simon lehericey
d72f0c6dd2
Add authorized content type for pj
2021-01-18 17:23:08 +01:00
Paul Chavard
91be115c70
Add annuaire_education champ ui
2021-01-14 17:57:48 +01:00
Paul Chavard
5c9f2e8783
Add api education adapter and job
2021-01-14 17:57:48 +01:00
Fabrice Gangler
a8081d4b83
allow configuration of the URLs of FAQ and documentation websites in an .env file
...
Refs: #5801
2020-12-15 16:40:10 +01:00
Fabrice Gangler
064ea776c7
allow default logo of a procedure to be configured in .env file
...
Refs: #5795
2020-12-14 13:41:10 +01:00
Paul Chavard
3c6e30a326
Show titre identite link only once watermark is added
2020-12-10 16:50:03 +01:00
Fabrice Gangler
0d80d2ddd1
allow logos (mail, webapp) and favicons to be configured in .env file
...
Refs: #5764
2020-11-27 01:41:47 +01:00
Paul Chavard
18dfacb933
Make watermark configurable
2020-11-25 16:19:06 +01:00
Paul Chavard
b48e7813d2
Put watermark code behind a feature flag
2020-11-25 16:19:06 +01:00
Paul Chavard
371179dc5b
Watermark titres identite
2020-11-25 16:19:06 +01:00
Fabrice Gangler
d3caf30bf3
allow CGU URL and Legal Notice URL to be configured in .env file
...
Refs: #5754
2020-11-20 22:11:42 +01:00
Christophe Robillard
9347951cea
act as an saml identity provider
2020-11-16 12:19:54 +01:00
Christophe Robillard
305ccdc0cd
add recoverable and two_factor stragegy for administration
2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960
remove github authentication for manager
2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2
Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp
2020-10-30 17:08:31 +01:00
kara Diaby
3d56b1d8b0
fix bootstrap cdn
2020-10-22 15:00:01 +02:00
clemkeirua
d7fff61d5d
ajout de la gem sendinblue
2020-10-13 17:36:43 +02:00
clemkeirua
111f309c7f
changement de l'adresse de création de compte administrateur
2020-09-21 17:02:37 +02:00
clemkeirua
f9c4e967d6
remove :autosave_dossier_draft
2020-09-21 08:46:01 +00:00
clemkeirua
6643b598c3
remove :administrateur_graphql
2020-09-17 09:24:50 +02:00
clemkeirua
1be07c1ef5
remove :administrateur_champ_integer_number
2020-09-17 09:24:50 +02:00
clemkeirua
01ac4d7e19
remove operation_log_serialize_subject
2020-09-17 09:24:50 +02:00
simon lehericey
5459c2fa7f
Fix uninitialized excon constant
2020-09-08 18:36:24 +02:00
simon lehericey
19d73f13f0
variabilize banner message
2020-09-08 14:52:42 +02:00
simon lehericey
bd6705b90a
Remove image and video analyzer which are not used
2020-09-02 17:00:26 +02:00
Judith
af25fdd77c
gem http_accept_language installed and (de)activable with feature flag
2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
82c89fb56f
config: remove comment about ActiveStorage integration with VirusScanner
...
As the comment states, it would be nice to load the Virus Scanner on
the Attachment (rather than the blob).
However, in order not to clobber the blob metadata, we want to run the
VirusScanner once the blob analyzer did run.
And the most direct way to detect that the blob analyzer did run is to
add an `on_update_commit` hook on the blob, as this hook will be
trigerred when saving changes to the metadata. This is what the current
solution uses.
So the current solution is almost optimal, and has a low chance of
accidentally clobbering the blob metadata – as the virus scanner is only
started when the analysis phase is finished.
2020-08-26 16:11:01 +02:00
Pierre de La Morinerie
527a330c7a
config: use Rails 6.0 config defaults
...
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
fbbcd97463
config: flip config.active_record.collection_cache_versioning
...
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc
config: flip config.action_mailer.delivery_job
...
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a
config: flip config.active_storage.replace_on_assign_to_many
...
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47
config: flip config.active_storage.queues
...
ActiveStorage jobs are now moved to their own queue.
For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373
config: flip config.active_job.return_false_on_aborted_enqueue
...
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0
config: flip action_dispatch_return_only_media_type_on_content_type
...
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.
Example:
```ruby
reponse.content_type == 'text/html; charset=utf-8'
```
The MIME type-only fragment can now be accessed using `#media_type`.
Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75
config: flip config.action_dispatch.use_cookies_with_metadata
...
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.
Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d
config: flip config.action_view.default_enforce_utf8
...
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Paul Chavard
4c87e547b3
Put IGN map behind a feature flag
2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e
Add carte ign
2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531
add cdn.jsdeliver.net to the CSP
2020-07-27 16:54:46 +02:00
Fabrice Gangler
1352cde321
Feat: allow emails senders to be configured in .env file
...
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d
specific deactivation of rubocop DS/ApplicationName rule
2020-07-23 16:20:16 +02:00
clemkeirua
c658428441
added application name in config/
2020-07-23 16:17:54 +02:00
clemkeirua
31a262efef
extraction d'urls doc/faq/… dans url.rb
2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
...
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159
Add revisions migrations
2020-07-21 19:35:30 +02:00
clemkeirua
c0cf8b1341
fix display of labels for datetime on screenreaders
2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d
allow status page URL to be configured in .env
2020-07-17 15:53:49 +02:00
Paul Chavard
6a24c3f812
Rails app:update
2020-07-07 18:03:56 +02:00
clemkeirua
6a3811a4e2
fix catalog v3
2020-06-19 14:20:32 +02:00
krichtof
ff6eaf73db
Revert "Suppression de l'utilisation de Keystone v2"
2020-06-04 17:32:25 +02:00
Paul Chavard
901b6e23a8
Remove legacy carto
2020-06-04 16:03:23 +02:00
clemkeirua
def744d627
remove now useless keystone v2
2020-06-04 12:05:27 +00:00
clemkeirua
868decd06e
add overide for fog openstack v3
2020-06-02 15:03:37 +02:00
Pierre de La Morinerie
c9820adbc4
urls: fix link to autosave FAQ article
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
6eca93faab
urls: fix link to admin FAQ category
2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
93bb5283ff
app: remove the feature flag for pieces justificatives auto-upload
...
The feature works as intended: we can remove the feature flag.
2020-05-14 17:39:07 +02:00
Keirua
a869a04e1e
Mise à jour de l'URL de doc sur l'archivage
...
Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>
2020-05-13 16:45:27 +02:00
clemkeirua
84888be255
clarification de l'archivage/suppression
2020-05-13 16:45:27 +02:00
kara Diaby
2fc438ab65
Fix safari and firefox compatibility mapbox gl
2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee
Migrate the map editor to mapbox-gl with react component
2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2
config: fix (again) the CSP when running a LiveReload server locally
...
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.
Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
Paul Chavard
7a8fd3c679
Use graphql playground instead of graphiql
2020-04-09 19:38:19 +02:00
kara Diaby
56e9834389
Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
...
This reverts commit 473ed00b6c
.
2020-04-09 11:01:20 +02:00
kara Diaby
473ed00b6c
Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
...
This reverts commit fe0b3c2215
.
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215
Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
...
This reverts commit 3e21b78142
.
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"
2020-04-07 15:32:14 +02:00
kara Diaby
aa56cfd7a0
migrate map to mapbox-gl with a react component
2020-04-02 15:39:47 +02:00
Pierre de La Morinerie
6417c0d2c0
dossiers: allow auto upload of attachments
2020-03-31 13:09:44 +02:00
clemkeirua
5ef6f92fdc
update CGU URL
2020-03-25 09:50:41 +00:00
clemkeirua
057d7bc2f1
add interval data type to ActiveRecord
2020-03-24 18:10:13 +01:00
clemkeirua
c077762a04
added labels for datetime
...
cf https://stackoverflow.com/a/47836699
2020-03-24 16:54:35 +00:00
Pierre de La Morinerie
ea94ea05a0
config: configure CSP to allow live-reload requests
...
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Paul Chavard
444d19e191
Remove unused gems
2020-03-17 11:25:21 +01:00
Paul Chavard
ae2cfdd44e
Update browser gem
...
`modern?` method was removed in version 4
2020-03-17 11:25:20 +01:00
Pierre de La Morinerie
745b00366f
Revert "app: hide IE11 deprecation banner during the strike"
...
This reverts commit c2882b6cc3
.
2020-01-28 15:18:18 +01:00
Paul Chavard
4edc7b00cf
Use geocoder
2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad
Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
...
This reverts commit 4373cb22cb
.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb
Revert "Merge pull request #4552 from tchak/champ-communes"
...
This reverts commit 4cec26f73a
, reversing
changes made to 0ef25ef36c
.
2020-01-13 16:26:27 +01:00
Paul Chavard
cccb04d725
ActiveStorage url should expire after an hour
2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345
Remove unused code and tests
2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0
Make all location champs autocomplete
2020-01-07 11:52:51 +01:00
Paul Chavard
422b7f37ec
[GraphQL] expose file information
2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3
app: hide IE11 deprecation banner during the strike
...
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Christophe Robillard
4e7c779116
refuse les numéros de tel invalides
...
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
97af50c700
app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
...
For instance, Firefox iOS is reported as `firefox? true, version 20`.
As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
2ee8cab067
app: display a deprecation banner for IE 11
2019-12-03 16:02:08 +01:00
Pierre de La Morinerie
bff7892ba8
dossiers: autosave drafts
2019-11-21 14:00:06 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev
2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0
Fixes missing database on initialization: closes #4482 .
2019-11-14 09:17:39 +01:00
Paul Chavard
f7cbbe815c
[GraphQL]: Add default query to playground
2019-11-13 15:53:56 +01:00
clemkeirua
6351eabfdd
remove notification to report-uri in production
2019-11-07 17:32:40 +01:00
clemkeirua
959aacdea5
Sendinblue email balancing using proper credentials
...
This reverts commit c61981e795
.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795
Revert "Sendinblue email balancing using interceptor"
...
This reverts commit b2135b6576
.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576
Sendinblue email balancing using interceptor
...
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Paul Chavard
18e91e7ca3
Extend old export format till mid-November
2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d
Add a DS_PROXY_URL env variable
2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134
Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
...
This reverts commit 71227be37f
.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f
Revert "Decommission ActiveStorage proxy service and use openstack service"
...
This reverts commit 0ff6c793ae
.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae
Decommission ActiveStorage proxy service and use openstack service
...
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b
migrate sendinblue API to v3
2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e
merge with the work of paul, using 3 links
2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56
[ fix #1537 ] Remove simple_form gem
2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63
remove download_as_zip feature flag
2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474
Put graphql behind a feature flag
2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3
Configure GraphQL::RailsLogger
2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7
Correctly create new flipper flags
2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b
Migrate to flipper
2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a
mailers: add a NO_REPLY address to transactional emails
2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616
Remove carrierwave uploaders
2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800
Add crips help domaine to defaut policy src
...
[fix #4234 ]
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e
Use rack_attack_enabled?
...
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25
RackAttack: use remote ip and test it !
2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d
add Gem rack_attack for prevent attack brute-force
2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb
Rename gestionnaire to instructeur in a comment
...
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70
Rename gestionnaire in code to instructeur
2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3
#3928 Added constants to define password min length & complexity
2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9
models: remove old pieces justificatives
2019-07-30 16:11:17 +02:00
pedong
9438f962c5
add alert for account is locked
2019-07-29 17:48:44 +02:00
pedong
8d03a6747c
add lockable to User, Gestionnaire, administration, Administrateur
2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab
replaced api-carto endpoint
2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8
omniauth: protect against CSRF
...
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840
Refactor message attachements to use active_storage
2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75
Activate device email change confirmation
2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d
Add ActionText
2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb
Landing: voir les démarches -> comment trouver ma démarche
2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9
missing connect-src
2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf
enable static + activate csp in production
2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9
enable csp
2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911
fix csp rule for crisp websocket
2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973
enable crisp websockets and css
2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4
add duplicate rules as fallback
2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0
add missing elements
2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
dace9a53d3
Add Universign timestamp API query
2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e
more generic elements to the security policy
2019-06-17 09:51:27 +02:00
Pierre de La Morinerie
d410e31344
active_storage: document the virus scan hooks
2019-05-28 11:39:22 +02:00
Paul Chavard
cc4eba2b36
Less mokey patching
2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e
more whitelist for the common domains we use
2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1
Use active storage load hook to extend blob
2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595
Put devtools behind feature flags
2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e
use constant for localhost
2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6
changement de l'URI de report-uri
2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
d431eeeb93
carrierwave: fix typo
...
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Chaïb Martinez
3004f96cf5
Add video and webinar URLs to admin pages
...
Fix #3850
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c
update on the security policy headers
2019-05-09 14:55:21 +02:00
clemkeirua
64b858ef19
handle Gon + add report-uri URL
2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98
add security policy
2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9
Save virus scan status to blob metadata
2019-05-02 15:58:09 +02:00
Paul Chavard
b9be186d2c
Sentry should send environment information
2019-04-03 18:19:16 +02:00
Paul Chavard
51c79ba6a6
Update webpacker and replace vue with react
2019-04-03 14:38:07 +02:00
Frederic Merizen
98713b6a4d
Proxy for SendinBlue API
2019-03-08 16:33:28 +01:00