Implement cookies banner and acceptance (fixes #11)

chore: update tests and GitHub Actions.

Author: kadraman

.github/workflows/debricked.yml

@@ -1,8 +1,8 @@
 
 # Create GitHub Action Secrets for your version of the application:
-#   DEBRICKEN_TOKEN should be an API Access Token from your Debricked tenant.
+#   DEBRICKED_TOKEN should be an API Access Token from your Debricked tenant.
 
-name: OSS SCA with Debricked
+name: OpenText SCA Core
 permissions:
     # required for all workflows
     security-events: write
@@ -26,7 +26,7 @@ on:
   workflow_dispatch:
     inputs:
       runDebrickedScan:
-        description: 'Carry out SCA scan using Debricked'
+        description: 'Scan using OpenText Core SCA'
         required: true
         default: 'true'
 
@@ -65,3 +65,16 @@ jobs:
         env:
           APP_NAME: ${{ env.DEFAULT_APP_NAME }}
           DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
+
+scan_frontend:
+  stage: scan
+  image: debricked/cli:2-resolution-debian
+  script:
+    - debricked scan "$COMPONENT_DIR" -r ${DEBRICKED_REPO} -b ${DEBRICKED_BRANCH} -t ${DEBRICKED_TOKEN} --sbom CycloneDX --sbom-output gl-sbom-cdx.json
+  dependencies:
+    - build_frontend
+  allow_failure: true
+  artifacts:
+    reports:
+      cyclonedx:
+        - gl-sbom-cdx.json

.github/workflows/fod.yml

@@ -14,7 +14,7 @@
 #   It is recommended to create credentials with 'Security Lead' Role selected.
 #   "Automated Audit preference" should be configured for the release's Static Scan Settings.
 
-name: OpenText Application Secuirity Core
+name: OpenText Core Application Security
 permissions:
     # required for all workflows
     security-events: write
@@ -50,19 +50,19 @@ on:
   workflow_dispatch:
     inputs:
       runFoDSASTScan:
-        description: 'Carry out SAST scan using Fortify on Demand'
+        description: 'Carry out SAST scan using OpenText Core Application Security'
         required: false
         default: 'true'
       runFoDOSSScan:
-        description: 'Carry out OSS scan using Fortify on Demand'
+        description: 'Carry out OSS scan using OpenText Core Application Security'
         required: false
         default: 'true'       
       deployApp:
-        description: 'Deploy App'
+        description: 'Deploy App to Azure'
         required: false
         default: 'true'           
       runFoDDASTScan:
-        description: 'Carry out DAST scan using Fortify on Demand'
+        description: 'Carry out DAST scan using OpenText Core Application Security'
         required: false
         default: 'false'     
 
@@ -97,8 +97,8 @@ jobs:
           fi
 
   Build-And-Unit-Test:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    needs: [ Env-Prepare ]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -156,7 +156,7 @@ jobs:
       # See: https://github.com/marketplace/actions/fortify-ast-scan
       #
       - name: Run Fortify on Demand SAST Scan
-        uses: fortify/github-action@v1
+        uses: fortify/github-action@v2
         with:
           sast-scan: true
           debricked-sca-scan: false # we will do this separately using fcli
@@ -202,7 +202,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Fortify tools
-        uses: fortify/github-action/setup@v1
+        uses: fortify/github-action/setup@v2
         with:
           #tool-definitions: https://github.com/fortify/tool-definitions/releases/download/v1/tool-definitions.yaml.zip
           export-path: true
@@ -252,16 +252,16 @@ jobs:
       #    app-name: ${{ env.AZURE_WEBAPP_NAME }}
       #    publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_94429323A56E479BA44DAB94865DCF4A }}
 
