From 8582b08a987802efea606aa7963b14bff711e685 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Fri, 3 May 2019 15:25:51 +0200
Subject: [PATCH 01/24] add security policy

---
 config/environments/development.rb            |  3 +++
 config/environments/production.rb             |  2 ++
 .../initializers/content_security_policy.rb   | 21 +++++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 config/initializers/content_security_policy.rb

diff --git a/config/environments/development.rb b/config/environments/development.rb
index 9a178ab8c..1d51b0cd3 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -59,6 +59,9 @@ Rails.application.configure do
     port: 3000
   }
 
+  # Use Content-Security-Policy-Report-Only instead of Content-Security-Policy
+  config.content_security_policy_report_only = true
+
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
index f2474f93d..befbe17aa 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -109,5 +109,7 @@ Rails.application.configure do
     host: ENV['APP_HOST']
   }
 
+  config.content_security_policy_report_only = true
+
   config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
 end
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
new file mode 100644
index 000000000..9db6e18cf
--- /dev/null
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,21 @@
+Rails.application.config.content_security_policy do |policy|
+  # En cas de non respect d'une des règles, faire un POST sur cette URL
+  policy.report_uri  "/csp-violation-report-endpoint"
+  # Nos whitelist
+  policy.img_src     :self, "https://*.openstreetmap.org"
+  # sendinblue et matomo, et… miniprofiler :(
+  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
+  if Rails.env.development?
+    #policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval, :unsafe_inline
+    policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval
+  else
+    policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr"
+  end
+  # Pour les CSS, on a beaucoup de style inline et quelques balises <style>
+  # c'est trop compliqué pour être rectifié immédiatement (et sans valeur ajoutée:
+  # c'est hardocodé dans les vues, donc pas injectable).
+  policy.style_src   :self, :unsafe_inline
+  # Pour tout le reste, par défaut on accepte uniquement ce qui vient de chez nous
+  # et dans la notification on inclue la source de l'erreur
+  policy.default_src :self, :data, :report_sample
+end
\ No newline at end of file

From 64b858ef193b2f0fb91fed68ada6ed6e002d9826 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Fri, 3 May 2019 16:12:24 +0200
Subject: [PATCH 02/24] handle Gon + add report-uri URL

---
 app/views/layouts/application.html.haml       |  2 +-
 .../initializers/content_security_policy.rb   | 24 ++++++++++---------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index af74cd8c7..5a0486f44 100644
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -19,7 +19,7 @@
     = stylesheet_link_tag 'new_design/new_application', media: 'all', 'data-turbolinks-track': 'reload'
     = stylesheet_link_tag 'new_design/print', media: 'print', 'data-turbolinks-track': 'reload'
 
-    = Gon::Base.render_data(camel_case: true, init: true)
+    = Gon::Base.render_data(camel_case: true, init: true, nonce:  request.content_security_policy_nonce)
 
     - if Rails.env.development?
       = stylesheet_link_tag :xray
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 9db6e18cf..b58d8af0e 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -1,21 +1,23 @@
 Rails.application.config.content_security_policy do |policy|
   # En cas de non respect d'une des règles, faire un POST sur cette URL
-  policy.report_uri  "/csp-violation-report-endpoint"
-  # Nos whitelist
-  policy.img_src     :self, "https://*.openstreetmap.org"
-  # sendinblue et matomo, et… miniprofiler :(
-  # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
+  policy.report_uri "https://e30e0ed9c14194254481124271b34a72.report-uri.com/r/d/csp/reportOnly"
+  # Whitelist image
+  policy.img_src :self, "https://*.openstreetmap.org"
+  # Whitelist JS: nous, sendinblue et matomo, et… miniprofiler :(
   if Rails.env.development?
-    #policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval, :unsafe_inline
-    policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval
+    # https://github.com/MiniProfiler/rack-mini-profiler/issues/327
+    policy.script_src :self, "https://sibautomation.com", "//stats.data.gouv.fr", :unsafe_eval, :unsafe_inline
   else
-    policy.script_src  :self, "https://sibautomation.com", "//stats.data.gouv.fr"
+    policy.script_src :self, "https://sibautomation.com", "//stats.data.gouv.fr"
   end
+  # Génération d'un nonce pour les balises script inline qu'on maitrise (Gon)
+  Rails.application.config.content_security_policy_nonce_generator = -> _request { SecureRandom.base64(16) }
+
   # Pour les CSS, on a beaucoup de style inline et quelques balises <style>
   # c'est trop compliqué pour être rectifié immédiatement (et sans valeur ajoutée:
-  # c'est hardocodé dans les vues, donc pas injectable).
-  policy.style_src   :self, :unsafe_inline
+  # c'est hardcodé dans les vues, donc pas injectable).
+  policy.style_src :self, :unsafe_inline
   # Pour tout le reste, par défaut on accepte uniquement ce qui vient de chez nous
   # et dans la notification on inclue la source de l'erreur
   policy.default_src :self, :data, :report_sample
-end
\ No newline at end of file
+end

From 2ae02a132bb6245700832ca49e12a17e2811421f Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Fri, 3 May 2019 16:32:04 +0200
Subject: [PATCH 03/24] Report-Only for tests

---
 config/environments/test.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/environments/test.rb b/config/environments/test.rb
index 1b9f30460..2a1fb8e0f 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -45,6 +45,9 @@ Rails.application.configure do
     protocol: :http
   }
 
+  # Use Content-Security-Policy-Report-Only instead of Content-Security-Policy
+  config.content_security_policy_report_only = true
+
   config.active_job.queue_adapter = :test
   config.active_storage.service = :test
 

From 2308b3bc5cc9fd1b1c72bb508651de58f1a152a4 Mon Sep 17 00:00:00 2001
From: maatinito <15379878+maatinito@users.noreply.github.com>
Date: Mon, 29 Apr 2019 10:55:10 -1000
Subject: [PATCH 04/24] =?UTF-8?q?[Fix=203827]=20Champ=20Pays:=20la=20ligne?=
 =?UTF-8?q?=20de=20tirets=20ne=20devrait=20pas=20=C3=AAtre=20selectionnabl?=
 =?UTF-8?q?e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/models/champs/pays_champ.rb                           | 4 ++++
 app/views/shared/dossiers/editable_champs/_pays.html.haml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/app/models/champs/pays_champ.rb b/app/models/champs/pays_champ.rb
index d088d2880..78de3277f 100644
--- a/app/models/champs/pays_champ.rb
+++ b/app/models/champs/pays_champ.rb
@@ -2,4 +2,8 @@ class Champs::PaysChamp < Champs::TextChamp
   def self.pays
     ApiGeo::API.pays.pluck(:nom)
   end
+
+  def self.disabled_options
+    pays.select { |v| (v =~ /^--.*--$/).present? }
+  end
 end
diff --git a/app/views/shared/dossiers/editable_champs/_pays.html.haml b/app/views/shared/dossiers/editable_champs/_pays.html.haml
index af0ee8b74..13062d8e5 100644
--- a/app/views/shared/dossiers/editable_champs/_pays.html.haml
+++ b/app/views/shared/dossiers/editable_champs/_pays.html.haml
@@ -1,4 +1,5 @@
 = form.select :value,
   Champs::PaysChamp.pays,
+  disabled: Champs::PaysChamp.disabled_options,
   include_blank: true,
   required: champ.mandatory?

From 3cc088e96574f26a3376b6bc7c30bdfbc3f7e1a1 Mon Sep 17 00:00:00 2001
From: maatinito <15379878+maatinito@users.noreply.github.com>
Date: Thu, 2 May 2019 13:22:06 -1000
Subject: [PATCH 05/24] Obsolete tasks that triggers errors on a fresh database
 20180913161001_add_path_to_procedures.rake   NoMethodError: undefined method
 `procedure_path' for #<Procedure:0x00007fffd77aed40>
 20181009130216_restore_deleted_dossiers.rake   ActiveRecord::RecordNotFound:
 Couldn't find Procedure with 'id'=4860
 20181010102500_remove_invite_gestionnaires.rake   NameError: uninitialized
 constant InviteGestionnaire

---
 ...20180913161001_add_path_to_procedures.rake |  32 ---
 ...181009130216_restore_deleted_dossiers.rake | 209 ------------------
 ...010102500_remove_invite_gestionnaires.rake |  10 -
 3 files changed, 251 deletions(-)
 delete mode 100644 lib/tasks/deployment/20180913161001_add_path_to_procedures.rake
 delete mode 100644 lib/tasks/deployment/20181009130216_restore_deleted_dossiers.rake
 delete mode 100644 lib/tasks/deployment/20181010102500_remove_invite_gestionnaires.rake

