Commit graph

657 commits

Author SHA1 Message Date
Pierre de La Morinerie
4fcb85fd65 app: remove procedure_dossier_papertrail feature flag
The feature is now enabled for all procedures.
2022-05-24 17:32:11 +02:00
simon lehericey
faae2f55d8 Flipper: remove deprecated conf
https://github.com/jnunemaker/flipper/pull/523
2022-05-16 16:10:35 +02:00
Paul Chavard
9e0b3b642f cleanup(sendinblue): remove sendinblue tracking 2022-05-06 11:14:44 +02:00
Martin
3737311390 feat(procedure.procedure_expires_when_termine_enabled): enable by default, allow contributor to choose the default settings of this flag using an env var during migration. ie: DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED=true|false
feat(administrateurs/procedures#show): warning/alert when procedure_expires_when_termine_enabled is not true on current procedure

feat(administrateur/procedure#update): after an update redirect to procedure show: suggested by: https://ux.stackexchange.com/questions/55291/after-updating-form-should-redirect-back-to-form-itself-or-to-the-show-page-or-b and confirmed by Olivier

clean(Flipper.archive_zip_globale): no more in use, so remove all occurences

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update spec/views/administrateurs/procedures/show.html.haml_spec.rb

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

fix(review): typo, why ena?, who knows

fix(env.example.optional): add missing DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED
2022-05-05 13:07:11 +02:00
Pierre de La Morinerie
9bc5364ca2 app: add controller and view to generate a deposit receipt 2022-05-04 16:09:52 +02:00
Pierre de La Morinerie
fe56b7bb68 config: add papertrail feature-flag 2022-05-04 16:09:52 +02:00
Martin
a0df24b631 clean(SMTP.balancing): remove some env vars 2022-05-03 16:46:35 +02:00
simon lehericey
ea361643be types_de_champ -> types_de_champs_public 2022-05-03 11:05:24 +02:00
simon lehericey
aa0ef955d5 dolist config 2022-04-28 15:48:54 +02:00
Paul Chavard
433c01b1e6 Revert "Merge pull request #7137 from betagouv/faster_pdf"
This reverts commit 9da44bd913, reversing
changes made to ebac71796c.
2022-04-12 19:22:07 +02:00
simon lehericey
af27af7900 ! instances : prawn does not like svg
win 10% on pdf generation
2022-04-12 11:56:56 +02:00
Martin
7c0e8e406b fix(users/profiles#update): allow people from @assurance-maladie.fr to be a target email when user change his email 2022-04-06 16:07:25 +02:00
Paul Chavard
44c64669e9 Revert "Merge pull request #6787 from tchak/use-vite"
This reverts commit 5d572727b5, reversing
changes made to 43be4482ee.
2022-03-31 12:07:52 +02:00
simon lehericey
250b699664 remove duplicate csp 2022-03-29 16:27:08 +02:00
Paul Chavard
187e84a010 feat(assets): use vitejs to build javascript 2022-03-29 16:27:08 +02:00
simon lehericey
7ecf20ce75 harden email validation 2022-03-24 13:00:54 +01:00
Pierre de La Morinerie
2e04435117 gems: add strong_migrations 2022-03-16 10:30:25 +01:00
François Vantomme
d5cd0101c8 feat(footer): customize using custom views & locales 2022-03-10 17:31:20 +01:00
Pierre de La Morinerie
3481d27cba config: block browser external connections during system tests
During system tests, we don't want the headless browser to load
external resources:

- It is faster (we don't wait for external resources to be loaded)
- It avoids leaking our test setup to external service

