simon lehericey
86d968bb8e
Use rack_attack_enabled?
...
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25
RackAttack: use remote ip and test it !
2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d
add Gem rack_attack for prevent attack brute-force
2019-08-20 13:29:29 +02:00
simon lehericey
840be2408e
Remove administrateur devise methods
2019-08-14 15:06:15 +02:00
Paul Chavard
e68d2cf5e2
Enable champ repetition for all
2019-08-14 12:53:51 +01:00
Paul Chavard
9eaf14968f
Enable export v2 for all
2019-08-14 12:53:51 +01:00
Paul Chavard
0969b1f85f
Enable email_login_token for all gestionnaires
2019-08-14 12:53:51 +01:00
simon lehericey
5fdac38cb2
Fix instructeur invitation
2019-08-13 15:15:16 +02:00
simon lehericey
a84e07a376
Remove instructeur devise methods
2019-08-13 15:15:16 +02:00
simon lehericey
1d6b80cb53
Remove strange admin sign_in route
2019-08-13 14:13:48 +02:00
simon lehericey
5bda753735
Remove all devise route and controller for instructeur and administrateur
2019-08-13 14:13:48 +02:00
simon lehericey
1fb26451d3
Remove demo route
2019-08-13 14:13:48 +02:00
simon lehericey
a4b9eecded
Remove unused devise session controller
2019-08-13 14:13:48 +02:00
Nicolas Bouilleaud
17579ab8a5
Rename Gestionnaire to Instructeur in seeds.rb
2019-08-13 14:04:23 +02:00
Nicolas Bouilleaud
7c7947adeb
Rename gestionnaire to instructeur in a comment
...
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70
Rename gestionnaire in code to instructeur
2019-08-12 13:47:01 +02:00
simon lehericey
6902f84b85
Brutally rename gestionnaire filename to instructeur
2019-08-12 13:47:01 +02:00
simon lehericey
bb8d65c6b4
Subtly rename admin/instructeurs to admin/assigns
2019-08-12 13:47:01 +02:00
maatinito
8d3e3baabc
#3928 administrator new & edit pwd pages
2019-08-01 17:12:14 +02:00
maatinito
0b0ef8a318
#3928 Zxcvbn service to compute password complexity
2019-08-01 17:12:14 +02:00
maatinito
3703a71ea3
#3928 Added constants to define password min length & complexity
2019-08-01 17:12:14 +02:00
clemkeirua
38b48f4217
transition from accepte to instruction as superadmin
2019-08-01 10:29:51 +02:00
Paul Chavard
6cfad01d12
Stop using Flipflop as switch for weekly_overview
2019-07-31 15:15:09 +02:00
Paul Chavard
25db21467d
Stop using Flipflop as switch for Fog
2019-07-31 15:15:09 +02:00
Pierre de La Morinerie
95e24392f9
models: remove old pieces justificatives
2019-07-30 16:11:17 +02:00
Pierre de La Morinerie
212d1f8cea
locales: remove references to old pj
2019-07-30 16:11:17 +02:00
Pierre de La Morinerie
0c4cb3b498
admin: remove UI for managing old pj
2019-07-30 16:11:16 +02:00
Nicolas Bouilleaud
7205f4da9e
L'enfer du Nord Paris-Roubaix (Tour de France, Tour de France)
2019-07-30 14:47:48 +02:00
pedong
9438f962c5
add alert for account is locked
2019-07-29 17:48:44 +02:00
pedong
8d03a6747c
add lockable to User, Gestionnaire, administration, Administrateur
2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab
replaced api-carto endpoint
2019-07-23 16:21:15 +02:00
clemkeirua
f166077f5e
ajout d'un bouton de suppression des admin dans le manager
2019-07-23 16:11:15 +02:00
clemkeirua
92ec627425
update brakeman configuration
2019-07-17 18:04:32 +02:00
clemkeirua
d8b63cd4c9
added 'monavis' inside the procedure and for users
2019-07-17 18:04:32 +02:00
clemkeirua
25f81f1d3c
download a dossier as zip with all attachments
2019-07-16 09:11:25 +02:00
Pierre de La Morinerie
76335511c8
omniauth: protect against CSRF
...
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Pierre de La Morinerie
56c846900b
champs: improve validation message of numeric fields
...
