Commit graph

2202 commits

Author SHA1 Message Date
Martin
1bb868714c fix(spec/lint/review): lint and fix spec of previous commits, also fix based on tchak feedback 2021-12-06 07:05:17 +01:00
Martin
d87f8b57cc feat(instructeurs/procedures#show): add dossier experiant in procedure#show 2021-12-06 07:05:17 +01:00
Martin
2dfbc70d41 feat(instructeur#dossiers_count_summary): add counter for expirants. ignore brouillon 2021-12-06 07:05:17 +01:00
Martin
f8a17b2cc4 feat(procedures#index): add dossiers-expirant to instructeur/procedure#index 2021-12-03 16:32:03 +01:00
Christophe Robillard
9341c787a1 administrateur can add zone to procedure 2021-12-02 19:24:26 +01:00
Pierre de La Morinerie
d524beee4e app: remove :instructeur_bypass_email_login_token from Flipper 2021-12-02 08:51:52 +01:00
Pierre de La Morinerie
ac07f05771 app: use Instructeur.bypass_email_login_token 2021-12-02 08:51:52 +01:00
Paul Chavard
46e2e34b89 fix(stats): remove super admin stats 2021-12-01 18:10:05 +01:00
Pierre de La Morinerie
28dfc6a1ba manager: save bypass_email_login_token to both column and feature 2021-11-30 13:41:25 +01:00
simon lehericey
c4cde500ce fix acsv 2021-11-30 09:42:45 +01:00
simon lehericey
5a0fb6237f 😭 AASM does not support keyword arguments
https://github.com/aasm/aasm/issues/672
2021-11-30 09:42:45 +01:00
Pierre de La Morinerie
184a401182 app: rename new_administrateur to administrateurs 2021-11-30 08:49:38 +01:00
simon lehericey
a0c0520502 avoid redirection to a deleted user 2021-11-29 15:27:17 +01:00
Kara Diaby
23677956f3 modify controller 2021-11-29 11:34:31 +01:00
Martin
cf82c030e8 hotfix(scoping): try to avoid requesting archived: false when using termine scope, use state_termine instead 2021-11-26 15:09:53 +01:00
kara Diaby
eaac293da3 add a new tab traités on user dossiers 2021-11-26 09:45:13 +01:00
Martin
fdf0f18fda fix(i18n): wrap text under i18n.t
i18n(france_connect/*): replace wording with i18n

fix(lint): i18n key issue

secu(views/france_connect/particulier/merge.html.haml): sanitize france_connect_email just in case

fix(brakeman): sanitize FCI.email_france_connect when used with html_safe via an I18n.t, also add exception to brakeman
2021-11-25 17:34:37 +01:00
Martin
21894d0a0a feat(france_connect/particulier#callback): in case the FC email exists as an DC account which is an instructor or and administrator, returns early to new_session_path so he can connect with this existing account 2021-11-25 17:34:36 +01:00
Martin
ff073f8884 Add confirmation by email when merging DC/FC accounts
feat(fci.confirmation_code): add confirmation code to france_connect_informations

feat(user_mailer.france_connect_confirmation_code): add confirmation by email mail method/preview/spec, pointing to merge_mail_with_existing_account (reuse existing method)

feat(mail_merge): mail merge

feat(merge.cannot_use_france_connect): same behaviour as callback

clean(fci.confirmation_code): use same token for mail validation as merge

feat(resend_france_connect/particulier/merge_confirmation): resend email with link. also enhance some trads, cleanup halfy finished refacto

clean(tech): finalize story by plugging merge_with_new_account to email validation

fix(deadspec): was removed

fix(spec): broken after last refactoring

lint(rubocop): space before parenthesis

lint(haml-lint): yoohoooo space before =

fix(lint): scss now :D

Update app/assets/stylesheets/buttons.scss

cleanup

feat(france_connect): re-add confirm by email, with an option for confirmation by email instead of only confirmation by email