Fixes #6982
2022-02-22 17:24:25 +01:00
Pierre de La Morinerie
6d5f44d489 config: translate the CSP comments from french to english 2022-02-22 17:17:55 +01:00
Pierre de La Morinerie
c2729ab7e2 config: add Matomo to the frame_src Content Security Policy
Solves the Matomo iframe being blocked on `/suivi`. Fix #5868
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
3276db016f config: add Matomo to the connect_src Content Security Policy
Solves Matomo connections being blocked. Fix #6949
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
6fa52e8a5a config: report CSP violations to report-uri 2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
0b2775a1a6 config: add back DS_PROXY_URL to CSP
Otherwise a bunch of "static.demarches-simplifiees.fr" domains would
be missing.
2022-02-15 12:49:52 +01:00
François Vantomme
d5f207d98c refactor(url): use env variables in content security policies 2022-02-15 12:49:52 +01:00
Jon
31996c7d09 chore(smtp): add mailcatcher configuration 2022-02-15 09:34:07 +01:00
François Vantomme
ac915494df feat(landing): hide testimonial & users sections 2022-02-15 08:49:23 +01:00
François Vantomme
e8f62e78fe feat(matomo): configure Matomo iframe URL with an env variable 2022-02-09 12:44:13 +01:00
Pierre de La Morinerie
3e20ea13d8
Revert "Utilisation des variables d'environnement lors de la déclaration des Content Security Policies" 2022-02-08 22:20:08 +01:00
François Vantomme
8eaecd184a refactor(url): use env variables in content security policies 2022-02-08 15:15:55 +01:00
Pierre de La Morinerie
847abca122 config: simplify mailer configuration again
Move everything to initializers, and replace the email settings
interceptor by a BalancerDeliveryMethod.

It has the advantage that it can be configured entirely from the
`config/environment.rb` file, without an extra file to look at.
2022-02-08 12:44:43 +01:00
François Vantomme
51cfd3d7ad
feat(env): add env variables for the provider data 2022-02-04 18:20:06 +01:00
Pierre de La Morinerie
387701e7cb config: add a new SAML_IDP_ENABLED env var
This fixes the app crashing on launch when using the production profile,
because the certificates are not present.
2022-01-26 16:45:50 +01:00
Martin
252eee272b feat(support#create): block with invisible captcha [avoid painful captcha] 2022-01-04 14:49:00 +01:00
Pierre de La Morinerie
d524beee4e app: remove :instructeur_bypass_email_login_token from Flipper 2021-12-02 08:51:52 +01:00
simon lehericey
c4cde500ce fix acsv 2021-11-30 09:42:45 +01:00
simon lehericey
3316dfc866 reopen openid_connect gem to support AC encrypted jwt response 2021-11-23 14:17:59 +01:00
simon lehericey
45ce274721 add agent connect secrets 2021-11-23 14:17:59 +01:00
Paul Chavard
1adafd22d0 fix(graphql): add graphql_operation to lograge 2021-11-04 16:18:10 +01:00
Pierre de La Morinerie
d0e87a08cf services: cache zxcvbn dictionaries per-thread
Before, every time a password was tested, the dictionaries were parsed
again by zxcvbn.

Parsing dictionaries is slow: it may take up to ~1s. This doesn't matter
that much in production, but it makes tests very slow (because we tend
to create a lot of User records).

With this changes, the initializer tester is shared between calls, class
instances and threads. It is lazily loaded on first use, in order not to
slow down the application boot sequence.

This uses ~20 Mo of memory (only once for all threads), but makes tests
more that twice faster.

For instance, model tests go from **8m 21s** to **3m 26s**.

NB:
An additionnal optimization could be to preload the tester on
boot, before workers are forked, to take advantage of Puma copy-on-write
mechanism. In this way all forked workers would use the same cached
instance.

But:

- We're not actually sure this would work properly. What if Ruby updates
  an interval ivar on the class, and this forces the OS to copy the
  whole data structure in each fork?
- Puma phased restarts are not compatible with copy-on-write anyway.

So we're avoiding this optimisation for now, and take the extra 20 Mo
per worker.
2021-10-25 12:04:56 +02:00
simon lehericey
738d08a1d9 change in whitelist 2021-10-19 21:07:24 +02:00
simon lehericey
44c880adc4 allow instructeur and administrateur to change their email to legit domain (#6550) 2021-10-19 15:54:57 +02:00
simon lehericey
b69dafc3d4 CNAF in lowercase 2021-10-12 14:26:40 +02:00
Pierre de La Morinerie
0b02fce5e4 jobs: move ActiveJobLogSubscriber out of initializers
This is a class of its own, it doesn't need to be in the initializers.
2021-10-12 11:40:19 +02:00
kara Diaby
eb951c75e4 change stats colors 2021-09-28 14:49:24 +02:00
simon lehericey
75043070da add CNAFAdapter 2021-09-22 12:08:24 +02:00
Pierre de La Morinerie
b4e850b88b config: remove old retro-compatibility Job constants
These constants were defined so that existing enqueued jobs wouldn't
fail during the app upgrade.

