DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feat(procedure): validate external links

Browse source
This commit is contained in:
Paul Chavard 2023-06-29 12:58:38 +02:00
parent a43c3fd19d
commit 7136c96a36
13 changed files with 133 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -8,6 +8,7 @@ gem 'active_link_to' # Automatically set a class on active links
gem 'active_model_serializers'
gem 'activestorage-openstack'
gem 'active_storage_validations'
gem 'addressable'
gem 'administrate'
gem 'administrate-field-enum' # Allow using Field::Enum in administrate
gem 'after_party'

1
Gemfile.lock
View file

@ -800,6 +800,7 @@ DEPENDENCIES
active_model_serializers
active_storage_validations
activestorage-openstack
addressable
administrate
administrate-field-enum
after_party

4
app/graphql/schema.graphql
View file

@ -1016,7 +1016,7 @@ type DemarcheDescriptor {
"""
URL pour commencer la démarche
"""
demarcheUrl: String
demarcheUrl: URL
"""
Description de la démarche.
@ -1039,7 +1039,7 @@ type DemarcheDescriptor {
notice explicative de la démarche
"""
notice: File
noticeUrl: String
noticeUrl: URL
"""
Numero de la démarche.

4
app/graphql/types/demarche_descriptor_type.rb
View file

@ -25,10 +25,10 @@ Cela évite laccès récursif aux dossiers."
field :duree_conservation_dossiers, Int, "Durée de conservation des dossiers en mois.", null: false
field :demarche_url, String, "URL pour commencer la démarche", null: true
field :demarche_url, Types::URL, "URL pour commencer la démarche", null: true
field :site_web_url, String, "URL où les usagers trouvent le lien vers la démarche", null: true
field :dpo_url, String, "URL ou email pour contacter le Délégué à la Protection des Données (DPO)", null: true
field :notice_url, String, null: true
field :notice_url, Types::URL, null: true
field :cadre_juridique_url, String, "URL du cadre juridique qui justifie le droit de collecter les données demandées dans la démarche", null: true
field :opendata, Boolean, null: false

6
app/graphql/types/url.rb
View file

@ -3,12 +3,14 @@ module Types
description "A valid URL, transported as a string"
def self.coerce_input(input_value, context)
url = URI.parse(input_value)
if url.is_a?(URI::HTTP) || url.is_a?(URI::HTTPS)
url = Addressable::URI(input_value)
if uri.scheme.in?(['http', 'https'])
url
else
raise GraphQL::CoercionError, "#{input_value.inspect} is not a valid URL"
end
rescue Addressable::URI::InvalidURIError
raise GraphQL::CoercionError, "#{input_value.inspect} is not a valid URL"
end
def self.coerce_result(ruby_value, context)

2
app/helpers/procedure_helper.rb
View file

@ -48,7 +48,7 @@ module ProcedureHelper
def url_or_email_to_lien_dpo(procedure)
URI::MailTo.build([procedure.lien_dpo, "subject="]).to_s
rescue URI::InvalidComponentError
uri = URI.parse(procedure.lien_dpo)
uri = Addressable::URI.parse(procedure.lien_dpo)
return "//#{uri}" if uri.scheme.nil?
uri.to_s
end

7
app/jobs/cron/procedure_external_url_check_job.rb Normal file
View file

@ -0,0 +1,7 @@
class Cron::ProcedureExternalURLCheckJob < Cron::CronJob
self.schedule_expression = "every week on monday at 1 am"
def perform
Procedure.with_external_urls.find_each { ::ProcedureExternalURLCheckJob.perform_later(_1) }
end
end

33
app/jobs/procedure_external_url_check_job.rb Normal file
View file

@ -0,0 +1,33 @@
class ProcedureExternalURLCheckJob < ApplicationJob
def perform(procedure)
procedure.validate
if procedure.lien_notice.present?
error = procedure.errors.find { _1.attribute == :lien_notice }
if error.present?
procedure.update!(lien_notice_error: error.message)
else
response = Typhoeus.get(procedure.lien_notice, followlocation: true)
if response.success?
procedure.update!(lien_notice_error: nil)
else
procedure.update!(lien_notice_error: "#{response.code} #{response.return_message}")
end
end
end
if procedure.lien_dpo.present? && !procedure.lien_dpo_email?
error = procedure.errors.find { _1.attribute == :lien_dpo }
if error.present?
procedure.update!(lien_dpo_error: error.message)
else
response = Typhoeus.get(procedure.lien_dpo, followlocation: true)
if response.success?
procedure.update!(lien_dpo_error: nil)
else
procedure.update!(lien_dpo_error: "#{response.code} #{response.return_message}")
end
end
end
end
end