diff --git a/lib/tasks/deployment/20180913161001_add_path_to_procedures.rake b/lib/tasks/deployment/20180913161001_add_path_to_procedures.rake
deleted file mode 100644
index 351cd9224..000000000
--- a/lib/tasks/deployment/20180913161001_add_path_to_procedures.rake
+++ /dev/null
@@ -1,32 +0,0 @@
-namespace :after_party do
-  desc 'Deployment task: add_path_to_procedures'
-  task add_path_to_procedures: :environment do
-    puts "Running deploy task 'add_path_to_procedures'"
-
-    def print_procedure(procedure)
-      puts "#{procedure.id}##{procedure.path} - #{procedure.errors.full_messages}"
-    end
-
-    puts "Démarches publiées :"
-    Procedure.publiees.where(path: nil).find_each do |procedure|
-      procedure.path = procedure.path
-      if !procedure.save
-        print_procedure(procedure)
-      end
-    end
-
-    puts "Démarches archivées :"
-    Procedure.archivees.where(path: nil).find_each do |procedure|
-      if procedure.procedure_path.present?
-        procedure.path = procedure.path
-        if !procedure.save
-          print_procedure(procedure)
-        end
-      end
-    end
-
-    # Update task as completed. If you remove the line below, the task will
-    # run with every deploy (or every time you call after_party:run).
-    AfterParty::TaskRecord.create version: '20180913161001'
-  end
-end
diff --git a/lib/tasks/deployment/20181009130216_restore_deleted_dossiers.rake b/lib/tasks/deployment/20181009130216_restore_deleted_dossiers.rake
deleted file mode 100644
index 387d5cf99..000000000
--- a/lib/tasks/deployment/20181009130216_restore_deleted_dossiers.rake
+++ /dev/null
@@ -1,209 +0,0 @@
-require Rails.root.join("lib", "tasks", "task_helper")
-
-namespace :after_party do
-  desc 'Deployment task: restore_deleted_dossiers'
-  task restore_deleted_dossiers: :environment do
-    Class.new do
-      def run
-        rake_puts "Running deploy task 'restore_deleted_dossiers'"
-        restore_candidats_libres_deleted_dossiers
-        restore_neph_deleted_dossiers
-        AfterParty::TaskRecord.create version: '20181009130216'
-      end
-
-      def restore_candidats_libres_deleted_dossiers
-        mapping = Class.new(Tasks::DossierProcedureMigrator::ChampMapping) do
-          def setup_mapping
-            champ_opts = {
-              16 => {
-                source_overrides: { 'libelle' => 'Adresse postale du candidat' },
-                destination_overrides: { 'libelle' => 'Adresse postale complète du candidat' }
-              }
-            }
-            (0..23).each do |i|
-              map_source_to_destination_champ(i, i, **(champ_opts[i] || {}))
-            end
-          end
-        end
-
-        private_mapping = Class.new(Tasks::DossierProcedureMigrator::ChampMapping) do
-          def setup_mapping
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'datetime',
-                order_place: 0,
-                libelle: 'Date et heure de convocation',
-                mandatory: false
-              )
-            ) do |d, target_tdc|
-              target_tdc.champ.create(dossier: d)
-            end
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'text',
-                order_place: 1,
-                libelle: 'Lieu de convocation',
-                mandatory: false
-              )
-            ) do |d, target_tdc|
-              target_tdc.champ.create(dossier: d)
-            end
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'address',
-                order_place: 2,
-                libelle: 'Adresse centre examen',
-                mandatory: false
-              )
-            ) do |d, target_tdc|
-              target_tdc.champ.create(dossier: d)
-            end
-          end
-        end
-
-        pj_mapping = Class.new(Tasks::DossierProcedureMigrator::PieceJustificativeMapping) do
-          def setup_mapping
-            (0..3).each do |i|
-              map_source_to_destination_pj(i, i + 2)
-            end
-            leave_destination_pj_blank(
-              TypeDePieceJustificative.new(
-                order_place: 0,
-                libelle: "Télécharger la Charte de l'accompagnateur"
-              )
-            )
-            leave_destination_pj_blank(
-              TypeDePieceJustificative.new(
-                order_place: 1,
-                libelle: "Télécharger l'attestation d'assurance"
-              )
-            )
-          end
-        end
-
-        restore_deleted_dossiers(4860, 8603, mapping, private_mapping, pj_mapping)
-      end
-
-      def restore_neph_deleted_dossiers
-        mapping = Class.new(Tasks::DossierProcedureMigrator::ChampMapping) do
-          def can_migrate?(dossier)
-            !(dossier.termine? ||
-              dossier.champs.joins(:type_de_champ).find_by(types_de_champ: { order_place: 3 }).value&.include?('"Demande de duplicata de dossier d\'inscription (suite perte)"'))
-          end
-
-          def setup_mapping
-            champ_opts = {
-              3 => {
-                source_overrides: { 'drop_down' => ["", "Demande de réactualisation du numéro NEPH", "Demande de communication du numéro NEPH", "Demande de duplicata de dossier d'inscription (suite perte)", "Demande de correction sur le Fichier National des Permis de conduire"] },
-                destination_overrides: { 'drop_down' => ["", "Demande de réactualisation du numéro NEPH", "Demande de communication du numéro NEPH", "Demande de correction sur le Fichier National des Permis de conduire"] }
-              }
-            }
-            (0..14).each do |i|
-              map_source_to_destination_champ(i, i, **(champ_opts[i] || {}))
-            end
-            (16..22).each do |i|
-              map_source_to_destination_champ(i, i + 2, **(champ_opts[i] || {}))
-            end
-
-            discard_source_champ(
-              TypeDeChamp.new(
-                type_champ: 'address',
-                order_place: 15,
-                libelle: 'Adresse du candidat'
-              )
-            )
-
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'address',
-                order_place: 15,
-                libelle: 'Adresse du candidat',
-                mandatory: true
-              )
-            ) do |d, target_tdc|
-              value = d.champs.joins(:type_de_champ).find_by(types_de_champ: { order_place: 3 }).value
-              if !d.brouillon?
-                value ||= 'non renseigné'
-              end
-              target_tdc.champ.create(dossier: d, value: value)
-            end
-
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'address',
-                order_place: 16,
-                libelle: 'Code postal',
-                mandatory: true
-              )
-            ) do |d, target_tdc|
-              target_tdc.champ.create(dossier: d, value: d.brouillon? ? nil : 'non renseigné')
-            end
-
-            compute_destination_champ(
-              TypeDeChamp.new(
-                type_champ: 'address',
-                order_place: 17,
-                libelle: 'Ville',
-                mandatory: true
-              )
-            ) do |d, target_tdc|
-              target_tdc.champ.create(dossier: d, value: d.brouillon? ? nil : 'non renseigné')
-            end
-          end
-        end
-
-        private_mapping = Class.new(Tasks::DossierProcedureMigrator::ChampMapping) do
-          def setup_mapping
-            (0..2).each do |i|
-              map_source_to_destination_champ(i, i)
-            end
-          end
-        end
-
-        pj_mapping = Class.new(Tasks::DossierProcedureMigrator::PieceJustificativeMapping) do
-          def setup_mapping
-            (0..3).each do |i|
-              map_source_to_destination_pj(i, i)
-            end
-          end
-        end
-
-        restore_deleted_dossiers(6388, 8770, mapping, private_mapping, pj_mapping)
-      end
-
-      def restore_deleted_dossiers(deleted_procedure_id, new_procedure_id, champ_mapping, champ_private_mapping, pj_mapping)
-        source_procedure = Procedure.unscoped.find(deleted_procedure_id)
-        destination_procedure = Procedure.find(new_procedure_id)
-
-        deleted_dossiers = Dossier.unscoped
-          .where(procedure_id: deleted_procedure_id)
-          .where('dossiers.hidden_at >= ?', source_procedure.hidden_at)
-
-        deleted_dossier_ids = deleted_dossiers.pluck(:id).to_a
-        deleted_dossiers.update_all(hidden_at: nil)
-
-        source_procedure
-          .update_columns(
-            hidden_at: nil,
-            archived_at: source_procedure.hidden_at,
-            aasm_state: :archivee
-          )
-
-        migrator = Tasks::DossierProcedureMigrator.new(source_procedure, destination_procedure, champ_mapping, champ_private_mapping, pj_mapping) do |dossier|
-          DossierMailer.notify_undelete_to_user(dossier).deliver_later
-        end
-        migrator.check_consistency
-        migrator.migrate_dossiers
-
-        source_procedure.dossiers.where(id: deleted_dossier_ids).find_each do |dossier|
-          if dossier.termine?
-            DossierMailer.notify_undelete_to_user(dossier).deliver_later
-          else
-            rake_puts "Dossier #{dossier.id} non migré\n"
-            DossierMailer.notify_unmigrated_to_user(dossier, destination_procedure).deliver_later
-          end
-        end
-      end
-    end.new.run
-  end
-end
diff --git a/lib/tasks/deployment/20181010102500_remove_invite_gestionnaires.rake b/lib/tasks/deployment/20181010102500_remove_invite_gestionnaires.rake
deleted file mode 100644
index fbbce4a15..000000000
--- a/lib/tasks/deployment/20181010102500_remove_invite_gestionnaires.rake
+++ /dev/null
@@ -1,10 +0,0 @@
-namespace :after_party do
-  desc 'Deployment task: remove_invite_gestionnaires'
-  task remove_invite_gestionnaires: :environment do
-    InviteGestionnaire.destroy_all
-
-    # Update task as completed. If you remove the line below, the task will
-    # run with every deploy (or every time you call after_party:run).
-    AfterParty::TaskRecord.create version: '20181010102500'
-  end
-end