These jobs are long gone. Let's remove the compatibility code.
2021-09-21 10:43:33 -05:00
Paul Chavard
eea6b961d7 refactor(routage): remove administrateur_routage feature flag 2021-09-18 11:21:26 +02:00
simon lehericey
69bb174e29 add feature flipped link to add api particulier token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
620a5374e8 Add api particulier url in conf
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Peng-Fei DONG
1979c44f9c set OTP: Enable or Disable 2021-09-09 10:25:15 -05:00
Pierre de La Morinerie
407f46b7de gems: remove smart_listing
It was only used in the old design, which we recently removed
completely.
2021-09-09 09:58:41 -05:00
Ismael MOUSSA S. (T0194673)
9d012d51e8 delete features flag option : 'make_experts_notifiable' 2021-09-07 10:49:20 +02:00
Paul Chavard
ffa8c0c80a feat(dossiers): enable dossiers termine expiration behind feature flag
feature flag "procedure_process_expired_dossiers_termine" controls if a procedure has expiration
enabled on dossiers termine

re #3796
2021-08-18 16:11:35 +01:00
Pierre de La Morinerie
9eb2e13d43 config: report job exceptions after max retry count reached
Previously Sentry reported job exceptions even if a retry
strategy was specified. So we had to ignore retried job exceptions
entirely.

Since sentry-delayed-job 0.4.4, we can instead let Sentry report
job exceptions when the retry count is exhausted. Which is
exactly the behavior we want.
2021-07-01 15:06:14 +02:00
Paul Chavard
7cb2f91fea Add revisions feature flag 2021-06-23 09:40:07 +02:00
François Vantomme
bc6d5aca0e Fix (Sentry): prefer Rails secrets over ENV variables 2021-05-27 11:12:27 +02:00
Jon
2a0a65a90f fix(sentry): specify current environment for sentry config 2021-05-27 11:12:27 +02:00
Paul Chavard
e74dcb0056 Remove ign feature flag 2021-05-24 11:50:16 +02:00
Paul Chavard
01c558953b Remove API GEO legacy adapter 2021-05-24 11:50:16 +02:00
Christophe Robillard
2516abc277 activate rack_mini_profiler in dev and display query count 2021-05-05 17:16:10 +02:00
Pierre de La Morinerie
fbfe5c3817 jobs: also retry native ActiveStorage's jobs on transient errors 2021-04-29 14:08:12 +02:00
Pierre de La Morinerie
9ad57fde2a initializers: lazy-load Mailjet gem
This fixes an error message on app startup about autoloaded
constants:

> DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.

The reason for this error is that the Mailjet gem forces the
immediate loading of `action_mailer`. Which leads to the
following sequence of events:

On app init, when bundler requires all the gems in the Gemfile:
- The Mailjet gem is required,
- It loads `ActionMailer::Base`.

Later, when Rails initializes itself:
- `ActionText` creates an `action_text.helpers` initializer,
- This initializer register hooks to add `ActionText` helpers
when either `action_controller_base` or `action_mailer` are loaded,
- But as `action_mailer` has already been loaded, the hook is trigerred
immediately,
- ActiveSupport::Dependencies notices `ActionText` constants do not
exist yet, auto-load them, and add the constants to
`ActiveSupport::Dependencies.autoloaded_constants`.

And even later, at the end of the Rails initialization process:
- The `:warn_if_autoloaded` initializer is run,
- It notices that `autoloaded_constants` is not empty, and prints the
warning message.

