From cd4848a91608f305055a67c560518741f7fd2ced Mon Sep 17 00:00:00 2001 From: Xavier J Date: Wed, 14 Sep 2016 18:34:19 +0200 Subject: [PATCH 1/5] Update Gems Devise and Uglifier for security alert --- Gemfile | 2 +- Gemfile.lock | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/Gemfile b/Gemfile index 74ec148d8..7ae9eeaf0 100644 --- a/Gemfile +++ b/Gemfile @@ -50,7 +50,7 @@ gem 'will_paginate-bootstrap' gem 'draper' #Gestion des comptes utilisateurs -gem 'devise' +gem 'devise', '~> 3.0' gem 'openid_connect' gem 'rest-client' diff --git a/Gemfile.lock b/Gemfile.lock index a9ac8e9f2..a5430abe3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -62,7 +62,7 @@ GEM autoprefixer-rails (5.2.1) execjs json - bcrypt (3.1.10) + bcrypt (3.1.11) bindata (2.1.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) @@ -119,7 +119,7 @@ GEM debug_inspector (0.0.2) deep_cloneable (2.2.1) activerecord (>= 3.1.0, < 5.2.0) - devise (3.4.1) + devise (3.5.10) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 3.2.6, < 5) @@ -141,7 +141,7 @@ GEM erubis (2.7.0) eventmachine (1.0.8) excon (0.49.0) - execjs (2.5.2) + execjs (2.7.0) factory_girl (4.5.0) activesupport (>= 3.0.0) faraday (0.9.1) @@ -461,8 +461,8 @@ GEM json (~> 1.4) ref (2.0.0) request_store (1.1.0) - responders (2.1.0) - railties (>= 4.2.0, < 5) + responders (2.3.0) + railties (>= 4.2.0, < 5.1) rest-client (1.8.0) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 3.0) @@ -574,9 +574,8 @@ GEM coffee-rails tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (2.7.1) - execjs (>= 0.3.0) - json (>= 1.8.0) + uglifier (3.0.2) + execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext unf_ext (0.0.7.1) @@ -592,7 +591,7 @@ GEM activemodel (>= 3.0.0) addressable vcr (3.0.1) - warden (1.2.3) + warden (1.2.6) rack (>= 1.0) web-console (2.2.1) activemodel (>= 4.0) @@ -636,7 +635,7 @@ DEPENDENCIES coffee-rails (~> 4.1.0) database_cleaner deep_cloneable (~> 2.2.1) - devise + devise (~> 3.0) draper factory_girl fog From ccd9c0898d7bb941c723109ce2bd59258248d05f Mon Sep 17 00:00:00 2001 From: Xavier J Date: Fri, 16 Sep 2016 15:40:30 +0200 Subject: [PATCH 2/5] Fix test with cloud storage enabled --- config/initializers/features.yml | 2 +- spec/controllers/users/description_controller_shared_example.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/initializers/features.yml b/config/initializers/features.yml index e91fb5346..22e2c5e0d 100644 --- a/config/initializers/features.yml +++ b/config/initializers/features.yml @@ -1 +1 @@ -remote_storage: false +remote_storage: true diff --git a/spec/controllers/users/description_controller_shared_example.rb b/spec/controllers/users/description_controller_shared_example.rb index b11cb12bb..ea3d42e9b 100644 --- a/spec/controllers/users/description_controller_shared_example.rb +++ b/spec/controllers/users/description_controller_shared_example.rb @@ -285,7 +285,7 @@ shared_examples 'description_controller_spec_POST_piece_justificatives_for_owner 'piece_justificative_'+all_pj_type[0].to_s => piece_justificative_0, 'piece_justificative_'+all_pj_type[1].to_s => piece_justificative_1} } - context 'when user is the owner' do + context 'when user is the owner', vcr: {cassette_name: 'controllers_users_description_controller_pieces_justificatives'} do before do sign_in user end From 9332c0f6ed00f16e4cfe901e024c8fec38b8789a Mon Sep 17 00:00:00 2001 From: Xavier J Date: Fri, 16 Sep 2016 16:29:34 +0200 Subject: [PATCH 3/5] Fix brakeman test --- app/views/dossiers/etapes/_etape1.html.haml | 3 ++- app/views/notification_mailer/dossier_received.html.erb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/views/dossiers/etapes/_etape1.html.haml b/app/views/dossiers/etapes/_etape1.html.haml index 70c1e11fb..f9de0d764 100644 --- a/app/views/dossiers/etapes/_etape1.html.haml +++ b/app/views/dossiers/etapes/_etape1.html.haml @@ -21,4 +21,5 @@ - unless @facade.procedure.lien_site_web.blank? .center - =link_to 'En savoir plus ...', @facade.procedure.lien_site_web, {target: '_blank'} \ No newline at end of file + %a{href: "#{@facade.procedure.lien_site_web.html_safe}", target: '_blank'} + En savoir plus ... \ No newline at end of file diff --git a/app/views/notification_mailer/dossier_received.html.erb b/app/views/notification_mailer/dossier_received.html.erb index 9064120b6..4bcdc394f 100644 --- a/app/views/notification_mailer/dossier_received.html.erb +++ b/app/views/notification_mailer/dossier_received.html.erb @@ -1 +1 @@ -<%= (MailTemplate.replace_tags @dossier.procedure.mail_received.body, @dossier).html_safe %> \ No newline at end of file +<%= escape_once (MailTemplate.replace_tags @dossier.procedure.mail_received.body, @dossier).html_safe %> \ No newline at end of file From bd89688346c9a07f7ea3989c2639546694d1f7d8 Mon Sep 17 00:00:00 2001 From: Xavier J Date: Fri, 16 Sep 2016 17:08:50 +0200 Subject: [PATCH 4/5] Fix test INSEE v2 get etablissement view --- app/assets/javascripts/dossiers.js | 7 ++++++- app/services/dossier_service.rb | 6 +++++- lib/siade/etablissement_adapter.rb | 2 ++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/dossiers.js b/app/assets/javascripts/dossiers.js index 0307b5a63..e65a0da9e 100644 --- a/app/assets/javascripts/dossiers.js +++ b/app/assets/javascripts/dossiers.js @@ -23,7 +23,12 @@ function the_terms() { } function error_form_siret(invalid_siret){ - $("input[type='submit']").removeClass('btn-success').addClass('btn-danger').val('Erreur SIRET'); + setTimeout(function(){ + $("input[type='submit']").val('Erreur SIRET'); + }, 10); + + $("input[type='submit']").removeClass('btn-success').addClass('btn-danger'); + $("#dossier_siret").addClass('input-error').val(invalid_siret).on('input', reset_form_siret); } diff --git a/app/services/dossier_service.rb b/app/services/dossier_service.rb index e086c3657..01c1fc6a0 100644 --- a/app/services/dossier_service.rb +++ b/app/services/dossier_service.rb @@ -13,9 +13,13 @@ class DossierService raise RestClient::ResourceNotFound end - @dossier.create_entreprise(@entreprise_adapter.to_params) @etablissement_adapter = SIADE::EtablissementAdapter.new(@siret) + if @etablissement_adapter.to_params.nil? + raise RestClient::ResourceNotFound + end + + @dossier.create_entreprise(@entreprise_adapter.to_params) @dossier.create_etablissement(@etablissement_adapter.to_params) @rna_adapter = SIADE::RNAAdapter.new(@siret) diff --git a/lib/siade/etablissement_adapter.rb b/lib/siade/etablissement_adapter.rb index b03c3d821..72c0052e0 100644 --- a/lib/siade/etablissement_adapter.rb +++ b/lib/siade/etablissement_adapter.rb @@ -18,6 +18,8 @@ class SIADE::EtablissementAdapter params[k] = v if address_attribut_to_fetch.include?(k) end params + rescue + nil end def attr_to_fetch From 5fb678e53bc3d54b5dd6f15a44d9a10bb8e83d6a Mon Sep 17 00:00:00 2001 From: Xavier J Date: Fri, 16 Sep 2016 17:18:29 +0200 Subject: [PATCH 5/5] Fix test --- spec/lib/siade/etablissement_adapter_spec.rb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/spec/lib/siade/etablissement_adapter_spec.rb b/spec/lib/siade/etablissement_adapter_spec.rb index 82d0191ad..6d6257773 100644 --- a/spec/lib/siade/etablissement_adapter_spec.rb +++ b/spec/lib/siade/etablissement_adapter_spec.rb @@ -7,7 +7,7 @@ describe SIADE::EtablissementAdapter do before do stub_request(:get, "https://api-dev.apientreprise.fr/v2/etablissements/#{siret}?token=#{SIADETOKEN}") - .to_return(body: File.read('spec/support/files/etablissement.json', status: 200)) + .to_return(body: File.read('spec/support/files/etablissement.json', status: 200)) end it '#to_params class est une Hash ?' do @@ -74,11 +74,9 @@ describe SIADE::EtablissementAdapter do before do stub_request(:get, "https://api-dev.apientreprise.fr/v2/etablissements/#{bad_siret}?token=#{SIADETOKEN}") - .to_return(body: 'Fake body', status: 404) + .to_return(body: 'Fake body', status: 404) end - it 'raises exception RestClient::ResourceNotFound' do - expect { subject }.to raise_error(RestClient::ResourceNotFound) - end + it { expect(subject).to be_nil } end end