Commit graph

3472 commits

Author SHA1 Message Date
simon lehericey
c725999582 move merge method to user 2021-10-28 14:39:13 +02:00
simon lehericey
3d524e9488 Change factory user password to be compatible with admin pass constraint 2021-10-28 14:39:13 +02:00
Paul Chavard
1393b7b07b fix(rebase): fix repetition champ rebase 2021-10-28 13:27:53 +02:00
kara Diaby
71aa13f468 tests 2021-10-27 12:00:39 +02:00
Pierre de La Morinerie
9fd38cae5e specs: migrate from features to system specs
System specs have been available since Rails 5.1, and are better
integrated with the Rails framework.

- Rename `spec/features` to `spec/system`
- Rename `feature do` to `describe do`
- Configure Capybara for system specs

Steps mostly taken from https://medium.com/table-xi/a-quick-guide-to-rails-system-tests-in-rspec-b6e9e8a8b5f6
2021-10-26 12:24:46 +02:00
Pierre de La Morinerie
df9fa258ae specs: remove database_cleaner
This is not needed for integration tests since Rails 5.1.

See https://www.nicholasjacques.io/blog/you-probably-dont-need-databasecleaner/
2021-10-26 12:24:46 +02:00
Pierre de La Morinerie
b1eee27dd7 specs: remove outdated workaround for silencing puma logs 2021-10-26 12:24:46 +02:00
Pierre de La Morinerie
cedbd31d39 specs: only build an admin when building a procedure
This should slighly be faster than doing a create in the middle of the
build.
2021-10-26 12:03:30 +02:00
Pierre de La Morinerie
a2b91c8ec6 factories: cleanup Administrateur, Instructeur and Expert factories
This changes:

- avoids relying on application code to create mock objects,
- allows to build Administrateur or Instructeurs without saving them.
2021-10-26 12:03:30 +02:00
Pierre de La Morinerie
0ff95df221 specs: improve speed of phone_champ_spec
Re-use the same champ for each test. This is safe, and makes the test
go from 4s to 1s.
2021-10-26 12:03:30 +02:00
Pierre de La Morinerie
fccf75710a specs: avoid creating uneeded champs on geo_area
It makes the test much faster.
2021-10-26 12:03:30 +02:00
Pierre de La Morinerie
d0e87a08cf services: cache zxcvbn dictionaries per-thread
Before, every time a password was tested, the dictionaries were parsed
again by zxcvbn.

Parsing dictionaries is slow: it may take up to ~1s. This doesn't matter
that much in production, but it makes tests very slow (because we tend
to create a lot of User records).

With this changes, the initializer tester is shared between calls, class
instances and threads. It is lazily loaded on first use, in order not to
slow down the application boot sequence.

This uses ~20 Mo of memory (only once for all threads), but makes tests
more that twice faster.

For instance, model tests go from **8m 21s** to **3m 26s**.

NB:
An additionnal optimization could be to preload the tester on
boot, before workers are forked, to take advantage of Puma copy-on-write
mechanism. In this way all forked workers would use the same cached
instance.

But:

- We're not actually sure this would work properly. What if Ruby updates
  an interval ivar on the class, and this forces the OS to copy the
  whole data structure in each fork?
- Puma phased restarts are not compatible with copy-on-write anyway.