See https://github.com/mailjet/mailjet-gem/issues/213
2021-04-20 15:11:43 +02:00
Paul Chavard
f08d704d5f Fix api docs URL 2021-04-15 17:06:23 +02:00
simon lehericey
b87a691176 use env for localization to avoid db round trip 2021-04-06 18:23:14 +02:00
simon lehericey
cd4ad6878c remove insee_api_v3 feature 2021-04-06 18:23:14 +02:00
simon lehericey
06d2eb2d21 remove feature xray 2021-04-06 18:23:14 +02:00
simon lehericey
c2847d1481 remove unused mini_profiler var 2021-04-06 18:23:14 +02:00
simon lehericey
6f2b2c3c1f use env for maintenance mode to avoid DB roundtrip 2021-04-06 18:23:14 +02:00
simon lehericey
1715a4899f remove coronavirus banner 2021-04-06 18:23:14 +02:00
Pierre de La Morinerie
42b3ba1e1b config: migrate all config to Rails 6.1 defaults 2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
ce427784e7 config: enable has_many_inversing 2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
6bc608a821 config: enable most Rails 6.1 defaults 2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
c2ce20d40c config: form_with now generates local forms by default
We can remove the `local: true` parameter, as it is now implied by
default.
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
b65de3e583 config: make the queue names explicit
With Rails 6.1, the default queue is now the global application queue.

We want to retain our custom queues in some cases, so configure them
epxlicitely.
2021-04-06 12:12:57 +02:00
Christophe Robillard
d89dc785f0 met à jour le lien de bas de page Accessibilité
Ce lien pointe désormais vers notre site de documentation
2021-03-30 15:08:20 +02:00
Pierre de La Morinerie
5990439ab7 app: update code to Rails 6.1 2021-03-25 13:24:53 +01:00
Pierre de La Morinerie
ac5303d56d config: make Sentry ignore rescued ActiveJob exceptions
For now the Sentry delayed_job integration reports errors that are
rescued with `retry_on`.

Ignore these errors manually for now.

See https://github.com/getsentry/sentry-ruby/issues/1347
2021-03-18 10:52:10 +01:00
Pierre de La Morinerie
75a1046315 active_storage: refactor concerns
Follow-up of #5953.

Refactor the concerns with two goals:

- Getting closer from the way ActiveStorage adds its own hooks.
  Usually ActiveStorage does this using an `Attachment#after_create`
  hook, which then delegates to the blob to enqueue the job.
- Enqueuing each job only once. By hooking on `Attachment#after_create`,
  we guarantee each job will be added only once.

We then let the jobs themselves check if they are relevant or not, and
retry or discard themselves if necessary.

We also need to update the tests a bit, because Rails'
`perform_enqueued_jobs(&block)` test helper doesn't honor the `retry_on`
clause of jobs. Instead it forwards the exception to the caller – which
makes the test fail.

Instead we use the inline version of `perform_enqueued_jobs()`, without
a block, which properly ignores errors catched by retry_on.
2021-03-16 11:49:14 +01:00
Pierre de La Morinerie
b0735aafe0 config: fix DynamicSmtpSettingsInterceptor warning again
This warning re-appeared when running mailer tests:

```
DISABLE_SPRING=1 bin/rspec spec/mailers/administration_mailer_spec.rb
```

It is now fixed properly, in a way recommanded by the documentation.
2021-03-04 22:52:19 +01:00
Paul Chavard
600f49a0ff Hide groupe instructeur selector when routage is done via API 2021-03-04 11:06:04 +01:00
Paul Chavard
1c811083c0 Cleanup feature flags usage 2021-03-04 11:06:04 +01:00
Pierre de La Morinerie
d36a684315 config: fix zeitwekr warning when reloading the app
Turns out we need not only to load the Job constants later, but also
not to do the same work twice – otherwise we'll get a 

> ApiEntreprise::Job constant is already defined

when attempting to re-define the constant.
2021-02-24 19:01:27 +01:00
Pierre de La Morinerie
9f676c76e1 config: fix zeitwerk warning about DynamicSmtpSettingsInterceptor
Fix a warning when running tests:

> DEPRECATION WARNING: Initialization autoloaded the constant DynamicSmtpSettingsInterceptor.
>
> Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.
> 
> Reloading does not reboot the application, and therefore code executed during
> initialization does not run again. So, if you reload DynamicSmtpSettingsInterceptor, for example,
> the expected changes won't be reflected in that stale Class object.
> 
> This autoloaded constant has been unloaded.
> 
> Please, check the "Autoloading and Reloading Constants" guide for solutions.

However if we fix as recommanded, the interceptor will get added
each time the classes are reloaded. And as the actual class instance
changed after the reloading, they won't be de-duplicated – *and*
there's no way to remove the old interceptor without having a reference
to the (now-deleted) class.

Instead we load the interceptor once, and add a message about the class
not being auto-reloaded.
2021-02-24 19:00:29 +01:00
Pierre de La Morinerie
68425929c6 config: disable Sentry sampling when not enabled
This removes spam in the debug console when running locally.

Removed messages look like a swarm of:

> [Tracing] Discarding <rails.request> transaction </assets/marianne.png> because it's not included in the random sample (sampling rate = 0.001)
2021-02-24 17:45:18 +01:00
Pierre de La Morinerie
e51948ab5c stylesheets: merge print rules with the application stylesheet
- Having a separate stylesheet for print rules is not a best practice
  (it makes an extra network request)
- It makes migrating to Sprockets 4 easier
2021-02-24 17:09:51 +01:00
Pierre de La Morinerie
fb305e31c4 config: move application_name to an initializer
It seems cleaner not to require a file before the Rails configuration
runs.
2021-02-24 15:06:55 +01:00
Pierre de La Morinerie
a2175ed6e3 config: reload compatibility aliases on classes reload
Fixes zeitwerk complaining that the compatibility aliases loaded in an
initializer will never be reloaded.

In our case it doesn't matter that much, but it will reduce the console
spam.
2021-02-23 09:24:13 +00:00
Paul Chavard
228a83f8a5 Add api address external data fetch 2021-02-17 19:10:16 +01:00
Paul Chavard
7223d77058 Remove unused paths from assets pipeline 2021-02-17 10:16:54 +01:00
Paul Chavard
cfa80578a7 Adjust sentry sample rate 2021-02-12 11:35:58 +01:00
Pierre de La Morinerie
819325c761 zeitwerk: move our Array extension to initializers/core_ext 2021-02-11 12:30:43 +01:00
Paul Chavard
0697e50b7c lower sentry sampling to 1% 2021-02-10 17:52:18 +01:00
Paul Chavard
eac967f84e Add sentry traces (20% for now) 2021-02-10 15:35:21 +01:00
Pierre de La Morinerie
0af7188d8c zeitwerk: add inflections 2021-02-09 13:09:10 +01:00
Pierre de La Morinerie
7d1c79bf4b zeitwerk: Url -> URL 2021-02-09 13:07:30 +01:00
Pierre de La Morinerie
150ddab660 zeitwerk: Api -> API 2021-02-09 13:07:30 +01:00
Fabrice Gangler
229f495753 allow email footer logo to be configured in .env file
Refs: #5873
2021-02-09 09:39:02 +01:00
Fabrice Gangler
3034716963 allow mailers/_bizdev_signature to be configured in .env file
Refs: #5871
2021-02-04 13:09:40 +01:00
Fabrice Gangler
d039798ac8 allow logo in PDF export to be configured in .env file
Refs: #5869
2021-02-04 12:24:31 +01:00
Paul Chavard
c46ab38055 Add sentry-rails 2021-01-28 15:31:27 +01:00
