Pierre de La Morinerie
d0e87a08cf
services: cache zxcvbn dictionaries per-thread
...
Before, every time a password was tested, the dictionaries were parsed
again by zxcvbn.
Parsing dictionaries is slow: it may take up to ~1s. This doesn't matter
that much in production, but it makes tests very slow (because we tend
to create a lot of User records).
With this changes, the initializer tester is shared between calls, class
instances and threads. It is lazily loaded on first use, in order not to
slow down the application boot sequence.
This uses ~20 Mo of memory (only once for all threads), but makes tests
more that twice faster.
For instance, model tests go from **8m 21s** to **3m 26s**.
NB:
An additionnal optimization could be to preload the tester on
boot, before workers are forked, to take advantage of Puma copy-on-write
mechanism. In this way all forked workers would use the same cached
instance.
But:
- We're not actually sure this would work properly. What if Ruby updates
an interval ivar on the class, and this forces the OS to copy the
whole data structure in each fork?
- Puma phased restarts are not compatible with copy-on-write anyway.
So we're avoiding this optimisation for now, and take the extra 20 Mo
per worker.
2021-10-25 12:04:56 +02:00
Paul Chavard
1561ea82f6
fix(transfer): manually nullify staled transfers references
2021-10-21 13:54:26 +02:00
Paul Chavard
2a3a9dd822
feat(revisions): rebase dossiers brouillons
2021-10-20 17:26:09 +02:00
Paul Chavard
67e98f79c9
feat(revisions): add stable_id to changes
2021-10-20 17:25:34 +02:00
Pierre de La Morinerie
7b6420d427
specs: set i18n cookie before running browser specs
...
Otherwise the browser specs use the dault browser language, which may
be English depending on the system language.
2021-10-19 16:41:36 +02:00
Pierre de La Morinerie
0de8fd23c7
specs: remove invalid js: true
specifier
...
Views specs cant't run Javascript.
2021-10-19 16:41:36 +02:00
simon lehericey
d19ad2840c
rename preexisting to targeted, remove duplicated test
2021-10-19 16:12:42 +02:00
simon lehericey
52b7e85954
merge administrateur in user_controller
2021-10-19 16:12:42 +02:00
simon lehericey
866df74706
merge admin
2021-10-19 16:12:42 +02:00
simon lehericey
44c880adc4
allow instructeur and administrateur to change their email to legit domain ( #6550 )
2021-10-19 15:54:57 +02:00
simon lehericey
f54dfe6ead
Do not raise error if user is nil
...
I do not get when it happens
2021-10-19 11:21:24 +02:00
simon lehericey
46fd15416b
add end to end test
2021-10-14 14:47:50 +02:00
simon lehericey
933d7b8c8d
merge with another preexisting account
2021-10-14 14:47:50 +02:00
simon lehericey
ce40e1127d
merge with another new account
2021-10-14 14:47:50 +02:00
simon lehericey
19f81b594b
merge with an existing account by using the password
2021-10-14 14:47:50 +02:00
simon lehericey
218e4633a9
securely retrieve fci
2021-10-14 14:47:50 +02:00
simon lehericey
f7299da1e7
launch merge process if an unlinked DS account with the same email exists
2021-10-14 14:47:50 +02:00
simon lehericey
f6879eba60
associate_user take a target email
2021-10-14 14:47:50 +02:00
simon lehericey
09f828a6a2
create_merge_token!
2021-10-14 14:47:50 +02:00
simon lehericey
34862f41e0
Add fci valid_for_merge
2021-10-14 14:47:50 +02:00
simon lehericey
6826bf03b0
Sign in with a user linked by france connect sub (openid)
...
instead of looking linked user by email because :
- follows FC recommendation to fetch ds account by openid
- the email is not a valid key as many user can share the same FCI email.