Replaces
> Champs value doit être un nombre
by
> La valeur du champ doit être un nombre entier (sans chiffres après
> la virgule)
2019-07-11 15:12:48 +02:00
Paul Chavard
3cb39c2840
Refactor message attachements to use active_storage
2019-07-10 15:35:29 +02:00
Pierre de La Morinerie
055fc63c45
profile: improve email success message wording
2019-07-10 11:31:09 +02:00
simon lehericey
ea79b9a595
typo: use ’
2019-07-09 11:55:17 +02:00
simon lehericey
d36f6ebcd7
[ fix #1709 ] A user can change its email
2019-07-09 11:55:17 +02:00
simon lehericey
0f9fdf3f75
Activate device email change confirmation
2019-07-09 11:55:17 +02:00
simon lehericey
d68d2be798
Profil: accessible to all roles
2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d
Add ActionText
2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb
Landing: voir les démarches -> comment trouver ma démarche
2019-07-03 12:59:09 +02:00
simon lehericey
c7e10fc43f
Manager: remove repasser_en_instruction
2019-07-02 18:40:20 +02:00
simon lehericey
b79220e711
UI
2019-07-02 18:35:47 +02:00
Paul Chavard
fb0ef15e3c
Export dossiers v2
2019-07-02 14:20:29 +02:00
clemkeirua
dfefb827d9
missing connect-src
2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf
enable static + activate csp in production
2019-07-02 09:40:38 +02:00
clemkeirua
0cfd3e3c1f
disable csp
2019-07-01 12:10:08 +02:00
clemkeirua
eaf850c1e9
enable csp
2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911
fix csp rule for crisp websocket
2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973
enable crisp websockets and css
2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4
add duplicate rules as fallback
2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0
add missing elements
2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
eb592f8ddf
Add manager controller for bill signatures
2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
f355f849a6
Add BillSignature Model
2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
dace9a53d3
Add Universign timestamp API query
2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e
more generic elements to the security policy
2019-06-17 09:51:27 +02:00
pedong
abcd58c35d
[ fix #3710 ] date with letter
...
Co-Authored-By: simon lehericey <mail@simon.lehericey.net>
2019-06-12 17:48:12 +02:00
Chaïb Martinez
eccd456325
Add crisp
...
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-06-05 17:41:47 +02:00
Paul Chavard
ff44b7a600
Refactor purge pj to be more generic
2019-05-29 15:54:51 +02:00
Pierre de La Morinerie
d410e31344
active_storage: document the virus scan hooks
2019-05-28 11:39:22 +02:00
Paul Chavard
6a3413018a
Refresh attachments with virus scan result
2019-05-21 14:21:55 +02:00
Paul Chavard
cc4eba2b36
Less mokey patching
2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e
more whitelist for the common domains we use
2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1
Use active storage load hook to extend blob
2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595
Put devtools behind feature flags
2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e
use constant for localhost
2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6
changement de l'URI de report-uri
2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
abfeb1c2db
locales: remove unused carrierwave localisation
...
- It was broken since the renaming of `extension_white_list` to
`extension_whitelist` (f0ed61cce8
)
- The localisation is already included in the `carrierwave-i18n` gem
- The localisation included in the gem is better than ours (it mentions
which extensions are allowed).
2019-05-15 14:39:40 +02:00
Pierre de La Morinerie
d431eeeb93
carrierwave: fix typo
...
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Paul Chavard
9725f2a418
Enable new champs editor for all
2019-05-14 16:18:29 +02:00
Paul Chavard
3446782cd0
Remove deprecated editor
2019-05-14 16:18:29 +02:00
Paul Chavard
dba8d65137
Track dossier operations with author and subject
2019-05-14 14:31:03 +02:00
Chaïb Martinez
3004f96cf5
Add video and webinar URLs to admin pages
...
Fix #3850
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c
update on the security policy headers
2019-05-09 14:55:21 +02:00
Nicolas Bouilleaud
3ff0c83485
Add multi-admin UI
...
refs #1626
2019-05-06 16:19:08 +02:00
clemkeirua
2ae02a132b
Report-Only for tests
2019-05-06 10:07:51 +02:00
clemkeirua
64b858ef19
handle Gon + add report-uri URL
2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98
add security policy
2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9
Save virus scan status to blob metadata
2019-05-02 15:58:09 +02:00
Paul Chavard
d72cead7ff
Remove unnecessary uglify options
...
