From 95f98fe60519b21e5035c630ad7719ac2926d228 Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Tue, 5 Nov 2019 16:36:12 +0100 Subject: [PATCH 1/7] API v1 correctly handle resultats_par_page --- app/controllers/api/v1/dossiers_controller.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/v1/dossiers_controller.rb b/app/controllers/api/v1/dossiers_controller.rb index 980ba7e81..9a990734d 100644 --- a/app/controllers/api/v1/dossiers_controller.rb +++ b/app/controllers/api/v1/dossiers_controller.rb @@ -2,6 +2,7 @@ class API::V1::DossiersController < APIController before_action :fetch_procedure_and_check_token DEFAULT_PAGE_SIZE = 100 + MAX_PAGE_SIZE = 1000 ORDER_DIRECTIONS = { 'asc' => :asc, 'desc' => :desc } def index @@ -33,7 +34,12 @@ class API::V1::DossiersController < APIController end def per_page # inherited value from will_paginate - [params[:resultats_par_page]&.to_i || DEFAULT_PAGE_SIZE, 1000].min + resultats_par_page = params[:resultats_par_page]&.to_i + if resultats_par_page && resultats_par_page > 0 + [resultats_par_page, MAX_PAGE_SIZE].min + else + DEFAULT_PAGE_SIZE + end end def fetch_procedure_and_check_token From f5c80f211d5ede70ea4d3fb819a64715daa5cbf2 Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Tue, 5 Nov 2019 16:44:28 +0100 Subject: [PATCH 2/7] Guard for missing attestation on dossier --- app/controllers/users/dossiers_controller.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/controllers/users/dossiers_controller.rb b/app/controllers/users/dossiers_controller.rb index 23cb10410..8c0ccad0f 100644 --- a/app/controllers/users/dossiers_controller.rb +++ b/app/controllers/users/dossiers_controller.rb @@ -48,8 +48,11 @@ module Users end def attestation - if dossier.attestation.pdf.attached? + if dossier.attestation&.pdf&.attached? redirect_to url_for(dossier.attestation.pdf) + else + flash.notice = "L'attestation n'est plus disponible sur ce dossier." + redirect_to dossier_path(dossier) end end From a708b071dd81dab7354ddc1d24f47e2d92835b9c Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Tue, 5 Nov 2019 16:54:43 +0100 Subject: [PATCH 3/7] Do not crash with champ repetable with no children --- app/views/champs/repetition/_show.html.haml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/app/views/champs/repetition/_show.html.haml b/app/views/champs/repetition/_show.html.haml index 508593712..8b3240829 100644 --- a/app/views/champs/repetition/_show.html.haml +++ b/app/views/champs/repetition/_show.html.haml @@ -1,10 +1,11 @@ - champs = champ.rows.last -- index = (champ.rows.size - 1) * champs.size -%div{ class: "row row-#{champs.first.row}" } - - champs.each.with_index(index) do |champ, index| - = fields_for "#{attribute}[#{index}]", champ do |form| - = render partial: "shared/dossiers/editable_champs/editable_champ", locals: { champ: champ, form: form } - = form.hidden_field :id - = form.hidden_field :_destroy, disabled: true - %button.button.danger.remove-row - Supprimer +- if champs.present? + - index = (champ.rows.size - 1) * champs.size + %div{ class: "row row-#{champs.first.row}" } + - champs.each.with_index(index) do |champ, index| + = fields_for "#{attribute}[#{index}]", champ do |form| + = render partial: "shared/dossiers/editable_champs/editable_champ", locals: { champ: champ, form: form } + = form.hidden_field :id + = form.hidden_field :_destroy, disabled: true + %button.button.danger.remove-row + Supprimer From ee62d6fca453bf7fb1a32274a1e48f888caaf04b Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Tue, 5 Nov 2019 17:06:49 +0100 Subject: [PATCH 4/7] Fix move type de champs --- app/models/procedure.rb | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/app/models/procedure.rb b/app/models/procedure.rb index 6a6d3ecd6..96a427dbb 100644 --- a/app/models/procedure.rb +++ b/app/models/procedure.rb @@ -595,14 +595,18 @@ class Procedure < ApplicationRecord def move_type_de_champ_attributes(types_de_champ, type_de_champ, new_index) old_index = types_de_champ.index(type_de_champ) - types_de_champ.insert(new_index, types_de_champ.delete_at(old_index)) - .map.with_index do |type_de_champ, index| - { - id: type_de_champ.id, - libelle: type_de_champ.libelle, - order_place: index - } - end + if types_de_champ.delete_at(old_index) + types_de_champ.insert(new_index, type_de_champ) + .map.with_index do |type_de_champ, index| + { + id: type_de_champ.id, + libelle: type_de_champ.libelle, + order_place: index + } + end + else + [] + end end def before_publish From 0562e2728f67715279d4aaca1d47a9d5e4a532ec Mon Sep 17 00:00:00 2001 From: Paul Chavard Date: Wed, 6 Nov 2019 11:20:28 +0100 Subject: [PATCH 5/7] Fix type_de_champ validation error --- .../linked_drop_down_list_type_de_champ.rb | 2 +- spec/models/type_de_champ_shared_example.rb | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/models/types_de_champ/linked_drop_down_list_type_de_champ.rb b/app/models/types_de_champ/linked_drop_down_list_type_de_champ.rb index 71f0784b1..24410c6f6 100644 --- a/app/models/types_de_champ/linked_drop_down_list_type_de_champ.rb +++ b/app/models/types_de_champ/linked_drop_down_list_type_de_champ.rb @@ -53,7 +53,7 @@ class TypesDeChamp::LinkedDropDownListTypeDeChamp < TypesDeChamp::TypeDeChampBas def check_presence_of_primary_options if !PRIMARY_PATTERN.match?(drop_down_list.options.second) - errors.add(libelle, "doit commencer par une entrée de menu primaire de la forme --texte--") + errors.add(libelle.presence || "La liste", "doit commencer par une entrée de menu primaire de la forme --texte--") end end diff --git a/spec/models/type_de_champ_shared_example.rb b/spec/models/type_de_champ_shared_example.rb index d0b6e4ecf..a710b4ef0 100644 --- a/spec/models/type_de_champ_shared_example.rb +++ b/spec/models/type_de_champ_shared_example.rb @@ -148,4 +148,22 @@ shared_examples 'type_de_champ_spec' do expect(cloned_procedure.types_de_champ.first.types_de_champ).not_to be_empty end end + + describe "linked_drop_down_list" do + let(:type_de_champ) { create(:type_de_champ_linked_drop_down_list) } + + it 'should validate without label' do + type_de_champ.drop_down_list_value = 'toto' + expect(type_de_champ.validate).to be_falsey + messages = type_de_champ.errors.full_messages + expect(messages.size).to eq(1) + expect(messages.first.starts_with?("#{type_de_champ.libelle} doit commencer par")).to be_truthy + + type_de_champ.libelle = '' + expect(type_de_champ.validate).to be_falsey + messages = type_de_champ.errors.full_messages + expect(messages.size).to eq(2) + expect(messages.last.starts_with?("La liste doit commencer par")).to be_truthy + end + end end From 959aacdea5fbb9e060c5fd04c4457e8a3584e86a Mon Sep 17 00:00:00 2001 From: clemkeirua Date: Tue, 5 Nov 2019 09:32:35 +0100 Subject: [PATCH 6/7] Sendinblue email balancing using proper credentials This reverts commit c61981e7957340cbf268d449df809f27555aece6. --- .../dynamic_smtp_settings_interceptor.rb | 16 +++++++++++ config/env.example | 7 ++++- config/environments/development.rb | 28 +++++++++++++------ config/environments/production.rb | 10 +++++++ .../dynamic_smtp_settings_interceptor.rb | 1 + config/secrets.yml | 1 + 6 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 app/models/dynamic_smtp_settings_interceptor.rb create