Merge pull request #721 from openedx/eahmadjaved/ENT-9615

feat: update some fields in customer agreemnet model

license_manager/apps/api/serializers.py

@@ -354,11 +354,14 @@ class Meta:
             'net_days_until_expiration',
             'subscription_for_auto_applied_licenses',
             'available_subscription_catalogs',
+            'enable_auto_applied_subscriptions_with_universal_link',
             'has_custom_license_expiration_messaging',
+            'modal_header_text',
             'expired_subscription_modal_messaging',
+            'button_label_in_modal',
+            'url_for_button_in_modal',
             'hyper_link_text_for_expired_modal',
             'url_for_expired_modal',
-            'enable_auto_applied_subscriptions_with_universal_link'
         ]
 
     def get_subscription_for_auto_applied_licenses(self, obj):

license_manager/apps/subscriptions/admin.py

@@ -417,11 +417,14 @@ class CustomerAgreementAdmin(admin.ModelAdmin):
         'disable_expiration_notifications',
         'license_duration_before_purge',
         'disable_onboarding_notifications',
+        'enable_auto_applied_subscriptions_with_universal_link',
         'has_custom_license_expiration_messaging',
+        'modal_header_text',
         'expired_subscription_modal_messaging',
+        'button_label_in_modal',
+        'url_for_button_in_modal',
         'hyper_link_text_for_expired_modal',
-        'url_for_expired_modal',
-        'enable_auto_applied_subscriptions_with_universal_link'
+        'url_for_expired_modal'
     )
     custom_fields = ('subscription_for_auto_applied_licenses',)
 

license_manager/apps/subscriptions/migrations/0072_customeragreement_button_label_in_modal_and_more.py

@@ -0,0 +1,53 @@
+# Generated by Django 4.2.16 on 2024-10-18 09:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('subscriptions', '0071_customeragreement_enable_auto_applied_subscriptions_with_universal_link_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='customeragreement',
+            name='button_label_in_modal',
+            field=models.CharField(blank=True, help_text='The text that will appear as on the button in the expiration modal', max_length=255, null=True),
+        ),
+        migrations.AddField(
+            model_name='customeragreement',
+            name='modal_header_text',
+            field=models.CharField(blank=True, help_text='The bold text that will appear as the header in the expiration modal.', max_length=512, null=True),
+        ),
+        migrations.AddField(
+            model_name='customeragreement',
+            name='url_for_button_in_modal',
+            field=models.CharField(blank=True, help_text='The URL that should underly the sole button in the expiration modal', max_length=512, null=True),
+        ),
+        migrations.AddField(
+            model_name='historicalcustomeragreement',
+            name='button_label_in_modal',
+            field=models.CharField(blank=True, help_text='The text that will appear as on the button in the expiration modal', max_length=255, null=True),
+        ),
+        migrations.AddField(
+            model_name='historicalcustomeragreement',
+            name='modal_header_text',
+            field=models.CharField(blank=True, help_text='The bold text that will appear as the header in the expiration modal.', max_length=512, null=True),
+        ),
+        migrations.AddField(
+            model_name='historicalcustomeragreement',
+            name='url_for_button_in_modal',
+            field=models.CharField(blank=True, help_text='The URL that should underly the sole button in the expiration modal', max_length=512, null=True),
+        ),
+        migrations.AlterField(
+            model_name='customeragreement',
+            name='expired_subscription_modal_messaging',
+            field=models.TextField(blank=True, help_text='The content of a modal that will appear to learners upon subscription expiration. This text can be used for custom guidance per customer.', null=True),
+        ),
+        migrations.AlterField(
+            model_name='historicalcustomeragreement',
+            name='expired_subscription_modal_messaging',
+            field=models.TextField(blank=True, help_text='The content of a modal that will appear to learners upon subscription expiration. This text can be used for custom guidance per customer.', null=True),
+        ),
+    ]

license_manager/apps/subscriptions/models.py

@@ -48,6 +48,7 @@
     track_event,
     track_license_changes,
 )
+from license_manager.apps.subscriptions.sanitize import sanitize_html
 from license_manager.apps.subscriptions.utils import (
     days_until,
     get_license_activation_link,
@@ -150,8 +151,16 @@ class CustomerAgreement(TimeStampedModel):
         )
     )
 
-    expired_subscription_modal_messaging = models.CharField(
+    modal_header_text = models.CharField(
         max_length=512,
+        blank=True,
+        null=True,
+        help_text=_(
+            "The bold text that will appear as the header in the expiration modal."
+        )
+    )
+
+    expired_subscription_modal_messaging = models.TextField(
         blank=True,
         null=True,
         help_text=_(
@@ -178,6 +187,24 @@ class CustomerAgreement(TimeStampedModel):
         )
     )
 