The following scenario is now working
A user A (email: 1@mail.com ) uses FC to connect to DS
=> It is connected as 1@mail.com
Another user B (email: generic@mail.com ) uses FC to connect
=> It is connected as generic@mail.com
The first user A change its FC email to generic@mail.com and connect to DS
=> It is still connected as 1@mail.com
2021-10-14 14:47:50 +02:00
simon lehericey
2f470b25aa
spec cleaning
2021-10-14 14:47:50 +02:00
simon lehericey
87de9e38c6
allow draft to be saved with invalid cnaf champ
2021-10-12 14:27:20 +02:00
simon lehericey
cd7bafaa0d
clean log_out spec helper
2021-10-12 14:27:20 +02:00
simon lehericey
35c7f05a0a
source service supports unknown scope
2021-10-12 14:27:20 +02:00
simon lehericey
ac60d6c5a1
homogennize api particulier endpoint test url
2021-10-12 14:27:20 +02:00
simon lehericey
ecc26897e2
add end to end spec
2021-10-12 14:27:20 +02:00
simon lehericey
40d0cfcdc4
add champ validation
2021-10-12 14:27:20 +02:00
simon lehericey
c76d1043fa
add cnaf champ
2021-10-12 14:27:20 +02:00
simon lehericey
d68129b34d
add cnaf type de champ
2021-10-12 14:26:40 +02:00
simon lehericey
b69dafc3d4
CNAF in lowercase
2021-10-12 14:26:40 +02:00
simon lehericey
7c65571fca
add case when the old_expert or old_instructeur is nil
2021-10-12 11:04:06 +02:00
simon lehericey
ec8ccad465
typo
2021-10-12 11:03:34 +02:00
simon lehericey
d7e621d167
beef up the merge methods
2021-10-07 15:51:31 +02:00
simon lehericey
77d14d4a60
forbid admin merge yet
2021-10-07 15:51:31 +02:00
simon lehericey
5009c583ea
Add notice when merging account
2021-10-07 15:51:31 +02:00
simon lehericey
a480b31eb5
merge expert
2021-10-07 15:51:31 +02:00
simon lehericey
136f29524e
merge instructeur
2021-10-07 15:51:31 +02:00
simon lehericey
9a6a53349f
simple cases when the preexisting targeted account does not have instructeur or profile profile
2021-10-07 15:51:31 +02:00
simon lehericey
c56199e8f7
spec cleaning
2021-10-07 15:51:31 +02:00
simon lehericey
195583c0bd
Enable manager specs
2021-10-07 15:51:31 +02:00
Paul Chavard
9d5c5447c2
fix(dossier): do not attempt to destroy transfers when a dossier is destroyed
...
we had a dependent option on both sides of a relationship which created race conditions
2021-10-06 17:51:09 +02:00
kara Diaby
919d708ec4
tests
2021-10-05 15:37:30 +02:00
kara Diaby
cbedef996b
tests
2021-10-05 15:00:21 +02:00
simon lehericey
1000417bc9
update notifications_for_dossier used in dossier show
2021-10-05 12:05:43 +02:00
simon lehericey
65911b7680
update with_notifications dossiers scope (used in procedure index and show)
2021-10-05 12:05:43 +02:00
simon lehericey
f662b28baf
update identity_updated_at column when user identity change
2021-10-05 12:05:43 +02:00
Peng-Fei DONG
dee536fca1
app: localize CSV import for groupe instructeurs
2021-10-05 10:58:15 +02:00
simon lehericey
9679e233cd
[ Fix #6512 ] admin preview in new tab
2021-10-05 10:47:58 +02:00
simon lehericey
64351d0287
[ Fix #6504 ] Fix exception raised when deleting a transfer
2021-10-01 12:11:03 +02:00
Pierre de La Morinerie
b466fa7878
spec: ensure checkbox is visible before clicking it
...
There's a random failure in this spec, where the CI triggers this error:
> Failure/Error: check('checkbox')
>
> Selenium::WebDriver::Error::ElementClickInterceptedError:
> element click intercepted: Element <input required="required" type="checkbox" value="on" name="dossier[champs_attributes][7][value]" id="dossier_champs_attributes_7_value"> is not clickable at point (205, 892). Other element would receive the click: <div class="send-dossier-actions-bar">...</div>
That's because the checkbox is partially overlapped by the sticky
action bar at the bottom of the screen – but only _some of the time_.
This commit attempts to fix the issue by manually scrolling the checkbox
at the center of the screen before clicking it.
2021-10-01 00:33:57 +02:00
simon lehericey
0cd9bcb1ab
fix #6495
2021-09-28 15:53:18 +02:00
Paul Chavard
5933194149
feat(log): stop logging user emails
...
