diff --git a/app/controllers/france_connect/particulier_controller.rb b/app/controllers/france_connect/particulier_controller.rb
index c42954df0..13f41b6f1 100644
--- a/app/controllers/france_connect/particulier_controller.rb
+++ b/app/controllers/france_connect/particulier_controller.rb
@@ -51,18 +51,18 @@ class FranceConnect::ParticulierController < ApplicationController
if user.present? && user.valid_for_authentication? { user.valid_password?(password_params) }
if !user.can_france_connect?
- flash.alert = "#{user.email} ne peut utiliser FranceConnect"
+ flash.alert = t('errors.messages.france_connect.forbidden_html', reset_link: new_user_password_path)
render js: ajax_redirect(root_path)
else
@fci.update(user: user)
@fci.delete_merge_token!
- flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+ flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
connect_france_connect_particulier(user)
end
else
- flash.alert = 'Mauvais mot de passe'
+ flash.alert = t('france_connect.particulier.flash.invalid_password')
render js: helpers.render_flash
end
@@ -74,7 +74,7 @@ class FranceConnect::ParticulierController < ApplicationController
@fci.update(user: user)
@fci.delete_merge_token!
- flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+ flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
connect_france_connect_particulier(user)
else # same behaviour as redirect nicely with message when instructeur/administrateur
@fci.destroy
@@ -89,7 +89,7 @@ class FranceConnect::ParticulierController < ApplicationController
@fci.associate_user!(sanitized_email_params)
@fci.delete_merge_token!
- flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+ flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
connect_france_connect_particulier(@fci.user)
else
@email = sanitized_email_params
@@ -99,9 +99,9 @@ class FranceConnect::ParticulierController < ApplicationController
def resend_and_renew_merge_confirmation
merge_token = @fci.create_merge_token!
- UserMailer.france_connect_merge_confirmation(@fci.email_france_connect, merge_token).deliver_later
+ UserMailer.france_connect_merge_confirmation(@fci.email_france_connect, merge_token, @fci.merge_token_created_at).deliver_later
redirect_to france_connect_particulier_merge_path(merge_token),
- notice: "Nous venons de vous envoyer le mail de confirmation, veuillez cliquer sur le lien contenu dans ce mail pour fusionner vos comptes"
+ notice: t('france_connect.particulier.flash.confirmation_mail_sent')
end
private
@@ -110,7 +110,7 @@ class FranceConnect::ParticulierController < ApplicationController
@fci = FranceConnectInformation.find_by(merge_token: merge_token_params)
if @fci.nil? || !@fci.valid_for_merge?
- flash.alert = "Le délai pour fusionner les comptes FranceConnect et #{APPLICATION_NAME} est expirée. Veuillez recommencer la procédure pour vous fusionner les comptes."
+ flash.alert = t('france_connect.particulier.flash.merger_token_expired', application_name: APPLICATION_NAME)
respond_to do |format|
format.html { redirect_to root_path }
diff --git a/app/views/france_connect/particulier/_password_confirmation.html.haml b/app/views/france_connect/particulier/_password_confirmation.html.haml
index 860ca6895..eda3ea1bc 100644
--- a/app/views/france_connect/particulier/_password_confirmation.html.haml
+++ b/app/views/france_connect/particulier/_password_confirmation.html.haml
@@ -1,16 +1,16 @@
%p
- Le compte #{email} existe déjà sur #{APPLICATION_NAME}
+ = t('.already_exists', email: email, application_name: APPLICATION_NAME)
%br
- entrez votre mot de passe pour fusionner les comptes
+ = t('.fill_in_password')
= form_tag france_connect_particulier_merge_with_existing_account_path, remote: true, class: 'mt-2 form fconnect-form' do
= hidden_field_tag :merge_token, merge_token
= hidden_field_tag :email, email
- = label_tag :password, 'Mot de passe (8 caractères minimum)'
+ = label_tag :password, t('views.registrations.new.password_label', min_length: 8)
= password_field_tag :password, nil, autocomplete: 'current-password', id: 'password-for-another-account'
.mb-2
- Mot de passe oublié ?
