arrays

* fix: check for empty string before validation in validChildAnswersNonEmpty

* fix: failure to deploy due to outdated mirror

* ref: use terser condition check

* fix: add comments for case where no child is selected in validChildAnswersNonEmpty
@KenLSM
feat: payment quantity selector (#6669)
fbc17a3 
* chore: add sticky bottom theme for modal

* feat: add quantity selector modal and button

* fix: payment card focus border

* chore: remove unused imports

* chore: remove unused utils

* refactor: rename size sticky-bottom to align-bottom

* fix: ui issues raised from live-review

* refactor: move paymentcard into separate file

* refactor: remove unused colortheme props

* fix: failure to deploy due to outdated mirror

* fix: incorrect default qty when min qty is not 1

* fix: input field not reseting to default when reopened, validation not running when stepper buttons were clicked

* fix: issue where minus button presses doesnt revalidate input

* fix: payment card content not aligned to top

* fix: payment card font titles

* fix: quantity selection modal ui, add variant bottom, remove selector-bottom size

* fix: error message margins

* chore: rename paymentcard to productpaymentcard

* fix: remove unnecessary null coalesce

* chore: update checkbox and radio component pseudo selector bg

* fix: theming and background color

* fix: productpaymentcard checked background

* fix: sync total payment amount with paymentpreview, update pseudo selector css for checkbox and radio
@wanlingt
fix: platform api v1 - return appropriate status code for MissingUser…
22f76e2 
…Error (#6675)

fix: return appropriate status code for MissingUserError
@dependabot
chore(deps): bump mongodb from 5.1.0 to 5.8.0 in /scripts/20230317_wh…
6401726 
…itespace_issue (#6677)

chore(deps): bump mongodb in /scripts/20230317_whitespace_issue

Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 5.1.0 to 5.8.0.
- [Release notes](https://github.com/mongodb/node-mongodb-native/releases)
- [Changelog](https://github.com/mongodb/node-mongodb-native/blob/v5.8.0/HISTORY.md)
- [Commits](mongodb/node-mongodb-native@v5.1.0...v5.8.0)

---
updated-dependencies:
- dependency-name: mongodb
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@tshuli
chore: remove dangling comments (#6676)
255a609
@KenLSM
chore: bump version to v6.74.0
2ce5099
@foochifa
Copy link
Contributor

UX issue (don't think its blocking?)

  1. I think the red box isn't that obvious? When child name isn't selected @staceytan1998
  2. With secondary race, if the race isn't selected, you cannot submit. However, the error will still be on the 'Child Name' which is highlighted in a red box in the SS below. Whilst the secondary race box has no visible error state
image

@LinHuiqing
Copy link
Contributor

LinHuiqing commented Aug 31, 2023
edited
Loading

(Facing the same issue as what @foochifa mentioned above^)
For #6648, I can't submit this form for F1612366T. The Child field errors without an error message.

@LinHuiqing
Copy link
Contributor

LinHuiqing commented Aug 31, 2023
edited
Loading

For #6648:
Another UX issue - not sure if it is because we have multiple kids of the same name for staging accounts, but this happens (F1612366T):

Screenshot 2023-08-31 at 10 45 43 AM

@foochifa
Copy link
Contributor

foochifa commented Aug 31, 2023
edited
Loading

@KenLSM

Some notes for the Qty selector:

  1. Is it possible to set default to min instead of 1? -> only for admin side when they update the payment prd -> it defaults to the previous min instead of the updated one -> is it cause of payment store?
  2. If I remove the value -> then cancel the modal instead of delete -> The value does not default back to 1
  3. Ensure that clicking on 'Submit` button closes the modal -> is 'Update' right 😅
  4. When a value is updated above the min qty -> when we press x -> it reverts back to min value when we open the modal again -> Despite the actual actual still being the originally updated one

@LinHuiqing
Copy link
Contributor

For #6648:
Minor UX issue - the dates are correct, but formatted differently:
Screenshot 2023-08-31 at 10 49 33 AM

@KenLSM
Copy link
Contributor Author

KenLSM commented Aug 31, 2023
edited
Loading

Edit: Resolved

POST /api/public/v1/admin/forms/:formId/webhooksettings to retrieve webhook settings

curl --request POST \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId"}'

Use a user email that is not a FormSG user. You should get a 422 "User not found" message
PATCH /api/public/v1/admin/forms/:formId/webhooksettings to update webhook settings

curl --request PATCH \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId",
"webhook": {
		"url":"https://www.webhookUrl.com",
	"isRetryEnabled": true
}}'

Use a user email that is not a FormSG user. You should get a 422 "User not found" message

@wanlingt
Doesn't seem to get 422, I've tried using a valid APITOKEN, but with incorrect userEmail. I didn't get a 422, but instead a 200 OK.

This is probably the behaviour previously, i.e., the change didn't work as intended, but didn't introduce additional issues either.

@mergify mergify bot mentioned this pull request Aug 31, 2023
Merged
@wanlingt
Copy link
Contributor

POST /api/public/v1/admin/forms/:formId/webhooksettings to retrieve webhook settings

curl --request POST \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId"}'

Use a user email that is not a FormSG user. You should get a 422 "User not found" message
PATCH /api/public/v1/admin/forms/:formId/webhooksettings to update webhook settings

curl --request PATCH \
  --url https://staging.form.gov.sg/api/public/v1/admin/forms/:formId/settings \
  --header 'Authorization: Bearer test_v1_APITOKENHERE' \
  --header 'Content-Type: application/json' \
  --data '{"userEmail": "adminOfFormId",
"webhook": {
		"url":"https://www.webhookUrl.com",
	"isRetryEnabled": true
}}'

Use a user email that is not a FormSG user. You should get a 422 "User not found" message

@wanlingt Doesn't seem to get 422, I've tried using a valid APITOKEN, but with incorrect userEmail. I didn't get a 422, but instead a 200 OK.

This is probably the behaviour previously, i.e., the change didn't work as intended, but didn't introduce additional issues either.

Updated @KenLSM - it's because the user object needs an isPlatform flag = true in the apiToken property before carrying out the test. Ken has retested, the tests pass. I've updated the test description accordingly (in this PR and the original PR)

@KenLSM KenLSM merged commit 2ce5099 into release-al2 Aug 31, 2023
157 of 161 checks passed
@KenLSM KenLSM deleted the release_v6.74.0 branch August 31, 2023 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@KenLSM @foochifa @LinHuiqing @wanlingt @tshuli