Pierre de La Morinerie
149c6399f5
view: properly hide labels of the datetime selector
...
The accessibility labels where not properly hidden, which
resulted in the labels being visible and stacked vertically.
2022-05-31 15:35:40 +02:00
Pierre de La Morinerie
3e91a16895
app: display estimated fill duration on procedure description
2022-05-25 10:39:15 +02:00
Pierre de La Morinerie
4fcb85fd65
app: remove procedure_dossier_papertrail feature flag
...
The feature is now enabled for all procedures.
2022-05-24 17:32:11 +02:00
simon lehericey
faae2f55d8
Flipper: remove deprecated conf
...
https://github.com/jnunemaker/flipper/pull/523
2022-05-16 16:10:35 +02:00
Paul Chavard
9e0b3b642f
cleanup(sendinblue): remove sendinblue tracking
2022-05-06 11:14:44 +02:00
Martin
3737311390
feat(procedure.procedure_expires_when_termine_enabled): enable by default, allow contributor to choose the default settings of this flag using an env var during migration. ie: DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED=true|false
...
feat(administrateurs/procedures#show): warning/alert when procedure_expires_when_termine_enabled is not true on current procedure
feat(administrateur/procedure#update): after an update redirect to procedure show: suggested by: https://ux.stackexchange.com/questions/55291/after-updating-form-should-redirect-back-to-form-itself-or-to-the-show-page-or-b and confirmed by Olivier
clean(Flipper.archive_zip_globale): no more in use, so remove all occurences
Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml
Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>
Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml
Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>
Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml
Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>
Update spec/views/administrateurs/procedures/show.html.haml_spec.rb
Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>
fix(review): typo, why ena?, who knows
fix(env.example.optional): add missing DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED
2022-05-05 13:07:11 +02:00
Pierre de La Morinerie
9bc5364ca2
app: add controller and view to generate a deposit receipt
2022-05-04 16:09:52 +02:00
Pierre de La Morinerie
fe56b7bb68
config: add papertrail feature-flag
2022-05-04 16:09:52 +02:00
Martin
a0df24b631
clean(SMTP.balancing): remove some env vars
2022-05-03 16:46:35 +02:00
simon lehericey
ea361643be
types_de_champ -> types_de_champs_public
2022-05-03 11:05:24 +02:00
simon lehericey
aa0ef955d5
dolist config
2022-04-28 15:48:54 +02:00
Paul Chavard
433c01b1e6
Revert "Merge pull request #7137 from betagouv/faster_pdf"
...
This reverts commit 9da44bd913
, reversing
changes made to ebac71796c
.
2022-04-12 19:22:07 +02:00
simon lehericey
af27af7900
! instances : prawn does not like svg
...
win 10% on pdf generation
2022-04-12 11:56:56 +02:00
Martin
7c0e8e406b
fix(users/profiles#update): allow people from @assurance-maladie.fr to be a target email when user change his email
2022-04-06 16:07:25 +02:00
Paul Chavard
44c64669e9
Revert "Merge pull request #6787 from tchak/use-vite"
...
This reverts commit 5d572727b5
, reversing
changes made to 43be4482ee
.
2022-03-31 12:07:52 +02:00
simon lehericey
250b699664
remove duplicate csp
2022-03-29 16:27:08 +02:00
Paul Chavard
187e84a010
feat(assets): use vitejs to build javascript
2022-03-29 16:27:08 +02:00
simon lehericey
7ecf20ce75
harden email validation
2022-03-24 13:00:54 +01:00
Pierre de La Morinerie
2e04435117
gems: add strong_migrations
2022-03-16 10:30:25 +01:00
François Vantomme
d5cd0101c8
feat(footer): customize using custom views & locales
2022-03-10 17:31:20 +01:00
Pierre de La Morinerie
3481d27cba
config: block browser external connections during system tests
...
During system tests, we don't want the headless browser to load
external resources:
- It is faster (we don't wait for external resources to be loaded)
- It avoids leaking our test setup to external service
Fixes #6982
2022-02-22 17:24:25 +01:00
Pierre de La Morinerie
6d5f44d489
config: translate the CSP comments from french to english
2022-02-22 17:17:55 +01:00
Pierre de La Morinerie
c2729ab7e2
config: add Matomo to the frame_src
Content Security Policy
...