From 3ff0c83485e30763f312c4ac73a51c3ed0ac3dbf Mon Sep 17 00:00:00 2001
From: Nicolas Bouilleaud <nico@bou.io>
Date: Fri, 12 Apr 2019 10:43:51 +0200
Subject: [PATCH 06/24] Add multi-admin UI

refs #1626
---
 .../procedure_administrateurs_controller.rb   | 47 +++++++++++++++++++
 .../_administrateur.html.haml                 | 13 +++++
 .../procedure_administrateurs/create.js.haml  |  6 +++
 .../procedure_administrateurs/destroy.js.haml |  4 ++
 .../procedure_administrateurs/index.html.haml | 26 ++++++++++
 config/routes.rb                              |  2 +
 6 files changed, 98 insertions(+)
 create mode 100644 app/controllers/new_administrateur/procedure_administrateurs_controller.rb
 create mode 100644 app/views/new_administrateur/procedure_administrateurs/_administrateur.html.haml
 create mode 100644 app/views/new_administrateur/procedure_administrateurs/create.js.haml
 create mode 100644 app/views/new_administrateur/procedure_administrateurs/destroy.js.haml
 create mode 100644 app/views/new_administrateur/procedure_administrateurs/index.html.haml

diff --git a/app/controllers/new_administrateur/procedure_administrateurs_controller.rb b/app/controllers/new_administrateur/procedure_administrateurs_controller.rb
new file mode 100644
index 000000000..c853afab6
--- /dev/null
+++ b/app/controllers/new_administrateur/procedure_administrateurs_controller.rb
@@ -0,0 +1,47 @@
+module NewAdministrateur
+  class ProcedureAdministrateursController < AdministrateurController
+    before_action :retrieve_procedure
+    before_action :procedure_locked?
+
+    def index
+    end
+
+    def create
+      email = params.require(:administrateur)[:email]&.strip&.downcase
+
+      # Find the admin
+      administrateur = Administrateur.find_by(email: email)
+      if administrateur.nil?
+        flash.alert = "L’administrateur « #{email} » n’existe pas. Invitez-le à demander un compte administrateur à l’addresse <a href=#{new_demande_url}>#{new_demande_url}</a>."
+        return
+      end
+
+      # Prevent duplicates (also enforced in the database in administrateurs_procedures)
+      if @procedure.administrateurs.include?(administrateur)
+        flash.alert = "L’administrateur « #{administrateur.email} » est déjà administrateur de « #{@procedure.libelle} »."
+        return
+      end
+
+      # Actually add the admin
+      @procedure.administrateurs << administrateur
+      @administrateur = administrateur
+      flash.notice = "L’administrateur « #{administrateur.email} » a été ajouté à la démarche « #{@procedure.libelle} »."
+    end
+
+    def destroy
+      administrateur = @procedure.administrateurs.find(params[:id])
+
+      # Prevent self-removal (Also enforced in the UI)
+      if administrateur == current_administrateur
+        flash.error = "Vous ne pouvez pas vous retirez vous-même d’une procédure."
+      end
+
+      # Actually remove the admin
+      @procedure.administrateurs.delete(administrateur)
+      @administrateur = administrateur
+      flash.notice = "L’administrateur \« #{administrateur.email} » a été retiré de la démarche « #{@procedure.libelle} »."
+    rescue ActiveRecord::ActiveRecordError => e
+      flash.alert = e.message
+    end
+  end
+end
diff --git a/app/views/new_administrateur/procedure_administrateurs/_administrateur.html.haml b/app/views/new_administrateur/procedure_administrateurs/_administrateur.html.haml
new file mode 100644
index 000000000..65354f432
--- /dev/null
+++ b/app/views/new_administrateur/procedure_administrateurs/_administrateur.html.haml
@@ -0,0 +1,13 @@
+%tr{ id: "procedure-#{@procedure.id}-administrateur-#{administrateur.id}" }
+  %td= administrateur.email
+  %td= administrateur.created_at.strftime('%d/%m/%Y %H:%M')
+  %td= administrateur.registration_state
+  %td
+    - if administrateur == current_administrateur
+      C’est vous !
+    - else
+      = link_to 'Retirer',
+        [@procedure, administrateur],
+        method: :delete,
+        'data-confirm': "Retirer « #{administrateur.email} » des administrateurs de « #{@procedure.libelle} » ?",
+        remote: true
diff --git a/app/views/new_administrateur/procedure_administrateurs/create.js.haml b/app/views/new_administrateur/procedure_administrateurs/create.js.haml
new file mode 100644
index 000000000..9e4ff843c
--- /dev/null
+++ b/app/views/new_administrateur/procedure_administrateurs/create.js.haml
@@ -0,0 +1,6 @@
+= render_flash(sticky: true)
+- if @administrateur
+  = append_to_element("#procedure-#{@procedure.id}-administrateurs",
+    partial: 'administrateur',
+    locals: { administrateur: @administrateur })
+  document.getElementById('procedure-#{@procedure.id}-new_administrateur').reset()
diff --git a/app/views/new_administrateur/procedure_administrateurs/destroy.js.haml b/app/views/new_administrateur/procedure_administrateurs/destroy.js.haml
new file mode 100644
index 000000000..b56486490
--- /dev/null
+++ b/app/views/new_administrateur/procedure_administrateurs/destroy.js.haml
@@ -0,0 +1,4 @@
+= render_flash(sticky: true)
+- if @administrateur
+  = remove_element("#procedure-#{@procedure.id}-administrateur-#{@administrateur.id}")
+
diff --git a/app/views/new_administrateur/procedure_administrateurs/index.html.haml b/app/views/new_administrateur/procedure_administrateurs/index.html.haml
new file mode 100644
index 000000000..ca33a48a1
--- /dev/null
+++ b/app/views/new_administrateur/procedure_administrateurs/index.html.haml
@@ -0,0 +1,26 @@
+= render partial: 'new_administrateur/breadcrumbs',
+  locals: { steps: [link_to('Démarches', admin_procedures_path),
+                    link_to(@procedure.libelle, admin_procedure_path(@procedure)),
+                    'Administrateurs'], preview: false }
+
+.container
+  %h1 Administrateurs de « #{@procedure.libelle} »
+  %table.table
+    %thead
+      %th= 'Adresse email'
+      %th= 'Enregistré le'
+      %th= 'État'
+    %tbody{ id: "procedure-#{@procedure.id}-administrateurs" }
+      = render partial: 'administrateur', collection: @procedure.administrateurs.order(:email)
+    %tfoot
+      %tr
+        %th{ colspan: 4 }
+          = form_for @procedure.administrateurs.new,
+            url: { controller: 'procedure_administrateurs' },
+            html: { class: 'form', id:  "procedure-#{@procedure.id}-new_administrateur" } ,
+            remote: true do |f|
+            = f.label :email do
+              Ajouter un administrateur
+              %span.notice= "Renseigner l’email d’un administrateur déjà enregistré sur demarches-simplifiees.fr pour lui permettre de modifier « #{@procedure.libelle} »."
+            = f.email_field :email, placeholder: 'marie.dupont@exemple.fr', required: true
+            = f.submit 'Ajouter', class: 'button send'
diff --git a/config/routes.rb b/config/routes.rb
index 33493af6c..3d2d7382b 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -374,6 +374,8 @@ Rails.application.routes.draw do
         get 'annotations'
       end
 
+      resources :administrateurs, controller: 'procedure_administrateurs', only: [:index, :create, :destroy]
+
       resources :types_de_champ, only: [:create, :update, :destroy] do
         member do
           patch :move

From 8d84dba3f2116234eeb5d385780210d1302ffe43 Mon Sep 17 00:00:00 2001
From: Nicolas Bouilleaud <nico@bou.io>
Date: Fri, 12 Apr 2019 15:45:21 +0200
Subject: [PATCH 07/24] Link to multi-admin settings from the left panel

refs #1626
---
 .../_left_panel_admin_procedurescontroller_navbar.html.haml   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_navbar.html.haml b/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_navbar.html.haml
index 3fa249331..9a139b589 100644
--- a/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_navbar.html.haml
+++ b/app/views/layouts/left_panels/_left_panel_admin_procedurescontroller_navbar.html.haml
@@ -27,6 +27,10 @@
         - if @procedure.missing_steps.include?(:service)
           %p.missing-steps (à compléter)
 
+    %a#onglet-administrateurs{ href: url_for(procedure_administrateurs_path(@procedure)) }
+      .procedure-list-element{ class: ('active' if active == 'Administrateurs') }
+        Administrateurs
+
     %a#onglet-instructeurs{ href: url_for(admin_procedure_instructeurs_path(@procedure)) }
       .procedure-list-element{ class: ('active' if active == 'Instructeurs') }
         Instructeurs

From df865e71dc8ec1cd40d27c5dc0e70338d1da6566 Mon Sep 17 00:00:00 2001
From: Nicolas Bouilleaud <nico@bou.io>
Date: Mon, 29 Apr 2019 18:27:44 +0200
Subject: [PATCH 08/24] Make sure that there always is at least one
 administrator per Procedure

---
 app/models/procedure.rb       | 3 ++-
 spec/models/procedure_spec.rb | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index 485ca86c8..11a2e6e09 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -17,7 +17,7 @@ class Procedure < ApplicationRecord
 
   has_many :assign_to, dependent: :destroy
   has_many :administrateurs_procedures
-  has_many :administrateurs, through: :administrateurs_procedures
+  has_many :administrateurs, through: :administrateurs_procedures, after_remove: -> (procedure, _admin) { procedure.validate! }
   has_many :gestionnaires, through: :assign_to
 
   has_one :initiated_mail, class_name: "Mails::InitiatedMail", dependent: :destroy
@@ -57,6 +57,7 @@ class Procedure < ApplicationRecord
 
   validates :libelle, presence: true, allow_blank: false, allow_nil: false
   validates :description, presence: true, allow_blank: false, allow_nil: false
+  validates :administrateurs, presence: true
   validate :check_juridique
   validates :path, format: { with: /\A[a-z0-9_\-]{3,50}\z/ }, uniqueness: { scope: :aasm_state, case_sensitive: false }, presence: true, allow_blank: false, allow_nil: true
   # FIXME: remove duree_conservation_required flag once all procedures are converted to the new style
diff --git a/spec/models/procedure_spec.rb b/spec/models/procedure_spec.rb
index 6652891bc..c907f88a9 100644
--- a/spec/models/procedure_spec.rb
+++ b/spec/models/procedure_spec.rb
@@ -168,6 +168,10 @@ describe Procedure do
       it { is_expected.to allow_value('URRSAF').for(:organisation) }
     end
 
+    context 'administrateurs' do
+      it { is_expected.not_to allow_value([]).for(:administrateurs) }
+    end
+
     context 'juridique' do
       it { is_expected.not_to allow_value(nil).for(:cadre_juridique) }
       it { is_expected.to allow_value('text').for(:cadre_juridique) }

From 0590cc1e28ccf3d1be26f1fd658ed113325cd3ff Mon Sep 17 00:00:00 2001
From: Nicolas Bouilleaud <nico@bou.io>
Date: Tue, 30 Apr 2019 09:58:43 +0200
Subject: [PATCH 09/24] Ignore the Procedure.administrateur_id column again

following #3822
---
 app/models/procedure.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index 11a2e6e09..0cfe9a71d 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -1,6 +1,8 @@
 require Rails.root.join('lib', 'percentile')
 
 class Procedure < ApplicationRecord
+  self.ignored_columns = [:administrateur_id]
+
   MAX_DUREE_CONSERVATION = 36
 
   has_many :types_de_piece_justificative, -> { ordered }, dependent: :destroy

From 67fb561119e20f529070d86c7ea655c4f15ff0de Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Fri, 3 May 2019 09:18:16 +0200
Subject: [PATCH 10/24] Apply suggestions from code review

Co-Authored-By: n-b <nico@bou.io>
---
 .../procedure_administrateurs_controller.rb                   | 3 +--
 .../procedure_administrateurs/index.html.haml                 | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/controllers/new_administrateur/procedure_administrateurs_controller.rb b/app/controllers/new_administrateur/procedure_administrateurs_controller.rb
index c853afab6..b2fa6811d 100644
--- a/app/controllers/new_administrateur/procedure_administrateurs_controller.rb
+++ b/app/controllers/new_administrateur/procedure_administrateurs_controller.rb
@@ -1,7 +1,6 @@
 module NewAdministrateur
   class ProcedureAdministrateursController < AdministrateurController
     before_action :retrieve_procedure
-    before_action :procedure_locked?
 
     def index
     end
@@ -33,7 +32,7 @@ module NewAdministrateur
 
       # Prevent self-removal (Also enforced in the UI)
       if administrateur == current_administrateur
-        flash.error = "Vous ne pouvez pas vous retirez vous-même d’une procédure."
+        flash.error = "Vous ne pouvez pas vous retirer vous-même d’une démarche."
       end
 
       # Actually remove the admin
diff --git a/app/views/new_administrateur/procedure_administrateurs/index.html.haml b/app/views/new_administrateur/procedure_administrateurs/index.html.haml
index ca33a48a1..ea54e04c5 100644
--- a/app/views/new_administrateur/procedure_administrateurs/index.html.haml
+++ b/app/views/new_administrateur/procedure_administrateurs/index.html.haml
@@ -21,6 +21,6 @@
             remote: true do |f|
             = f.label :email do
               Ajouter un administrateur
-              %span.notice= "Renseigner l’email d’un administrateur déjà enregistré sur demarches-simplifiees.fr pour lui permettre de modifier « #{@procedure.libelle} »."
+              %span.notice= "Renseignez l’email d’un administrateur déjà enregistré sur demarches-simplifiees.fr pour lui permettre de modifier « #{@procedure.libelle} »."
             = f.email_field :email, placeholder: 'marie.dupont@exemple.fr', required: true
-            = f.submit 'Ajouter', class: 'button send'
+            = f.submit 'Ajouter comme administrateur', class: 'button primary send'

From 4aab72be68a9875c64a02192e1ed409d4de0d478 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 18 Feb 2019 17:52:15 +0100
Subject: [PATCH 11/24] implementation du systeme de PJ de motivation

---
 .../gestionnaires/dossiers_controller.rb      |  7 +-
 app/javascript/new_design/state-button.js     |  5 +
 app/javascript/packs/application.js           |  7 +-
 app/mailers/notification_mailer.rb            |  8 +-
 app/models/dossier.rb                         | 20 ++--
 app/serializers/dossier_serializer.rb         |  7 ++
 .../_state_button_motivation.html.haml        |  4 +
 .../show/_download_justificatif.html.haml     |  7 ++
 app/views/shared/dossiers/_demande.html.haml  |  2 +-
 .../shared/dossiers/_horodatage.html.haml     |  5 -
 .../dossiers/_infos_generales.html.haml       | 14 +++
 .../dossiers/show/_status_overview.html.haml  |  6 ++
 .../api/v1/dossiers_controller_spec.rb        |  2 +-
 .../gestionnaires/dossiers_controller_spec.rb | 95 ++++++++++++++-----
 14 files changed, 144 insertions(+), 45 deletions(-)
 create mode 100644 app/views/new_user/dossiers/show/_download_justificatif.html.haml
 delete mode 100644 app/views/shared/dossiers/_horodatage.html.haml
 create mode 100644 app/views/shared/dossiers/_infos_generales.html.haml

diff --git a/app/controllers/gestionnaires/dossiers_controller.rb b/app/controllers/gestionnaires/dossiers_controller.rb
index ded7aaba6..a96616bfe 100644
--- a/app/controllers/gestionnaires/dossiers_controller.rb
+++ b/app/controllers/gestionnaires/dossiers_controller.rb
@@ -93,16 +93,17 @@ module Gestionnaires
 
     def terminer
       motivation = params[:dossier] && params[:dossier][:motivation]
+      justificatif = params[:dossier] && params[:dossier][:justificatif_motivation]
 
       case params[:process_action]
       when "refuser"
-        dossier.refuser!(current_gestionnaire, motivation)
+        dossier.refuser!(current_gestionnaire, motivation, justificatif)
         flash.notice = "Dossier considéré comme refusé."
       when "classer_sans_suite"
-        dossier.classer_sans_suite!(current_gestionnaire, motivation)
+        dossier.classer_sans_suite!(current_gestionnaire, motivation, justificatif)
         flash.notice = "Dossier considéré comme sans suite."
       when "accepter"
-        dossier.accepter!(current_gestionnaire, motivation)
+        dossier.accepter!(current_gestionnaire, motivation, justificatif)
         flash.notice = "Dossier traité avec succès."
       end
 
diff --git a/app/javascript/new_design/state-button.js b/app/javascript/new_design/state-button.js
index c30fa64a2..01ac323cc 100644
--- a/app/javascript/new_design/state-button.js
+++ b/app/javascript/new_design/state-button.js
@@ -11,3 +11,8 @@ export function motivationCancel() {
   document.querySelectorAll('.motivation').forEach(hide);
   show(document.querySelector('.dropdown-items'));
 }
+
+export function showImportJustificatif(name) {
+  show(document.querySelector('#justificatif_motivation_import_' + name));
+  hide(document.querySelector('#justificatif_motivation_suggest_' + name));
+}
diff --git a/app/javascript/packs/application.js b/app/javascript/packs/application.js
index 7f61db545..ba665e4bb 100644
--- a/app/javascript/packs/application.js
+++ b/app/javascript/packs/application.js
@@ -29,7 +29,11 @@ import '../new_design/champs/repetition';
 
 import { toggleCondidentielExplanation } from '../new_design/avis';
 import { scrollMessagerie } from '../new_design/messagerie';
-import { showMotivation, motivationCancel } from '../new_design/state-button';
+import {
+  showMotivation,
+  motivationCancel,
+  showImportJustificatif
+} from '../new_design/state-button';
 import { toggleChart } from '../new_design/toggle-chart';
 import { replaceSemicolonByComma } from '../new_design/avis';
 
@@ -40,6 +44,7 @@ const DS = {
   scrollMessagerie,
   showMotivation,
   motivationCancel,
+  showImportJustificatif,
   toggleChart,
   replaceSemicolonByComma
 };
diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb
index e9e88b4c1..31f2ccbde 100644
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -17,20 +17,20 @@ class NotificationMailer < ApplicationMailer
   end
 
   def send_closed_notification(dossier)
-    send_notification(dossier, dossier.procedure.closed_mail_template)
+    send_final_notification(dossier, dossier.procedure.closed_mail_template, dossier.justificatif_motivation)
   end
 
   def send_refused_notification(dossier)
-    send_notification(dossier, dossier.procedure.refused_mail_template)
+    send_final_notification(dossier, dossier.procedure.refused_mail_template, dossier.justificatif_motivation)
   end
 
   def send_without_continuation_notification(dossier)
-    send_notification(dossier, dossier.procedure.without_continuation_mail_template)
+    send_final_notification(dossier, dossier.procedure.without_continuation_mail_template, dossier.justificatif_motivation)
   end
 
   private
 
-  def send_notification(dossier, mail_template)
+  def send_notification(dossier, mail_template, attachment_file = nil)
     email = dossier.user.email
 
     subject = mail_template.subject_for_dossier(dossier)
diff --git a/app/models/dossier.rb b/app/models/dossier.rb
index 1b8516399..39dc2c7ae 100644
--- a/app/models/dossier.rb
+++ b/app/models/dossier.rb
@@ -20,6 +20,8 @@ class Dossier < ApplicationRecord
   has_one :attestation, dependent: :destroy
 
   has_many :pieces_justificatives, dependent: :destroy
+  has_one_attached :justificatif_motivation
+
   has_many :champs, -> { root.public_only.ordered }, dependent: :destroy
   has_many :champs_private, -> { root.private_only.ordered }, class_name: 'Champ', dependent: :destroy
   has_many :commentaires, dependent: :destroy
@@ -296,10 +298,12 @@ class Dossier < ApplicationRecord
     log_dossier_operation(gestionnaire, :repasser_en_construction)
   end
 
-  def accepter!(gestionnaire, motivation)
+  def accepter!(gestionnaire, motivation, justificatif = nil)
     self.motivation = motivation
     self.en_instruction_at ||= Time.zone.now
-
+    if justificatif
+      self.justificatif_motivation.attach(justificatif)
+    end
     accepte!
 
     if attestation.nil?
@@ -330,20 +334,24 @@ class Dossier < ApplicationRecord
     DeletedDossier.create_from_dossier(self)
   end
 
-  def refuser!(gestionnaire, motivation)
+  def refuser!(gestionnaire, motivation, justificatif = nil)
     self.motivation = motivation
     self.en_instruction_at ||= Time.zone.now
-
+    if justificatif
+      self.justificatif_motivation.attach(justificatif)
+    end
     refuse!
 
