diff --git a/Gemfile b/Gemfile index c1c879295..520c04354 100644 --- a/Gemfile +++ b/Gemfile @@ -8,6 +8,7 @@ gem 'active_link_to' # Automatically set a class on active links gem 'active_model_serializers' gem 'activestorage-openstack' gem 'active_storage_validations' +gem 'addressable' gem 'administrate' gem 'administrate-field-enum' # Allow using Field::Enum in administrate gem 'after_party' diff --git a/Gemfile.lock b/Gemfile.lock index 8f80f0d35..3d36d8933 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -800,6 +800,7 @@ DEPENDENCIES active_model_serializers active_storage_validations activestorage-openstack + addressable administrate administrate-field-enum after_party diff --git a/app/graphql/schema.graphql b/app/graphql/schema.graphql index 7ecc93333..10548210b 100644 --- a/app/graphql/schema.graphql +++ b/app/graphql/schema.graphql @@ -1016,7 +1016,7 @@ type DemarcheDescriptor { """ URL pour commencer la démarche """ - demarcheUrl: String + demarcheUrl: URL """ Description de la démarche. @@ -1039,7 +1039,7 @@ type DemarcheDescriptor { notice explicative de la démarche """ notice: File - noticeUrl: String + noticeUrl: URL """ Numero de la démarche. diff --git a/app/graphql/types/demarche_descriptor_type.rb b/app/graphql/types/demarche_descriptor_type.rb index 7562dfcc6..c9eff3c59 100644 --- a/app/graphql/types/demarche_descriptor_type.rb +++ b/app/graphql/types/demarche_descriptor_type.rb @@ -25,10 +25,10 @@ Cela évite l’accès récursif aux dossiers." field :duree_conservation_dossiers, Int, "Durée de conservation des dossiers en mois.", null: false - field :demarche_url, String, "URL pour commencer la démarche", null: true + field :demarche_url, Types::URL, "URL pour commencer la démarche", null: true field :site_web_url, String, "URL où les usagers trouvent le lien vers la démarche", null: true field :dpo_url, String, "URL ou email pour contacter le Délégué à la Protection des Données (DPO)", null: true - field :notice_url, String, null: true + field :notice_url, Types::URL, null: true field :cadre_juridique_url, String, "URL du cadre juridique qui justifie le droit de collecter les données demandées dans la démarche", null: true field :opendata, Boolean, null: false diff --git a/app/graphql/types/url.rb b/app/graphql/types/url.rb index 287b5789e..fad71e4eb 100644 --- a/app/graphql/types/url.rb +++ b/app/graphql/types/url.rb @@ -3,12 +3,14 @@ module Types description "A valid URL, transported as a string" def self.coerce_input(input_value, context) - url = URI.parse(input_value) - if url.is_a?(URI::HTTP) || url.is_a?(URI::HTTPS) + url = Addressable::URI(input_value) + if uri.scheme.in?(['http', 'https']) url else raise GraphQL::CoercionError, "#{input_value.inspect} is not a valid URL" end + rescue Addressable::URI::InvalidURIError + raise GraphQL::CoercionError, "#{input_value.inspect} is not a valid URL" end def self.coerce_result(ruby_value, context) diff --git a/app/helpers/procedure_helper.rb b/app/helpers/procedure_helper.rb index ce16c40f8..993b8bb08 100644 --- a/app/helpers/procedure_helper.rb +++ b/app/helpers/procedure_helper.rb @@ -48,7 +48,7 @@ module ProcedureHelper def url_or_email_to_lien_dpo(procedure) URI::MailTo.build([procedure.lien_dpo, "subject="]).to_s rescue URI::InvalidComponentError - uri = URI.parse(procedure.lien_dpo) + uri = Addressable::URI.parse(procedure.lien_dpo) return "//#{uri}" if uri.scheme.nil? uri.to_s end diff --git a/app/jobs/cron/procedure_external_url_check_job.rb b/app/jobs/cron/procedure_external_url_check_job.rb new file mode 100644 index 000000000..ab18c8c37 --- /dev/null +++ b/app/jobs/cron/procedure_external_url_check_job.rb @@ -0,0 +1,7 @@ +class Cron::ProcedureExternalURLCheckJob < Cron::CronJob + self.schedule_expression = "every week on monday at 1 am" + + def perform + Procedure.with_external_urls.find_each { ::ProcedureExternalURLCheckJob.perform_later(_1) } + end +end diff --git a/app/jobs/procedure_external_url_check_job.rb b/app/jobs/procedure_external_url_check_job.rb new file mode 100644 index 000000000..fb4229eb3 --- /dev/null +++ b/app/jobs/procedure_external_url_check_job.rb @@ -0,0 +1,33 @@ +class ProcedureExternalURLCheckJob < ApplicationJob + def perform(procedure) + procedure.validate + + if procedure.lien_notice.present? + error = procedure.errors.find { _1.attribute == :lien_notice } + if error.present? + procedure.update!(lien_notice_error: error.message) + else + response = Typhoeus.get(procedure.lien_notice, followlocation: true) + if response.success? + procedure.update!(lien_notice_error: nil) + else + procedure.update!(lien_notice_error: "#{response.code} #{response.return_message}") + end + end + end + + if procedure.lien_dpo.present? && !procedure.lien_dpo_email? + error = procedure.errors.find { _1.attribute == :lien_dpo } + if error.present? + procedure.update!(lien_dpo_error: error.message) + else + response = Typhoeus.get(procedure.lien_dpo, followlocation: true) + if response.success? + procedure.update!(lien_dpo_error: nil) + else + procedure.update!(lien_dpo_error: "#{response.code} #{response.return_message}") + end + end + end + end +end diff --git a/app/models/procedure.rb b/app/models/procedure.rb index 2baabf817..375c944b3 100644 --- a/app/models/procedure.rb +++ b/app/models/procedure.rb @@ -234,6 +234,8 @@ class Procedure < ApplicationRecord scope :opendata, -> { where(opendata: true) } scope :publiees_ou_closes, -> { where(aasm_state: [:publiee, :close, :depubliee]) } + scope :with_external_urls, -> { where.not(lien_notice: [nil, '']).or(where.not(lien_dpo: [nil, ''])) } + scope :publiques, -> do publiees_ou_closes .opendata @@ -294,7 +296,12 @@ class Procedure < ApplicationRecord validates :libelle, presence: true, allow_blank: false, allow_nil: false validates :description, presence: true, allow_blank: false, allow_nil: false validates :administrateurs, presence: true + validates :lien_site_web, presence: true, if: :publiee? + validates :lien_notice, url: { no_local: true, allow_blank: true } + validates :lien_dpo, format: { with: Devise.email_regexp, message: "n'est pas valide" }, if: :lien_dpo_email? + validates :lien_dpo, url: { no_local: true, allow_blank: true }, unless: :lien_dpo_email? + validates :draft_types_de_champ_public, 'types_de_champ/no_empty_block': true, 'types_de_champ/no_empty_drop_down': true, @@ -320,7 +327,6 @@ class Procedure < ApplicationRecord less_than_or_equal_to: 60 } - validates :lien_dpo, email_or_link: true, allow_nil: true validates_with MonAvisEmbedValidator validates_associated :draft_revision, on: :publication @@ -978,6 +984,10 @@ class Procedure < ApplicationRecord update!(routing_enabled: self.groupe_instructeurs.active.many?) end + def lien_dpo_email? + lien_dpo.present? && lien_dpo.match?(/@/) + end + private def validate_auto_archive_on_in_the_future diff --git a/app/validators/email_or_link_validator.rb b/app/validators/email_or_link_validator.rb deleted file mode 100644 index 7b0358256..000000000 --- a/app/validators/email_or_link_validator.rb +++ /dev/null @@ -1,7 +0,0 @@ -class EmailOrLinkValidator < ActiveModel::EachValidator - def validate_each(record, attribute, value) - URI.parse(value) - rescue URI::InvalidURIError - record.errors.add(attribute, :invalid_uri_or_email) - end -end diff --git a/app/validators/url_validator.rb b/app/validators/url_validator.rb new file mode 100644 index 000000000..c24e3590b --- /dev/null +++ b/app/validators/url_validator.rb @@ -0,0 +1,69 @@ +require 'active_model' +require 'active_support/i18n' +require 'public_suffix' +require 'addressable/uri' + +# Most of this code is borowed from https://github.com/perfectline/validates_url + +class URLValidator < ActiveModel::EachValidator + RESERVED_OPTIONS = [:schemes, :no_local] + + def initialize(options) + options.reverse_merge!