Merge pull request #1184 from sgmap/fix_1097_check_champs

Fix 1097 check champs

README.md

@@ -93,6 +93,7 @@ client_secret: ''
     AutoArchiveProcedureJob.set(cron: "* * * * *").perform_later
     WeeklyOverviewJob.set(cron: "0 8 * * 0").perform_later
     AutoReceiveDossiersForProcedureJob.set(cron: "* * * * *").perform_later(procedure_declaratoire_id, "received")
+    FindDubiousProcedureJob.set(cron: "0 0 * * *").perform_later
 
 ## Exécution des tests (RSpec)
 

app/controllers/administrations_controller.rb

@@ -18,7 +18,7 @@ class AdministrationsController < ApplicationController
 
     if admin.save
       flash.notice = "Administrateur créé"
-      NewAdminMailer.new_admin_email(admin, current_administration).deliver_now!
+      AdministrationMailer.new_admin_email(admin, current_administration).deliver_now!
     else
       flash.alert = admin.errors.full_messages
     end

app/jobs/find_dubious_procedures_job.rb

@@ -0,0 +1,29 @@
+class FindDubiousProceduresJob < ApplicationJob
+  queue_as :cron
+
+  FORBIDDEN_KEYWORDS = ['IBAN', 'NIR', 'NIRPP', 'race', 'religion',
+                        'carte bancaire', 'carte bleue', 'sécurité sociale']
+
+  def perform(*args)
+    # \\y is a word boundary
+    forbidden_regexp = FORBIDDEN_KEYWORDS
+      .map { |keyword| '\\y' + keyword + '\\y' }
+      .join('|')
+
+    # ~* -> case insensitive regexp match
+    # https://www.postgresql.org/docs/current/static/functions-matching.html#FUNCTIONS-POSIX-REGEXP
+    forbidden_tdcs = TypeDeChamp
+      .joins(:procedure)
+      .where("unaccent(types_de_champ.libelle) ~* unaccent('#{forbidden_regexp}')")
+      .where(type_champ: %w(text textarea))
+      .where(procedures: { archived_at: nil, whitelisted_at: nil })
+
+    dubious_procedures_and_tdcs = forbidden_tdcs
+      .group_by(&:procedure_id)
+      .map { |_procedure_id, tdcs| [tdcs[0].procedure, tdcs] }
+
+    if dubious_procedures_and_tdcs.present?
+      AdministrationMailer.dubious_procedures(dubious_procedures_and_tdcs).deliver_now
+    end
+  end
+end

app/mailers/administration_mailer.rb

@@ -0,0 +1,17 @@
+class AdministrationMailer < ApplicationMailer
+  layout 'mailers/layout'
+
+  def new_admin_email admin, administration
+    @admin = admin
+    @administration = administration
+
+    mail(to: 'tech@tps.apientreprise.fr',
+         subject: "Création d'un compte Admin TPS")
+  end
+
+  def dubious_procedures(procedures_and_type_de_champs)
+    @procedures_and_type_de_champs = procedures_and_type_de_champs
+    mail(to: 'tech@tps.apientreprise.fr',
+         subject: "[RGS] De nouvelles procédures comportent des champs interdits")
+  end
+end

app/mailers/new_admin_mailer.rb

@@ -1,9 +0,0 @@
-class NewAdminMailer < ApplicationMailer
-  def new_admin_email admin, administration
-    @admin = admin
-    @administration = administration
-
-    mail(to: 'tech@tps.apientreprise.fr',
-         subject: "Création d'un compte Admin TPS")
-  end
-end

app/views/administration_mailer/dubious_procedures.html.haml

@@ -0,0 +1,7 @@
+- content_for(:title, 'Liste de procédures douteuses')
+
+%ul
+  - @procedures_and_type_de_champs.each do |procedure, type_de_champs|
+    %li
+      Nº #{procedure.id}, #{procedure.libelle} :
+      %b= type_de_champs.map(&:libelle).join(', ')

db/migrate/20180105152235_add_whitelisted_at_column_to_procedure.rb

@@ -0,0 +1,5 @@
+class AddWhitelistedAtColumnToProcedure < ActiveRecord::Migration[5.0]
+  def change
+    add_column :procedures, :whitelisted_at, :datetime
+  end
+end

