fix(i18n): wrap text under i18n.t

i18n(france_connect/*): replace wording with i18n fix(lint): i18n key issue secu(views/france_connect/particulier/merge.html.haml): sanitize france_connect_email just in case fix(brakeman): sanitize FCI.email_france_connect when used with html_safe via an I18n.t, also add exception to brakeman
2021-11-23 13:30:07 +01:00 · 2021-11-23 13:30:07 +01:00 · fdf0f18fda
commit fdf0f18fda
parent febe890d28
8 changed files with 104 additions and 38 deletions
--- a/app/controllers/france_connect/particulier_controller.rb
+++ b/app/controllers/france_connect/particulier_controller.rb
@ -51,18 +51,18 @@ class FranceConnect::ParticulierController < ApplicationController

    if user.present? && user.valid_for_authentication? { user.valid_password?(password_params) }
      if !user.can_france_connect?
-        flash.alert = "#{user.email} ne peut utiliser FranceConnect"
+        flash.alert = t('errors.messages.france_connect.forbidden_html', reset_link: new_user_password_path)

        render js: ajax_redirect(root_path)
      else
        @fci.update(user: user)
        @fci.delete_merge_token!

-        flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+        flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
        connect_france_connect_particulier(user)
      end
    else
-      flash.alert = 'Mauvais mot de passe'
+      flash.alert = t('france_connect.particulier.flash.invalid_password')

      render js: helpers.render_flash
    end
@ -74,7 +74,7 @@ class FranceConnect::ParticulierController < ApplicationController
      @fci.update(user: user)
      @fci.delete_merge_token!

-      flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+      flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
      connect_france_connect_particulier(user)
    else # same behaviour as redirect nicely with message when instructeur/administrateur
      @fci.destroy
@ -89,7 +89,7 @@ class FranceConnect::ParticulierController < ApplicationController
      @fci.associate_user!(sanitized_email_params)
      @fci.delete_merge_token!

-      flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+      flash.notice = t('france_connect.particulier.flash.connection_done', application_name: APPLICATION_NAME)
      connect_france_connect_particulier(@fci.user)
    else
      @email = sanitized_email_params
@ -99,9 +99,9 @@ class FranceConnect::ParticulierController < ApplicationController

  def resend_and_renew_merge_confirmation
    merge_token = @fci.create_merge_token!
-    UserMailer.france_connect_merge_confirmation(@fci.email_france_connect, merge_token).deliver_later
+    UserMailer.france_connect_merge_confirmation(@fci.email_france_connect, merge_token, @fci.merge_token_created_at).deliver_later
    redirect_to france_connect_particulier_merge_path(merge_token),
-                notice: "Nous venons de vous envoyer le mail de confirmation, veuillez cliquer sur le lien contenu dans ce mail pour fusionner vos comptes"
+                notice: t('france_connect.particulier.flash.confirmation_mail_sent')
  end

  private
@ -110,7 +110,7 @@ class FranceConnect::ParticulierController < ApplicationController
    @fci = FranceConnectInformation.find_by(merge_token: merge_token_params)

    if @fci.nil? || !@fci.valid_for_merge?
-      flash.alert = "Le délai pour fusionner les comptes FranceConnect et #{APPLICATION_NAME} est expirée. Veuillez recommencer la procédure pour vous fusionner les comptes."
+      flash.alert = t('france_connect.particulier.flash.merger_token_expired', application_name: APPLICATION_NAME)

      respond_to do |format|
        format.html { redirect_to root_path }
--- a/app/views/france_connect/particulier/_password_confirmation.html.haml
+++ b/app/views/france_connect/particulier/_password_confirmation.html.haml
@ -1,16 +1,16 @@
 %p
-  Le compte #{email} existe déjà sur #{APPLICATION_NAME}
+  = t('.already_exists', email: email, application_name: APPLICATION_NAME)
  %br
-  entrez votre mot de passe pour fusionner les comptes
+  = t('.fill_in_password')

 = form_tag france_connect_particulier_merge_with_existing_account_path, remote: true, class: 'mt-2 form fconnect-form' do
  = hidden_field_tag :merge_token, merge_token
  = hidden_field_tag :email, email
-  = label_tag :password, 'Mot de passe (8 caractères minimum)'
+  = label_tag :password, t('views.registrations.new.password_label', min_length: 8)
  = password_field_tag :password, nil, autocomplete: 'current-password', id: 'password-for-another-account'
  .mb-2
-    Mot de passe oublié ?
+    = t('views.users.sessions.new.reset_password')
    = link_to france_connect_particulier_resend_and_renew_merge_confirmation_path(merge_token: merge_token), method: :post do
-      Confirmer mon compte par email
-  = button_tag 'revenir en arrière', type: 'button', class: 'button secondary', onclick: 'DS.showNewAccount(event);'
-  = submit_tag 'Fusionner les comptes', class: 'button primary'
+      = t('france_connect.particulier.merge.link_confirm_by_email')
+  = button_tag t('.back'), type: 'button', class: 'button secondary', onclick: 'DS.showNewAccount(event);'
+  = submit_tag t('france_connect.particulier.merge.button_merge'), class: 'button primary'
--- a/app/views/france_connect/particulier/merge.html.haml
+++ b/app/views/france_connect/particulier/merge.html.haml
@ -1,52 +1,46 @@
 = content_for :title, "Fusion des comptes FC et #{APPLICATION_NAME}"