simon lehericey
d72f0c6dd2 Add authorized content type for pj 2021-01-18 17:23:08 +01:00
Paul Chavard
91be115c70 Add annuaire_education champ ui 2021-01-14 17:57:48 +01:00
Paul Chavard
5c9f2e8783 Add api education adapter and job 2021-01-14 17:57:48 +01:00
Fabrice Gangler
a8081d4b83 allow configuration of the URLs of FAQ and documentation websites in an .env file
Refs: #5801
2020-12-15 16:40:10 +01:00
Fabrice Gangler
064ea776c7 allow default logo of a procedure to be configured in .env file
Refs: #5795
2020-12-14 13:41:10 +01:00
Paul Chavard
3c6e30a326 Show titre identite link only once watermark is added 2020-12-10 16:50:03 +01:00
Fabrice Gangler
0d80d2ddd1 allow logos (mail, webapp) and favicons to be configured in .env file
Refs: #5764
2020-11-27 01:41:47 +01:00
Paul Chavard
18dfacb933 Make watermark configurable 2020-11-25 16:19:06 +01:00
Paul Chavard
b48e7813d2 Put watermark code behind a feature flag 2020-11-25 16:19:06 +01:00
Paul Chavard
371179dc5b Watermark titres identite 2020-11-25 16:19:06 +01:00
Fabrice Gangler
d3caf30bf3 allow CGU URL and Legal Notice URL to be configured in .env file
Refs: #5754
2020-11-20 22:11:42 +01:00
Christophe Robillard
9347951cea act as an saml identity provider 2020-11-16 12:19:54 +01:00
Christophe Robillard
305ccdc0cd add recoverable and two_factor stragegy for administration 2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960 remove github authentication for manager 2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2 Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp 2020-10-30 17:08:31 +01:00
kara Diaby
3d56b1d8b0 fix bootstrap cdn 2020-10-22 15:00:01 +02:00
clemkeirua
d7fff61d5d ajout de la gem sendinblue 2020-10-13 17:36:43 +02:00
clemkeirua
111f309c7f changement de l'adresse de création de compte administrateur 2020-09-21 17:02:37 +02:00
clemkeirua
f9c4e967d6 remove :autosave_dossier_draft 2020-09-21 08:46:01 +00:00
clemkeirua
6643b598c3 remove :administrateur_graphql 2020-09-17 09:24:50 +02:00
clemkeirua
1be07c1ef5 remove :administrateur_champ_integer_number 2020-09-17 09:24:50 +02:00
clemkeirua
01ac4d7e19 remove operation_log_serialize_subject 2020-09-17 09:24:50 +02:00
simon lehericey
5459c2fa7f Fix uninitialized excon constant 2020-09-08 18:36:24 +02:00
simon lehericey
19d73f13f0 variabilize banner message 2020-09-08 14:52:42 +02:00
simon lehericey
bd6705b90a Remove image and video analyzer which are not used 2020-09-02 17:00:26 +02:00
Judith
af25fdd77c gem http_accept_language installed and (de)activable with feature flag 2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
82c89fb56f config: remove comment about ActiveStorage integration with VirusScanner
As the comment states, it would be nice to load the Virus Scanner on
the Attachment (rather than the blob).