mode 100644 config/initializers/dynamic_smtp_settings_interceptor.rb diff --git a/app/models/dynamic_smtp_settings_interceptor.rb b/app/models/dynamic_smtp_settings_interceptor.rb new file mode 100644 index 000000000..bbd702420 --- /dev/null +++ b/app/models/dynamic_smtp_settings_interceptor.rb @@ -0,0 +1,16 @@ +class DynamicSmtpSettingsInterceptor + def self.delivering_email(message) + if ENV['SENDINBLUE_BALANCING'] == 'enabled' + if rand(0..99) < ENV['SENDINBLUE_BALANCING_VALUE'].to_i + message.delivery_method.settings = { + user_name: ENV['SENDINBLUE_USER_NAME'], + password: ENV['SENDINBLUE_CLIENT_KEY'], + address: 'smtp-relay.sendinblue.com', + domain: 'smtp-relay.sendinblue.com', + port: '587', + authentication: :cram_md5 + } + end + end + end +end diff --git a/config/env.example b/config/env.example index 4f704adab..143e586ed 100644 --- a/config/env.example +++ b/config/env.example @@ -46,8 +46,13 @@ SENTRY_DSN_JS="" MATOMO_ENABLED="disabled" MATOMO_ID="73" -SENDINBLUE_ENABLED="disabled" +SENDINBLUE_BALANCING="" +SENDINBLUE_BALANCING_VALUE="" +SENDINBLUE_ENABLED="" SENDINBLUE_CLIENT_KEY="" +SENDINBLUE_USER_NAME="" + + CRISP_ENABLED="disabled" CRISP_CLIENT_KEY="" diff --git a/config/environments/development.rb b/config/environments/development.rb index 385185b36..1018ab6cf 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -45,14 +45,26 @@ Rails.application.configure do config.assets.raise_runtime_errors = true # Action Mailer settings - config.action_mailer.delivery_method = :letter_opener_web - # Configure default root URL for generating URLs to routes - config.action_mailer.default_url_options = { - host: 'localhost', - port: 3000 - } - # Configure default root URL for email assets - config.action_mailer.asset_host = "http://" + ENV['APP_HOST'] + + if ENV['SENDINBLUE_ENABLED'] == 'enabled' + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { + user_name: Rails.application.secrets.sendinblue[:username], + password: Rails.application.secrets.sendinblue[:client_key], + address: 'smtp-relay.sendinblue.com', + domain: 'smtp-relay.sendinblue.com', + port: '587', + authentication: :cram_md5 + } + else + config.action_mailer.delivery_method = :letter_opener_web + config.action_mailer.default_url_options = { + host: 'localhost', + port: 3000 + } + + config.action_mailer.asset_host = "http://" + ENV['APP_HOST'] + end Rails.application.routes.default_url_options = { host: 'localhost', diff --git a/config/environments/production.rb b/config/environments/production.rb index 8837fb88b..38de5db80 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -77,6 +77,16 @@ Rails.application.configure do port: '2525', authentication: :cram_md5 } + elsif ENV['SENDINBLUE_ENABLED'] == 'enabled' + config.action_mailer.delivery_method = :smtp + config.action_mailer.smtp_settings = { + user_name: Rails.application.secrets.sendinblue[:username], + password: Rails.application.secrets.sendinblue[:client_key], + address: 'smtp-relay.sendinblue.com', + domain: 'smtp-relay.sendinblue.com', + port: '587', + authentication: :cram_md5 + } else config.action_mailer.delivery_method = :mailjet end diff --git a/config/initializers/dynamic_smtp_settings_interceptor.rb b/config/initializers/dynamic_smtp_settings_interceptor.rb new file mode 100644 index 000000000..a3f8e2d13 --- /dev/null +++ b/config/initializers/dynamic_smtp_settings_interceptor.rb @@ -0,0 +1 @@ +ActionMailer::Base.register_interceptor "DynamicSmtpSettingsInterceptor" diff --git a/config/secrets.yml b/config/secrets.yml index 7ad675ffe..c0989401f 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -54,6 +54,7 @@ defaults: &defaults webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %> sendinblue: enabled: <%= ENV['SENDINBLUE_ENABLED'] == 'enabled' %> + username: <%= ENV['SENDINBLUE_USER_NAME'] %> client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %> api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %> matomo: From 04c13190c3a4de1c532f585b83ab0f92fd1daaa3 Mon Sep 17 00:00:00 2001 From: clemkeirua Date: Tue, 5 Nov 2019 09:38:08 +0100 Subject: [PATCH 7/7] =?UTF-8?q?introduce=20smtp=5Fkey=20in=20order=20to=20?