Solves the Matomo iframe being blocked on `/suivi`. Fix #5868
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
3276db016f
config: add Matomo to the connect_src
Content Security Policy
...
Solves Matomo connections being blocked. Fix #6949
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
6fa52e8a5a
config: report CSP violations to report-uri
2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
0b2775a1a6
config: add back DS_PROXY_URL to CSP
...
Otherwise a bunch of "static.demarches-simplifiees.fr" domains would
be missing.
2022-02-15 12:49:52 +01:00
François Vantomme
d5f207d98c
refactor(url): use env variables in content security policies
2022-02-15 12:49:52 +01:00
Jon
31996c7d09
chore(smtp): add mailcatcher configuration
2022-02-15 09:34:07 +01:00
François Vantomme
ac915494df
feat(landing): hide testimonial & users sections
2022-02-15 08:49:23 +01:00
François Vantomme
e8f62e78fe
feat(matomo): configure Matomo iframe URL with an env variable
2022-02-09 12:44:13 +01:00
Pierre de La Morinerie
3e20ea13d8
Revert "Utilisation des variables d'environnement lors de la déclaration des Content Security Policies"
2022-02-08 22:20:08 +01:00
François Vantomme
8eaecd184a
refactor(url): use env variables in content security policies
2022-02-08 15:15:55 +01:00
Pierre de La Morinerie
847abca122
config: simplify mailer configuration again
...
Move everything to initializers, and replace the email settings
interceptor by a BalancerDeliveryMethod.
It has the advantage that it can be configured entirely from the
`config/environment.rb` file, without an extra file to look at.
2022-02-08 12:44:43 +01:00
François Vantomme
51cfd3d7ad
feat(env): add env variables for the provider data
2022-02-04 18:20:06 +01:00
Pierre de La Morinerie
387701e7cb
config: add a new SAML_IDP_ENABLED env var
...
This fixes the app crashing on launch when using the production profile,
because the certificates are not present.
2022-01-26 16:45:50 +01:00
Martin
252eee272b
feat(support#create): block with invisible captcha [avoid painful captcha]
2022-01-04 14:49:00 +01:00
Pierre de La Morinerie
d524beee4e
app: remove :instructeur_bypass_email_login_token
from Flipper
2021-12-02 08:51:52 +01:00
simon lehericey
c4cde500ce
fix acsv
2021-11-30 09:42:45 +01:00
simon lehericey
3316dfc866
reopen openid_connect gem to support AC encrypted jwt response
2021-11-23 14:17:59 +01:00
simon lehericey
45ce274721
add agent connect secrets
2021-11-23 14:17:59 +01:00
Paul Chavard
1adafd22d0
fix(graphql): add graphql_operation to lograge
2021-11-04 16:18:10 +01:00
Pierre de La Morinerie
d0e87a08cf
services: cache zxcvbn dictionaries per-thread
...
Before, every time a password was tested, the dictionaries were parsed
again by zxcvbn.
Parsing dictionaries is slow: it may take up to ~1s. This doesn't matter
that much in production, but it makes tests very slow (because we tend
to create a lot of User records).
With this changes, the initializer tester is shared between calls, class
instances and threads. It is lazily loaded on first use, in order not to
slow down the application boot sequence.
This uses ~20 Mo of memory (only once for all threads), but makes tests
more that twice faster.
For instance, model tests go from **8m 21s** to **3m 26s**.
NB:
An additionnal optimization could be to preload the tester on
boot, before workers are forked, to take advantage of Puma copy-on-write
mechanism. In this way all forked workers would use the same cached
instance.
But:
- We're not actually sure this would work properly. What if Ruby updates
an interval ivar on the class, and this forces the OS to copy the
whole data structure in each fork?
- Puma phased restarts are not compatible with copy-on-write anyway.
So we're avoiding this optimisation for now, and take the extra 20 Mo
per worker.
2021-10-25 12:04:56 +02:00
simon lehericey
738d08a1d9
change in whitelist
2021-10-19 21:07:24 +02:00
simon lehericey
44c880adc4
allow instructeur and administrateur to change their email to legit domain ( #6550 )
2021-10-19 15:54:57 +02:00
simon lehericey
b69dafc3d4
CNAF in lowercase
2021-10-12 14:26:40 +02:00
Pierre de La Morinerie
0b02fce5e4
jobs: move ActiveJobLogSubscriber out of initializers
...