     NotificationMailer.send_refused_notification(self).deliver_later
     log_dossier_operation(gestionnaire, :refuser)
   end
 
-  def classer_sans_suite!(gestionnaire, motivation)
+  def classer_sans_suite!(gestionnaire, motivation, justificatif = nil)
     self.motivation = motivation
     self.en_instruction_at ||= Time.zone.now
-
+    if justificatif
+      self.justificatif_motivation.attach(justificatif)
+    end
     sans_suite!
 
     NotificationMailer.send_without_continuation_notification(self).deliver_later
diff --git a/app/serializers/dossier_serializer.rb b/app/serializers/dossier_serializer.rb
index 536c418cf..876b2dcaf 100644
--- a/app/serializers/dossier_serializer.rb
+++ b/app/serializers/dossier_serializer.rb
@@ -22,6 +22,7 @@ class DossierSerializer < ActiveModel::Serializer
   has_many :champs_private
   has_many :pieces_justificatives
   has_many :types_de_piece_justificative
+  has_one :justificatif_motivation
 
   has_many :champs, serializer: ChampSerializer
 
@@ -52,6 +53,12 @@ class DossierSerializer < ActiveModel::Serializer
       PiecesJustificativesService.serialize_champs_as_pjs(object)
   end
 
+  def justificatif_motivation
+    if object.justificatif_motivation.attached?
+      Rails.application.routes.url_helpers.url_for(object.justificatif_motivation)
+    end
+  end
+
   def types_de_piece_justificative
     ActiveModelSerializers::SerializableResource.new(object.types_de_piece_justificative).serializable_hash +
       PiecesJustificativesService.serialize_types_de_champ_as_type_pj(object)
diff --git a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
index 58e5a1d0f..e5800cd6f 100644
--- a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
+++ b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
@@ -28,6 +28,10 @@
                 %li= unspecified_annotations_privee.libelle
     - else
       = text_area :dossier, :motivation, class: 'motivation-text-area', placeholder: placeholder, required: true
+    %span{ id: "justificatif_motivation_suggest_#{popup_class}", onclick: "DS.showImportJustificatif('#{popup_class}');" }
+      .button Ajouter un justificatif (optionnel)
+    .hidden{ id: "justificatif_motivation_import_#{popup_class}" }
+      = file_field :dossier, :justificatif_motivation, direct_upload: true
     .text-right
       - if title == 'Accepter' && dossier.procedure.attestation_template&.activated?
         = link_to "Voir l'attestation", apercu_attestation_gestionnaire_dossier_path(dossier.procedure, dossier), target: '_blank', rel: 'noopener', class: 'button', title: "Voir l'attestation qui sera envoyée au demandeur"
diff --git a/app/views/new_user/dossiers/show/_download_justificatif.html.haml b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
new file mode 100644
index 000000000..79c6378bc
--- /dev/null
+++ b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
@@ -0,0 +1,7 @@
+- if dossier.present?
+  - justificatif = dossier.justificatif_motivation
+  - if dossier.justificatif_motivation.attached?
+    .action
+      = link_to (justificatif), target: '_blank', class: 'button primary' do
+        %span.icon.download
+        Télécharger le justificatif
diff --git a/app/views/shared/dossiers/_demande.html.haml b/app/views/shared/dossiers/_demande.html.haml
index 8eef11616..78ff2fb67 100644
--- a/app/views/shared/dossiers/_demande.html.haml
+++ b/app/views/shared/dossiers/_demande.html.haml
@@ -1,7 +1,7 @@
 .container
   - if dossier.en_construction_at.present?
     .card
-      = render partial: "shared/dossiers/horodatage", locals: { dossier: dossier }
+      = render partial: "shared/dossiers/infos_generales", locals: { dossier: dossier }
 
   .tab-title Identité du demandeur
   .card
diff --git a/app/views/shared/dossiers/_horodatage.html.haml b/app/views/shared/dossiers/_horodatage.html.haml
deleted file mode 100644
index c97b9c601..000000000
--- a/app/views/shared/dossiers/_horodatage.html.haml
+++ /dev/null
@@ -1,5 +0,0 @@
-%table.table.vertical.dossier-champs
-  %tbody
-    %tr
-      %th.libelle Déposé le :
-      %td= l(dossier.en_construction_at, format: '%d %B %Y')
diff --git a/app/views/shared/dossiers/_infos_generales.html.haml b/app/views/shared/dossiers/_infos_generales.html.haml
new file mode 100644
index 000000000..d4cd9737b
--- /dev/null
+++ b/app/views/shared/dossiers/_infos_generales.html.haml
@@ -0,0 +1,14 @@
+%table.table.vertical.dossier-champs
+  %tbody
+    %tr
+      %th.libelle Déposé le :
+      %td= l(dossier.en_construction_at, format: '%d %B %Y')
+  - if dossier.justificatif_motivation.attached?
+    - justificatif = dossier.justificatif_motivation
+    %tr
+      %th.libelle Justificatif :
+      %td
+        .action
+          = link_to url_for(justificatif), target: '_blank', class: 'button primary' do
+            %span.icon.download
+            Télécharger le justificatif
diff --git a/app/views/users/dossiers/show/_status_overview.html.haml b/app/views/users/dossiers/show/_status_overview.html.haml
index ceb07234c..e2d16b5db 100644
--- a/app/views/users/dossiers/show/_status_overview.html.haml
+++ b/app/views/users/dossiers/show/_status_overview.html.haml
@@ -50,12 +50,15 @@
           %h3 Motif de l’acceptation
           %blockquote= dossier.motivation
 
+        = render partial: 'new_user/dossiers/show/download_justificatif', locals: { dossier: dossier }
+
         - if dossier.attestation.present?
           .action
             = link_to attestation_dossier_path(dossier), target: '_blank', rel: 'noopener', class: 'button primary' do
               %span.icon.download
               Télécharger l’attestation
 
+
     - elsif dossier.refuse?
       .refuse
         %p.decision
@@ -68,6 +71,7 @@
           %h3 Motif du refus
           %blockquote= dossier.motivation
 
+        = render partial: 'new_user/dossiers/show/download_justificatif', locals: { dossier: @dossier }
         .action
           = link_to 'Envoyer un message à l’administration', messagerie_dossier_url(dossier, anchor: 'new_commentaire'), class: 'button'
 
@@ -79,6 +83,8 @@
           = succeed '.' do
             %strong sans suite
 
+        = render partial: 'new_user/dossiers/show/download_justificatif', locals: { dossier: @dossier }
+
         - if dossier.motivation.present?
           %h3 Motif du classement sans suite
           %blockquote= dossier.motivation
diff --git a/spec/controllers/api/v1/dossiers_controller_spec.rb b/spec/controllers/api/v1/dossiers_controller_spec.rb
index b62cfc04f..cee273d56 100644
--- a/spec/controllers/api/v1/dossiers_controller_spec.rb
+++ b/spec/controllers/api/v1/dossiers_controller_spec.rb
@@ -139,7 +139,7 @@ describe API::V1::DossiersController do
         let!(:dossier) { Timecop.freeze(date_creation) { create(:dossier, :with_entreprise, :en_construction, procedure: procedure, motivation: "Motivation") } }
         let(:dossier_id) { dossier.id }
         let(:body) { JSON.parse(retour.body, symbolize_names: true) }
-        let(:field_list) { [:id, :created_at, :updated_at, :archived, :individual, :entreprise, :etablissement, :cerfa, :types_de_piece_justificative, :pieces_justificatives, :champs, :champs_private, :commentaires, :state, :simplified_state, :initiated_at, :processed_at, :received_at, :motivation, :email, :instructeurs] }
+        let(:field_list) { [:id, :created_at, :updated_at, :archived, :individual, :entreprise, :etablissement, :cerfa, :types_de_piece_justificative, :pieces_justificatives, :champs, :champs_private, :commentaires, :state, :simplified_state, :initiated_at, :processed_at, :received_at, :motivation, :email, :instructeurs, :justificatif_motivation] }
         subject { body[:dossier] }
 
         it 'return REST code 200', :show_in_doc do
diff --git a/spec/controllers/gestionnaires/dossiers_controller_spec.rb b/spec/controllers/gestionnaires/dossiers_controller_spec.rb
index 0add282a7..ad7415874 100644
--- a/spec/controllers/gestionnaires/dossiers_controller_spec.rb
+++ b/spec/controllers/gestionnaires/dossiers_controller_spec.rb
@@ -7,6 +7,7 @@ describe Gestionnaires::DossiersController, type: :controller do
   let(:gestionnaires) { [gestionnaire] }
   let(:procedure) { create(:procedure, :published, gestionnaires: gestionnaires) }
   let(:dossier) { create(:dossier, :en_construction, procedure: procedure) }
+  let(:fake_justificatif) { Rack::Test::UploadedFile.new("./spec/fixtures/files/piece_justificative_0.pdf", 'application/pdf') }
 
   before { sign_in(gestionnaire) }
 
@@ -141,24 +142,39 @@ describe Gestionnaires::DossiersController, type: :controller do
         sign_in gestionnaire
       end
 