 .container
-  %h1.page-title Fusion des comptes FranceConnect et #{APPLICATION_NAME}
+  %h1.page-title= t('.title', application_name: APPLICATION_NAME)

-  %p
-    Bonjour,
-    %br
-    %br
-    Votre compte FranceConnect utilise <b class='bold'>#{@fci.email_france_connect}</b> comme email de contact.
-    %br
-    Or il existe un compte sur #{APPLICATION_NAME} avec cet email.
+  %p= t('.subtitle', email: sanitize(@fci.email_france_connect), application_name: APPLICATION_NAME).html_safe

  .form.mt-2
-    %label Ce compte #{@fci.email_france_connect} vous appartient-il ?
+    %label= t('.label_select_merge_flow', email: @fci.email_france_connect)
    %fieldset.radios
      %label{ onclick: "DS.showFusion(event);" }
        = radio_button_tag :value, true, false, autocomplete: "off", id: 'it-is-mine'
-        Oui
+        = t('utils.yes')

      %label{ onclick: "DS.showNewAccount(event);" }
        = radio_button_tag :value, false, false, autocomplete: "off", id: 'it-is-not-mine'
-        Non
+        = t('utils.no')

  .fusion.hidden
-    %p Pour fusionner ces comptes, veuillez cliquer sur le lien présent dans le mail que nous venons de vous envoyer.
+    %p= t('.title_fill_in_password')

    = form_tag france_connect_particulier_merge_with_existing_account_path, remote: true, class: 'mt-2 form fconnect-form' do
      = hidden_field_tag :merge_token, @fci.merge_token
      = hidden_field_tag :email, @fci.email_france_connect

-      = label_tag :password, 'Mot de passe (8 caractères minimum)'
+      = label_tag :password, t('views.registrations.new.password_label', min_length: 8)
      = password_field_tag :password, nil, autocomplete: 'current-password', class: 'mb-1'
      .mb-2
-        Mot de passe oublié ?
+        = t('views.users.sessions.new.reset_password')
        = link_to france_connect_particulier_resend_and_renew_merge_confirmation_path(merge_token: @fci.merge_token), method: :post do
-          Confirmer mon compte par email
+          = t('.link_confirm_by_email')

-      = submit_tag 'Fusionner les comptes', class: 'button primary'
+      = submit_tag t('.button_merge'), class: 'button primary'


  .new-account.hidden
-    %p Donnez-nous alors le mail que #{APPLICATION_NAME} utilisera pour vous contacter
+    %p= t('.title_fill_in_email', application_name: APPLICATION_NAME)

    = form_tag france_connect_particulier_merge_with_new_account_path, remote: true, class: 'mt-2 form' do
      = hidden_field_tag :merge_token, @fci.merge_token
-      = label_tag :email, 'Email (nom@site.com)'
+      = label_tag :email, t('views.registrations.new.email_label')
      = email_field_tag :email, "", required: true
-      = submit_tag 'Utiliser ce mail', class: 'button primary'
+      = submit_tag t('.button_use_this_email'), class: 'button primary'


  .new-account-password-confirmation.hidden
--- a/app/views/user_mailer/france_connect_merge_confirmation.haml
+++ b/app/views/user_mailer/france_connect_merge_confirmation.haml
@ -10,7 +10,7 @@
 %p
  Vous pouvez aussi visiter ce lien : #{link_to france_connect_particulier_mail_merge_with_existing_account_url(merge_token: @merge_token), france_connect_particulier_mail_merge_with_existing_account_url(merge_token: @merge_token)}

-%p Ce lien est valide #{distance_of_time_in_words(FranceConnectInformation::MERGE_VALIDITY)}, jusqu'à #{I18n.l(@merge_token_created_at, format: "%d-%m-%Y à %H:%M (%Z)")}
+%p Ce lien est valide #{distance_of_time_in_words(FranceConnectInformation::MERGE_VALIDITY)}, jusqu'à #{@merge_token_created_at.strftime("%d-%m-%Y à %H:%M (%Z)")}

 %p
  Si vous n’êtes pas à l’origine de cette demande, vous pouvez ignorer ce message. Et si vous avez besoin d’assistance, n’hésitez pas à nous contacter à