+ = t('views.users.sessions.new.reset_password')
= link_to france_connect_particulier_resend_and_renew_merge_confirmation_path(merge_token: merge_token), method: :post do
- Confirmer mon compte par email
- = button_tag 'revenir en arrière', type: 'button', class: 'button secondary', onclick: 'DS.showNewAccount(event);'
- = submit_tag 'Fusionner les comptes', class: 'button primary'
+ = t('france_connect.particulier.merge.link_confirm_by_email')
+ = button_tag t('.back'), type: 'button', class: 'button secondary', onclick: 'DS.showNewAccount(event);'
+ = submit_tag t('france_connect.particulier.merge.button_merge'), class: 'button primary'
diff --git a/app/views/france_connect/particulier/merge.html.haml b/app/views/france_connect/particulier/merge.html.haml
index 10fdd3d04..ce8fedec8 100644
--- a/app/views/france_connect/particulier/merge.html.haml
+++ b/app/views/france_connect/particulier/merge.html.haml
@@ -1,52 +1,46 @@
= content_for :title, "Fusion des comptes FC et #{APPLICATION_NAME}"
.container
- %h1.page-title Fusion des comptes FranceConnect et #{APPLICATION_NAME}
+ %h1.page-title= t('.title', application_name: APPLICATION_NAME)
- %p
- Bonjour,
- %br
- %br
- Votre compte FranceConnect utilise #{@fci.email_france_connect} comme email de contact.
- %br
- Or il existe un compte sur #{APPLICATION_NAME} avec cet email.
+ %p= t('.subtitle', email: sanitize(@fci.email_france_connect), application_name: APPLICATION_NAME).html_safe
.form.mt-2
- %label Ce compte #{@fci.email_france_connect} vous appartient-il ?
+ %label= t('.label_select_merge_flow', email: @fci.email_france_connect)
%fieldset.radios
%label{ onclick: "DS.showFusion(event);" }
= radio_button_tag :value, true, false, autocomplete: "off", id: 'it-is-mine'
- Oui
+ = t('utils.yes')
%label{ onclick: "DS.showNewAccount(event);" }
= radio_button_tag :value, false, false, autocomplete: "off", id: 'it-is-not-mine'
- Non
+ = t('utils.no')
.fusion.hidden
- %p Pour fusionner ces comptes, veuillez cliquer sur le lien présent dans le mail que nous venons de vous envoyer.
+ %p= t('.title_fill_in_password')
= form_tag france_connect_particulier_merge_with_existing_account_path, remote: true, class: 'mt-2 form fconnect-form' do
= hidden_field_tag :merge_token, @fci.merge_token
= hidden_field_tag :email, @fci.email_france_connect
- = label_tag :password, 'Mot de passe (8 caractères minimum)'
+ = label_tag :password, t('views.registrations.new.password_label', min_length: 8)
= password_field_tag :password, nil, autocomplete: 'current-password', class: 'mb-1'
.mb-2
- Mot de passe oublié ?