-      subject { post :terminer, params: { process_action: "refuser", procedure_id: procedure.id, dossier_id: dossier.id }, format: 'js' }
+      context 'simple refusal' do
+        subject { post :terminer, params: { process_action: "refuser", procedure_id: procedure.id, dossier_id: dossier.id }, format: 'js' }
 
-      it 'change state to refuse' do
-        subject
+        it 'change state to refuse' do
+          subject
 
-        dossier.reload
-        expect(dossier.state).to eq(Dossier.states.fetch(:refuse))
+          dossier.reload
+          expect(dossier.state).to eq(Dossier.states.fetch(:refuse))
+          expect(dossier.justificatif_motivation).to_not be_attached
+        end
+
+        it 'Notification email is sent' do
+          expect(NotificationMailer).to receive(:send_refused_notification)
+            .with(dossier).and_return(NotificationMailer)
+          expect(NotificationMailer).to receive(:deliver_later)
+
+          subject
+        end
       end
 
-      it 'Notification email is sent' do
-        expect(NotificationMailer).to receive(:send_refused_notification)
-          .with(dossier).and_return(NotificationMailer)
-        expect(NotificationMailer).to receive(:deliver_later)
+      context 'refusal with a justificatif' do
+        subject { post :terminer, params: { process_action: "refuser", procedure_id: procedure.id, dossier_id: dossier.id, dossier: { justificatif_motivation: fake_justificatif } }, format: 'js' }
 
-        subject
+        it 'attachs a justificatif' do
+          subject
+
+          dossier.reload
+          expect(dossier.state).to eq(Dossier.states.fetch(:refuse))
+          expect(dossier.justificatif_motivation).to be_attached
+        end
+
+        it { expect(subject.body).to include('.state-button') }
       end
-
-      it { expect(subject.body).to include('.state-button') }
     end
 
     context "with classer_sans_suite" do
@@ -166,25 +182,41 @@ describe Gestionnaires::DossiersController, type: :controller do
         dossier.en_instruction!
         sign_in gestionnaire
       end
+      context 'without attachment' do
+        subject { post :terminer, params: { process_action: "classer_sans_suite", procedure_id: procedure.id, dossier_id: dossier.id }, format: 'js' }
 
-      subject { post :terminer, params: { process_action: "classer_sans_suite", procedure_id: procedure.id, dossier_id: dossier.id }, format: 'js' }
+        it 'change state to sans_suite' do
+          subject
 
-      it 'change state to sans_suite' do
-        subject
+          dossier.reload
+          expect(dossier.state).to eq(Dossier.states.fetch(:sans_suite))
+          expect(dossier.justificatif_motivation).to_not be_attached
+        end
 
-        dossier.reload
-        expect(dossier.state).to eq(Dossier.states.fetch(:sans_suite))
+        it 'Notification email is sent' do
+          expect(NotificationMailer).to receive(:send_without_continuation_notification)
+            .with(dossier).and_return(NotificationMailer)
+          expect(NotificationMailer).to receive(:deliver_later)
+
+          subject
+        end
+
+        it { expect(subject.body).to include('.state-button') }
       end
 
-      it 'Notification email is sent' do
-        expect(NotificationMailer).to receive(:send_without_continuation_notification)
-          .with(dossier).and_return(NotificationMailer)
-        expect(NotificationMailer).to receive(:deliver_later)
+      context 'with attachment' do
+        subject { post :terminer, params: { process_action: "classer_sans_suite", procedure_id: procedure.id, dossier_id: dossier.id, dossier: { justificatif_motivation: fake_justificatif } }, format: 'js' }
 
-        subject
+        it 'change state to sans_suite' do
+          subject
+
+          dossier.reload
+          expect(dossier.state).to eq(Dossier.states.fetch(:sans_suite))
+          expect(dossier.justificatif_motivation).to be_attached
+        end
+
+        it { expect(subject.body).to include('.state-button') }
       end
-
-      it { expect(subject.body).to include('.state-button') }
     end
 
     context "with accepter" do
@@ -206,6 +238,7 @@ describe Gestionnaires::DossiersController, type: :controller do
 
         dossier.reload
         expect(dossier.state).to eq(Dossier.states.fetch(:accepte))
+        expect(dossier.justificatif_motivation).to_not be_attached
       end
 
       context 'when the dossier does not have any attestation' do
@@ -261,6 +294,20 @@ describe Gestionnaires::DossiersController, type: :controller do
 
         it { subject }
       end
+
+      context 'with an attachment' do
+        subject { post :terminer, params: { process_action: "accepter", procedure_id: procedure.id, dossier_id: dossier.id, dossier: { justificatif_motivation: fake_justificatif } }, format: 'js' }
+
+        it 'change state to accepte' do
+          subject
+
+          dossier.reload
+          expect(dossier.state).to eq(Dossier.states.fetch(:accepte))
+          expect(dossier.justificatif_motivation).to be_attached
+        end
+
+        it { expect(subject.body).to include('.state-button') }
+      end
     end
   end
 

From 183f1a5fa8ef35ce7832e4cceeddeb4aa080da36 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Wed, 6 Mar 2019 11:13:17 +0100
Subject: [PATCH 12/24] suppression de l'ajout en PJ

---
 app/mailers/notification_mailer.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb
index 31f2ccbde..2a83c2085 100644
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -17,20 +17,20 @@ class NotificationMailer < ApplicationMailer
   end
 
   def send_closed_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.closed_mail_template, dossier.justificatif_motivation)
+    send_final_notification(dossier, dossier.procedure.closed_mail_template)
   end
 
   def send_refused_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.refused_mail_template, dossier.justificatif_motivation)
+    send_final_notification(dossier, dossier.procedure.refused_mail_template)
   end
 
   def send_without_continuation_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.without_continuation_mail_template, dossier.justificatif_motivation)
+    send_final_notification(dossier, dossier.procedure.without_continuation_mail_template)
   end
 
   private
 
-  def send_notification(dossier, mail_template, attachment_file = nil)
+  def send_notification(dossier, mail_template)
     email = dossier.user.email
 
     subject = mail_template.subject_for_dossier(dossier)

From ec2e17032e85f8db105b5d3da2b2c0a01168d37a Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Wed, 6 Mar 2019 11:40:09 +0100
Subject: [PATCH 13/24] suppression de la double confirmation

---
 app/javascript/shared/activestorage/ujs.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/javascript/shared/activestorage/ujs.js b/app/javascript/shared/activestorage/ujs.js
index 43beef778..55432abf7 100644
--- a/app/javascript/shared/activestorage/ujs.js
+++ b/app/javascript/shared/activestorage/ujs.js
@@ -10,8 +10,12 @@ addEventListener(INITIALIZE_EVENT, ({ target, detail: { id, file } }) => {
   ProgressBar.init(target, id, file);
 });
 
-addEventListener(START_EVENT, ({ detail: { id } }) => {
+addEventListener(START_EVENT, ({ target, detail: { id } }) => {
   ProgressBar.start(id);
+  const button = target.form.querySelector('button.primary');
+  if (button) {
+    delete button.dataset.confirm;
+  }
 });
 
 addEventListener(PROGRESS_EVENT, ({ detail: { id, progress } }) => {

From 747dc505cc3612f94a3ffb80deddd4248244df3f Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Wed, 6 Mar 2019 11:50:17 +0100
Subject: [PATCH 14/24] ajout d'un test

---
 spec/models/concern/mail_template_concern_spec.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index 54c1ca63a..465f5e10e 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -85,6 +85,12 @@ describe MailTemplateConcern do
 
         it { is_expected.to eq("--lien attestation--") }
       end
+
+      describe "in without continuation mail" do
+        let(:mail) { create(:without_continuation_mail, procedure: procedure) }
+
+        it { is_expected.to eq("--lien attestation--") }
+      end
     end
   end
 

From f8a259864744aafdd97980621d953f53ea637e11 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Wed, 6 Mar 2019 15:30:42 +0100
Subject: [PATCH 15/24] ajout du lien vers le justificatif dans la balise
 --lien attestation--

---
 .../concerns/tags_substitution_concern.rb      | 18 +++++++++++++++++-
 .../concern/mail_template_concern_spec.rb      | 15 ++++++++++++++-
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/app/models/concerns/tags_substitution_concern.rb b/app/models/concerns/tags_substitution_concern.rb
index 390555775..872ff5d3f 100644
--- a/app/models/concerns/tags_substitution_concern.rb
+++ b/app/models/concerns/tags_substitution_concern.rb
@@ -59,7 +59,13 @@ module TagsSubstitutionConcern
     {
       libelle: 'lien attestation',
       description: '',
-      lambda: -> (d) { external_link(attestation_dossier_url(d)) },
+      lambda: -> (d) {
+        links = [external_link(attestation_dossier_url(d))]
+        if d.justificatif_motivation.attached?
+          links.push external_link_with_body("Télécharger le justificatif", url_for_justificatif_motivation(d))
+        end
+        links.join "<br />\n"
+      },
       available_for_states: [Dossier.states.fetch(:accepte)]
     }
   ]
@@ -142,6 +148,16 @@ module TagsSubstitutionConcern
     link_to(url, url, target: '_blank', rel: 'noopener')
   end
 
