Commit graph

375 commits

Author SHA1 Message Date
Paul Chavard
371179dc5b Watermark titres identite 2020-11-25 16:19:06 +01:00
Christophe Robillard
9347951cea act as an saml identity provider 2020-11-16 12:19:54 +01:00
Christophe Robillard
2a0ebd062a enable 2FA for manager
when trying to access manager, if superadmin did'nt enable otp, he/she is redirected to a page to enable 2FA. When superadmin is enabling 2FA, he has to to scan a qrcode with the 2FA application client. And afterwards, the superadmin has to log in with email, password and OTP code.
2020-11-05 16:03:55 +01:00
Christophe Robillard
305ccdc0cd add recoverable and two_factor stragegy for administration 2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960 remove github authentication for manager 2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2 Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp 2020-10-30 17:08:31 +01:00
clemkeirua
d7fff61d5d ajout de la gem sendinblue 2020-10-13 17:36:43 +02:00
clemkeirua
dfd2c1ee79 reorder gems 2020-09-25 12:53:11 +00:00
kara Diaby
cb4e91c405 Add iban type de champ 2020-09-23 15:56:26 +02:00
simon lehericey
94ab1d4b66 bump rspec 2020-09-21 11:15:25 +02:00
simon lehericey
1f1b54b442 Update rails 2020-09-15 10:01:28 +02:00
Judith
9553dae7bd gem devise-i18n added to Gemfile to remove the config/locales/devises.*.yml files. 2020-09-01 16:47:40 +02:00
Judith
af25fdd77c gem http_accept_language installed and (de)activable with feature flag 2020-08-27 16:15:01 +02:00
Pierre de La Morinerie
1767df33b0 doc: add a visualization of the database models
Re-generate the schema using `bin/rake erd`.

NB: there's a way to update the PDF automatically after each migration.
But it requires `graphviz` to be installed locally, which I'm not
sure I want to require by default.
2020-08-27 12:02:28 +02:00
Pierre de La Morinerie
e6d8581b06 app: add annotate
Annotations will be generated only for models, and sorted (to avoid differences
depending on the order in which migrations are ran).

The annotations will be automatically updated every time `rails db:migrate`
is run on a development environment.
2020-08-12 11:45:53 +02:00
Paul Chavard
fc3aece318 Rails 6 2020-07-07 18:03:56 +02:00
clemkeirua
031f59c9e1 add wcag accessibility tests for usager pages using axe-core 2020-06-26 17:10:26 +02:00
Pierre de La Morinerie
f6d92eb659 gems: upgrade to Rails 5.2.4.3
Fixes:

- CVE-2020-8165
- CVE-2020-8166
- CVE-2020-8162
2020-06-23 15:32:41 +02:00
dependabot[bot]
dc9769c38c build(deps): bump kaminari from 1.1.1 to 1.2.1
Bumps [kaminari](https://github.com/kaminari/kaminari) from 1.1.1 to 1.2.1.