+    button_label_in_modal = models.CharField(
+        max_length=255,
+        blank=True,
+        null=True,
+        help_text=_(
+            "The text that will appear as on the button in the expiration modal"
+        )
+    )
+
+    url_for_button_in_modal = models.CharField(
+        max_length=512,
+        blank=True,
+        null=True,
+        help_text=_(
+            "The URL that should underly the sole button in the expiration modal"
+        )
+    )
+
     enable_auto_applied_subscriptions_with_universal_link = models.BooleanField(
         default=False,
         help_text=_(
@@ -237,54 +264,59 @@ class Meta:
         verbose_name_plural = _("Customer Agreements")
 
     def clean(self):
-        # Check if custom messaging is enabled and messaging field is blank
+        """
+        Custom clean method to validate fields based on the 'Has Custom License Expiration Messaging' flag.
+        """
+        errors = {}
+
+        # Sanitize the expired_subscription_modal_messaging field
+        if self.expired_subscription_modal_messaging:
+            self.expired_subscription_modal_messaging = sanitize_html(self.expired_subscription_modal_messaging)
+
+        error_message = "This field cannot be blank if 'Has Custom License Expiration Messaging' is checked."
+        # Validate fields when custom messaging is enabled
         if self.has_custom_license_expiration_messaging:
-            if not self.expired_subscription_modal_messaging:
-                raise ValidationError({
-                    "expired_subscription_modal_messaging": (
-                        "This field cannot be blank if 'Has Custom License Expiration Messaging' is checked."
-                    )
-                })
-
-        # Validate that URL field is not blank if hyperlink text is provided
-        if self.hyper_link_text_for_expired_modal and not self.url_for_expired_modal:
-            raise ValidationError({
-                "url_for_expired_modal": (
-                    "This field cannot be blank if 'Hyper Link Text for Expired Modal' has values."
-                )
-            })
+            required_fields = {
+                "modal_header_text": error_message,
+                "expired_subscription_modal_messaging": error_message,
+                "button_label_in_modal": error_message,
+                "url_for_button_in_modal": error_message,
+                "hyper_link_text_for_expired_modal": error_message,
+                "url_for_expired_modal": error_message
+            }
 
-        # Validate that hyperlink text is not blank if URL is provided
-        if self.url_for_expired_modal and not self.hyper_link_text_for_expired_modal:
-            raise ValidationError({
-                "hyper_link_text_for_expired_modal": (
-                    "This field cannot be blank if 'URL for Expired Modal' has values."
-                )
-            })
+            # Check if any required fields are missing
+            for field, error_message in required_fields.items():
+                if not getattr(self, field):
+                    errors[field] = error_message
 
         # Ensure all fields are blank if custom messaging is disabled
         if not self.has_custom_license_expiration_messaging:
-            if any([
-                self.expired_subscription_modal_messaging,
-                self.hyper_link_text_for_expired_modal,
-                self.url_for_expired_modal
-            ]):
+            fields_to_check = [
+                "modal_header_text",
+                "expired_subscription_modal_messaging",
+                "button_label_in_modal",
+                "url_for_button_in_modal",
+                "hyper_link_text_for_expired_modal",
+                "url_for_expired_modal",
+            ]
+            if any(getattr(self, field) for field in fields_to_check):
                 error_msg = "This field must be blank if 'Has Custom License Expiration Messaging' is unchecked."
-                raise ValidationError({
-                    "expired_subscription_modal_messaging": error_msg,
-                    "hyper_link_text_for_expired_modal": error_msg,
-                    "url_for_expired_modal": error_msg,
-                })
-
-        def __str__(self):
-            """
-            Return human-readable string representation.
-            """
-            return (
-                "<CustomerAgreement: '{}'>".format(
-                    self.enterprise_customer_slug or self.enterprise_customer_name
-                )
+                errors = {field: error_msg for field in fields_to_check}
+
+        # Raise ValidationError if there are any errors
+        if errors:
+            raise ValidationError(errors)
+
+    def __str__(self):
+        """
+        Return human-readable string representation.
+        """
+        return (
+            "<CustomerAgreement: '{}'>".format(
+                self.enterprise_customer_slug or self.enterprise_customer_name
             )
+        )
 
 
 class PlanType(models.Model):