= =?UTF-8?q?use=202=C2=A0different=20sendinblue=20keys?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit client_key is exposed to the client via gon, so if we use it for sending email too we are exposing a key so anybody could send an email. The current client_key has a different level of right and can't send emails so it's ok to expose it. --- app/models/dynamic_smtp_settings_interceptor.rb | 2 +- config/env.example | 1 + config/environments/development.rb | 2 +- config/environments/production.rb | 2 +- config/secrets.yml | 1 + 5 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/models/dynamic_smtp_settings_interceptor.rb b/app/models/dynamic_smtp_settings_interceptor.rb index bbd702420..885c4b8e9 100644 --- a/app/models/dynamic_smtp_settings_interceptor.rb +++ b/app/models/dynamic_smtp_settings_interceptor.rb @@ -4,7 +4,7 @@ class DynamicSmtpSettingsInterceptor if rand(0..99) < ENV['SENDINBLUE_BALANCING_VALUE'].to_i message.delivery_method.settings = { user_name: ENV['SENDINBLUE_USER_NAME'], - password: ENV['SENDINBLUE_CLIENT_KEY'], + password: ENV['SENDINBLUE_SMTP_KEY'], address: 'smtp-relay.sendinblue.com', domain: 'smtp-relay.sendinblue.com', port: '587', diff --git a/config/env.example b/config/env.example index 143e586ed..c3c40d089 100644 --- a/config/env.example +++ b/config/env.example @@ -50,6 +50,7 @@ SENDINBLUE_BALANCING="" SENDINBLUE_BALANCING_VALUE="" SENDINBLUE_ENABLED="" SENDINBLUE_CLIENT_KEY="" +SENDINBLUE_SMTP_KEY="" SENDINBLUE_USER_NAME="" diff --git a/config/environments/development.rb b/config/environments/development.rb index 1018ab6cf..718db3436 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -50,7 +50,7 @@ Rails.application.configure do config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { user_name: Rails.application.secrets.sendinblue[:username], - password: Rails.application.secrets.sendinblue[:client_key], + password: Rails.application.secrets.sendinblue[:smtp_key], address: 'smtp-relay.sendinblue.com', domain: 'smtp-relay.sendinblue.com', port: '587', diff --git a/config/environments/production.rb b/config/environments/production.rb index 38de5db80..262c15c4b 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -81,7 +81,7 @@ Rails.application.configure do config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { user_name: Rails.application.secrets.sendinblue[:username], - password: Rails.application.secrets.sendinblue[:client_key], + password: Rails.application.secrets.sendinblue[:smtp_key], address: 'smtp-relay.sendinblue.com', domain: 'smtp-relay.sendinblue.com', port: '587', diff --git a/config/secrets.yml b/config/secrets.yml index c0989401f..2ac8aa244 100644 --- a/config/secrets.yml +++ b/config/secrets.yml @@ -56,6 +56,7 @@ defaults: &defaults enabled: <%= ENV['SENDINBLUE_ENABLED'] == 'enabled' %> username: <%= ENV['SENDINBLUE_USER_NAME'] %> client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %> + smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %> api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %> matomo: enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>