DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6746 from betagouv/US/fix_mon_avis_validator

Browse source 
ETQ administrateur ; je souhaite pouvoir publier un lien vers monavis qui utilise les URL de vosusagers
This commit is contained in:
mfo 2021-12-13 15:48:53 +01:00 committed by GitHub
commit 68a0b6f474
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/validators/mon_avis_embed_validator.rb
View file

@ -1,7 +1,7 @@
class MonAvisEmbedValidator < ActiveModel::Validator class MonAvisEmbedValidator < ActiveModel::Validator
def validate(record) def validate(record)
# We need to ensure the embed code is not any random string in order to avoid injections # We need to ensure the embed code is not any random string in order to avoid injections
r = Regexp.new('<a href="https://monavis|voxusagers.numerique.gouv.fr/Demarches/\d+.*key=[[:alnum:]]+.*">\s*<img src="(https://monavis.numerique.gouv.fr/monavis-static/bouton-blanc|bleu.png)|(https://voxusagers.numerique.gouv.fr/static/bouton-(bleu|blanc).svg)" alt="Je donne mon avis" title="Je donne mon avis sur cette démarche" />\s*</a>', Regexp::MULTILINE) r = Regexp.new('<a href="https://monavis|voxusagers.numerique.gouv.fr/Demarches/\d+.*key=[[:alnum:]]+.*">\s*<img src="https://monavis|voxusagers.numerique.gouv.fr/(monavis-)?static/bouton-blanc|bleu.png|svg" alt="Je donne mon avis" title="Je donne mon avis sur cette démarche" />\s*</a>', Regexp::MULTILINE)
if record.monavis_embed.present? && !r.match?(record.monavis_embed) if record.monavis_embed.present? && !r.match?(record.monavis_embed)
record.errors[:base] << "Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme." record.errors[:base] << "Le code fourni ne correspond pas au format des codes MonAvis reconnus par la plateforme."
end end

10
spec/models/procedure_spec.rb
View file

@ -262,6 +262,16 @@ describe Procedure do
let(:procedure) { build(:procedure, monavis_embed: monavis_bleu) } let(:procedure) { build(:procedure, monavis_embed: monavis_bleu) }
it { expect(procedure.valid?).to eq(true) } it { expect(procedure.valid?).to eq(true) }
end end
context 'Monavis embed code with voxusages is allowed' do
monavis_issue_phillipe = <<-MSG
<a href="https://voxusagers.numerique.gouv.fr/Demarches/3193?&view-mode=formulaire-avis&nd_mode=en-ligne-enti%C3%A8rement&nd_source=button&key=58e099a09c02abe629c14905ed2b055d">
<img src="https://monavis.numerique.gouv.fr/monavis-static/bouton-bleu.png" alt="Je donne mon avis" title="Je donne mon avis sur cette démarche" />
</a>
MSG
let(:procedure) { build(:procedure, monavis_embed: monavis_issue_phillipe) }
it { expect(procedure.valid?).to eq(true) }
end
end end
shared_examples 'duree de conservation' do shared_examples 'duree de conservation' do