+  def external_link_with_body(body, url)
+    link_to(body, url, target: '_blank', rel: 'noopener')
+  end
+
+  def url_for_justificatif_motivation(dossier)
+    if dossier.justificatif_motivation.attached?
+      Rails.application.routes.url_helpers.url_for(dossier.justificatif_motivation)
+    end
+  end
+
   def dossier_tags
     # Overridden by MailTemplateConcern
     DOSSIER_TAGS
diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index 465f5e10e..a0e8e72fa 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -5,6 +5,7 @@ describe MailTemplateConcern do
   let(:dossier) { create(:dossier, procedure: procedure) }
   let(:dossier2) { create(:dossier, procedure: procedure) }
   let(:initiated_mail) { create(:initiated_mail, procedure: procedure) }
+  let(:justificatif) { Rack::Test::UploadedFile.new("./spec/fixtures/files/piece_justificative_0.pdf", 'application/pdf') }
 
   shared_examples "can replace tokens in template" do
     describe 'with no token to replace' do
@@ -74,10 +75,22 @@ describe MailTemplateConcern do
         mail.body = "--lien attestation--"
       end
 
-      describe "in closed mail" do
+      describe "in closed mail without justificatif" do
         let(:mail) { create(:closed_mail, procedure: procedure) }
 
         it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
+        it { is_expected.to_not include("Télécharger le justificatif") }
+      end
+
+      describe "in closed mail with justificatif" do
+        before do
+          dossier.justificatif_motivation.attach(justificatif)
+        end
+        let(:mail) { create(:closed_mail, procedure: procedure) }
+
+        it { expect(dossier.justificatif_motivation).to be_attached }
+        it { is_expected.to start_with("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a><br />\n") }
+        it { is_expected.to include("Télécharger le justificatif") }
       end
 
       describe "in refuse mail" do

From b3956bc07291b7c86524d85ecfca6e9cdb0a847d Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Thu, 28 Mar 2019 16:31:34 +0100
Subject: [PATCH 16/24] introduce virus scans

---
 app/models/dossier.rb                                     | 8 ++++++++
 .../dossiers/show/_download_justificatif.html.haml        | 2 +-
 app/views/shared/dossiers/_infos_generales.html.haml      | 5 +----
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/app/models/dossier.rb b/app/models/dossier.rb
index 39dc2c7ae..0412fb8ed 100644
--- a/app/models/dossier.rb
+++ b/app/models/dossier.rb
@@ -1,5 +1,6 @@
 class Dossier < ApplicationRecord
   include DossierFilteringConcern
+  include VirusScanConcern
 
   enum state: {
     brouillon:       'brouillon',
@@ -98,6 +99,9 @@ class Dossier < ApplicationRecord
   after_save :send_web_hook
   after_create :send_draft_notification_email
 
+  after_commit :create_dossier_virus_scan
+  after_initialize { add_virus_scan_on(self.justificatif_motivation) }
+
   validates :user, presence: true
 
   def update_search_terms
@@ -413,4 +417,8 @@ class Dossier < ApplicationRecord
       )
     end
   end
+
+  def create_dossier_virus_scan
+    create_virus_scan(self.justificatif_motivation)
+  end
 end
diff --git a/app/views/new_user/dossiers/show/_download_justificatif.html.haml b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
index 79c6378bc..555f2638f 100644
--- a/app/views/new_user/dossiers/show/_download_justificatif.html.haml
+++ b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
@@ -1,6 +1,6 @@
 - if dossier.present?
   - justificatif = dossier.justificatif_motivation
-  - if dossier.justificatif_motivation.attached?
+  - if dossier.justificatif_motivation.attached? and dossier.virus_scan.safe?
     .action
       = link_to (justificatif), target: '_blank', class: 'button primary' do
         %span.icon.download
diff --git a/app/views/shared/dossiers/_infos_generales.html.haml b/app/views/shared/dossiers/_infos_generales.html.haml
index d4cd9737b..9d2748899 100644
--- a/app/views/shared/dossiers/_infos_generales.html.haml
+++ b/app/views/shared/dossiers/_infos_generales.html.haml
@@ -4,11 +4,8 @@
       %th.libelle Déposé le :
       %td= l(dossier.en_construction_at, format: '%d %B %Y')
   - if dossier.justificatif_motivation.attached?
-    - justificatif = dossier.justificatif_motivation
     %tr
       %th.libelle Justificatif :
       %td
         .action
-          = link_to url_for(justificatif), target: '_blank', class: 'button primary' do
-            %span.icon.download
-            Télécharger le justificatif
+          = render partial: 'shared/piece_jointe/pj_link', locals: { object: dossier, pj: dossier.justificatif_motivation }

From e4259466b4ca72d63821bd59af757716eb1e9a9c Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Wed, 24 Apr 2019 09:42:30 +0200
Subject: [PATCH 17/24] nettoyage du tag_substitution_concern

---
 app/models/concerns/tags_substitution_concern.rb  | 2 +-
 spec/models/concern/mail_template_concern_spec.rb | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/models/concerns/tags_substitution_concern.rb b/app/models/concerns/tags_substitution_concern.rb
index 872ff5d3f..8bf81cd96 100644
--- a/app/models/concerns/tags_substitution_concern.rb
+++ b/app/models/concerns/tags_substitution_concern.rb
@@ -62,7 +62,7 @@ module TagsSubstitutionConcern
       lambda: -> (d) {
         links = [external_link(attestation_dossier_url(d))]
         if d.justificatif_motivation.attached?
-          links.push external_link_with_body("Télécharger le justificatif", url_for_justificatif_motivation(d))
+          links.push external_link_with_body("Télécharger l'attestation", url_for_justificatif_motivation(d))
         end
         links.join "<br />\n"
       },
diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index a0e8e72fa..f6c2a903e 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -77,9 +77,8 @@ describe MailTemplateConcern do
 
       describe "in closed mail without justificatif" do
         let(:mail) { create(:closed_mail, procedure: procedure) }
-
         it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
-        it { is_expected.to_not include("Télécharger le justificatif") }
+        it { is_expected.to_not include("Télécharger l&#39;attestation") }
       end
 
       describe "in closed mail with justificatif" do
@@ -90,7 +89,7 @@ describe MailTemplateConcern do
 
         it { expect(dossier.justificatif_motivation).to be_attached }
         it { is_expected.to start_with("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a><br />\n") }
-        it { is_expected.to include("Télécharger le justificatif") }
+        it { is_expected.to include("Télécharger l&#39;attestation") }
       end
 
       describe "in refuse mail" do

From 486a6eccd696285889160c246d926eb1daaf8132 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 29 Apr 2019 10:20:15 +0200
Subject: [PATCH 18/24] fix invalid refactoring

---
 app/mailers/notification_mailer.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb
index 2a83c2085..e9e88b4c1 100644
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -17,15 +17,15 @@ class NotificationMailer < ApplicationMailer
   end
 
   def send_closed_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.closed_mail_template)
+    send_notification(dossier, dossier.procedure.closed_mail_template)
   end
 
   def send_refused_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.refused_mail_template)
+    send_notification(dossier, dossier.procedure.refused_mail_template)
   end
 
   def send_without_continuation_notification(dossier)
-    send_final_notification(dossier, dossier.procedure.without_continuation_mail_template)
+    send_notification(dossier, dossier.procedure.without_continuation_mail_template)
   end
 
   private

From 653eff01f02fae1de5075625c9460525add5375f Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 29 Apr 2019 10:21:05 +0200
Subject: [PATCH 19/24] add download link for instructeur

---
 app/views/gestionnaires/dossiers/_state_button.html.haml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/gestionnaires/dossiers/_state_button.html.haml b/app/views/gestionnaires/dossiers/_state_button.html.haml
index 2c6580c6b..17986293e 100644
--- a/app/views/gestionnaires/dossiers/_state_button.html.haml
+++ b/app/views/gestionnaires/dossiers/_state_button.html.haml
@@ -60,6 +60,7 @@
         - if dossier.motivation.present?
           %h4 Motivation
           %p.dossier-motivation= dossier.motivation
+          = render partial: 'new_user/dossiers/show/download_justificatif', locals: { dossier: dossier }
 
         - if dossier.attestation.present?
           %h4 Attestation

From 0e26bda1865768ddf2ed8d42ed430a791906a309 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 29 Apr 2019 10:29:07 +0200
Subject: [PATCH 20/24] cleanup the tag substitution concern & uniformization

---
 app/models/concerns/tags_substitution_concern.rb  | 12 ++++--------
 spec/models/concern/mail_template_concern_spec.rb |  3 ++-
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/app/models/concerns/tags_substitution_concern.rb b/app/models/concerns/tags_substitution_concern.rb
index 8bf81cd96..a00261a6e 100644
--- a/app/models/concerns/tags_substitution_concern.rb
+++ b/app/models/concerns/tags_substitution_concern.rb
@@ -60,9 +60,9 @@ module TagsSubstitutionConcern
       libelle: 'lien attestation',
       description: '',
       lambda: -> (d) {
-        links = [external_link(attestation_dossier_url(d))]
+        links = [external_link("Télécharger l'attestation", attestation_dossier_url(d))]
         if d.justificatif_motivation.attached?
-          links.push external_link_with_body("Télécharger l'attestation", url_for_justificatif_motivation(d))
+          links.push external_link("Télécharger le justificatif", url_for_justificatif_motivation(d))
         end
         links.join "<br />\n"
       },
@@ -144,12 +144,8 @@ module TagsSubstitutionConcern
     end
   end
 