fixup! Add confirmation by email when merging DC/FC accounts

fix(lint): haml_spec failure
2021-11-25 17:34:34 +01:00
mfo
e7d9d047fe
Merge branch 'main' into 6649-etq-usager-instructeur-rendre-la-suppression-plus-visible 2021-11-24 14:07:32 +01:00
Paul Chavard
758e7d68e6 fix(graphql): fix and improuve query parsing for logs 2021-11-24 13:23:05 +03:00
simon lehericey
c5097451ef add redirect 2021-11-23 14:17:59 +01:00
simon lehericey
5234a1854c manage AgentConnect callback 2021-11-23 14:17:59 +01:00
simon lehericey
898df449d4 redirect to AgentConnect 2021-11-23 14:17:59 +01:00
simon lehericey
d2432e34eb AgentConnect UI 2021-11-23 14:17:59 +01:00
mfo
49bb12a70e
Merge branch 'main' into 6649-etq-usager-instructeur-rendre-la-suppression-plus-visible 2021-11-23 11:05:51 +01:00
Pierre de La Morinerie
859a147c49 api: return error cause on parse error
Currently, when a query can't be parsed, the error is:
- logged to Sentry (which is useless to us),
- returned as a generic 'Internal Server Error' (which is useless to the
  user who made the query).

With this commit, the error is instead ignored from our logs (because it
is a user error), but the parse error details are returned to the user,
with the following format:

> {'errors': [{'message': 'Parse error on ")" (RPAREN) at [3, 23]'}]}
2021-11-19 15:15:10 +01:00
Martin
3d1533dee9 feat(users/dossiers?statut=dossiers-expirant): add dossiers-expirant tab 2021-11-19 15:14:39 +01:00
Paul Chavard
ae09b37e72 fix(champs): save departement info on champ commune 2021-11-17 14:52:47 +03:00
mfo
82b23b92c0
Merge branch 'main' into 6624/etq-instructeur-je-souhaite-supprimer-des-messages-envoyes-par-erreur 2021-11-17 05:41:56 +01:00
Paul Chavard
716a859c93 fix(profile): prevent crashing on renew token action 2021-11-16 20:01:56 +03:00
Paul Chavard
e74d599042 feat(procedure): remove duree_conservation_dossiers_hors_ds 2021-11-16 19:55:56 +03:00
Paul Chavard
65e59b8dcd fix(procedure): allow to modify duree_conservation_dossiers_dans_ds after publication 2021-11-16 19:55:56 +03:00
mfo
1d174df2ec
Merge branch 'main' into 6624/etq-instructeur-je-souhaite-supprimer-des-messages-envoyes-par-erreur 2021-11-16 16:37:15 +01:00
Martin
f0950b592b clean(CommentaireService): extract soft delete within controller. returning an instance with an error[:base] is not persisted with validation : avoid poluting stuff 2021-11-16 16:13:11 +01:00
Paul Chavard
3400c4c628 fix(champs): attach piece justificative 2021-11-16 17:57:41 +03:00
Paul Chavard
7914775809 feat(routage): administrateur can disable routage
fix #6627
2021-11-16 11:49:51 +03:00
Martin
4042d51d1a tech(lint): rubocopify 2021-11-15 14:17:57 +01:00
Martin
d4c74b5621 feat(rc.1): refine with better translations, better design 2021-11-15 14:15:05 +01:00
Martin
3b78a9d81a feat(rc): first stable 2021-11-15 13:53:32 +01:00
Martin
8b931a57d4 feat(CommentairesController#destroy): implement destroy endpoint using CommentaireService 2021-11-15 13:18:10 +01:00