However, in order not to clobber the blob metadata, we want to run the
VirusScanner once the blob analyzer did run.

And the most direct way to detect that the blob analyzer did run is to
add an `on_update_commit` hook on the blob, as this hook will be
trigerred when saving changes to the metadata. This is what the current
solution uses. 

So the current solution is almost optimal, and has a low chance of
accidentally clobbering the blob metadata – as the virus scanner is only
started when the analysis phase is finished.
2020-08-26 16:11:01 +02:00
Pierre de La Morinerie
527a330c7a config: use Rails 6.0 config defaults
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
fbbcd97463 config: flip config.active_record.collection_cache_versioning
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc config: flip config.action_mailer.delivery_job
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a config: flip config.active_storage.replace_on_assign_to_many
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47 config: flip config.active_storage.queues
ActiveStorage jobs are now moved to their own queue.

For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373 config: flip config.active_job.return_false_on_aborted_enqueue
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0 config: flip action_dispatch_return_only_media_type_on_content_type
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.

Example:

```ruby
reponse.content_type == 'text/html; charset=utf-8'
```

The MIME type-only fragment can now be accessed using `#media_type`.

Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75 config: flip config.action_dispatch.use_cookies_with_metadata
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.

Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d config: flip config.action_view.default_enforce_utf8
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Paul Chavard
4c87e547b3 Put IGN map behind a feature flag 2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e Add carte ign 2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531 add cdn.jsdeliver.net to the CSP 2020-07-27 16:54:46 +02:00
Fabrice Gangler
1352cde321 Feat: allow emails senders to be configured in .env file
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d specific deactivation of rubocop DS/ApplicationName rule 2020-07-23 16:20:16 +02:00
clemkeirua
c658428441 added application name in config/ 2020-07-23 16:17:54 +02:00
clemkeirua
31a262efef extraction d'urls doc/faq/… dans url.rb 2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159 Add revisions migrations 2020-07-21 19:35:30 +02:00
clemkeirua
c0cf8b1341 fix display of labels for datetime on screenreaders 2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d allow status page URL to be configured in .env 2020-07-17 15:53:49 +02:00
Paul Chavard
6a24c3f812 Rails app:update 2020-07-07 18:03:56 +02:00
clemkeirua
6a3811a4e2 fix catalog v3 2020-06-19 14:20:32 +02:00
krichtof
ff6eaf73db
Revert "Suppression de l'utilisation de Keystone v2" 2020-06-04 17:32:25 +02:00
Paul Chavard
901b6e23a8 Remove legacy carto 2020-06-04 16:03:23 +02:00
clemkeirua
def744d627 remove now useless keystone v2 2020-06-04 12:05:27 +00:00
clemkeirua
868decd06e add overide for fog openstack v3 2020-06-02 15:03:37 +02:00
Pierre de La Morinerie
c9820adbc4 urls: fix link to autosave FAQ article 2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
6eca93faab urls: fix link to admin FAQ category 2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
93bb5283ff app: remove the feature flag for pieces justificatives auto-upload
The feature works as intended: we can remove the feature flag.
2020-05-14 17:39:07 +02:00
Keirua
a869a04e1e Mise à jour de l'URL de doc sur l'archivage
Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>
2020-05-13 16:45:27 +02:00
clemkeirua
84888be255 clarification de l'archivage/suppression 2020-05-13 16:45:27 +02:00
kara Diaby
2fc438ab65 Fix safari and firefox compatibility mapbox gl 2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee Migrate the map editor to mapbox-gl with react component 2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2 config: fix (again) the CSP when running a LiveReload server locally
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.

Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
Paul Chavard
7a8fd3c679 Use graphql playground instead of graphiql 2020-04-09 19:38:19 +02:00
kara Diaby
56e9834389 Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
This reverts commit 473ed00b6c.
2020-04-09 11:01:20 +02:00
kara Diaby
473ed00b6c Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
This reverts commit fe0b3c2215.
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215 Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
This reverts commit 3e21b78142.
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react" 2020-04-07 15:32:14 +02:00
kara Diaby
aa56cfd7a0 migrate map to mapbox-gl with a react component 2020-04-02 15:39:47 +02:00
Pierre de La Morinerie
6417c0d2c0 dossiers: allow auto upload of attachments 2020-03-31 13:09:44 +02:00
clemkeirua
5ef6f92fdc update CGU URL 2020-03-25 09:50:41 +00:00
clemkeirua
057d7bc2f1 add interval data type to ActiveRecord 2020-03-24 18:10:13 +01:00
clemkeirua
c077762a04 added labels for datetime
cf https://stackoverflow.com/a/47836699
2020-03-24 16:54:35 +00:00
Pierre de La Morinerie
ea94ea05a0 config: configure CSP to allow live-reload requests
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Paul Chavard
444d19e191 Remove unused gems 2020-03-17 11:25:21 +01:00
Paul Chavard
ae2cfdd44e Update browser gem
`modern?` method was removed in version 4
2020-03-17 11:25:20 +01:00
Pierre de La Morinerie
745b00366f Revert "app: hide IE11 deprecation banner during the strike"
This reverts commit c2882b6cc3.
2020-01-28 15:18:18 +01:00
Paul Chavard
4edc7b00cf Use geocoder 2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
This reverts commit 4373cb22cb.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb Revert "Merge pull request #4552 from tchak/champ-communes"
This reverts commit 4cec26f73a, reversing
changes made to 0ef25ef36c.
2020-01-13 16:26:27 +01:00
Paul Chavard
cccb04d725 ActiveStorage url should expire after an hour 2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345 Remove unused code and tests 2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0 Make all location champs autocomplete 2020-01-07 11:52:51 +01:00
Paul Chavard
422b7f37ec [GraphQL] expose file information 2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3 app: hide IE11 deprecation banner during the strike
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Christophe Robillard
4e7c779116 refuse les numéros de tel invalides
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
97af50c700 app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
For instance, Firefox iOS is reported as `firefox? true, version 20`.