+ = t('views.users.sessions.new.reset_password')
= link_to france_connect_particulier_resend_and_renew_merge_confirmation_path(merge_token: @fci.merge_token), method: :post do
- Confirmer mon compte par email
+ = t('.link_confirm_by_email')
- = submit_tag 'Fusionner les comptes', class: 'button primary'
+ = submit_tag t('.button_merge'), class: 'button primary'
.new-account.hidden
- %p Donnez-nous alors le mail que #{APPLICATION_NAME} utilisera pour vous contacter
+ %p= t('.title_fill_in_email', application_name: APPLICATION_NAME)
= form_tag france_connect_particulier_merge_with_new_account_path, remote: true, class: 'mt-2 form' do
= hidden_field_tag :merge_token, @fci.merge_token
- = label_tag :email, 'Email (nom@site.com)'
+ = label_tag :email, t('views.registrations.new.email_label')
= email_field_tag :email, "", required: true
- = submit_tag 'Utiliser ce mail', class: 'button primary'
+ = submit_tag t('.button_use_this_email'), class: 'button primary'
.new-account-password-confirmation.hidden
diff --git a/app/views/user_mailer/france_connect_merge_confirmation.haml b/app/views/user_mailer/france_connect_merge_confirmation.haml
index 134592e52..f7fb0f664 100644
--- a/app/views/user_mailer/france_connect_merge_confirmation.haml
+++ b/app/views/user_mailer/france_connect_merge_confirmation.haml
@@ -10,7 +10,7 @@
%p
Vous pouvez aussi visiter ce lien : #{link_to france_connect_particulier_mail_merge_with_existing_account_url(merge_token: @merge_token), france_connect_particulier_mail_merge_with_existing_account_url(merge_token: @merge_token)}
-%p Ce lien est valide #{distance_of_time_in_words(FranceConnectInformation::MERGE_VALIDITY)}, jusqu'à #{I18n.l(@merge_token_created_at, format: "%d-%m-%Y à %H:%M (%Z)")}
+%p Ce lien est valide #{distance_of_time_in_words(FranceConnectInformation::MERGE_VALIDITY)}, jusqu'à #{@merge_token_created_at.strftime("%d-%m-%Y à %H:%M (%Z)")}
%p
Si vous n’êtes pas à l’origine de cette demande, vous pouvez ignorer ce message. Et si vous avez besoin d’assistance, n’hésitez pas à nous contacter à
diff --git a/config/brakeman.ignore b/config/brakeman.ignore
index bb1c24763..46908df59 100644
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@@ -1,5 +1,36 @@
{
"ignored_warnings": [
+ {
+ "warning_type": "Cross-Site Scripting",
+ "warning_code": 2,
+ "fingerprint": "42099f4550a8377f455e830e8ab645cecd5806248481c5c646b4e17548c3cb07",
+ "check_name": "CrossSiteScripting",
+ "message": "Unescaped model attribute",
+ "file": "app/views/france_connect/particulier/merge.html.haml",
+ "line": 6,
+ "link": "https://brakemanscanner.org/docs/warning_types/cross_site_scripting",
+ "code": "t(\".subtitle\", :email => sanitize(FranceConnectInformation.find_by(:merge_token => merge_token_params).email_france_connect), :application_name => (APPLICATION_NAME))",
+ "render_path": [
+ {
+ "type": "controller",
+ "class": "FranceConnect::ParticulierController",
+ "method": "merge",
+ "line": 48,
+ "file": "app/controllers/france_connect/particulier_controller.rb",
+ "rendered": {
+ "name": "france_connect/particulier/merge",
+ "file": "app/views/france_connect/particulier/merge.html.haml"
+ }
+ }
+ ],
+ "location": {
+ "type": "template",
+ "template": "france_connect/particulier/merge"
+ },
+ "user_input": "FranceConnectInformation.find_by(:merge_token => merge_token_params).email_france_connect",
+ "confidence": "Weak",
+ "note": "explicitely sanitized even if we are using html_safe"
+ },
{
"warning_type": "Cross-Site Scripting",
"warning_code": 2,
@@ -15,7 +46,7 @@
"type": "controller",
"class": "Users::DossiersController",
"method": "merci",
- "line": 188,
+ "line": 193,
"file": "app/controllers/users/dossiers_controller.rb",
"rendered": {
"name": "users/dossiers/merci",
@@ -58,7 +89,7 @@
"check_name": "Redirect",
"message": "Possible unprotected redirect",
"file": "app/controllers/instructeurs/procedures_controller.rb",
- "line": 180,
+ "line": 190,
"link": "https://brakemanscanner.org/docs/warning_types/redirect/",
"code": "redirect_to(Export.find_or_create_export(params[:export_format], (params[:time_span_type] or \"everything\"), current_instructeur.groupe_instructeurs.where(:procedure => procedure)).file.service_url)",
"render_path": null,
@@ -72,6 +103,6 @@
"note": ""
}
],
- "updated": "2021-09-02 16:12:11 -0500",
+ "updated": "2021-11-23 14:09:21 +0100",
"brakeman_version": "5.1.1"
}
diff --git a/config/locales/en.yml b/config/locales/en.yml
index a45ad6868..713f9a6b9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -382,3 +382,23 @@ en:
identity_saved: "Identity data is registred"
attestation:
no_longer_available: "The certificate is no longer available on this file."