fix #6485
2021-09-27 14:56:00 +02:00
simon lehericey
57604b9c89
add schema validations
2021-09-22 12:08:24 +02:00
simon lehericey
75043070da
add CNAFAdapter
2021-09-22 12:08:24 +02:00
simon lehericey
07962cc2c7
service: match remote keys
2021-09-22 12:08:24 +02:00
Ismael MOUSSA S
bdbb4deb87
ADD FILE_MAX_SIZE constant to set allow file size limit
2021-09-21 12:04:56 -05:00
simon lehericey
1446660ca3
an api_particulier_token change erases previous api_particulier_sources
2021-09-21 11:21:10 -05:00
simon lehericey
c87f3f7fb6
faster jeton_particulier_controller_spec
2021-09-21 11:21:10 -05:00
simon lehericey
2e1bed8748
an admin can save its sources
2021-09-21 11:21:10 -05:00
simon lehericey
8d747ff16e
add sanitize method to service
2021-09-21 11:21:10 -05:00
Pierre de La Morinerie
eef90efd49
app: fix exception during password reset when the token has expired
2021-09-21 10:30:09 -05:00
simon lehericey
a7ec77f0a8
do not display the action for instructeur
2021-09-20 13:58:11 +02:00
simon lehericey
7239657a75
[ Fix #6481 ] a user see its waiting transfers
2021-09-20 13:58:11 +02:00
simon lehericey
c34476a766
a user can transfer all its dossier
2021-09-20 13:58:11 +02:00
Paul Chavard
a8d04d6fc8
test(routing): fix routing feature spec
2021-09-18 11:22:35 +02:00
Paul Chavard
ad5279f4ab
test(groupe_instructeur): fix groupe_instructeur controller spec
2021-09-18 11:22:35 +02:00
Paul Chavard
eea6b961d7
refactor(routage): remove administrateur_routage feature flag
2021-09-18 11:21:26 +02:00
simon lehericey
5dbd81ebeb
show api particulier sources
2021-09-17 13:50:23 +02:00
simon lehericey
8327c6fd0c
add ApiParticulier::Service::Sources
2021-09-17 13:50:23 +02:00
simon lehericey
1d06c15ac0
save api particulier scopes
2021-09-16 09:49:16 +02:00
simon lehericey
6c6205e188
a cloned procedure to a different admin does not keep api_particulier token and scopes
2021-09-16 09:30:11 +02:00
simon lehericey
7ee360df30
add logic to detect empty scopes
2021-09-16 09:09:34 +02:00
simon lehericey
ee6d19e3ee
an admin can save it's api particulier token
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
4c0dd43055
add jetons particulier index page
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
simon lehericey
87cb16093f
fetch token introspection
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Paul Chavard
4850c3b02d
fix(i18n): enable locale for email previews
2021-09-09 13:06:51 -05:00
Pierre de La Morinerie
407f46b7de
gems: remove smart_listing
...
It was only used in the old design, which we recently removed
completely.
2021-09-09 09:58:41 -05:00
Pierre de La Morinerie
5cbf939911
spec: fix syntax of get requests in archives_controller_spec
...
Those were generating Ruby warnings:
> warning: Using the last argument as keyword parameters is deprecated
2021-09-09 09:58:41 -05:00
Pierre de La Morinerie
e5f449b595
devise: unify password reset views
...
By default, Devise will look for views:
1. First in `views/resource/passwords/…`,
2. Then in `views/devise/passwords/…` if not found.
By moving the views to `views/devise`, we avoid having a partial in
`views/shared` that we need to include manually, and instead let Devise
do the job automatically.
2021-09-09 09:40:40 -05:00
Pierre de La Morinerie
80f9d4adc0
devise: use password_strength component in SuperAdmin::PasswordsController
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
62e4f7ee32
devise: use password_complexity in User::PasswordsController
...
This fixes the password strength meter no longer being displayed when
an admin changes their password.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
ed8b19d2eb
app: use password_complexity in Administrateurs::ActivateController
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
428ca8755f
app: add a password_complexity component
...
This component will replace the previous `password_field` component.
2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
586f8ec543
models: improve password complexity specs
2021-09-09 09:40:39 -05:00
Paul Chavard
00c7c7c419
test(dossier): test dossier transfer
2021-09-08 15:49:04 +02:00
Paul Chavard
3235f42a63
feat(dossier): add dossier transfers UI
2021-09-08 15:10:43 +02:00
Paul Chavard
d6cbdf2a48
feat(dossier): add dossier transfer models
2021-09-08 14:39:46 +02:00
simon lehericey
9fc195f0e5
add test to dossier_projection_service
2021-09-07 15:17:06 +02:00
Paul Chavard
74e277d0a2
feat(graphql): add an option to dossier state change mutations to disable notifications
2021-09-07 14:21:48 +02:00
Paul Chavard
9e30d5fc22
fix(virus scan): prevent virus scans in specs
2021-09-07 14:21:48 +02:00
simon lehericey
367f508e2e
linked_drop_down_list: empty primary => empty secondary
2021-09-07 10:09:18 +02:00
Paul Chavard
6a5a8233b5
feat(i18n): send dossier emails with its user locale and improuve translations
2021-09-07 09:51:23 +02:00
Pierre de La Morinerie
8bb283d977
app: delete old Admin::ProceduresController
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
a004ac59df
app: move archive to NewAdministrateur::ProceduresController
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
e7c8a9fff5
app: move clone to NewAdministrateur::ProceduresController
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
56fa7e7cd6
app: move destroy to NewAdministrateur::ProceduresController
...