- [Release notes](https://github.com/kaminari/kaminari/releases)
- [Changelog](https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kaminari/kaminari/compare/v1.1.1...v1.2.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-02 07:59:16 +00:00
Pierre de La Morinerie
b5f1d97629 app: disable Turbolinks
Fix #5039
2020-05-13 11:04:16 +02:00
Christophe Robillard
d74b14c205 fetch attestation sociale url 2020-04-29 14:25:55 +02:00
Paul Chavard
053e2db8f7 Fix geos not being properly load in some environements 2020-04-28 12:21:22 +02:00
Paul Chavard
2a3530738d Do not crash on boot if geos is not installed 2020-04-23 20:12:31 +02:00
Paul Chavard
9cb612bb3d Show area and length on champ carto selections utilisateur 2020-04-23 10:21:18 +02:00
Paul Chavard
7c34795a1a Bring back font-awesome-rails
we need it untill we remove all the old admin pages
2020-04-15 17:41:05 +02:00
Paul Chavard
7a8fd3c679 Use graphql playground instead of graphiql 2020-04-09 19:38:19 +02:00
Paul Chavard
6dc1f3e2c4 Use human readable expressions instead of cron gibberish
https://github.com/floraison/fugit#fugitnat
2020-04-07 12:44:58 +02:00
simon lehericey
d1cad0388e minor rails bump 2020-03-23 11:43:50 +00:00
Paul Chavard
3cd4597006 Update rubocop roules 2020-03-17 11:25:21 +01:00
Paul Chavard
444d19e191 Remove unused gems 2020-03-17 11:25:21 +01:00
Paul Chavard
5bccfba122 Update administrate gem 2020-03-17 11:25:21 +01:00
Paul Chavard
74f7eaaf2e Update spreadsheet_architect 2020-03-17 11:25:21 +01:00
Paul Chavard
6d703c0bd0 Replace prawn_rails with prawn-rails 2020-03-17 11:25:20 +01:00
Paul Chavard
c281347da1 Remove restclient 2020-03-17 11:12:14 +01:00
Paul Chavard
9c2babba6a Update rspec-rails 2020-03-17 09:56:26 +01:00
Paul Chavard
e540dea929 Fix administrate pagination by pinning to an old version of kaminari 2020-03-05 14:01:09 +01:00
Paul Chavard
57df024266 Bring back activestorage-openstack to upstream 2020-03-04 10:14:16 +01:00
Paul Chavard
b6612bbcf9 Use a forked activestorage-openstack 2020-03-03 10:14:15 +01:00
kara Diaby
6102ba6039 Do not permit to upload a GIF file via javascript 2020-02-25 23:33:15 +01:00
Paul Chavard
1ce1c1e6d0 use discard 2020-02-13 12:31:59 +01:00
Paul Chavard
4edc7b00cf Use geocoder 2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
This reverts commit 4373cb22cb.
2020-01-14 18:46:07 +01:00
clemkeirua
a2d53bb400 ajout de la gem prawn 2020-01-14 09:29:29 +01:00
clemkeirua
4373cb22cb Revert "Merge pull request #4552 from tchak/champ-communes"
This reverts commit 4cec26f73a, reversing
changes made to 0ef25ef36c.
2020-01-13 16:26:27 +01:00
Paul Chavard
e61e39d345 Remove unused code and tests 2020-01-07 11:52:51 +01:00
Christophe Robillard
4e7c779116 refuse les numéros de tel invalides
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
939a162057 gems: upgrade Capybara
Fix #4536
2019-11-28 11:31:42 +01:00
Paul Chavard
fe84e8e0f7 Remove carrierwave 2019-11-12 15:26:18 +01:00
Paul Chavard
efd03f0169 Use webdrivers gem to keep webdrivers updated 2019-11-06 11:20:40 +01:00
Paul Chavard
5a87db9920 Revert "Revert "Update activestorage-openstack""
This reverts commit c102dc63b7.
2019-10-30 12:11:53 +01:00
simon lehericey
c102dc63b7 Revert "Update activestorage-openstack"
This reverts commit 9088495272.
2019-10-29 10:31:29 +01:00
Paul Chavard
7d20e6e9e6 Downgrade Capybara 2019-10-24 15:48:08 +02:00
Paul Chavard
9088495272 Update activestorage-openstack 2019-10-22 17:40:15 +02:00
simon lehericey
f31c184b56 [fix #1537] Remove simple_form gem 2019-10-08 11:08:35 +02:00
Paul Chavard
e7ed408e08 Auto-link valeur des champs
closes #2865
2019-10-07 21:20:24 +02:00
Paul Chavard
7f09d0e430 Add graphql gems 2019-09-24 10:47:21 +02:00
Paul Chavard
c370c2f475 Cleanup FlipFlop 2019-09-10 23:52:44 +02:00
Paul Chavard
65e227c44b Migrate to flipper 2019-09-10 16:10:14 +02:00
pedong
fc8cebd78d add Gem rack_attack for prevent attack brute-force 2019-08-20 13:29:29 +02:00
Pierre de La Morinerie
20239077a7 Gemfile: fix an 'insecure connection' Bundler warning 2019-08-01 15:00:23 +02:00
Paul Chavard
fc75580a3c Start using pundit 2019-07-30 18:09:28 +02:00
clemkeirua
25f81f1d3c download a dossier as zip with all attachments 2019-07-16 09:11:25 +02:00
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
Paul Chavard
fb0ef15e3c Export dossiers v2 2019-07-02 14:20:29 +02:00
Nicolas Bouilleaud
76925356b6 Fix irb_context in rails console
Don’t require rspec_junit_formatter gem
It’s only needed when running tests (for circleci).
It messes with the console, when running `rails c` it causes this warning:
```
irb: warn: can't alias context from irb_context
```
This is related to rspec monkey_patching a `context` method on `Object` (rspec/rspec-rails#1645)
2019-05-20 10:33:43 +02:00
Paul Chavard
51c79ba6a6 Update webpacker and replace vue with react 2019-04-03 14:38:07 +02:00
Paul Chavard
e71cdcd12c Move all the trackers to a separate js pack 2019-04-02 17:33:53 +02:00
Mathieu Magnin
7252c26e93 Gem web-console is back ! 2019-03-12 17:53:11 +01:00
Mathieu Magnin
28fd9051d7 Gem update bootstrap-sass (>= 3.4.1) 2019-02-25 12:01:47 +01:00
Paul Chavard
c2a7460315 Add ruby debugger support 2019-02-14 15:22:57 +01:00
gregoirenovel
005eea26f7 Remove the unused web-console gem 2019-01-07 10:34:55 +01:00
gregoirenovel
9302905271 Remove the unused rack-handlers gem 2019-01-07 10:34:55 +01:00
gregoirenovel
7747f40ec0 Sort gems by alphabetic order 2019-01-07 10:34:55 +01:00
gregoirenovel
feae5194fa Use single quotes everywhere in the Gemfile 2019-01-07 10:34:55 +01:00
gregoirenovel
aaff27aca9 Move Gemfile comments into the line they comment
And remove some useless comments
2019-01-07 10:34:55 +01:00
Pierre de La Morinerie
07d95ce934 Remove the rbnacl gem
Fix #3160
2019-01-03 17:48:53 +01:00
gregoirenovel
564ece37d9 Remove the draper gem 2019-01-03 15:13:22 +01:00
Frederic Merizen
57f2895938 [#3133] Bump activestorage-openstack to fix on openstack 2018-12-07 15:19:18 +01:00
gregoirenovel
9b380829f8 sass-rails → saasc-rails
saas-rails is deprecated
2018-12-04 15:54:49 +01:00
Pierre de La Morinerie
af47ccda94 deploy: require mina only for deployment tasks
This fixes mina activating Rake traces, which pollutes the output
of rake tasks.
2018-11-26 12:09:35 +01:00
Paul Chavard
cf98e28178 Fix notifications on dossiers with migrated carto 2018-11-22 11:16:01 +01:00
gregoirenovel
dcf063f8f8 Bump warden and remove its dependency on the master branch
Now that the fix for wardencommunity/warden#147
is present in a proper release
2018-11-16 11:48:36 +01:00
Frederic Merizen
e69e459649 [#2180] Add activestorage-openstack 2018-11-16 11:11:40 +01:00
Frederic Merizen
6da33f2387 [#2180] Drop fog 2018-11-16 11:11:39 +01:00
Pierre de La Morinerie
b0541fba79 users: sign-in after confirming an account within a short time 2018-11-06 18:24:34 +01:00
Mathieu Magnin
3c9182d41d Update Mina 2018-10-24 12:22:33 +02:00
Mathieu Magnin
d0a8cedbe2 Unicorn -> Puma 2018-10-24 12:22:33 +02:00
gregoirenovel
f3caa8ef7f Remove apipie (and maruku) 2018-10-09 17:23:07 +02:00
Paul Chavard
179786380d Use leaflet and freedraw from npm 2018-10-05 09:55:41 +02:00
Paul Chavard
ff9e87b88e Use letter opener 2018-10-04 18:21:43 +02:00
simon lehericey
8c4f8347ca Api Token: store token in an encrypted form 2018-09-27 10:14:32 +02:00
Mathieu Magnin
96b95b90cc [Fix #1285] Add zxcvbn gem 2018-09-26 08:58:43 +02:00
Paul Chavard
c66bb056f5 Remove uglifier 2018-09-25 18:26:19 +02:00
gregoirenovel
abac1d4a1d [Fix #2309] Remove therubyracer 2018-09-25 17:10:13 +02:00
Pierre de La Morinerie
110f657849 Gemfile: add default ActiveRecord translations
Before:

```ruby
> Commentaire.create!