+ france_connect:
+ particulier:
+ password_confirmation:
+ back: 'back to previous step'
+ already_exists: An account with %{email} already existis on %{application_name}
+ fill_in_password: fill in your password to merge your accounts
+ merge:
+ title: "Merge your account FranceConnect and %{application_name}"
+ subtitle: "Hello,
Your account FranceConnect uses %{email} as contact email.
But there is an existing %{application_name} account using this email."
+ label_select_merge_flow: Is %{email} one of your email account ?
+ title_fill_in_password: To merge your accounts fill in your password
+ button_merge: Merge accounts
+ title_fill_in_email: Fill in the email that %{application_name} will use to contact you
+ button_use_this_email: Use this email
+ link_confirm_by_email: Confirm by receiving an email
+ flash:
+ confirmation_mail_sent: "An email with the confirmation link has been sent, please click on the link."
+ invalid_password: "The password is not correct."
+ connection_done: "The accounts for FranceConnect and %{application_name} are now merged."
+ merger_token_expired: "Le delay to merge your FranceConnect and %{application_name} accounts is expired. Please retry."
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index bcedad3dc..7851bb7b4 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -421,3 +421,23 @@ fr:
ready: "Validé"
needs_configuration: "À configurer"
configure_api_particulier_token: "Configurer le jeton API particulier"
+ france_connect:
+ particulier:
+ password_confirmation:
+ back: 'revenir en arrière'
+ already_exists: Le compte %{email} existe déjà sur %{application_name}
+ fill_in_password: entrez votre mot de passe pour fusionner les comptes
+ merge:
+ title: "Fusion des comptes FranceConnect et %{application_name}"
+ subtitle: "Bonjour,
Votre compte FranceConnect utilise %{email} comme email de contact.
Or il existe un compte sur %{application_name} avec cet email."
+ label_select_merge_flow: Ce compte %{email} vous appartient-il ?
+ title_fill_in_password: Pour les fusionner, entrez votre mot de passe
+ button_merge: Fusionner les comptes
+ title_fill_in_email: Donnez-nous alors le mail que %{application_name} utilisera pour vous contacter
+ button_use_this_email: Utiliser ce mail
+ link_confirm_by_email: Confirmer mon compte par email
+ flash:
+ confirmation_mail_sent: "Nous venons de vous envoyer le mail de confirmation, veuillez cliquer sur le lien contenu dans ce mail pour fusionner vos comptes"
+ invalid_password: "Mauvais mot de passe"
+ connection_done: "Les comptes FranceConnect et %{application_name} sont à présent fusionnés"
+ merger_token_expired: "Le délai pour fusionner les comptes FranceConnect et %{application_name} est expirée. Veuillez recommencer la procédure pour vous fusionner les comptes."
diff --git a/spec/controllers/france_connect/particulier_controller_spec.rb b/spec/controllers/france_connect/particulier_controller_spec.rb
index b2a7c0bc9..8509be57f 100644
--- a/spec/controllers/france_connect/particulier_controller_spec.rb
+++ b/spec/controllers/france_connect/particulier_controller_spec.rb
@@ -267,6 +267,7 @@ describe FranceConnect::ParticulierController, type: :controller do
expect(fci.user).to eq(user)
expect(fci.merge_token).to be_nil
expect(controller.current_user).to eq(user)
+ expect(flash[:notice]).to eq("Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés")
end
context 'but the targeted user is an instructeur' do