simon lehericey
17d131b3cc add has_may requested_merge_from 2021-11-04 16:10:09 +01:00
simon lehericey
9041e201e8 one merge at a time 2021-11-04 16:10:09 +01:00
simon lehericey
b160086cc5 update update_email to allow merge 2021-11-04 16:10:09 +01:00
simon lehericey
652b8367be accept or refuse merge 2021-11-04 16:10:09 +01:00
simon lehericey
894e8fdd47 move update_email check to before_action 2021-11-04 16:10:09 +01:00
Paul Chavard
7ef73f13e4 fix(grope_instructeur): can not destroy groupe_instructeur with discarded dossiers 2021-11-02 12:15:24 +01:00
Paul Chavard
3c2515ce6d feat(graphql): add graphql_operation to rails logs 2021-11-02 12:02:00 +01:00
Paul Chavard
da49a6447f refactor(repetition): optimize and add a transaction around repetition add row 2021-10-28 14:54:33 +02:00
Paul Chavard
c4b93f8d4a fix(groupe_instructeur): unfollow dossiers when removed from groupe instructeur 2021-10-28 14:45:52 +02:00
simon lehericey
c725999582 move merge method to user 2021-10-28 14:39:13 +02:00
Paul Chavard
d659595cde fix(typo): addresse -> adresse 2021-10-27 18:59:18 +02:00
Paul Chavard
8154daf847 refactor(drop_down_list_champ): other option 2021-10-27 12:00:39 +02:00
kara Diaby
dc35d9521f add other option to liste deroulante champ 2021-10-26 16:11:15 +02:00
Paul Chavard
d308448f02 feat(type_de_champ): add secondary label and description do linked drop downs 2021-10-26 12:18:01 +02:00
Paul Chavard
1561ea82f6 fix(transfer): manually nullify staled transfers references 2021-10-21 13:54:26 +02:00
lydiasan
6f9c3abfbc i18n: display language selector on non-french accept-languages 2021-10-19 16:41:36 +02:00
simon lehericey
d19ad2840c rename preexisting to targeted, remove duplicated test 2021-10-19 16:12:42 +02:00
simon lehericey
52b7e85954 merge administrateur in user_controller 2021-10-19 16:12:42 +02:00
simon lehericey
44c880adc4 allow instructeur and administrateur to change their email to legit domain (#6550) 2021-10-19 15:54:57 +02:00
Paul Chavard
8fa544e176 feat(manager): bring back add administrateur 2021-10-19 12:06:31 +02:00
simon lehericey
f54dfe6ead Do not raise error if user is nil
I do not get when it happens
2021-10-19 11:21:24 +02:00
simon lehericey
bb83fd2f18 To make an old test work, no idea 2021-10-14 14:47:50 +02:00
simon lehericey
933d7b8c8d merge with another preexisting account 2021-10-14 14:47:50 +02:00
simon lehericey
ce40e1127d merge with another new account 2021-10-14 14:47:50 +02:00
simon lehericey
19f81b594b merge with an existing account by using the password 2021-10-14 14:47:50 +02:00
simon lehericey
218e4633a9 securely retrieve fci 2021-10-14 14:47:50 +02:00
simon lehericey
f7299da1e7 launch merge process if an unlinked DS account with the same email exists 2021-10-14 14:47:50 +02:00
simon lehericey
f6879eba60 associate_user take a target email 2021-10-14 14:47:50 +02:00
simon lehericey
6826bf03b0 Sign in with a user linked by france connect sub (openid)
instead of looking linked user by email because :