New options :
terserOptions:
{ output: { ecma: 5, comments: false, ascii_only: true },
parse: { ecma: 8 },
compress: { ecma: 5, warnings: false, comparisons: false },
mangle: { safari10: true } } }
2019-05-02 14:10:48 +02:00
Paul Chavard
2f633b5d23
Load leaflet from a separate chunk
2019-05-02 14:10:48 +02:00
Pierre de La Morinerie
e06e32238c
api_entreprise: display a specific error message on network errors
2019-05-02 11:24:38 +02:00
Pierre de La Morinerie
6c8280fba6
api_entreprise: add a feature flag for toggling API INSEE v3
2019-04-30 17:27:58 +02:00
simon lehericey
1d051dc3ef
Can change a piece_justificative_template on a type_de_champ
2019-04-18 11:13:35 +02:00
Mathieu Magnin
14c3fb7224
[ Fix #3064 ] Add a preview button for state notifications emails
2019-04-11 11:03:13 +02:00
Pierre de La Morinerie
01e113d04f
Revert "locales: tell that API Entreprise is unavailable for now"
...
This reverts commit a598383856
.
2019-04-04 17:15:31 +02:00
Pierre de La Morinerie
41ad89d8ac
commencer: fix redirection with invalid path
2019-04-04 14:03:40 +02:00
Paul Chavard
b9be186d2c
Sentry should send environment information
2019-04-03 18:19:16 +02:00
Pierre de La Morinerie
22f2ca105e
commencer: display a FranceConnect button
...
Fix #3640
2019-04-03 16:08:09 +02:00
simon lehericey
6d42c8f08a
env.example: add TRUSTED_NETWORKS variable
2019-04-03 15:21:19 +02:00
Paul Chavard
639facaf2a
Add new types_de_champ#move api
2019-04-03 14:38:07 +02:00
Paul Chavard
51c79ba6a6
Update webpacker and replace vue with react
2019-04-03 14:38:07 +02:00
Pierre de La Morinerie
a598383856
locales: tell that API Entreprise is unavailable for now
2019-04-03 11:24:51 +02:00
Paul Chavard
e71cdcd12c
Move all the trackers to a separate js pack
2019-04-02 17:33:53 +02:00
Pierre de La Morinerie
97af31d54f
app: rename references to betagouv/tps
...
Github has an automatic redirection, but better be clean.
2019-03-26 11:10:30 +01:00
Pierre de La Morinerie
30d11e0dac
app: rename new_gestionnaire
to gestionnaires
2019-03-26 10:48:59 +01:00
Pierre de La Morinerie
ded5b70444
app: rename new_user
to users
2019-03-25 10:56:39 +01:00
Mathieu Magnin
2c1e1db37d
[ Fix #3617 ] 404 when filter[value] contains a "."
2019-03-19 14:25:57 +01:00
simon lehericey
ed6828c66c
Notification: UI
2019-03-18 16:37:51 +01:00
simon lehericey
eae6986079
Puma: change config to enable cluster mode in production
2019-03-18 11:40:13 +01:00
Paul Chavard
504b26bf5e
Add administrateur to demarche from manager
2019-03-12 11:59:01 +01:00
Mathieu Magnin
44f28ec565
Remove feature flag for publish draft
2019-03-12 11:26:07 +01:00
Frederic Merizen
b3c3541725
[ #3477 ] Update brakeman config
2019-03-11 17:14:17 +01:00
Frederic Merizen
8d8376947d
[ Fix #3477 ] Individually remove values from multi-value filter
2019-03-11 17:14:17 +01:00
Frederic Merizen
98713b6a4d
Proxy for SendinBlue API
2019-03-08 16:33:28 +01:00
Frederic Merizen
fc38880155
Move sendinblue client key to configuration file
...
This is not a secret (it's sent to the client as part of the JS anyway) so it's
not a big deal that it was on the public repository but it's still better to
have it be configurable.