As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
2ee8cab067 app: display a deprecation banner for IE 11 2019-12-03 16:02:08 +01:00
Pierre de La Morinerie
bff7892ba8 dossiers: autosave drafts 2019-11-21 14:00:06 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev 2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0 Fixes missing database on initialization: closes #4482. 2019-11-14 09:17:39 +01:00
Paul Chavard
f7cbbe815c [GraphQL]: Add default query to playground 2019-11-13 15:53:56 +01:00
clemkeirua
6351eabfdd remove notification to report-uri in production 2019-11-07 17:32:40 +01:00
clemkeirua
959aacdea5 Sendinblue email balancing using proper credentials
This reverts commit c61981e795.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795 Revert "Sendinblue email balancing using interceptor"
This reverts commit b2135b6576.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576 Sendinblue email balancing using interceptor
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Paul Chavard
18e91e7ca3 Extend old export format till mid-November 2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d Add a DS_PROXY_URL env variable 2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134 Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
This reverts commit 71227be37f.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f Revert "Decommission ActiveStorage proxy service and use openstack service"
This reverts commit 0ff6c793ae.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae Decommission ActiveStorage proxy service and use openstack service
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b migrate sendinblue API to v3 2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e merge with the work of paul, using 3 links 2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56 [fix #1537] Remove simple_form gem 2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63 remove download_as_zip feature flag 2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474 Put graphql behind a feature flag 2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3 Configure GraphQL::RailsLogger 2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7 Correctly create new flipper flags 2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b Migrate to flipper 2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a mailers: add a NO_REPLY address to transactional emails 2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616 Remove carrierwave uploaders 2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800 Add crips help domaine to defaut policy src
[fix #4234]

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e Use rack_attack_enabled?
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25 RackAttack: use remote ip and test it ! 2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d add Gem rack_attack for prevent attack brute-force 2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb Rename gestionnaire to instructeur in a comment
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70 Rename gestionnaire in code to instructeur 2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3 #3928 Added constants to define password min length & complexity 2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9 models: remove old pieces justificatives 2019-07-30 16:11:17 +02:00
pedong
9438f962c5 add alert for account is locked 2019-07-29 17:48:44 +02:00
pedong
8d03a6747c add lockable to User, Gestionnaire, administration, Administrateur 2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab replaced api-carto endpoint 2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840 Refactor message attachements to use active_storage 2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75 Activate device email change confirmation 2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb Landing: voir les démarches -> comment trouver ma démarche 2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9 missing connect-src 2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf enable static + activate csp in production 2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9 enable csp 2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911 fix csp rule for crisp websocket 2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973 enable crisp websockets and css 2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4 add duplicate rules as fallback 2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0 add missing elements 2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
dace9a53d3 Add Universign timestamp API query 2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e more generic elements to the security policy 2019-06-17 09:51:27 +02:00
Pierre de La Morinerie
d410e31344 active_storage: document the virus scan hooks 2019-05-28 11:39:22 +02:00
Paul Chavard
cc4eba2b36 Less mokey patching 2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e more whitelist for the common domains we use 2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1 Use active storage load hook to extend blob 2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595 Put devtools behind feature flags 2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e use constant for localhost 2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6 changement de l'URI de report-uri 2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
d431eeeb93 carrierwave: fix typo
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Chaïb Martinez
3004f96cf5 Add video and webinar URLs to admin pages
Fix #3850

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c update on the security policy headers 2019-05-09 14:55:21 +02:00
clemkeirua
64b858ef19 handle Gon + add report-uri URL 2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98 add security policy 2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9 Save virus scan status to blob metadata 2019-05-02 15:58:09 +02:00
Paul Chavard
b9be186d2c Sentry should send environment information 2019-04-03 18:19:16 +02:00
Paul Chavard
51c79ba6a6 Update webpacker and replace vue with react 2019-04-03 14:38:07 +02:00