This is a class of its own, it doesn't need to be in the initializers.
2021-10-12 11:40:19 +02:00
kara Diaby
eb951c75e4
change stats colors
2021-09-28 14:49:24 +02:00
simon lehericey
75043070da
add CNAFAdapter
2021-09-22 12:08:24 +02:00
Pierre de La Morinerie
b4e850b88b
config: remove old retro-compatibility Job constants
...
These constants were defined so that existing enqueued jobs wouldn't
fail during the app upgrade.
These jobs are long gone. Let's remove the compatibility code.
2021-09-21 10:43:33 -05:00
Paul Chavard
eea6b961d7
refactor(routage): remove administrateur_routage feature flag
2021-09-18 11:21:26 +02:00
simon lehericey
69bb174e29
add feature flipped link to add api particulier token
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
620a5374e8
Add api particulier url in conf
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Peng-Fei DONG
1979c44f9c
set OTP: Enable or Disable
2021-09-09 10:25:15 -05:00
Pierre de La Morinerie
407f46b7de
gems: remove smart_listing
...
It was only used in the old design, which we recently removed
completely.
2021-09-09 09:58:41 -05:00
Ismael MOUSSA S. (T0194673)
9d012d51e8
delete features flag option : 'make_experts_notifiable'
2021-09-07 10:49:20 +02:00
Paul Chavard
ffa8c0c80a
feat(dossiers): enable dossiers termine expiration behind feature flag
...
feature flag "procedure_process_expired_dossiers_termine" controls if a procedure has expiration
enabled on dossiers termine
re #3796
2021-08-18 16:11:35 +01:00
Pierre de La Morinerie
9eb2e13d43
config: report job exceptions after max retry count reached
...
Previously Sentry reported job exceptions even if a retry
strategy was specified. So we had to ignore retried job exceptions
entirely.
Since sentry-delayed-job 0.4.4, we can instead let Sentry report
job exceptions when the retry count is exhausted. Which is
exactly the behavior we want.
2021-07-01 15:06:14 +02:00
Paul Chavard
7cb2f91fea
Add revisions feature flag
2021-06-23 09:40:07 +02:00
François Vantomme
bc6d5aca0e
Fix (Sentry): prefer Rails secrets over ENV variables
2021-05-27 11:12:27 +02:00
Jon
2a0a65a90f
fix(sentry): specify current environment for sentry config
2021-05-27 11:12:27 +02:00
Paul Chavard
e74dcb0056
Remove ign feature flag
2021-05-24 11:50:16 +02:00
Paul Chavard
01c558953b
Remove API GEO legacy adapter
2021-05-24 11:50:16 +02:00
Christophe Robillard
2516abc277
activate rack_mini_profiler in dev and display query count
2021-05-05 17:16:10 +02:00
Pierre de La Morinerie
fbfe5c3817
jobs: also retry native ActiveStorage's jobs on transient errors
2021-04-29 14:08:12 +02:00
Pierre de La Morinerie
9ad57fde2a
initializers: lazy-load Mailjet gem
...
This fixes an error message on app startup about autoloaded
constants:
> DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.
The reason for this error is that the Mailjet gem forces the
immediate loading of `action_mailer`. Which leads to the
following sequence of events:
On app init, when bundler requires all the gems in the Gemfile:
- The Mailjet gem is required,
- It loads `ActionMailer::Base`.
Later, when Rails initializes itself:
- `ActionText` creates an `action_text.helpers` initializer,
- This initializer register hooks to add `ActionText` helpers
when either `action_controller_base` or `action_mailer` are loaded,
- But as `action_mailer` has already been loaded, the hook is trigerred
immediately,
- ActiveSupport::Dependencies notices `ActionText` constants do not
exist yet, auto-load them, and add the constants to
`ActiveSupport::Dependencies.autoloaded_constants`.
And even later, at the end of the Rails initialization process:
- The `:warn_if_autoloaded` initializer is run,
- It notices that `autoloaded_constants` is not empty, and prints the
warning message.