12
app/models/procedure.rb
View file

@ -234,6 +234,8 @@ class Procedure < ApplicationRecord
scope :opendata, -> { where(opendata: true) }
scope :publiees_ou_closes, -> { where(aasm_state: [:publiee, :close, :depubliee]) }
scope :with_external_urls, -> { where.not(lien_notice: [nil, '']).or(where.not(lien_dpo: [nil, ''])) }
scope :publiques, -> do
publiees_ou_closes
.opendata
@ -294,7 +296,12 @@ class Procedure < ApplicationRecord
validates :libelle, presence: true, allow_blank: false, allow_nil: false
validates :description, presence: true, allow_blank: false, allow_nil: false
validates :administrateurs, presence: true
validates :lien_site_web, presence: true, if: :publiee?
validates :lien_notice, url: { no_local: true, allow_blank: true }
validates :lien_dpo, format: { with: Devise.email_regexp, message: "n'est pas valide" }, if: :lien_dpo_email?
validates :lien_dpo, url: { no_local: true, allow_blank: true }, unless: :lien_dpo_email?
validates :draft_types_de_champ_public,
'types_de_champ/no_empty_block': true,
'types_de_champ/no_empty_drop_down': true,
@ -320,7 +327,6 @@ class Procedure < ApplicationRecord
less_than_or_equal_to: 60
}
validates :lien_dpo, email_or_link: true, allow_nil: true
validates_with MonAvisEmbedValidator
validates_associated :draft_revision, on: :publication
@ -978,6 +984,10 @@ class Procedure < ApplicationRecord
update!(routing_enabled: self.groupe_instructeurs.active.many?)
end
def lien_dpo_email?
lien_dpo.present? && lien_dpo.match?(/@/)
end
private
def validate_auto_archive_on_in_the_future

7
app/validators/email_or_link_validator.rb
View file

@ -1,7 +0,0 @@
class EmailOrLinkValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
URI.parse(value)
rescue URI::InvalidURIError
record.errors.add(attribute, :invalid_uri_or_email)
end
end

69
app/validators/url_validator.rb Normal file
View file

@ -0,0 +1,69 @@
require 'active_model'
require 'active_support/i18n'
require 'public_suffix'
require 'addressable/uri'
# Most of this code is borowed from https://github.com/perfectline/validates_url
class URLValidator < ActiveModel::EachValidator
RESERVED_OPTIONS = [:schemes, :no_local]
def initialize(options)
options.reverse_merge!(schemes: ['http', 'https'])
options.reverse_merge!(message: :url)
options.reverse_merge!(no_local: false)
options.reverse_merge!(public_suffix: false)
options.reverse_merge!(accept_array: false)
super(options)
end
def validate_each(record, attribute, value)
message = options.fetch(:message)
schemes = [*options.fetch(:schemes)].map(&:to_s)
if value.respond_to?(:each)
# Error out if we're not allowing arrays
if !options.include?(:accept_array) || !options.fetch(:accept_array)
record.errors.add(attribute, message, **filtered_options(value))
end
# We have to manually handle `:allow_nil` and `:allow_blank` since it's not caught by
# ActiveRecord's own validators. We do that by just removing all the nil's if we want to
# allow them so it's not passed on later.
value = value.compact if options.include?(:allow_nil) && options.fetch(:allow_nil)
value = value.compact_blank if options.include?(:allow_blank) && options.fetch(:allow_blank)
result = value.flat_map { validate_url(record, attribute, _1, message, schemes) }
errors = result.compact
return errors.any? ? errors.first : true
end
validate_url(record, attribute, value, message, schemes)
end
protected
def filtered_options(value)
filtered = options.except(*RESERVED_OPTIONS)
filtered[:value] = value
filtered
end
def validate_url(record, attribute, value, message, schemes)
uri = Addressable::URI.parse(value)
host = uri && uri.host
scheme = uri && uri.scheme
valid_scheme = host && scheme && schemes.include?(scheme)
valid_no_local = !options.fetch(:no_local) || (host && host.include?('.'))
valid_suffix = !options.fetch(:public_suffix) || (host && PublicSuffix.valid?(host, default_rule: nil))
unless valid_scheme && valid_no_local && valid_suffix
record.errors.add(attribute, message, **filtered_options(value))
end
rescue Addressable::URI::InvalidURIError
record.errors.add(attribute, message, **filtered_options(value))
end
end

2
config/locales/en.yml
View file

@ -335,7 +335,6 @@ en:
updated_at: "Updated on %{datetime}"
edit:
autosave: Your file is automatically saved after each modification. You can close the window at any time and pick up where you left off later.
notice: "Download the notice of the procedure"
pending_correction:
confirm_label: I certify that I have made all corrections requested by the administration.
messages:
@ -569,6 +568,7 @@ en:
messages:
not_a_phone: 'Invalid phone number'
not_a_rna: 'Invalid RNA number'
url: 'is not a valid link'
models:
attestation_template:
attributes:

2
config/locales/fr.yml
View file

@ -335,7 +335,6 @@ fr:
updated_at: "Modifié le %{datetime}"
edit:
autosave: Votre dossier est enregistré automatiquement après chaque modification. Vous pouvez à tout moment fermer la fenêtre et reprendre plus tard là où vous en étiez.
notice: Télécharger le guide de la démarche
pending_correction:
confirm_label: Je certifie avoir effectué toutes les corrections demandées par ladministration.
messages:
@ -572,6 +571,7 @@ fr:
messages:
not_a_phone: 'Numéro de téléphone invalide'
not_a_rna: 'Numéro RNA invalide'
url: 'nest pas un lien valide'
models:
attestation_template:
attributes: