This Support Ticket System is an internal tool developed to streamline client support and issue resolution. This system allows clients to log in securely, submit support tickets and monitor the status of their requests.
Users with the "administrator" role can view, manage and respond to all submitted tickets. They can also view and manage client user accounts and view failed login attempts
- Secure Login: Users can log in with cryptographically secure password storage, using a combination of salting, peppering and hashing to protect passwords.
- Two-Factor Authentication (2FA): App-based 2FA provides an extra layer of security for user logins.
- Account Registration with Email Verification: New users can register and verify their account via email using the Mailgun API.
- Cross-Site Request Forgery (CSRF) Protection: CSRF tokens are implemented to prevent unauthorized commands from external sources.
- IP-Based Rate Limiting: Protects the login form from brute-force attacks by limiting login attempts from the same IP address.
- Input Sanitization and Prepared Statements: Ensures protection against SQL injection and invalid input handling.
- Output Escaping: Mitigates cross-site scripting (XSS) vulnerabilities by escaping user-generated output.
- Enforced HTTPS in Production: All communications in the production environment are forced to use HTTPS for secure data transfer.
- Obscured Error Messages: Non-specific error messages on failed login attempts help prevent user enumeration.
- User-Friendly Interface: An intuitive UI allows for easy navigation, making it simple for clients to place tickets and staff to manage them.
-
Clone the repository:
git clone [email protected]:dhedley9/python-flask-support-ticket-portal.git
-
Navigate to the project directory:
cd assignment-software-engineering-devops -
Create a virtual environment (recommended):
python3 -m venv venv # On Windows, use `python -m venv venv` source venv/bin/activate # On Windows, use `venv\Scripts\activate`
-
Install Dependencies:
pip install -r requirements.txt
-
Set up environment file:
In the root directory create a .env file by copying the .env.example file
cp .env.example .env
-
Replace environment secrets:
Once you have created your .env file you will need to replace the following environment variables with secure keys:
- SECRET_KEY
- PEPPER
You can create a strong random key using Python:
import secrets print(secrets.token_hex(32))
-
Replace credentials for the default admin user:
As part of the initial setup, the app will automatically create an admin user for you. Change the default credentials for this user using the environment variables below, you can also change the login credentials later within the app:
- DEFAULT_USER
- DEFAULT_PASSWORDS
-
Replace Mailgun credentials:
The application uses Mailgun to provide email sending functionality. The app uses the Mailgun API to add this functionality and requires the following environment variables to be configured. For more information on how to setup Mailgun, see the Additional Resources
- MAILGUN_API_KEY - the Mailgun API key created for the application
- MAILGUN_DOMAIN - the sending domain used for Mailgun (Mailgun recommends this to be a subdomain, e.g. mailgun.example.com)
- MAILGUN_DOMAIN_REGION - the region the sending domain is hosted on Mailgun, by default this is "us" but can also be "eu"
-
Run the application:
flask run
TODO