So we're avoiding this optimisation for now, and take the extra 20 Mo
per worker.
2021-10-25 12:04:56 +02:00
Paul Chavard
1561ea82f6 fix(transfer): manually nullify staled transfers references 2021-10-21 13:54:26 +02:00
Paul Chavard
2a3a9dd822 feat(revisions): rebase dossiers brouillons 2021-10-20 17:26:09 +02:00
Paul Chavard
67e98f79c9 feat(revisions): add stable_id to changes 2021-10-20 17:25:34 +02:00
Pierre de La Morinerie
7b6420d427 specs: set i18n cookie before running browser specs
Otherwise the browser specs use the dault browser language, which may
be English depending on the system language.
2021-10-19 16:41:36 +02:00
Pierre de La Morinerie
0de8fd23c7 specs: remove invalid js: true specifier
Views specs cant't run Javascript.
2021-10-19 16:41:36 +02:00
simon lehericey
d19ad2840c rename preexisting to targeted, remove duplicated test 2021-10-19 16:12:42 +02:00
simon lehericey
52b7e85954 merge administrateur in user_controller 2021-10-19 16:12:42 +02:00
simon lehericey
866df74706 merge admin 2021-10-19 16:12:42 +02:00
simon lehericey
44c880adc4 allow instructeur and administrateur to change their email to legit domain (#6550) 2021-10-19 15:54:57 +02:00
simon lehericey
f54dfe6ead Do not raise error if user is nil
I do not get when it happens
2021-10-19 11:21:24 +02:00
simon lehericey
46fd15416b add end to end test 2021-10-14 14:47:50 +02:00
simon lehericey
933d7b8c8d merge with another preexisting account 2021-10-14 14:47:50 +02:00
simon lehericey
ce40e1127d merge with another new account 2021-10-14 14:47:50 +02:00
simon lehericey
19f81b594b merge with an existing account by using the password 2021-10-14 14:47:50 +02:00
simon lehericey
218e4633a9 securely retrieve fci 2021-10-14 14:47:50 +02:00
simon lehericey
f7299da1e7 launch merge process if an unlinked DS account with the same email exists 2021-10-14 14:47:50 +02:00
simon lehericey
f6879eba60 associate_user take a target email 2021-10-14 14:47:50 +02:00
simon lehericey
09f828a6a2 create_merge_token! 2021-10-14 14:47:50 +02:00
simon lehericey
34862f41e0 Add fci valid_for_merge 2021-10-14 14:47:50 +02:00
simon lehericey
6826bf03b0 Sign in with a user linked by france connect sub (openid)
instead of looking linked user by email because :

- follows FC recommendation to fetch ds account by openid
- the email is not a valid key as many user can share the same FCI email.

The following scenario is now working

A user A (email: 1@mail.com) uses FC to connect to DS
=> It is connected as 1@mail.com

Another user B (email: generic@mail.com) uses FC to connect
=> It is connected as generic@mail.com

The first user A change its FC email to generic@mail.com and connect to DS
=> It is still connected as 1@mail.com
2021-10-14 14:47:50 +02:00
simon lehericey
2f470b25aa spec cleaning 2021-10-14 14:47:50 +02:00
simon lehericey
87de9e38c6 allow draft to be saved with invalid cnaf champ 2021-10-12 14:27:20 +02:00
simon lehericey
cd7bafaa0d clean log_out spec helper 2021-10-12 14:27:20 +02:00
simon lehericey
35c7f05a0a source service supports unknown scope 2021-10-12 14:27:20 +02:00
simon lehericey
ac60d6c5a1 homogennize api particulier endpoint test url 2021-10-12 14:27:20 +02:00
simon lehericey
ecc26897e2 add end to end spec 2021-10-12 14:27:20 +02:00
simon lehericey
40d0cfcdc4 add champ validation 2021-10-12 14:27:20 +02:00
simon lehericey
c76d1043fa add cnaf champ 2021-10-12 14:27:20 +02:00
simon lehericey
d68129b34d add cnaf type de champ 2021-10-12 14:26:40 +02:00
simon lehericey
b69dafc3d4 CNAF in lowercase 2021-10-12 14:26:40 +02:00
simon lehericey
7c65571fca add case when the old_expert or old_instructeur is nil 2021-10-12 11:04:06 +02:00
simon lehericey
ec8ccad465 typo 2021-10-12 11:03:34 +02:00
simon lehericey
d7e621d167 beef up the merge methods 2021-10-07 15:51:31 +02:00
simon lehericey
77d14d4a60 forbid admin merge yet 2021-10-07 15:51:31 +02:00
simon lehericey
5009c583ea Add notice when merging account 2021-10-07 15:51:31 +02:00
simon lehericey
a480b31eb5 merge expert 2021-10-07 15:51:31 +02:00
simon lehericey
136f29524e merge instructeur 2021-10-07 15:51:31 +02:00
simon lehericey
9a6a53349f simple cases when the preexisting targeted account does not have instructeur or profile profile 2021-10-07 15:51:31 +02:00
simon lehericey
c56199e8f7 spec cleaning 2021-10-07 15:51:31 +02:00
simon lehericey
195583c0bd Enable manager specs 2021-10-07 15:51:31 +02:00
Paul Chavard
9d5c5447c2 fix(dossier): do not attempt to destroy transfers when a dossier is destroyed
we had a dependent option on both sides of a relationship which created race conditions
2021-10-06 17:51:09 +02:00
kara Diaby
919d708ec4 tests 2021-10-05 15:37:30 +02:00
kara Diaby
cbedef996b tests 2021-10-05 15:00:21 +02:00
simon lehericey
1000417bc9 update notifications_for_dossier used in dossier show 2021-10-05 12:05:43 +02:00
simon lehericey
65911b7680 update with_notifications dossiers scope (used in procedure index and show) 2021-10-05 12:05:43 +02:00
simon lehericey
f662b28baf update identity_updated_at column when user identity change 2021-10-05 12:05:43 +02:00
Peng-Fei DONG
dee536fca1 app: localize CSV import for groupe instructeurs 2021-10-05 10:58:15 +02:00
simon lehericey
9679e233cd [Fix #6512] admin preview in new tab 2021-10-05 10:47:58 +02:00
simon lehericey
64351d0287 [Fix #6504] Fix exception raised when deleting a transfer 2021-10-01 12:11:03 +02:00
Pierre de La Morinerie
b466fa7878 spec: ensure checkbox is visible before clicking it
There's a random failure in this spec, where the CI triggers this error:

> Failure/Error: check('checkbox')
>     
>     Selenium::WebDriver::Error::ElementClickInterceptedError:
>       element click intercepted: Element <input required="required" type="checkbox" value="on" name="dossier[champs_attributes][7][value]" id="dossier_champs_attributes_7_value"> is not clickable at point (205, 892). Other element would receive the click: <div class="send-dossier-actions-bar">...</div>

That's because the checkbox is partially overlapped by the sticky
action bar at the bottom of the screen – but only _some of the time_.

This commit attempts to fix the issue by manually scrolling the checkbox
at the center of the screen before clicking it.
2021-10-01 00:33:57 +02:00
simon lehericey
0cd9bcb1ab fix #6495 2021-09-28 15:53:18 +02:00
Paul Chavard
5933194149 feat(log): stop logging user emails
fix #6485
2021-09-27 14:56:00 +02:00
simon lehericey
57604b9c89 add schema validations 2021-09-22 12:08:24 +02:00
simon lehericey
75043070da add CNAFAdapter 2021-09-22 12:08:24 +02:00
simon lehericey
07962cc2c7 service: match remote keys 2021-09-22 12:08:24 +02:00
Ismael MOUSSA S
bdbb4deb87 ADD FILE_MAX_SIZE constant to set allow file size limit 2021-09-21 12:04:56 -05:00
simon lehericey
1446660ca3 an api_particulier_token change erases previous api_particulier_sources 2021-09-21 11:21:10 -05:00
simon lehericey
c87f3f7fb6 faster jeton_particulier_controller_spec 2021-09-21 11:21:10 -05:00
simon lehericey
2e1bed8748 an admin can save its sources 2021-09-21 11:21:10 -05:00
simon lehericey
8d747ff16e add sanitize method to service 2021-09-21 11:21:10 -05:00
Pierre de La Morinerie
eef90efd49 app: fix exception during password reset when the token has expired 2021-09-21 10:30:09 -05:00
simon lehericey
a7ec77f0a8 do not display the action for instructeur 2021-09-20 13:58:11 +02:00
simon lehericey
7239657a75 [Fix #6481] a user see its waiting transfers 2021-09-20 13:58:11 +02:00
simon lehericey
c34476a766 a user can transfer all its dossier 2021-09-20 13:58:11 +02:00
Paul Chavard
a8d04d6fc8 test(routing): fix routing feature spec 2021-09-18 11:22:35 +02:00
Paul Chavard
ad5279f4ab test(groupe_instructeur): fix groupe_instructeur controller spec 2021-09-18 11:22:35 +02:00
Paul Chavard
eea6b961d7 refactor(routage): remove administrateur_routage feature flag 2021-09-18 11:21:26 +02:00
simon lehericey
5dbd81ebeb show api particulier sources 2021-09-17 13:50:23 +02:00
simon lehericey
8327c6fd0c add ApiParticulier::Service::Sources 2021-09-17 13:50:23 +02:00
simon lehericey
1d06c15ac0 save api particulier scopes 2021-09-16 09:49:16 +02:00
simon lehericey
6c6205e188 a cloned procedure to a different admin does not keep api_particulier token and scopes 2021-09-16 09:30:11 +02:00
simon lehericey
7ee360df30 add logic to detect empty scopes 2021-09-16 09:09:34 +02:00
simon lehericey
ee6d19e3ee an admin can save it's api particulier token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
4c0dd43055 add jetons particulier index page
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
simon lehericey
87cb16093f fetch token introspection
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Paul Chavard
4850c3b02d fix(i18n): enable locale for email previews 2021-09-09 13:06:51 -05:00
Pierre de La Morinerie
407f46b7de gems: remove smart_listing
It was only used in the old design, which we recently removed
completely.
2021-09-09 09:58:41 -05:00
Pierre de La Morinerie
5cbf939911 spec: fix syntax of get requests in archives_controller_spec
Those were generating Ruby warnings:

> warning: Using the last argument as keyword parameters is deprecated
2021-09-09 09:58:41 -05:00
Pierre de La Morinerie
e5f449b595 devise: unify password reset views
By default, Devise will look for views:

1. First in `views/resource/passwords/…`,
2. Then in `views/devise/passwords/…` if not found.

By moving the views to `views/devise`, we avoid having a partial in
`views/shared` that we need to include manually, and instead let Devise
do the job automatically.
2021-09-09 09:40:40 -05:00
Pierre de La Morinerie
80f9d4adc0 devise: use password_strength component in SuperAdmin::PasswordsController 2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
62e4f7ee32 devise: use password_complexity in User::PasswordsController
This fixes the password strength meter no longer being displayed when
an admin changes their password.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
ed8b19d2eb app: use password_complexity in Administrateurs::ActivateController 2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
428ca8755f app: add a password_complexity component
This component will replace the previous `password_field` component.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
586f8ec543 models: improve password complexity specs 2021-09-09 09:40:39 -05:00
Paul Chavard
00c7c7c419 test(dossier): test dossier transfer 2021-09-08 15:49:04 +02:00
Paul Chavard
3235f42a63 feat(dossier): add dossier transfers UI 2021-09-08 15:10:43 +02:00
Paul Chavard
d6cbdf2a48 feat(dossier): add dossier transfer models 2021-09-08 14:39:46 +02:00
simon lehericey
9fc195f0e5 add test to dossier_projection_service 2021-09-07 15:17:06 +02:00
Paul Chavard
74e277d0a2 feat(graphql): add an option to dossier state change mutations to disable notifications 2021-09-07 14:21:48 +02:00
Paul Chavard
9e30d5fc22 fix(virus scan): prevent virus scans in specs 2021-09-07 14:21:48 +02:00
simon lehericey
367f508e2e linked_drop_down_list: empty primary => empty secondary 2021-09-07 10:09:18 +02:00
Paul Chavard
6a5a8233b5 feat(i18n): send dossier emails with its user locale and improuve translations 2021-09-07 09:51:23 +02:00
Pierre de La Morinerie
8bb283d977 app: delete old Admin::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
a004ac59df app: move archive to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
e7c8a9fff5 app: move clone to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
56fa7e7cd6 app: move destroy to NewAdministrateur::ProceduresController
The code was already moved; only the route and tests were not.
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
3e83ad454f app: move new_from_existing to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
7729385d89 controllers: remove dead code on Admin::ProceduresController
This code has been migrated to NewAdministrateur::ProceduresController.
2021-09-02 14:51:26 -05:00
Pierre de La Morinerie
0f9d7d6b8c app: remove old Admin::InstructeursController
It was only hosting the deprecated "Instructeurs globally attached to
this admin", which wasn't used anywhere in the app anymore.
2021-09-02 14:40:36 -05:00
Paul Chavard
a3cc072bbd feat(i18n): translate countries selector 2021-08-31 13:15:26 +02:00
Pierre de La Morinerie
b80f6a9f1b spec: fix some manager tests not running 2021-08-26 11:44:47 -05:00
Paul Chavard
8e1bfb469f fix(dossier): send expiration notifications 2 weeks prior to supression instead of a month 2021-08-26 11:28:57 +02:00
Paul Chavard
1399d9bba9 feat(graphql): expose demarche descriptor on dossier type
We don't want to expose full demarche type on dossiers because it would open the door for recursive queries that we want to avoid. DemarcheDescriptorType is a lightweight representation of demarche metadata.
2021-08-25 11:12:24 +02:00
Pierre de La Morinerie
47e1555dce i18n: properly translate the locale dropdown title 2021-08-24 12:57:51 -05:00
Pierre de La Morinerie
9741108094 lib: remove the 'migrated' key on filters
In a9a4f6e2a8, a task to migrate
ProcedurePresentation's filters was added.

This task added a "migrated: true" key to all migrated filters.

Now that this task has run, we can safely remove the extra key.