See https://github.com/mailjet/mailjet-gem/issues/213
2021-04-20 15:11:43 +02:00
Paul Chavard
f08d704d5f
Fix api docs URL
2021-04-15 17:06:23 +02:00
simon lehericey
b87a691176
use env for localization to avoid db round trip
2021-04-06 18:23:14 +02:00
simon lehericey
cd4ad6878c
remove insee_api_v3 feature
2021-04-06 18:23:14 +02:00
simon lehericey
06d2eb2d21
remove feature xray
2021-04-06 18:23:14 +02:00
simon lehericey
c2847d1481
remove unused mini_profiler var
2021-04-06 18:23:14 +02:00
simon lehericey
6f2b2c3c1f
use env for maintenance mode to avoid DB roundtrip
2021-04-06 18:23:14 +02:00
simon lehericey
1715a4899f
remove coronavirus banner
2021-04-06 18:23:14 +02:00
Pierre de La Morinerie
42b3ba1e1b
config: migrate all config to Rails 6.1 defaults
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
ce427784e7
config: enable has_many_inversing
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
6bc608a821
config: enable most Rails 6.1 defaults
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
c2ce20d40c
config: form_with now generates local forms by default
...
We can remove the `local: true` parameter, as it is now implied by
default.
2021-04-06 12:12:57 +02:00
Pierre de La Morinerie
b65de3e583
config: make the queue names explicit
...
With Rails 6.1, the default queue is now the global application queue.
We want to retain our custom queues in some cases, so configure them
epxlicitely.
2021-04-06 12:12:57 +02:00
Christophe Robillard
d89dc785f0
met à jour le lien de bas de page Accessibilité
...
Ce lien pointe désormais vers notre site de documentation
2021-03-30 15:08:20 +02:00
Pierre de La Morinerie
5990439ab7
app: update code to Rails 6.1
2021-03-25 13:24:53 +01:00
Pierre de La Morinerie
ac5303d56d
config: make Sentry ignore rescued ActiveJob exceptions
...
For now the Sentry delayed_job integration reports errors that are
rescued with `retry_on`.
Ignore these errors manually for now.
See https://github.com/getsentry/sentry-ruby/issues/1347
2021-03-18 10:52:10 +01:00
Pierre de La Morinerie
75a1046315
active_storage: refactor concerns
...
Follow-up of #5953 .
Refactor the concerns with two goals:
- Getting closer from the way ActiveStorage adds its own hooks.
Usually ActiveStorage does this using an `Attachment#after_create`
hook, which then delegates to the blob to enqueue the job.
- Enqueuing each job only once. By hooking on `Attachment#after_create`,
we guarantee each job will be added only once.
We then let the jobs themselves check if they are relevant or not, and
retry or discard themselves if necessary.
We also need to update the tests a bit, because Rails'
`perform_enqueued_jobs(&block)` test helper doesn't honor the `retry_on`
clause of jobs. Instead it forwards the exception to the caller – which
makes the test fail.
Instead we use the inline version of `perform_enqueued_jobs()`, without
a block, which properly ignores errors catched by retry_on.
2021-03-16 11:49:14 +01:00
Pierre de La Morinerie
b0735aafe0
config: fix DynamicSmtpSettingsInterceptor warning again
...
This warning re-appeared when running mailer tests:
```
DISABLE_SPRING=1 bin/rspec spec/mailers/administration_mailer_spec.rb
```
It is now fixed properly, in a way recommanded by the documentation.
2021-03-04 22:52:19 +01:00
Paul Chavard
600f49a0ff
Hide groupe instructeur selector when routage is done via API
2021-03-04 11:06:04 +01:00
Paul Chavard
1c811083c0
Cleanup feature flags usage
2021-03-04 11:06:04 +01:00
Pierre de La Morinerie
d36a684315
config: fix zeitwekr warning when reloading the app
...
Turns out we need not only to load the Job constants later, but also
not to do the same work twice – otherwise we'll get a
> ApiEntreprise::Job constant is already defined
when attempting to re-define the constant.
2021-02-24 19:01:27 +01:00
Pierre de La Morinerie
9f676c76e1
config: fix zeitwerk warning about DynamicSmtpSettingsInterceptor
...
Fix a warning when running tests:
> DEPRECATION WARNING: Initialization autoloaded the constant DynamicSmtpSettingsInterceptor.