The code was already moved; only the route and tests were not.
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
3e83ad454f
app: move new_from_existing to NewAdministrateur::ProceduresController
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
7729385d89
controllers: remove dead code on Admin::ProceduresController
...
This code has been migrated to NewAdministrateur::ProceduresController.
2021-09-02 14:51:26 -05:00
Pierre de La Morinerie
0f9d7d6b8c
app: remove old Admin::InstructeursController
...
It was only hosting the deprecated "Instructeurs globally attached to
this admin", which wasn't used anywhere in the app anymore.
2021-09-02 14:40:36 -05:00
Paul Chavard
a3cc072bbd
feat(i18n): translate countries selector
2021-08-31 13:15:26 +02:00
Pierre de La Morinerie
b80f6a9f1b
spec: fix some manager tests not running
2021-08-26 11:44:47 -05:00
Paul Chavard
8e1bfb469f
fix(dossier): send expiration notifications 2 weeks prior to supression instead of a month
2021-08-26 11:28:57 +02:00
Paul Chavard
1399d9bba9
feat(graphql): expose demarche descriptor on dossier type
...
We don't want to expose full demarche type on dossiers because it would open the door for recursive queries that we want to avoid. DemarcheDescriptorType is a lightweight representation of demarche metadata.
2021-08-25 11:12:24 +02:00
Pierre de La Morinerie
47e1555dce
i18n: properly translate the locale dropdown title
2021-08-24 12:57:51 -05:00
Pierre de La Morinerie
9741108094
lib: remove the 'migrated' key on filters
...
In a9a4f6e2a8
, a task to migrate
ProcedurePresentation's filters was added.
This task added a "migrated: true" key to all migrated filters.
Now that this task has run, we can safely remove the extra key.
In a previous version of this commit, the migration would fail for
invalid ProcedurePresentation records. This is now fixed.
2021-08-24 08:42:22 -05:00
Christophe Robillard
83b6c5d7c7
replace deprecated axe-matchers by axe-core-spec
2021-08-24 08:09:17 -05:00
Paul Chavard
3b6528decf
feat(i18n): enable localization by query param
...
Providing a query param ("locale") will enable localization. A language picker will be shown once
localization is activated. Locale is stored in a cookie "locale".
2021-08-24 12:42:40 +02:00
Ismael MOUSSA S. (T0194673)
330333aac4
6407 - Fix flash message typo in new administrateur/groupe instructeurs controller and its related spec
2021-08-20 20:10:44 +02:00
Christophe Robillard
8f2e0660d3
add spec for dossier with commune
2021-08-19 08:04:47 +02:00
Christophe Robillard
e06f11f33f
add code insee libelle for commune export
2021-08-19 08:04:47 +02:00
Christophe Robillard
4a6c22d6a6
export code insee for commune champ
2021-08-19 08:04:47 +02:00
Paul Chavard
ffa8c0c80a
feat(dossiers): enable dossiers termine expiration behind feature flag
...
feature flag "procedure_process_expired_dossiers_termine" controls if a procedure has expiration
enabled on dossiers termine
re #3796
2021-08-18 16:11:35 +01:00
Christophe Robillard
031b74759f
archives: move bugreport
2021-08-05 09:24:20 +02:00
Christophe Robillard
38e3469e9a
add bug report to archive
2021-08-03 14:51:41 +02:00
simon lehericey
b29bae4707
a procedure has an encrypted api_particulier_token
...
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-07-30 11:18:44 +02:00
François Vantomme
17b659539f
Feat (API Particulier): new encryption service
2021-07-30 11:18:44 +02:00
kara Diaby
69393c2921
modify groupe instructeur controller
2021-07-27 19:38:22 +02:00
kara Diaby
9c976c6b71
fixup! tests
2021-07-27 19:38:21 +02:00
Paul Chavard
64cfb4d64e
Fix sort with revisions
2021-07-23 10:57:04 +02:00
Pierre de La Morinerie
6475cdff7a
Revert "Suppression de la clef "migrated": true
sur les filtres des ProcedurePresentation"
2021-07-23 09:26:13 +02:00
Pierre de La Morinerie
e1909ed29f
brouillon: redirect to sign-in when disconnected
...