ActiveRecord::RecordInvalid (translation missing: fr.activerecord.errors.messages.record_invalid)
```

After:

```ruby
> Commentaire.create!
ActiveRecord::RecordInvalid (La validation a échoué : Body Votre message ne peut être vide)
```

Fix #2096
2018-09-18 14:22:08 +02:00
Frederic Merizen
cbd390218d [Fix #1372] Bump spreadsheet architect and axlsx
This allows us to bump rubyzip to a version that is free of CVE-2017-5946
2018-09-06 17:56:57 +02:00
Paul Chavard
c67f8dcaaa Add after_party 2018-08-30 11:54:54 +01:00
gregoirenovel
c6a839cd64 Add the groupdate gem 2018-08-27 14:00:34 +02:00
Mathieu Magnin
20a3f86729 Dotenv-rails should be defined a the very top of the gemfile 2018-08-21 15:41:06 +02:00
Paul Chavard
40a1e22cc9 Remove logstasher and add custom job structured logger 2018-08-16 12:26:13 +02:00
Paul Chavard
a6a4790a35 Replace logstasher with lograge 2018-08-13 12:44:00 +02:00
Paul Chavard
bf7c023380 Add webpacker and use it for new_design 2018-07-25 15:14:06 +02:00
Pierre de La Morinerie
394019b70c specs: save a screenshot of failing integration tests 2018-07-04 09:43:22 +02:00
Pierre de La Morinerie
a569a566fc header: use active_link_to for setting the active class on links 2018-06-26 18:04:04 +02:00
Frederic Merizen
be82c1c390 [#2071] Sort Gemfile 2018-06-10 11:39:48 +02:00
Frederic Merizen
ad040e354a [Fix #2071] Let premailer generate a plain text version of html emails 2018-06-09 09:00:33 +02:00
gregoirenovel
e5869f2bec Remove delayed_job_web version lock
Now that the security patches have been patched
2018-06-01 10:42:40 +02:00
gregoirenovel
661010100d [Fix #1536] Remove stringupcasepatch 2018-05-31 11:49:25 +02:00
Frederic Merizen
fd168c4a72 [Fix #1972] Make devise mails async 2018-05-28 12:02:13 +02:00
gregoirenovel
a8ac59dd4c Remove constraint on rails 2018-05-24 18:17:34 +02:00
gregoirenovel
5a880b5663 Remove constraint on uglifier 2018-05-24 18:17:34 +02:00
gregoirenovel
cf0eec6cd6 Remove the fixed version for guard-livereload 2018-05-24 18:17:34 +02:00
Paul Chavard
a8e7038ab5 Add aasm 2018-05-17 14:46:48 +02:00
Paul Chavard
27292f7b77 Update flipflop to latests released version 2018-04-26 09:48:58 +02:00
Paul Chavard
482b306920 Show enabled features for admins in manager 2018-04-25 15:42:45 +02:00
gregoirenovel
049a2d88b9 Bump rails to 5.2 final 2018-04-24 16:07:19 +02:00
Paul Chavard
49d9833473 add flipflop gem 2018-04-18 16:51:21 +02:00
Paul Chavard
cee6101008 Fix chromedriver on CI 2018-04-18 15:34:42 +02:00
Paul Chavard
714ebda2fe Add SignatureService 2018-04-04 18:44:08 +02:00
Paul Chavard
f35aef0eb6 Use Typhoeus and set agressive timeouts 2018-03-26 16:53:42 +02:00
gregoirenovel
97a2c9321f Unlock ffi now that a bug has been resolved 2018-03-14 17:46:22 +01:00
Mathieu Magnin
25c5873a86 Go back to official smartlisting gem 2018-03-14 17:06:29 +01:00
Frederic Merizen
c23419359b Fix XSS in delayed job web admin
https://github.com/ejschmitt/delayed_job_web/issues/101
2018-03-07 17:04:47 +01:00
simon lehericey
b59e23a619 Gemfile: Add chromedriver-helper 2018-02-27 10:14:55 +01:00
gregoirenovel
a6c321e428 Remove an unused gem 2018-02-23 16:45:38 +01:00
Paul Chavard
c876d5e5a2 Lock ffi version to fix builds on Mac 2018-02-22 15:50:35 +01:00
gregoirenovel
29d9b03672 Bump rails to 5.2.0.rc1 2018-02-07 16:18:42 +01:00
gregoirenovel
7d6b5f8426 Revert "Point to a forked devise to fix build errors"
This reverts commit 1b58bfad3e.