>
> Being able to do this is deprecated. Autoloading during initialization is going
to be an error condition in future versions of Rails.
>
> Reloading does not reboot the application, and therefore code executed during
> initialization does not run again. So, if you reload DynamicSmtpSettingsInterceptor, for example,
> the expected changes won't be reflected in that stale Class object.
>
> This autoloaded constant has been unloaded.
>
> Please, check the "Autoloading and Reloading Constants" guide for solutions.
However if we fix as recommanded, the interceptor will get added
each time the classes are reloaded. And as the actual class instance
changed after the reloading, they won't be de-duplicated – *and*
there's no way to remove the old interceptor without having a reference
to the (now-deleted) class.
Instead we load the interceptor once, and add a message about the class
not being auto-reloaded.
2021-02-24 19:00:29 +01:00
Pierre de La Morinerie
68425929c6
config: disable Sentry sampling when not enabled
...
This removes spam in the debug console when running locally.
Removed messages look like a swarm of:
> [Tracing] Discarding <rails.request> transaction </assets/marianne.png> because it's not included in the random sample (sampling rate = 0.001)
2021-02-24 17:45:18 +01:00
Pierre de La Morinerie
e51948ab5c
stylesheets: merge print rules with the application stylesheet
...
- Having a separate stylesheet for print rules is not a best practice
(it makes an extra network request)
- It makes migrating to Sprockets 4 easier
2021-02-24 17:09:51 +01:00
Pierre de La Morinerie
fb305e31c4
config: move application_name to an initializer
...
It seems cleaner not to require a file before the Rails configuration
runs.
2021-02-24 15:06:55 +01:00
Pierre de La Morinerie
a2175ed6e3
config: reload compatibility aliases on classes reload
...
Fixes zeitwerk complaining that the compatibility aliases loaded in an
initializer will never be reloaded.
In our case it doesn't matter that much, but it will reduce the console
spam.
2021-02-23 09:24:13 +00:00
Paul Chavard
228a83f8a5
Add api address external data fetch
2021-02-17 19:10:16 +01:00
Paul Chavard
7223d77058
Remove unused paths from assets pipeline
2021-02-17 10:16:54 +01:00
Paul Chavard
cfa80578a7
Adjust sentry sample rate
2021-02-12 11:35:58 +01:00
Pierre de La Morinerie
819325c761
zeitwerk: move our Array extension to initializers/core_ext
2021-02-11 12:30:43 +01:00
Paul Chavard
0697e50b7c
lower sentry sampling to 1%
2021-02-10 17:52:18 +01:00
Paul Chavard
eac967f84e
Add sentry traces (20% for now)
2021-02-10 15:35:21 +01:00
Pierre de La Morinerie
0af7188d8c
zeitwerk: add inflections
2021-02-09 13:09:10 +01:00
Pierre de La Morinerie
7d1c79bf4b
zeitwerk: Url -> URL
2021-02-09 13:07:30 +01:00
Pierre de La Morinerie
150ddab660
zeitwerk: Api -> API
2021-02-09 13:07:30 +01:00
Fabrice Gangler
229f495753
allow email footer logo to be configured in .env file
...
Refs: #5873
2021-02-09 09:39:02 +01:00
Fabrice Gangler
3034716963
allow mailers/_bizdev_signature to be configured in .env file
...
Refs: #5871
2021-02-04 13:09:40 +01:00
Fabrice Gangler
d039798ac8
allow logo in PDF export to be configured in .env file
...
Refs: #5869
2021-02-04 12:24:31 +01:00
Paul Chavard
c46ab38055
Add sentry-rails
2021-01-28 15:31:27 +01:00
simon lehericey
d72f0c6dd2
Add authorized content type for pj
2021-01-18 17:23:08 +01:00
Paul Chavard
91be115c70
Add annuaire_education champ ui
2021-01-14 17:57:48 +01:00
Paul Chavard
5c9f2e8783
Add api education adapter and job
2021-01-14 17:57:48 +01:00
Fabrice Gangler
a8081d4b83
allow configuration of the URLs of FAQ and documentation websites in an .env file
...
Refs: #5801
2020-12-15 16:40:10 +01:00
Fabrice Gangler
064ea776c7
allow default logo of a procedure to be configured in .env file
...