license_manager/apps/subscriptions/sanitize.py

@@ -0,0 +1,30 @@
+import bleach
+
+
+def sanitize_html(html_content):
+    """
+    Sanitize HTML content to allow only safe tags and attributes,
+    while disallowing JavaScript and unsafe protocols.
+    """
+    # Define allowed tags and attributes
+    allowed_tags = bleach.ALLOWED_TAGS  # Allow all standard HTML tags
+    allowed_attrs = {"*": ["className", "class", "style", "id"]}
+
+    # Clean the HTML content
+    sanitized_content = bleach.clean(
+        html_content,
+        tags=allowed_tags,
+        attributes=allowed_attrs,
+        strip=True,  # Strip disallowed tags completely
+        protocols=["http", "https"],  # Only allow http and https URLs
+    )
+
+    # Use bleach.linkify to ensure no javascript: links in <a> tags
+    sanitized_content = bleach.linkify(
+        sanitized_content,
+        callbacks=[
+            bleach.callbacks.nofollow
+        ],  # Apply 'nofollow' to external links for safety
+    )
+
+    return sanitized_content

requirements/base.in

@@ -40,3 +40,4 @@ rules
 simplejson
 zipp
 django-log-request-id
+bleach

requirements/base.txt

@@ -22,9 +22,11 @@ backoff==1.10.0
     #   analytics-python
 billiard==4.2.1
     # via celery
-boto3==1.35.39
+bleach==6.1.0
+    # via -r requirements/base.in
+boto3==1.35.42
     # via django-ses
-botocore==1.35.39
+botocore==1.35.42
     # via
     #   boto3
     #   s3transfer
@@ -153,7 +155,7 @@ edx-braze-client==0.2.5
     # via -r requirements/base.in
 edx-celeryutils==1.3.0
     # via -r requirements/base.in
-edx-django-utils==6.0.0
+edx-django-utils==6.1.0
     # via
     #   -r requirements/base.in
     #   edx-drf-extensions
@@ -195,7 +197,7 @@ monotonic==1.6
     # via analytics-python
 mysqlclient==2.2.4
     # via -r requirements/base.in
-newrelic==10.1.0
+newrelic==10.2.0
     # via edx-django-utils
 oauthlib==3.2.2
     # via
@@ -267,6 +269,7 @@ simplejson==3.19.3
 six==1.16.0
     # via
     #   analytics-python
+    #   bleach
     #   edx-auth-backends
     #   edx-rbac
     #   python-dateutil
@@ -304,6 +307,8 @@ vine==5.1.0
     #   kombu
 wcwidth==0.2.13
     # via prompt-toolkit
+webencodings==0.5.1
+    # via bleach
 zipp==3.20.2
     # via -r requirements/base.in
 

requirements/dev.txt

@@ -33,11 +33,13 @@ billiard==4.2.1
     # via
     #   -r requirements/validation.txt
     #   celery
-boto3==1.35.39
+bleach==6.1.0
+    # via -r requirements/validation.txt
+boto3==1.35.42
     # via
     #   -r requirements/validation.txt
     #   django-ses
-botocore==1.35.39
+botocore==1.35.42
     # via
     #   -r requirements/validation.txt
     #   boto3
@@ -225,7 +227,7 @@ edx-braze-client==0.2.5
     # via -r requirements/validation.txt
 edx-celeryutils==1.3.0
     # via -r requirements/validation.txt
-edx-django-utils==6.0.0
+edx-django-utils==6.1.0
     # via
     #   -r requirements/validation.txt
     #   edx-drf-extensions
@@ -251,7 +253,7 @@ edx-toggles==5.2.0
     # via -r requirements/validation.txt
 factory-boy==3.3.1
     # via -r requirements/validation.txt
-faker==30.3.0
+faker==30.6.0
     # via
     #   -r requirements/validation.txt
     #   factory-boy
@@ -333,7 +335,7 @@ more-itertools==10.5.0
     # via inflect
 mysqlclient==2.2.4
     # via -r requirements/validation.txt
-newrelic==10.1.0
+newrelic==10.2.0
     # via
     #   -r requirements/validation.txt
     #   edx-django-utils
@@ -513,6 +515,7 @@ six==1.16.0
     # via
     #   -r requirements/validation.txt
     #   analytics-python
+    #   bleach
     #   edx-auth-backends
     #   edx-lint
     #   edx-rbac
@@ -582,6 +585,10 @@ wcwidth==0.2.13
     # via
     #   -r requirements/validation.txt
     #   prompt-toolkit
+webencodings==0.5.1
+    # via
+    #   -r requirements/validation.txt
+    #   bleach
 wheel==0.44.0
     # via
     #   -r requirements/pip-tools.txt