2019-03-08 16:33:28 +01:00
Mathieu Magnin
1eed114d78
Add status page in footer
2019-03-05 17:42:00 +01:00
Frederic Merizen
d54a0a4612
Fix link to procedure brouillon in manager
2019-03-04 15:03:30 +01:00
simon lehericey
2920769a68
ActiveStorage: temp url are valid for 1 hour
2019-02-28 18:36:28 +01:00
simon lehericey
9d92e43d8d
[ fix #3315 ] Migrate service organisme
2019-02-18 16:50:44 +01:00
simon lehericey
a7e068003a
[ fix #3427 ] Administration can soft delete a dossier
2019-02-14 18:09:08 +01:00
Paul Chavard
5da5f75c5f
[Types de Champ Editeur] Save on change and only edited model
2019-02-07 17:05:55 +01:00
simon lehericey
32281092e6
mina: reuse gem between deployment
2019-02-06 14:41:45 +01:00
Paul Chavard
071448e1d9
Champ Repetition dossier editor
2019-02-04 16:19:07 +01:00
Paul Chavard
862ab4ed04
“Bloc répétable” is ready to be tested
2019-02-04 15:46:39 +01:00
Pierre de La Morinerie
283f110e9b
stats: improve numeric separators and suffixes
2019-02-01 11:02:37 +01:00
pedong
6103176a78
[ fix #1238 ] add previsualization attestation for gestionnaire
2019-01-22 14:54:24 +01:00
Pierre de La Morinerie
016e5f2e6f
commencer: add an independant page
2019-01-21 14:45:38 +01:00
Paul Chavard
6036d7906f
Enable champ_siret for all
2019-01-17 15:17:48 +01:00
Paul Chavard
9136c9dfa0
Enable support_form for all
2019-01-17 15:17:48 +01:00
Paul Chavard
41c9b21509
Use new editor
2019-01-17 11:20:31 +01:00
Paul Chavard
e1a1a2b2ad
Add new admin procedure update action
2019-01-17 11:20:31 +01:00
Paul Chavard
d9d0b29cbf
Add Vue.js
2019-01-17 11:20:31 +01:00
Frederic Merizen
0846860748
Proxy for active storage service provider
2019-01-16 11:34:57 +01:00
Pierre de La Morinerie
3b92fe93fc
stats: make groupdate week start on Monday
2019-01-10 16:14:14 +01:00
gregoirenovel
5fa5f2aa37
Bump development gems
...
- rubocop (0.61.1 → 0.62.0)
2019-01-05 11:47:55 +01:00
gregoirenovel
0596d53ac2
Enable the Lint/UnusedBlockArgument cop
2019-01-03 10:53:50 +01:00
gregoirenovel
8ffcc16ec5
Avoid EOL ifs
2019-01-03 10:53:50 +01:00
gregoirenovel
7ffe40868b
Use parentheses
2019-01-03 10:53:50 +01:00
Chaïb Martinez
0fe473b84e
Add 2 new categories in admin contact form
2018-12-20 15:29:49 +01:00
Paul Chavard
5d1c24f3d8
Add type de champ repetition models (with row)
2018-12-19 15:31:11 +01:00
Frederic Merizen
832b4a61bc
Drop CleverCloud Service for ActiveStorage
2018-12-19 10:36:02 +01:00
Frederic Merizen
57a136c861
Make champ PJ generally available
2018-12-18 11:11:23 +01:00
Mathieu Magnin
5ab0853f1c
Harmonize user champ pj purge route to gestionnaire
2018-12-14 11:38:59 +01:00
Mathieu Magnin
edf3eefa87
Fix Sentry 114, Instructeur can delete pj in private champs
2018-12-13 17:27:05 +01:00
Frederic Merizen
0a1bdbb6d3
[ #2180 ] Passer sur le nouveau fournisseur de stockage
2018-12-11 19:54:11 +01:00
pedong
de5de75869
[ fix #2985 ] del champ_linked_dropdown in feature
2018-12-10 16:47:22 +01:00
simon lehericey
db6c86b242
DossierController: user can destroy pjs
2018-12-06 10:45:10 +01:00
Mathieu Magnin
55525af060
Add rake task to run after party with mina
2018-12-04 14:43:55 +01:00
Paul Chavard
2f2aa580f8
Update activestorage.js
2018-12-04 11:37:00 +01:00
Paul Chavard
6043e59937
Disable after party
2018-12-01 10:30:35 +01:00
Frederic Merizen
dd07a8ca1f
[ #2180 ] Use different container for activestorage and for carrierwave
2018-11-29 11:31:58 +01:00
Paul Chavard
b9af07b845
Add admin support contact form
2018-11-28 16:50:37 +01:00
Paul Chavard
3f62d2b0b6
Allow to override active_job adapter
2018-11-27 17:26:21 +01:00
pedong
ef1c17beaa
[ Fix #3056 ] get url api in the environment variable
2018-11-27 14:47:10 +01:00
Mathieu Magnin
804f0665e3
Re-enable releases cleanup
2018-11-22 18:26:18 +01:00