Refs: #5795
2020-12-14 13:41:10 +01:00
Paul Chavard
3c6e30a326
Show titre identite link only once watermark is added
2020-12-10 16:50:03 +01:00
Fabrice Gangler
0d80d2ddd1
allow logos (mail, webapp) and favicons to be configured in .env file
...
Refs: #5764
2020-11-27 01:41:47 +01:00
Paul Chavard
18dfacb933
Make watermark configurable
2020-11-25 16:19:06 +01:00
Paul Chavard
b48e7813d2
Put watermark code behind a feature flag
2020-11-25 16:19:06 +01:00
Paul Chavard
371179dc5b
Watermark titres identite
2020-11-25 16:19:06 +01:00
Fabrice Gangler
d3caf30bf3
allow CGU URL and Legal Notice URL to be configured in .env file
...
Refs: #5754
2020-11-20 22:11:42 +01:00
Christophe Robillard
9347951cea
act as an saml identity provider
2020-11-16 12:19:54 +01:00
Christophe Robillard
305ccdc0cd
add recoverable and two_factor stragegy for administration
2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960
remove github authentication for manager
2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2
Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp
2020-10-30 17:08:31 +01:00
kara Diaby
3d56b1d8b0
fix bootstrap cdn
2020-10-22 15:00:01 +02:00
clemkeirua
d7fff61d5d
ajout de la gem sendinblue
2020-10-13 17:36:43 +02:00
clemkeirua
111f309c7f
changement de l'adresse de création de compte administrateur
2020-09-21 17:02:37 +02:00
clemkeirua
f9c4e967d6
remove :autosave_dossier_draft
2020-09-21 08:46:01 +00:00
clemkeirua
6643b598c3
remove :administrateur_graphql
2020-09-17 09:24:50 +02:00
clemkeirua
1be07c1ef5
remove :administrateur_champ_integer_number
2020-09-17 09:24:50 +02:00
clemkeirua
01ac4d7e19
remove operation_log_serialize_subject
2020-09-17 09:24:50 +02:00
simon lehericey
5459c2fa7f
Fix uninitialized excon constant
2020-09-08 18:36:24 +02:00
simon lehericey
19d73f13f0
variabilize banner message
2020-09-08 14:52:42 +02:00
simon lehericey
bd6705b90a
Remove image and video analyzer which are not used
2020-09-02 17:00:26 +02:00
Judith
af25fdd77c
gem http_accept_language installed and (de)activable with feature flag
2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
82c89fb56f
config: remove comment about ActiveStorage integration with VirusScanner
...
As the comment states, it would be nice to load the Virus Scanner on
the Attachment (rather than the blob).
However, in order not to clobber the blob metadata, we want to run the
VirusScanner once the blob analyzer did run.
And the most direct way to detect that the blob analyzer did run is to
add an `on_update_commit` hook on the blob, as this hook will be
trigerred when saving changes to the metadata. This is what the current
solution uses.
So the current solution is almost optimal, and has a low chance of
accidentally clobbering the blob metadata – as the virus scanner is only
started when the analysis phase is finished.
2020-08-26 16:11:01 +02:00
Pierre de La Morinerie
527a330c7a
config: use Rails 6.0 config defaults
...
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
fbbcd97463
config: flip config.active_record.collection_cache_versioning
...
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc
config: flip config.action_mailer.delivery_job
...
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a
config: flip config.active_storage.replace_on_assign_to_many
...
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47
config: flip config.active_storage.queues
...
ActiveStorage jobs are now moved to their own queue.
For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373
config: flip config.active_job.return_false_on_aborted_enqueue
...
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0
config: flip action_dispatch_return_only_media_type_on_content_type
...
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.
Example:
```ruby
reponse.content_type == 'text/html; charset=utf-8'
```
The MIME type-only fragment can now be accessed using `#media_type`.
Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75
config: flip config.action_dispatch.use_cookies_with_metadata
...
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.
Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d
config: flip config.action_view.default_enforce_utf8
...
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Paul Chavard
4c87e547b3
Put IGN map behind a feature flag
2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e
Add carte ign
2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531
add cdn.jsdeliver.net to the CSP
2020-07-27 16:54:46 +02:00
Fabrice Gangler
1352cde321
Feat: allow emails senders to be configured in .env file
...