2018-02-01 17:08:17 +01:00
gregoirenovel
1b58bfad3e Point to a forked devise to fix build errors 2018-01-31 12:18:24 +01:00
Frederic Merizen
0ce26055d8 [#1374] Revert "Merge pull request #1373 from betagouv/fix_pagination"
This reverts commit 5a56fe0182, reversing
changes made to 31aabcd6b6.
2018-01-30 15:04:21 +01:00
Paul Chavard
fdd6cedeb8 Remove data_provide and data_date_format attributes 2018-01-30 13:49:16 +01:00
Mathieu Magnin
da784aa8e9 [Fix #1370] downgrade spreadsheet architecture to support date in ODS 2018-01-29 18:14:57 +01:00
simon lehericey
691b12688d Revert "[#1360] Upgrade SmartListing to fork of 1.2.1"
This reverts commit 506a505477.
2018-01-29 17:43:30 +01:00
Frederic Merizen
506a505477 [#1360] Upgrade SmartListing to fork of 1.2.1 2018-01-25 17:47:10 +01:00
gregoirenovel
a2f4e8b283 factory_girl is now factory_bot 2018-01-23 17:15:42 +01:00
gregoirenovel
2761f8ac86 Bump rspec-rails 2018-01-23 16:26:56 +01:00
gregoirenovel
5340b4ed0d Bump turbolinks 2018-01-23 16:26:56 +01:00
gregoirenovel
12b6d30326 Bump sass-rails 2018-01-23 16:26:56 +01:00
gregoirenovel
89a39e2964 Bump rails 2018-01-23 16:26:56 +01:00
gregoirenovel
3f1af527cc Bump prawn_rails 2018-01-23 16:26:56 +01:00
gregoirenovel
3d20b24baf Bump prawn 2018-01-23 16:26:56 +01:00
gregoirenovel
571612f922 Bump draper 2018-01-23 16:26:56 +01:00
gregoirenovel
4c87b62565 Bump deep_cloneable 2018-01-23 16:26:56 +01:00
Mathieu Magnin
469aca999b Revert "Remove data_provide and data_date_format attributes"
This reverts commit 273b3f2faf.
2018-01-19 13:20:53 +01:00
Paul Chavard
273b3f2faf Remove data_provide and data_date_format attributes 2018-01-18 15:13:48 +01:00
gregoirenovel
b51cef6cee Use an unreleased warden to avoid a devise error
The fix to the following issue
https://github.com/hassox/warden/issues/147
has yet to be integrated into an official release
2018-01-18 10:47:11 +01:00
Paul Chavard
6a43248cb3 Fix CSS injection 2018-01-16 14:02:10 +01:00
Paul Chavard
a6cdf714a6 Use capybara-selenium with headless chrome 2018-01-16 14:02:10 +01:00
Mathieu Magnin
b2b26b73ab [Fix #1098] Add administrate gem 2018-01-10 13:44:00 +01:00