-  #Functional-Test:
-  #  runs-on: ubuntu-latest
-  #  if: ${{ always() }}
-  #  needs: [ Env-Prepare, Deploy-App ]
-  #  env: 
-  #    FOD_RELEASE: ${{ needs.Env-Prepare.outputs.FOD_RELEASE }}
-  #    FOD_PARENT_RELEASE: ${{ needs.Env-Prepare.outputs.FOD_PARENT_RELEASE }}
-  #  steps:
-  #    - name: Checkout
-  #      uses: actions/checkout@v4
+  Functional-Test:
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    needs: [ Env-Prepare, Deploy-App ]
+    env:
+      FOD_RELEASE: ${{ needs.Env-Prepare.outputs.FOD_RELEASE }}
+      FOD_PARENT_RELEASE: ${{ needs.Env-Prepare.outputs.FOD_PARENT_RELEASE }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
   FoD-DAST-Scan:
     runs-on: ubuntu-latest
@@ -274,7 +274,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Fortify tools
-        uses: fortify/github-action/setup@v1
+        uses: fortify/github-action/setup@v2
         with:
           #tool-definitions: https://github.com/fortify/tool-definitions/releases/download/v1/tool-definitions.yaml.zip
           export-path: true
@@ -305,7 +305,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Fortify tools
-        uses: fortify/github-action/setup@v1
+        uses: fortify/github-action/setup@v2
         with:
           #tool-definitions: https://github.com/fortify/tool-definitions/releases/download/v1/tool-definitions.yaml.zip
           export-path: true

iwa/templates/base.html

@@ -288,6 +288,8 @@ <h4></h4>
         </div>
     </footer>
 
+    {% include "includes/cookies.html" ignore missing %}
+
     <script src="{{ url_for('static', filename='js/lib/jquery.min.js') }}" type="text/javascript"></script>
     <script src="{{ url_for('static', filename='js/lib/bootstrap.bundle.min.js') }}" type="text/javascript"></script>
     <script src="{{ url_for('static', filename='js/lib/owl.carousel.min.js') }}" type="text/javascript"></script>
@@ -305,16 +307,31 @@ <h4></h4>
             $(document).ready(function () {
                 $('#subscribe-newsletter').SubscribeNewsletter();
                 $('#shopping-cart-count').CartCount();
+                if (!localStorage.getItem('cookieConsent')) {
+                    var cookieModal = new bootstrap.Modal($('#cookieConsentModal')[0]);
+                    cookieModal.show();
+                    $('#acceptCookies').on('click', function () {
+                      localStorage.setItem('cookieConsent', 'true');
+                      cookieModal.hide();
+                    });
+                }
+                $('.alert').each(function () {
+                    new bootstrap.Alert(this);
+                    let alert_timeout = $(this).data('timeout');
+                    setTimeout(() => {
+                        bootstrap.Alert.getInstance(this).close();
+                    }, +alert_timeout);
+                });
             });
         })(jQuery);
-        let alert_list = document.querySelectorAll('.alert')
+        /*let alert_list = document.querySelectorAll('.alert')
         alert_list.forEach(function(alert) {
             new bootstrap.Alert(alert);
             let alert_timeout = alert.getAttribute('data-timeout');
             setTimeout(() => {
                 bootstrap.Alert.getInstance(alert).close();
             }, +alert_timeout);
-        });
+        });*/
     </script>
 
     {% block scripts %} {% endblock %}

iwa/templates/includes/cookies.html

@@ -0,0 +1,16 @@
+<!-- Cookie Consent Modal -->
+<div class="modal fade" id="cookieConsentModal" tabindex="-1" aria-labelledby="cookieConsentLabel" aria-hidden="true" data-bs-backdrop="static" data-bs-keyboard="false">
+    <div class="modal-dialog modal-dialog-centered">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title" id="cookieConsentLabel">We use cookies</h5>
+            </div>
+            <div class="modal-body">
+                This website uses cookies to ensure you get the best experience. By clicking "Accept", you consent to our use of cookies.
+            </div>
+            <div class="modal-footer">
+                <button type="button" id="acceptCookies" class="btn btn-primary">Accept</button>
+            </div>
+        </div>
+    </div>
+</div>

tests/functional/test_ui.py

@@ -26,7 +26,7 @@ def test_home_page(test_client):
     """
     response = test_client.get('/')
     assert response.status_code == 200
-    assert b"Welcome To IWA Pharmacy Direct" in response.data
+    assert b"Welcome To <br/>IWA Pharmacy Direct" in response.data
     assert b"Register" in response.data
     assert b"Shop Now" in response.data