db/migrate/20180108132507_enable_unaccent_postgresql_extension.rb

@@ -0,0 +1,9 @@
+class EnableUnaccentPostgresqlExtension < ActiveRecord::Migration[5.0]
+  def up
+    execute 'CREATE EXTENSION unaccent;'
+  end
+
+  def down
+    execute 'DROP EXTENSION unaccent;'
+  end
+end

db/schema.rb

@@ -10,10 +10,11 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171214155554) do
+ActiveRecord::Schema.define(version: 20180108132507) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
+  enable_extension "unaccent"
 
   create_table "administrateurs", force: :cascade do |t|
     t.string   "email",                  default: "", null: false
@@ -424,6 +425,7 @@ ActiveRecord::Schema.define(version: 20171214155554) do
     t.datetime "published_at"
     t.datetime "hidden_at"
     t.datetime "archived_at"
+    t.datetime "whitelisted_at"
     t.index ["hidden_at"], name: "index_procedures_on_hidden_at", using: :btree
   end
 

spec/controllers/administrations_controller_spec.rb

@@ -35,8 +35,8 @@ describe AdministrationsController, type: :controller do
       end
 
       it 'alert new mail are send' do
-        expect(NewAdminMailer).to receive(:new_admin_email).and_return(NewAdminMailer)
-        expect(NewAdminMailer).to receive(:deliver_now!)
+        expect(AdministrationMailer).to receive(:new_admin_email).and_return(AdministrationMailer)
+        expect(AdministrationMailer).to receive(:deliver_now!)
         subject
       end
     end

spec/jobs/find_dubious_procedures_job_spec.rb

@@ -0,0 +1,49 @@
+require 'rails_helper'
+
+RSpec.describe FindDubiousProceduresJob, type: :job do
+  describe 'perform' do
+    let(:mailer_double) { double('mailer', deliver_now: true) }
+    let(:procedure) { create(:procedure) }
+    let(:allowed_tdc) { create(:type_de_champ_public, libelle: 'fournir') }
+
+    before do
+      allow(AdministrationMailer).to receive(:dubious_procedures)
+        .and_return(mailer_double)
+
+      procedure.types_de_champ << tdcs
+      FindDubiousProceduresJob.new.perform
+    end
+
+    context 'with suspicious champs' do
+      let(:forbidden_tdcs) do
+        [create(:type_de_champ_public, libelle: 'num de securite sociale, stp'),
+         create(:type_de_champ_public, libelle: "t'aurais une carte bancaire ?")]
+      end
+
+      let(:tdcs) { forbidden_tdcs + [allowed_tdc] }
+
+      it 'mails tech about the dubious procedure' do
+        expect(AdministrationMailer).to have_received(:dubious_procedures)
+          .with([[procedure, forbidden_tdcs]])
+      end
+
+      context 'and a whitelisted procedure' do
+        let(:procedure) { create(:procedure, whitelisted_at: DateTime.now) }
+
+        it { expect(AdministrationMailer).not_to have_received(:dubious_procedures) }
+      end
+
+      context 'and a archived procedure' do
+        let(:procedure) { create(:procedure, archived_at: DateTime.now) }
+
+        it { expect(AdministrationMailer).not_to have_received(:dubious_procedures) }
+      end
+    end
+
+    context 'with no suspicious champs' do
+      let(:tdcs) { [allowed_tdc] }
+
+      it { expect(AdministrationMailer).not_to receive(:dubious_procedures) }
+    end
+  end
+end

spec/mailers/previews/administration_mailer_preview.rb

@@ -0,0 +1,9 @@
+class AdministrationMailerPreview < ActionMailer::Preview
+  def dubious_procedures
+    procedures_and_champs = [
+      [Procedure.first, [TypeDeChamp.new(libelle: 'iban'), TypeDeChamp.new(libelle: 'religion')]],
+      [Procedure.last, [TypeDeChamp.new(libelle: 'iban'), TypeDeChamp.new(libelle: 'numéro de carte bleu')]]
+    ]
+    AdministrationMailer.dubious_procedures(procedures_and_champs)
+  end
+end