In a previous version of this commit, the migration would fail for
invalid ProcedurePresentation records. This is now fixed.
2021-08-24 08:42:22 -05:00
Christophe Robillard
83b6c5d7c7 replace deprecated axe-matchers by axe-core-spec 2021-08-24 08:09:17 -05:00
Paul Chavard
3b6528decf feat(i18n): enable localization by query param
Providing a query param ("locale") will enable localization. A language picker will be shown once
localization is activated. Locale is stored in a cookie "locale".
2021-08-24 12:42:40 +02:00
Ismael MOUSSA S. (T0194673)
330333aac4 6407 - Fix flash message typo in new administrateur/groupe instructeurs controller and its related spec 2021-08-20 20:10:44 +02:00
Christophe Robillard
8f2e0660d3 add spec for dossier with commune 2021-08-19 08:04:47 +02:00
Christophe Robillard
e06f11f33f add code insee libelle for commune export 2021-08-19 08:04:47 +02:00
Christophe Robillard
4a6c22d6a6 export code insee for commune champ 2021-08-19 08:04:47 +02:00
Paul Chavard
ffa8c0c80a feat(dossiers): enable dossiers termine expiration behind feature flag
feature flag "procedure_process_expired_dossiers_termine" controls if a procedure has expiration
enabled on dossiers termine

re #3796
2021-08-18 16:11:35 +01:00
Christophe Robillard
031b74759f archives: move bugreport 2021-08-05 09:24:20 +02:00
Christophe Robillard
38e3469e9a add bug report to archive 2021-08-03 14:51:41 +02:00
simon lehericey
b29bae4707 a procedure has an encrypted api_particulier_token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-07-30 11:18:44 +02:00
François Vantomme
17b659539f Feat (API Particulier): new encryption service 2021-07-30 11:18:44 +02:00
kara Diaby
69393c2921 modify groupe instructeur controller 2021-07-27 19:38:22 +02:00
kara Diaby
9c976c6b71 fixup! tests 2021-07-27 19:38:21 +02:00
Paul Chavard
64cfb4d64e Fix sort with revisions 2021-07-23 10:57:04 +02:00
Pierre de La Morinerie
6475cdff7a
Revert "Suppression de la clef "migrated": true sur les filtres des ProcedurePresentation" 2021-07-23 09:26:13 +02:00
Pierre de La Morinerie
e1909ed29f brouillon: redirect to sign-in when disconnected
There are two cases where the draft auto-save might fail because the
user is no longer authenticated:

- The user signed-out in another tab,
- The brower quit and re-opened, so the Session cookie expired.

In both cases, the auto-save will never succeed until the user
authenticates again, so displaying a "Retry" button is cruel.

Moreover, in plus of all auto-save requests failing with a small error,
the actual hard failure only occurs after filling all the form and
trying to submit it. Then the user is redirected to the sign-in page –
but all their changes are lost.

Instead, we now redirect to the sign-in page on the first 401 error
during the auto-save, let the user sign-in, and then redirect back to
the form.
2021-07-22 11:58:02 +02:00
Paul Chavard
388fb39eb5 Fix false positive blank champ warnings 2021-07-22 10:45:25 +02:00
Paul Chavard
ac0f50b488 Improuve champ blank check 2021-07-22 10:45:25 +02:00
Pierre de La Morinerie
fd74d9a062 lib: remove the 'migrated' key on filters
In a9a4f6e2a8, a task to migrate
ProcedurePresentation's filters was added.

This task added a "migrated: true" key to all migrated filters.

Now that this task has run, we can safely remove the extra key.
2021-07-20 16:51:32 +02:00
Pierre de La Morinerie
fda59c9231 lib: remove outdated tasks 2021-07-20 15:34:31 +02:00
Pierre de La Morinerie
32ab2f0a80 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-20 14:49:48 +02:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63 specs: add a feature test for forgery protection 2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
71741c5f98 views: fix checkbox wrongly selected in multiple_drop_down_list
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.

The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
kara Diaby
0b6c7dace7 tests 2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" 2021-07-13 18:19:46 +02:00
kara Diaby
d2d046a39d fix encoding problems with cherlock Holmes gem 2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
3c8a88a660 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
Paul Chavard
527db7631e Add a point on map from coordinates input 2021-07-07 13:33:28 +02:00
Paul Chavard
ab31087f23 Hide cadastres if there is none 2021-07-07 12:28:27 +02:00
Pierre de La Morinerie
37c62ac0a3 app: display standard error page when no cookies are present
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).

In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
Christophe Robillard
bc07a875eb integrate a mininum weight for the average dossier weight
before this commit, the average dossier weight took account only pieces
justificatives. With this commit, we add a minimum weight for other
files included in an archive like pdf_export, log operations,
attachments added to traitements. This minimum weight is set arbitrary,
from the observation of some random procedures in production
2021-07-06 15:58:45 +02:00
Pierre de La Morinerie
09933454ff app: improve InvalidAuthenticityToken logging
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00