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d
specific deactivation of rubocop DS/ApplicationName rule
2020-07-23 16:20:16 +02:00
clemkeirua
c658428441
added application name in config/
2020-07-23 16:17:54 +02:00
clemkeirua
31a262efef
extraction d'urls doc/faq/… dans url.rb
2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
...
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159
Add revisions migrations
2020-07-21 19:35:30 +02:00
clemkeirua
c0cf8b1341
fix display of labels for datetime on screenreaders
2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d
allow status page URL to be configured in .env
2020-07-17 15:53:49 +02:00
Paul Chavard
6a24c3f812
Rails app:update
2020-07-07 18:03:56 +02:00
clemkeirua
6a3811a4e2
fix catalog v3
2020-06-19 14:20:32 +02:00
krichtof
ff6eaf73db
Revert "Suppression de l'utilisation de Keystone v2"
2020-06-04 17:32:25 +02:00
Paul Chavard
901b6e23a8
Remove legacy carto
2020-06-04 16:03:23 +02:00
clemkeirua
def744d627
remove now useless keystone v2
2020-06-04 12:05:27 +00:00
clemkeirua
868decd06e
add overide for fog openstack v3
2020-06-02 15:03:37 +02:00
Pierre de La Morinerie
c9820adbc4
urls: fix link to autosave FAQ article
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
6eca93faab
urls: fix link to admin FAQ category
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
93bb5283ff
app: remove the feature flag for pieces justificatives auto-upload
...
The feature works as intended: we can remove the feature flag.
2020-05-14 17:39:07 +02:00
Keirua
a869a04e1e
Mise à jour de l'URL de doc sur l'archivage
...
Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>
2020-05-13 16:45:27 +02:00
clemkeirua
84888be255
clarification de l'archivage/suppression
2020-05-13 16:45:27 +02:00
kara Diaby
2fc438ab65
Fix safari and firefox compatibility mapbox gl
2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee
Migrate the map editor to mapbox-gl with react component
2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2
config: fix (again) the CSP when running a LiveReload server locally
...
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.
Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
Paul Chavard
7a8fd3c679
Use graphql playground instead of graphiql
2020-04-09 19:38:19 +02:00
kara Diaby
56e9834389
Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
...
This reverts commit 473ed00b6c
.
2020-04-09 11:01:20 +02:00
kara Diaby
473ed00b6c
Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
...
This reverts commit fe0b3c2215
.
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215
Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
...
This reverts commit 3e21b78142
.
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"
2020-04-07 15:32:14 +02:00
kara Diaby
aa56cfd7a0
migrate map to mapbox-gl with a react component
2020-04-02 15:39:47 +02:00
Pierre de La Morinerie
6417c0d2c0
dossiers: allow auto upload of attachments
2020-03-31 13:09:44 +02:00
clemkeirua
5ef6f92fdc
update CGU URL
2020-03-25 09:50:41 +00:00
clemkeirua
057d7bc2f1
add interval data type to ActiveRecord
2020-03-24 18:10:13 +01:00
clemkeirua
c077762a04
added labels for datetime
...
cf https://stackoverflow.com/a/47836699
2020-03-24 16:54:35 +00:00
Pierre de La Morinerie
ea94ea05a0
config: configure CSP to allow live-reload requests
...
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Paul Chavard
444d19e191
Remove unused gems
2020-03-17 11:25:21 +01:00
Paul Chavard
ae2cfdd44e
Update browser gem
...
`modern?` method was removed in version 4
2020-03-17 11:25:20 +01:00
Pierre de La Morinerie
745b00366f
Revert "app: hide IE11 deprecation banner during the strike"
...
This reverts commit c2882b6cc3
.
2020-01-28 15:18:18 +01:00
Paul Chavard
4edc7b00cf
Use geocoder
2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad
Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
...
This reverts commit 4373cb22cb
.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb
Revert "Merge pull request #4552 from tchak/champ-communes"
...
This reverts commit 4cec26f73a
, reversing
changes made to 0ef25ef36c
.