-  def external_link(url)
-    link_to(url, url, target: '_blank', rel: 'noopener')
-  end
-
-  def external_link_with_body(body, url)
-    link_to(body, url, target: '_blank', rel: 'noopener')
+  def external_link(url, title = nil)
+    link_to(title || url, url, target: '_blank', rel: 'noopener')
   end
 
   def url_for_justificatif_motivation(dossier)
diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index f6c2a903e..adb8e7bdd 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -78,7 +78,7 @@ describe MailTemplateConcern do
       describe "in closed mail without justificatif" do
         let(:mail) { create(:closed_mail, procedure: procedure) }
         it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
-        it { is_expected.to_not include("Télécharger l&#39;attestation") }
+        it { is_expected.to include("Télécharger l&#39;attestation") }
       end
 
       describe "in closed mail with justificatif" do
@@ -90,6 +90,7 @@ describe MailTemplateConcern do
         it { expect(dossier.justificatif_motivation).to be_attached }
         it { is_expected.to start_with("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a><br />\n") }
         it { is_expected.to include("Télécharger l&#39;attestation") }
+        it { is_expected.to include("Télécharger le justificatif") }
       end
 
       describe "in refuse mail" do

From 67a3d435d07bffe8e3e44a53a86deef3b615bdde Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 29 Apr 2019 11:03:40 +0200
Subject: [PATCH 21/24] added some space after the optionnal justificatif
 button

---
 app/assets/stylesheets/new_design/motivation.scss             | 4 ++++
 .../gestionnaires/dossiers/_state_button_motivation.html.haml | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/assets/stylesheets/new_design/motivation.scss b/app/assets/stylesheets/new_design/motivation.scss
index 5adcbc78b..0aff1d987 100644
--- a/app/assets/stylesheets/new_design/motivation.scss
+++ b/app/assets/stylesheets/new_design/motivation.scss
@@ -43,4 +43,8 @@
       padding-left: $default-spacer * 1.5;
     }
   }
+
+  .optional-justificatif {
+    margin-bottom: 16px;
+  }
 }
diff --git a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
index e5800cd6f..8a2b25732 100644
--- a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
+++ b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
@@ -28,7 +28,7 @@
                 %li= unspecified_annotations_privee.libelle
     - else
       = text_area :dossier, :motivation, class: 'motivation-text-area', placeholder: placeholder, required: true
-    %span{ id: "justificatif_motivation_suggest_#{popup_class}", onclick: "DS.showImportJustificatif('#{popup_class}');" }
+    %div.optional-justificatif{ id: "justificatif_motivation_suggest_#{popup_class}", onclick: "DS.showImportJustificatif('#{popup_class}');" }
       .button Ajouter un justificatif (optionnel)
     .hidden{ id: "justificatif_motivation_import_#{popup_class}" }
       = file_field :dossier, :justificatif_motivation, direct_upload: true

From c98655be5200d596dffda38ad8b4b1dcc3dd2d7b Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Mon, 29 Apr 2019 11:33:59 +0200
Subject: [PATCH 22/24] ellipsis on file input overflow

---
 app/assets/stylesheets/new_design/motivation.scss          | 4 ++++
 .../dossiers/_state_button_motivation.html.haml            | 2 +-
 spec/models/concern/mail_template_concern_spec.rb          | 7 +++----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/app/assets/stylesheets/new_design/motivation.scss b/app/assets/stylesheets/new_design/motivation.scss
index 0aff1d987..a8244b1f4 100644
--- a/app/assets/stylesheets/new_design/motivation.scss
+++ b/app/assets/stylesheets/new_design/motivation.scss
@@ -47,4 +47,8 @@
   .optional-justificatif {
     margin-bottom: 16px;
   }
+
+  input[data-direct-upload-url] {
+    width: 100%;
+  }
 }
diff --git a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
index 8a2b25732..f0310eb6a 100644
--- a/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
+++ b/app/views/gestionnaires/dossiers/_state_button_motivation.html.haml
@@ -28,7 +28,7 @@
                 %li= unspecified_annotations_privee.libelle
     - else
       = text_area :dossier, :motivation, class: 'motivation-text-area', placeholder: placeholder, required: true
-    %div.optional-justificatif{ id: "justificatif_motivation_suggest_#{popup_class}", onclick: "DS.showImportJustificatif('#{popup_class}');" }
+    .optional-justificatif{ id: "justificatif_motivation_suggest_#{popup_class}", onclick: "DS.showImportJustificatif('#{popup_class}');" }
       .button Ajouter un justificatif (optionnel)
     .hidden{ id: "justificatif_motivation_import_#{popup_class}" }
       = file_field :dossier, :justificatif_motivation, direct_upload: true
diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index adb8e7bdd..e30c9328f 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -77,8 +77,8 @@ describe MailTemplateConcern do
 
       describe "in closed mail without justificatif" do
         let(:mail) { create(:closed_mail, procedure: procedure) }
-        it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
-        it { is_expected.to include("Télécharger l&#39;attestation") }
+        it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">Télécharger l&#39;attestation</a>") }
+        it { is_expected.to_not include("Télécharger le justificatif") }
       end
 
       describe "in closed mail with justificatif" do
@@ -88,8 +88,7 @@ describe MailTemplateConcern do
         let(:mail) { create(:closed_mail, procedure: procedure) }
 
         it { expect(dossier.justificatif_motivation).to be_attached }
-        it { is_expected.to start_with("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a><br />\n") }
-        it { is_expected.to include("Télécharger l&#39;attestation") }
+        it { is_expected.to include("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">Télécharger l&#39;attestation</a>") }
         it { is_expected.to include("Télécharger le justificatif") }
       end
 

From d0794f42d12495f7ed514c8ecba4188374f53c87 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Tue, 30 Apr 2019 18:03:28 +0200
Subject: [PATCH 23/24] fix tag_substitution_concern links for lien attestation

---
 app/models/concerns/tags_substitution_concern.rb  | 2 +-
 spec/models/concern/mail_template_concern_spec.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/models/concerns/tags_substitution_concern.rb b/app/models/concerns/tags_substitution_concern.rb
index a00261a6e..6be66c76a 100644
--- a/app/models/concerns/tags_substitution_concern.rb
+++ b/app/models/concerns/tags_substitution_concern.rb
@@ -60,7 +60,7 @@ module TagsSubstitutionConcern
       libelle: 'lien attestation',
       description: '',
       lambda: -> (d) {
-        links = [external_link("Télécharger l'attestation", attestation_dossier_url(d))]
+        links = [external_link(attestation_dossier_url(d))]
         if d.justificatif_motivation.attached?
           links.push external_link("Télécharger le justificatif", url_for_justificatif_motivation(d))
         end
diff --git a/spec/models/concern/mail_template_concern_spec.rb b/spec/models/concern/mail_template_concern_spec.rb
index e30c9328f..ed2a10881 100644
--- a/spec/models/concern/mail_template_concern_spec.rb
+++ b/spec/models/concern/mail_template_concern_spec.rb
@@ -77,7 +77,7 @@ describe MailTemplateConcern do
 
       describe "in closed mail without justificatif" do
         let(:mail) { create(:closed_mail, procedure: procedure) }
-        it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">Télécharger l&#39;attestation</a>") }
+        it { is_expected.to eq("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
         it { is_expected.to_not include("Télécharger le justificatif") }
       end
 
@@ -88,7 +88,7 @@ describe MailTemplateConcern do
         let(:mail) { create(:closed_mail, procedure: procedure) }
 
         it { expect(dossier.justificatif_motivation).to be_attached }
-        it { is_expected.to include("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">Télécharger l&#39;attestation</a>") }
+        it { is_expected.to include("<a target=\"_blank\" rel=\"noopener\" href=\"http://localhost:3000/dossiers/#{dossier.id}/attestation\">http://localhost:3000/dossiers/#{dossier.id}/attestation</a>") }
         it { is_expected.to include("Télécharger le justificatif") }
       end
 

From afa671156476cc62d5a6db4a9a097b6c4eb7ae72 Mon Sep 17 00:00:00 2001
From: clemkeirua <clement@keiruaprod.fr>
Date: Fri, 3 May 2019 17:28:23 +0200
Subject: [PATCH 24/24] =?UTF-8?q?refacto=20suite=20=C3=A0=20simplification?=
 =?UTF-8?q?=20virusscan?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/models/dossier.rb                                     | 8 --------
 .../dossiers/show/_download_justificatif.html.haml        | 2 +-
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/app/models/dossier.rb b/app/models/dossier.rb
index 0412fb8ed..39dc2c7ae 100644
--- a/app/models/dossier.rb
+++ b/app/models/dossier.rb
@@ -1,6 +1,5 @@
 class Dossier < ApplicationRecord
   include DossierFilteringConcern
-  include VirusScanConcern
 
   enum state: {
     brouillon:       'brouillon',
@@ -99,9 +98,6 @@ class Dossier < ApplicationRecord
   after_save :send_web_hook
   after_create :send_draft_notification_email
 
-  after_commit :create_dossier_virus_scan
-  after_initialize { add_virus_scan_on(self.justificatif_motivation) }
-
   validates :user, presence: true
 
   def update_search_terms
@@ -417,8 +413,4 @@ class Dossier < ApplicationRecord
       )
     end
   end
-
-  def create_dossier_virus_scan
-    create_virus_scan(self.justificatif_motivation)
-  end
 end
diff --git a/app/views/new_user/dossiers/show/_download_justificatif.html.haml b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
index 555f2638f..509c594e0 100644
--- a/app/views/new_user/dossiers/show/_download_justificatif.html.haml
+++ b/app/views/new_user/dossiers/show/_download_justificatif.html.haml
@@ -1,6 +1,6 @@
 - if dossier.present?
   - justificatif = dossier.justificatif_motivation
-  - if dossier.justificatif_motivation.attached? and dossier.virus_scan.safe?
+  - if dossier.justificatif_motivation.attached? and dossier.justificatif_motivation.virus_scanner.safe?
     .action
       = link_to (justificatif), target: '_blank', class: 'button primary' do
         %span.icon.download