(schemes: ['http', 'https']) + options.reverse_merge!(message: :url) + options.reverse_merge!(no_local: false) + options.reverse_merge!(public_suffix: false) + options.reverse_merge!(accept_array: false) + + super(options) + end + + def validate_each(record, attribute, value) + message = options.fetch(:message) + schemes = [*options.fetch(:schemes)].map(&:to_s) + + if value.respond_to?(:each) + # Error out if we're not allowing arrays + if !options.include?(:accept_array) || !options.fetch(:accept_array) + record.errors.add(attribute, message, **filtered_options(value)) + end + + # We have to manually handle `:allow_nil` and `:allow_blank` since it's not caught by + # ActiveRecord's own validators. We do that by just removing all the nil's if we want to + # allow them so it's not passed on later. + value = value.compact if options.include?(:allow_nil) && options.fetch(:allow_nil) + value = value.compact_blank if options.include?(:allow_blank) && options.fetch(:allow_blank) + + result = value.flat_map { validate_url(record, attribute, _1, message, schemes) } + errors = result.compact + + return errors.any? ? errors.first : true + end + + validate_url(record, attribute, value, message, schemes) + end + + protected + + def filtered_options(value) + filtered = options.except(*RESERVED_OPTIONS) + filtered[:value] = value + filtered + end + + def validate_url(record, attribute, value, message, schemes) + uri = Addressable::URI.parse(value) + host = uri && uri.host + scheme = uri && uri.scheme + + valid_scheme = host && scheme && schemes.include?(scheme) + valid_no_local = !options.fetch(:no_local) || (host && host.include?('.')) + valid_suffix = !options.fetch(:public_suffix) || (host && PublicSuffix.valid?(host, default_rule: nil)) + + unless valid_scheme && valid_no_local && valid_suffix + record.errors.add(attribute, message, **filtered_options(value)) + end + rescue Addressable::URI::InvalidURIError + record.errors.add(attribute, message, **filtered_options(value)) + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index ec9dd32bc..d525d9f93 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -335,7 +335,6 @@ en: updated_at: "Updated on %{datetime}" edit: autosave: Your file is automatically saved after each modification. You can close the window at any time and pick up where you left off later. - notice: "Download the notice of the procedure" pending_correction: confirm_label: I certify that I have made all corrections requested by the administration. messages: @@ -569,6 +568,7 @@ en: messages: not_a_phone: 'Invalid phone number' not_a_rna: 'Invalid RNA number' + url: 'is not a valid link' models: attestation_template: attributes: diff --git a/config/locales/fr.yml b/config/locales/fr.yml index a62c1af9e..a82963b38 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -335,7 +335,6 @@ fr: updated_at: "Modifié le %{datetime}" edit: autosave: Votre dossier est enregistré automatiquement après chaque modification. Vous pouvez à tout moment fermer la fenêtre et reprendre plus tard là où vous en étiez. - notice: Télécharger le guide de la démarche pending_correction: confirm_label: Je certifie avoir effectué toutes les corrections demandées par l’administration. messages: @@ -572,6 +571,7 @@ fr: messages: not_a_phone: 'Numéro de téléphone invalide' not_a_rna: 'Numéro RNA invalide' + url: 'n’est pas un lien valide' models: attestation_template: attributes: