CMSgov · annamontare-nava · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026 · Apr 20, 2026
diff --git a/apps/accounts/migrations/0006_alter_userprofile_mobile_phone_number.py b/apps/accounts/migrations/0006_alter_userprofile_mobile_phone_number.py
@@ -0,0 +1,19 @@
+# Generated by Django 6.0.2 on 2026-04-20 18:07
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0005_alter_userprofile_user_type'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='userprofile',
+            name='mobile_phone_number',
+            field=models.CharField(blank=True, help_text='US numbers only.', max_length=16, validators=[django.core.validators.RegexValidator(message="Phone number must be entered in the format: '+999999999'. Up to 15 digits allowed.", regex='^\\+?\\d{9,15}$')]),
+        ),
+    ]
diff --git a/apps/accounts/models.py b/apps/accounts/models.py
@@ -1,4 +1,5 @@
 from apps.constants import USER_CHOICES, USER_TYPE_DEV
+from apps.validators import phone_regex
 from apps.accounts.constants import (
     AAL_CHOICES,
     ADDITION,
@@ -100,7 +101,8 @@ class UserProfile(models.Model):
     )
 
     mobile_phone_number = models.CharField(
-        max_length=12,
+        validators=[phone_regex],
+        max_length=16,
         blank=True,
         help_text=_('US numbers only.'),
     )

diff --git a/apps/dot_ext/constants.py b/apps/dot_ext/constants.py
@@ -1,5 +1,3 @@
-import re
-
 from apps.constants import LAUNCH_SCOPE, OPENID_SCOPE
 
 # REGEX of paths that should be updated with auth flow info in hhs_oauth_server.request_logging.py
@@ -49,11 +47,6 @@
 TOKEN_ENDPOINT_V2_KEY = 'token-v2'
 TOKEN_ENDPOINT_V3_KEY = 'token-v3'
 
-URL_REGEX = re.compile(
-    r'^(https:\/\/)?(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.'
-    r'[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)$'
-)
-
 """
     Test Cases for demographic scopes related testing
     Dictionaries included:

diff --git a/apps/dot_ext/forms.py b/apps/dot_ext/forms.py
@@ -3,6 +3,7 @@
 
 from django import forms
 from django.conf import settings
+from django.core.validators import URLValidator
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 from oauth2_provider.forms import AllowForm as DotAllowForm
@@ -12,7 +13,7 @@
 from apps.dot_ext.constants import PRINTABLE_SPECIAL_ASCII
 from apps.dot_ext.scopes import CapabilitiesScopes
 from apps.dot_ext.models import Application, InternalApplicationLabels
-from apps.dot_ext.validators import validate_logo_image, validate_notags, validate_url
+from apps.dot_ext.validators import validate_logo_image, validate_notags
 from django.contrib.auth.models import Group, User
 from django.forms.widgets import URLInput
 
@@ -50,22 +51,22 @@ class CustomRegisterApplicationForm(forms.ModelForm):
 
     policy_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 
     tos_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 
     website_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 
@@ -219,22 +220,22 @@ class CreateNewApplicationForm(forms.ModelForm):
 
     policy_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 
     tos_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 
     website_uri = forms.CharField(
         required=False,
-        max_length=512,
-        validators=[validate_url],
+        max_length=2048,
+        validators=[URLValidator()],
         widget=URLInput,
     )
 

diff --git a/apps/dot_ext/migrations/0012_alter_application_client_uri_and_more.py b/apps/dot_ext/migrations/0012_alter_application_client_uri_and_more.py
@@ -0,0 +1,99 @@
+# Generated by Django 6.0.2 on 2026-04-20 18:07
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0011_remove_application_allow_client_credentials_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='client_uri',
+            field=models.TextField(blank=True, default='', help_text='This is typically a home/download website for the application. For example, https://www.example.org or http://www.example.org .', max_length=512, null=True, validators=[django.core.validators.URLValidator()], verbose_name='Client URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='contacts',
+            field=models.TextField(blank=True, default='', help_text='This is typically an email', verbose_name="Client's Contacts"),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='jwks_uri',
+            field=models.TextField(blank=True, default=None, max_length=512, null=True, validators=[django.core.validators.URLValidator()], verbose_name='JSON Web Key Set URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='logo_uri',
+            field=models.TextField(blank=True, default='', max_length=512, validators=[django.core.validators.URLValidator()], verbose_name='Logo URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='op_policy_uri',
+            field=models.TextField(blank=True, default='', max_length=512, validators=[django.core.validators.URLValidator()]),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='op_tos_uri',
+            field=models.TextField(blank=True, default='https://bluebutton.cms.gov/terms', max_length=512, validators=[django.core.validators.URLValidator()]),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='policy_uri',
+            field=models.TextField(blank=True, default='', help_text='This can be a model privacy notice or other policy document.', max_length=512, validators=[django.core.validators.URLValidator()], verbose_name="Client's Policy URI"),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='software_id',
+            field=models.TextField(blank=True, default='', help_text='A unique identifier for an application defined by its creator.', max_length=128),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='support_email',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='support_phone_number',
+            field=models.CharField(blank=True, max_length=16, null=True, validators=[django.core.validators.RegexValidator(message="Phone number must be entered in the format: '+999999999'. Up to 15 digits allowed.", regex='^\\+?\\d{9,15}$')]),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='tos_uri',
+            field=models.TextField(blank=True, default='', max_length=512, validators=[django.core.validators.URLValidator()], verbose_name="Client's Terms of Service URI"),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='website_uri',
+            field=models.TextField(blank=True, default='', help_text='This is typically a home/download website for the application. For example, https://www.example.org or http://www.example.org .', max_length=512, null=True, validators=[django.core.validators.URLValidator()], verbose_name='Website URI'),
+        ),
+        migrations.AlterField(
+            model_name='applicationlabel',
+            name='name',
+            field=models.TextField(max_length=255, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='authflowuuid',
+            name='state',
+            field=models.TextField(db_index=True, max_length=64, null=True, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='internalapplicationlabels',
+            name='description',
+            field=models.TextField(blank=True, default=''),
+        ),
+        migrations.AlterField(
+            model_name='internalapplicationlabels',
+            name='label',
+            field=models.TextField(default='', max_length=255, unique=True),
+        ),
+        migrations.AlterField(
+            model_name='internalapplicationlabels',
+            name='slug',
+            field=models.TextField(default='', max_length=1024, unique=True),
+        ),
+    ]
diff --git a/apps/dot_ext/migrations/0013_alter_application_client_uri_and_more.py b/apps/dot_ext/migrations/0013_alter_application_client_uri_and_more.py
@@ -0,0 +1,44 @@
+# Generated by Django 6.0.2 on 2026-04-21 19:17
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0012_alter_application_client_uri_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='client_uri',
+            field=models.TextField(blank=True, default='', help_text='This is typically a home/download website for the application. For example, https://www.example.org or http://www.example.org .', max_length=2048, null=True, validators=[django.core.validators.URLValidator()], verbose_name='Client URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='jwks_uri',
+            field=models.TextField(blank=True, default=None, max_length=2048, null=True, validators=[django.core.validators.URLValidator()], verbose_name='JSON Web Key Set URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='logo_uri',
+            field=models.TextField(blank=True, default='', max_length=2048, validators=[django.core.validators.URLValidator()], verbose_name='Logo URI'),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='policy_uri',
+            field=models.TextField(blank=True, default='', help_text='This can be a model privacy notice or other policy document.', max_length=2048, validators=[django.core.validators.URLValidator()], verbose_name="Client's Policy URI"),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='tos_uri',
+            field=models.TextField(blank=True, default='', max_length=2048, validators=[django.core.validators.URLValidator()], verbose_name="Client's Terms of Service URI"),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='website_uri',
+            field=models.TextField(blank=True, default='', help_text='This is typically a home/download website for the application. For example, https://www.example.org or http://www.example.org .', max_length=2048, null=True, validators=[django.core.validators.URLValidator()], verbose_name='Website URI'),
+        ),
+    ]
diff --git a/apps/dot_ext/migrations/0014_alter_application_op_policy_uri_and_more.py b/apps/dot_ext/migrations/0014_alter_application_op_policy_uri_and_more.py
@@ -0,0 +1,24 @@
+# Generated by Django 6.0.2 on 2026-04-21 19:27
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0013_alter_application_client_uri_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='op_policy_uri',
+            field=models.TextField(blank=True, default='', max_length=2048, validators=[django.core.validators.URLValidator()]),
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='op_tos_uri',
+            field=models.TextField(blank=True, default='https://bluebutton.cms.gov/terms', max_length=2048, validators=[django.core.validators.URLValidator()]),
+        ),
+    ]
diff --git a/apps/dot_ext/migrations/0015_alter_application_client_secret_plain.py b/apps/dot_ext/migrations/0015_alter_application_client_secret_plain.py
@@ -0,0 +1,18 @@
+# Generated by Django 6.0.2 on 2026-04-21 20:27
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0014_alter_application_op_policy_uri_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='client_secret_plain',
+            field=models.CharField(blank=True, default='', max_length=128),
+        ),
+    ]
diff --git a/apps/dot_ext/migrations/0016_alter_authflowuuid_client_id.py b/apps/dot_ext/migrations/0016_alter_authflowuuid_client_id.py
@@ -0,0 +1,18 @@
+# Generated by Django 6.0.2 on 2026-04-21 22:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0015_alter_application_client_secret_plain'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='authflowuuid',
+            name='client_id',
+            field=models.CharField(max_length=40, null=True),
+        ),
+    ]
diff --git a/apps/dot_ext/migrations/0017_alter_authflowuuid_auth_pkce_method_and_more.py b/apps/dot_ext/migrations/0017_alter_authflowuuid_auth_pkce_method_and_more.py
@@ -0,0 +1,38 @@
+# Generated by Django 6.0.2 on 2026-04-22 11:25
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0016_alter_authflowuuid_client_id'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='authflowuuid',
+            name='auth_pkce_method',
+            field=models.CharField(choices=[('S256', 'S256'), ('plain', 'plain')], max_length=16, null=True),
+        ),
+        migrations.AlterField(
+            model_name='authflowuuidcopy',
+            name='auth_pkce_method',
+            field=models.CharField(choices=[('S256', 'S256'), ('plain', 'plain')], max_length=16, null=True),
+        ),
+        migrations.AlterField(
+            model_name='authflowuuidcopy',
+            name='client_id',
+            field=models.CharField(max_length=40, null=True),
+        ),
+        migrations.AlterField(
+            model_name='authflowuuidcopy',
+            name='created',
+            field=models.DateTimeField(auto_now_add=True, null=True),
+        ),
+        migrations.AlterField(
+            model_name='authflowuuidcopy',
+            name='state',
+            field=models.TextField(db_index=True, max_length=64, null=True, unique=True),
+        ),
+    ]