* add base controller for public api
* add dossiers controller with basic checks
* create the dossier
* ensure content-type is json
* prefill dossier with given values
* mark a dossier as prefilled
When a dossier is prefilled, it's allowed not to have a user.
Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.
* set user as owner of an orphan prefilled dossier
When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner
So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner
* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)
* system spec: prefilling dossier with post request
* store prefill params in session
Instead of using query params on /dossier/new, we assume the user comes
from /commencer/:path, which is the new prefill link.
There, we store the prefill params in session, and use them to prefill
the dossier when creating it, in /dossiers/new.
* spec: cover the case
* review: serialize with json instead of yaml
* review: rename method
* review: store only query params
* review: comment why we dont override already stored params
On créé l'établissement uniquement avec le SIRET, sans que ce soit bloquant
pour compléter le dossier. On demande à l'utilisateur de vérifier
lui-même la concordance du SIRET avec son entreprise.
Cf #7766
Auparavant le service échouait silencieusement et ne retournait rien,
ce qui dans les implémentations du front aboutissait au message que
l'établissement/l'entreprise n'a pas été trouvé.
Un type d'erreur spécifique sur l'expiration du token permet d'afficher
le message lié à un problème temporaire de récupération d'infos.