There are two cases where the draft auto-save might fail because the
user is no longer authenticated:
- The user signed-out in another tab,
- The brower quit and re-opened, so the Session cookie expired.
In both cases, the auto-save will never succeed until the user
authenticates again, so displaying a "Retry" button is cruel.
Moreover, in plus of all auto-save requests failing with a small error,
the actual hard failure only occurs after filling all the form and
trying to submit it. Then the user is redirected to the sign-in page –
but all their changes are lost.
Instead, we now redirect to the sign-in page on the first 401 error
during the auto-save, let the user sign-in, and then redirect back to
the form.
2021-07-22 11:58:02 +02:00
Paul Chavard
388fb39eb5
Fix false positive blank champ warnings
2021-07-22 10:45:25 +02:00
Paul Chavard
ac0f50b488
Improuve champ blank check
2021-07-22 10:45:25 +02:00
Pierre de La Morinerie
fd74d9a062
lib: remove the 'migrated' key on filters
...
In a9a4f6e2a8
, a task to migrate
ProcedurePresentation's filters was added.
This task added a "migrated: true" key to all migrated filters.
Now that this task has run, we can safely remove the extra key.
2021-07-20 16:51:32 +02:00
Pierre de La Morinerie
fda59c9231
lib: remove outdated tasks
2021-07-20 15:34:31 +02:00
Pierre de La Morinerie
32ab2f0a80
instructeur: limit the maximum size of a filter value
...
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-20 14:49:48 +02:00
Pierre de La Morinerie
831672391e
app: use a long-lived cookie for CSRF token
...
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63
specs: add a feature test for forgery protection
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
71741c5f98
views: fix checkbox wrongly selected in multiple_drop_down_list
...
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.
The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
kara Diaby
0b6c7dace7
tests
2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères"
2021-07-13 18:19:46 +02:00
kara Diaby
d2d046a39d
fix encoding problems with cherlock Holmes gem
2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
3c8a88a660
instructeur: limit the maximum size of a filter value
...
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
Paul Chavard
527db7631e
Add a point on map from coordinates input
2021-07-07 13:33:28 +02:00
Paul Chavard
ab31087f23
Hide cadastres if there is none
2021-07-07 12:28:27 +02:00
Pierre de La Morinerie
37c62ac0a3
app: display standard error page when no cookies are present
...
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).
In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
Christophe Robillard
bc07a875eb
integrate a mininum weight for the average dossier weight
...
before this commit, the average dossier weight took account only pieces
justificatives. With this commit, we add a minimum weight for other
files included in an archive like pdf_export, log operations,
attachments added to traitements. This minimum weight is set arbitrary,
from the observation of some random procedures in production
2021-07-06 15:58:45 +02:00
Pierre de La Morinerie
09933454ff
app: improve InvalidAuthenticityToken logging
...
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00
Christophe Robillard
54d91335f2
remove the ability to download an 'everything' archive
...
there are sometimes an error that happen when building an everything
archive. The error explanation is not understood at the moment.
To deliver the archive feature quickly, we remove the 'everything' archive for
the moment
2021-07-05 11:05:07 +02:00
Paul Chavard
280e54b59d
Enable test revisions
2021-07-01 15:59:07 +02:00
Pierre de La Morinerie
1faf91bdbe
experts: protect password update as well as sign-up
2021-06-30 10:46:42 +02:00
Pierre de La Morinerie
6f7a2fde57
experts: fix saving password on sign-in
2021-06-30 10:46:42 +02:00
Pierre de La Morinerie
4f5c5e26ae
spec: cleanup spec for Experts::AvisController
2021-06-30 10:46:42 +02:00
Christophe Robillard
66cc0dd08d
Revert "Revert "Expose dossier PDF export as IO""
...
This reverts commit 362093eff0
.
2021-06-24 21:01:59 +02:00
krichtof
362093eff0
Revert "Expose dossier PDF export as IO"
2021-06-24 19:21:37 +02:00
Paul Chavard
b73d504f8d
Expose dossier PDF export as IO
...
Co-authored-by: Christophe Robillard <christophe.robillard@beta.gouv.fr>
2021-06-24 17:49:24 +02:00
Paul Chavard
a4482233b8
[GraphQL] expose deleted dossiers
2021-06-24 11:51:37 +02:00
Paul Chavard
0ca5e1abe2
Preview should reflect revision changes
2021-06-24 11:39:49 +02:00
Paul Chavard
8b2c2c6466
Handle carte layers changes
2021-06-24 11:39:49 +02:00