2020-01-13 16:26:27 +01:00
Paul Chavard
cccb04d725
ActiveStorage url should expire after an hour
2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345
Remove unused code and tests
2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0
Make all location champs autocomplete
2020-01-07 11:52:51 +01:00
Paul Chavard
422b7f37ec
[GraphQL] expose file information
2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3
app: hide IE11 deprecation banner during the strike
...
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Christophe Robillard
4e7c779116
refuse les numéros de tel invalides
...
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
97af50c700
app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
...
For instance, Firefox iOS is reported as `firefox? true, version 20`.
As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
2ee8cab067
app: display a deprecation banner for IE 11
2019-12-03 16:02:08 +01:00
Pierre de La Morinerie
bff7892ba8
dossiers: autosave drafts
2019-11-21 14:00:06 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev
2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0
Fixes missing database on initialization: closes #4482 .
2019-11-14 09:17:39 +01:00
Paul Chavard
f7cbbe815c
[GraphQL]: Add default query to playground
2019-11-13 15:53:56 +01:00
clemkeirua
6351eabfdd
remove notification to report-uri in production
2019-11-07 17:32:40 +01:00
clemkeirua
959aacdea5
Sendinblue email balancing using proper credentials
...
This reverts commit c61981e795
.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795
Revert "Sendinblue email balancing using interceptor"
...
This reverts commit b2135b6576
.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576
Sendinblue email balancing using interceptor
...
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Paul Chavard
18e91e7ca3
Extend old export format till mid-November
2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d
Add a DS_PROXY_URL env variable
2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134
Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
...
This reverts commit 71227be37f
.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f
Revert "Decommission ActiveStorage proxy service and use openstack service"
...
This reverts commit 0ff6c793ae
.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae
Decommission ActiveStorage proxy service and use openstack service
...
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b
migrate sendinblue API to v3
2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e
merge with the work of paul, using 3 links
2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56
[ fix #1537 ] Remove simple_form gem
2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63
remove download_as_zip feature flag
2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474
Put graphql behind a feature flag
2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3
Configure GraphQL::RailsLogger
2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7
Correctly create new flipper flags
2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b
Migrate to flipper
2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a
mailers: add a NO_REPLY address to transactional emails
2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616
Remove carrierwave uploaders
2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800
Add crips help domaine to defaut policy src
...
[fix #4234 ]
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e
Use rack_attack_enabled?
...
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25
RackAttack: use remote ip and test it !
2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d
add Gem rack_attack for prevent attack brute-force
2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb
Rename gestionnaire to instructeur in a comment
...
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70
Rename gestionnaire in code to instructeur
2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3
#3928 Added constants to define password min length & complexity
2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9
models: remove old pieces justificatives
2019-07-30 16:11:17 +02:00
pedong
9438f962c5
add alert for account is locked
2019-07-29 17:48:44 +02:00
pedong
8d03a6747c
add lockable to User, Gestionnaire, administration, Administrateur
2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab
replaced api-carto endpoint
2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8
omniauth: protect against CSRF
...
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840
Refactor message attachements to use active_storage
2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75
Activate device email change confirmation
2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d
Add ActionText
2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb
Landing: voir les démarches -> comment trouver ma démarche
2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9
missing connect-src
2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf
enable static + activate csp in production
2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9
enable csp
2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911
fix csp rule for crisp websocket
2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973
enable crisp websockets and css
2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4
add duplicate rules as fallback
2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0
add missing elements
2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
dace9a53d3
Add Universign timestamp API query
2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e
more generic elements to the security policy
2019-06-17 09:51:27 +02:00
Pierre de La Morinerie
d410e31344
active_storage: document the virus scan hooks
2019-05-28 11:39:22 +02:00
Paul Chavard
cc4eba2b36
Less mokey patching
2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e
more whitelist for the common domains we use
2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1
Use active storage load hook to extend blob
2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595
Put devtools behind feature flags
2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e
use constant for localhost
2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6
changement de l'URI de report-uri
2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
d431eeeb93
carrierwave: fix typo
...
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Chaïb Martinez
3004f96cf5
Add video and webinar URLs to admin pages
...
Fix #3850
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c
update on the security policy headers
2019-05-09 14:55:21 +02:00
clemkeirua
64b858ef19
handle Gon + add report-uri URL
2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98
add security policy
2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9
Save virus scan status to blob metadata
2019-05-02 15:58:09 +02:00