- follows FC recommendation to fetch ds account by openid
- the email is not a valid key as many user can share the same FCI email.

The following scenario is now working

A user A (email: 1@mail.com) uses FC to connect to DS
=> It is connected as 1@mail.com

Another user B (email: generic@mail.com) uses FC to connect
=> It is connected as generic@mail.com

The first user A change its FC email to generic@mail.com and connect to DS
=> It is still connected as 1@mail.com
2021-10-14 14:47:50 +02:00
simon lehericey
06dee2e023 refactor controller to avoid return 2021-10-14 14:47:50 +02:00
simon lehericey
5aaf46258a remove obsolete devise scope 2021-10-14 14:47:50 +02:00
simon lehericey
87de9e38c6 allow draft to be saved with invalid cnaf champ 2021-10-12 14:27:20 +02:00
simon lehericey
7072993721 a form can upload numero_allocataire and code_postal 2021-10-12 14:27:20 +02:00
simon lehericey
77d14d4a60 forbid admin merge yet 2021-10-07 15:51:31 +02:00
simon lehericey
5009c583ea Add notice when merging account 2021-10-07 15:51:31 +02:00
simon lehericey
a480b31eb5 merge expert 2021-10-07 15:51:31 +02:00
simon lehericey
136f29524e merge instructeur 2021-10-07 15:51:31 +02:00
simon lehericey
9a6a53349f simple cases when the preexisting targeted account does not have instructeur or profile profile 2021-10-07 15:51:31 +02:00
Paul Chavard
4a947f9135 feat(manager): add become administrateur button in manager (with 24h expiration) 2021-10-07 11:32:12 +02:00
kara Diaby
9c9eeb8e76 modify groupe instructeurs controller$ 2021-10-05 15:37:29 +02:00
kara Diaby
6d89d914e2 modify expert avis controller 2021-10-05 15:00:21 +02:00
simon lehericey
f662b28baf update identity_updated_at column when user identity change 2021-10-05 12:05:43 +02:00
Pierre de La Morinerie
f854e3af63 controllers: use ACSV to import groupe instructeurs
Unlike `CSV`, `ACSV` auto-detect the file encoding and separator type.
2021-10-05 10:58:15 +02:00
Peng-Fei DONG
dee536fca1 app: localize CSV import for groupe instructeurs 2021-10-05 10:58:15 +02:00
simon lehericey
64351d0287 [Fix #6504] Fix exception raised when deleting a transfer 2021-10-01 12:11:03 +02:00
Paul Chavard
7deedf8245 feat(refactor): unify dossiers header 2021-09-27 15:06:17 +02:00
Paul Chavard
357c684688 feat(routage): self managing instructeurs 2021-09-27 15:06:17 +02:00
Paul Chavard
5933194149 feat(log): stop logging user emails
fix #6485
2021-09-27 14:56:00 +02:00
simon lehericey
1446660ca3 an api_particulier_token change erases previous api_particulier_sources 2021-09-21 11:21:10 -05:00
simon lehericey
2e1bed8748 an admin can save its sources 2021-09-21 11:21:10 -05:00
Pierre de La Morinerie
eef90efd49 app: fix exception during password reset when the token has expired 2021-09-21 10:30:09 -05:00
simon lehericey
7239657a75 [Fix #6481] a user see its waiting transfers 2021-09-20 13:58:11 +02:00
simon lehericey
c34476a766 a user can transfer all its dossier 2021-09-20 13:58:11 +02:00
Paul Chavard
0c5c8faf16 feat(routage): enable routage for everyone 2021-09-18 11:22:35 +02:00
Paul Chavard
8b4bef2816 refactor(routage): simplify goupe_instructeur assign code 2021-09-18 11:21:26 +02:00
simon lehericey
2c13f70cd5 redirect to sources after updating token 2021-09-17 13:50:23 +02:00
simon lehericey
5dbd81ebeb show api particulier sources 2021-09-17 13:50:23 +02:00
Pierre de La Morinerie
715b5ea6d8 i18n: move controller keys to the proper scope 2021-09-16 07:59:19 -05:00
Pierre de La Morinerie
e6b044531d i18n: fix invalid i18n-tasks-hint 2021-09-16 07:51:56 -05:00
simon lehericey
1d06c15ac0 save api particulier scopes 2021-09-16 09:49:16 +02:00
simon lehericey
7ee360df30 add logic to detect empty scopes 2021-09-16 09:09:34 +02:00
Pierre de La Morinerie
745e19bb8e localize 2021-09-16 09:07:47 +02:00
simon lehericey
ee6d19e3ee an admin can save it's api particulier token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
4c0dd43055 add jetons particulier index page
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Peng-Fei DONG
1979c44f9c set OTP: Enable or Disable 2021-09-09 10:25:15 -05:00
Pierre de La Morinerie
e5f449b595 devise: unify password reset views
By default, Devise will look for views:

1. First in `views/resource/passwords/…`,
2. Then in `views/devise/passwords/…` if not found.

By moving the views to `views/devise`, we avoid having a partial in
`views/shared` that we need to include manually, and instead let Devise
do the job automatically.
2021-09-09 09:40:40 -05:00
Pierre de La Morinerie
80f9d4adc0 devise: use password_strength component in SuperAdmin::PasswordsController 2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
62e4f7ee32 devise: use password_complexity in User::PasswordsController
This fixes the password strength meter no longer being displayed when
an admin changes their password.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
428ca8755f app: add a password_complexity component
This component will replace the previous `password_field` component.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
02bdfef893 devise: cleanup Users::PasswordController 2021-09-09 08:03:34 -05:00
Paul Chavard
3235f42a63 feat(dossier): add dossier transfers UI 2021-09-08 15:10:43 +02:00
Paul Chavard
44eb0ada4f fix(i18n): add Kosovo to countries list
Kosovo is not part of ISO 3166 as of time of writing. https://en.wikipedia.org/wiki/ISO_3166-2:RS#cite_ref-1
2021-09-08 12:11:25 +02:00
Paul Chavard
74e277d0a2 feat(graphql): add an option to dossier state change mutations to disable notifications 2021-09-07 14:21:48 +02:00
Paul Chavard
34b1418868 feat(i18n): save locale on user 2021-09-07 09:51:23 +02:00
Pierre de La Morinerie
8bb283d977 app: delete old Admin::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
a004ac59df app: move archive to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
e7c8a9fff5 app: move clone to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
3e83ad454f app: move new_from_existing to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
7729385d89 controllers: remove dead code on Admin::ProceduresController
This code has been migrated to NewAdministrateur::ProceduresController.
2021-09-02 14:51:26 -05:00
Pierre de La Morinerie
3fc934c8fb app: remove leftovers of publish_validate route
The correponding code and feature have been removed a while ago.
2021-09-02 14:50:41 -05:00
Pierre de La Morinerie
0f9d7d6b8c app: remove old Admin::InstructeursController
It was only hosting the deprecated "Instructeurs globally attached to
this admin", which wasn't used anywhere in the app anymore.
2021-09-02 14:40:36 -05:00
Paul Chavard
a3cc072bbd feat(i18n): translate countries selector 2021-08-31 13:15:26 +02:00
Paul Chavard
3b6528decf feat(i18n): enable localization by query param
Providing a query param ("locale") will enable localization. A language picker will be shown once
localization is activated. Locale is stored in a cookie "locale".
2021-08-24 12:42:40 +02:00
Ismael MOUSSA S. (T0194673)
330333aac4 6407 - Fix flash message typo in new administrateur/groupe instructeurs controller and its related spec 2021-08-20 20:10:44 +02:00
kara Diaby
ae0a3b9dd5 modify procedures controller instructeur 2021-08-04 11:35:06 +02:00
kara Diaby
69393c2921 modify groupe instructeur controller 2021-07-27 19:38:22 +02:00
kara Diaby
ed49d1b110 instructeur_procedures_controller 2021-07-27 19:38:21 +02:00
Paul Chavard
64cfb4d64e Fix sort with revisions 2021-07-23 10:57:04 +02:00
lydiasan
7de10731a6 i18n: localize dossiers edition 2021-07-20 14:18:20 +02:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
a03d8d0705 controllers: remove useless handle_verified_request override
This is a leftover of 09933454ff
2021-07-20 11:11:52 +02:00
kara Diaby
c731f8cf1f add windows content type to avoid errors 2021-07-15 16:32:07 +02:00
kara Diaby
d2d046a39d fix encoding problems with cherlock Holmes gem 2021-07-13 10:58:41 +02:00
Christophe Robillard
03e98229c9 a user can now see stats for closed procedure 2021-07-07 15:00:38 +02:00
Pierre de La Morinerie
37c62ac0a3 app: display standard error page when no cookies are present
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).

In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
Pierre de La Morinerie
09933454ff app: improve InvalidAuthenticityToken logging
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00
Christophe Robillard
54d91335f2 remove the ability to download an 'everything' archive
there are sometimes an error that happen when building an everything
archive. The error explanation is not understood at the moment.
To deliver the archive feature quickly, we remove the 'everything' archive for
the moment
2021-07-05 11:05:07 +02:00
Paul Chavard
280e54b59d Enable test revisions 2021-07-01 15:59:07 +02:00
Pierre de La Morinerie
1faf91bdbe experts: protect password update as well as sign-up 2021-06-30 10:46:42 +02:00
Pierre de La Morinerie
6f7a2fde57 experts: fix saving password on sign-in 2021-06-30 10:46:42 +02:00
Paul Chavard
0ca5e1abe2 Preview should reflect revision changes 2021-06-24 11:39:49 +02:00
Paul Chavard
e68441d573 Allow publishing revisions when feature flag is enabled 2021-06-23 09:40:07 +02:00
Paul Chavard
f238710044 Add last_month export 2021-06-23 09:23:10 +02:00
kara Diaby
cf11b0c901 return error if the csv headers are wrong 2021-06-22 16:33:38 +02:00
Pierre de La Morinerie
a99a6cc49f controllers: use default Rails settings for protecting against forgery
Rails uses `config.action_controller.allow_forgery_protection` to
enable or disable forgery protection globaly.

This is disabled for tests by default. So our custom config is not
required.
2021-06-22 13:21:55 +02:00
kara Diaby
06958cbdd1 fix service and utf-8 encoding 2021-06-21 13:54:01 +02:00
Christophe Robillard
8cbbae8984 use cache for traitement time for instructeurs 2021-06-17 16:31:53 +02:00
Christophe Robillard
45ffae9eb3 affiche evolution temps de traitement 2021-06-17 16:31:53 +02:00
Pierre de La Morinerie
b5bde6608c routes: replace the email param in the Avis URLs by a query param 2021-06-17 11:15:51 +02:00