Commit graph

1827 commits

Author SHA1 Message Date
Pierre de La Morinerie
c2729ab7e2 config: add Matomo to the frame_src Content Security Policy
Solves the Matomo iframe being blocked on `/suivi`. Fix #5868
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
3276db016f config: add Matomo to the connect_src Content Security Policy
Solves Matomo connections being blocked. Fix #6949
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
6fa52e8a5a config: report CSP violations to report-uri 2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
0b2775a1a6 config: add back DS_PROXY_URL to CSP
Otherwise a bunch of "static.demarches-simplifiees.fr" domains would
be missing.
2022-02-15 12:49:52 +01:00
François Vantomme
d5f207d98c refactor(url): use env variables in content security policies 2022-02-15 12:49:52 +01:00
François Vantomme
7425a08e74 refactor(openstack): rename STORAGE_TYPE to ACTIVE_STORAGE_SERVICE 2022-02-15 10:34:42 +01:00
François Vantomme
a2c04a80aa refactor(storage): harmonize environment variables
Use STORAGE_TYPE everywhere rather than FOG_ENABLED.
STORAGE_TYPE is more flexible and is the reference variable for
production environment.
2022-02-15 09:40:32 +01:00
Jon
31996c7d09 chore(smtp): add mailcatcher configuration 2022-02-15 09:34:07 +01:00
François Vantomme
cc6cb2ea30 feat(matomo): use env variables to set the domain 2022-02-15 09:25:23 +01:00
Jon
97feca6305 feat(ClamAV): add config to disable clamav usage 2022-02-15 09:15:47 +01:00
François Vantomme
0758e2d1cf Refactor: use APP_HOST env variable in development env
It prevents exceptions when APP_HOST is custom in development env.

*** ArgumentError Exception: Missing host to link to! Please provide the
   :host parameter, set default_url_options[:host], or set :only_path to
   true
2022-02-15 09:01:38 +01:00
François Vantomme
ac915494df feat(landing): hide testimonial & users sections 2022-02-15 08:49:23 +01:00
Paul Chavard
76b1b85fa7 fix(attestation_template): add revision diff support 2022-02-11 08:45:32 +01:00
Paul Chavard
88e80e9e32
Merge pull request #6901 from adullact/feature/6859-jwt-token-expiration
[API Entreprise] Ajout du support des jetons JWT sans clé d'expiration
2022-02-10 11:48:39 +01:00
Pierre de La Morinerie
56461c6614 feat(openstack): just use FOG_OPENSTACK_URL
We don't need introducing a new env var for this.
2022-02-09 13:02:43 +01:00
François Vantomme
36f8a582ed feat(openstack): use env variables for base and auth URLs 2022-02-09 13:02:42 +01:00
François Vantomme
aebe90a0c4 refactor: use example domains
According to RFC 2606, example domains must be:
example.com, example.net, or example.org
2022-02-09 12:44:13 +01:00
François Vantomme
e8f62e78fe feat(matomo): configure Matomo iframe URL with an env variable 2022-02-09 12:44:13 +01:00
Paul Chavard
1f661325a5 refactor(carto): use maplibre instead of mapbox 2022-02-09 10:29:00 +01:00
Paul Chavard
ea6aec8b1a chore(webpack): enable typescript 2022-02-09 10:29:00 +01:00
Pierre de La Morinerie
3e20ea13d8
Revert "Utilisation des variables d'environnement lors de la déclaration des Content Security Policies" 2022-02-08 22:20:08 +01:00
François Vantomme
8eaecd184a refactor(url): use env variables in content security policies 2022-02-08 15:15:55 +01:00
Pierre de La Morinerie
847abca122 config: simplify mailer configuration again
Move everything to initializers, and replace the email settings
interceptor by a BalancerDeliveryMethod.

It has the advantage that it can be configured entirely from the
`config/environment.rb` file, without an extra file to look at.
2022-02-08 12:44:43 +01:00
Pierre de La Morinerie
27b42fe8ae config: better document SENDINBLUE_BALANCING 2022-02-08 12:44:43 +01:00
Pierre de La Morinerie
04cfc8ed9d config: use alternate delivery methods to configure ActionMailer
Previously `SENDINBLUE_BALANCING` was used only when
`SENDINBLUE_ENABLED` was *disabled* (otherwise only SendInBlue was ever
used).

This commit:

- Ensure that `SENDINBLUE_BALANCING` is used only when SendInBlue is
  *enabled* (which is more intuitive).
- Make it easier to add other delivery methods.
2022-02-08 12:44:43 +01:00
LeSim
fe9adf061c
Merge pull request #6916 from adullact/feature/6873-dinum-vars
Déplacer toutes les mentions à la DINUM dans des variables
2022-02-08 11:58:05 +01:00
Pierre de La Morinerie
dd49abc672 stats: fix duplicated word
The message would be formatted as:

> in 7 days days.
2022-02-08 11:43:32 +01:00
Pierre de La Morinerie
b2ae79a99b config: ignore gitguardian warnings for test keys
Tell GitGuardian not to report our fake testing secrets as leaks.
2022-02-08 11:31:07 +01:00
François Vantomme
eba9a87123
refactor(API Entreprise): raise an error on blank token 2022-02-07 15:18:16 +01:00
François Vantomme
51cfd3d7ad
feat(env): add env variables for the provider data 2022-02-04 18:20:06 +01:00
Kara Diaby
5d10158fa6 Instructeur : ne peut plus cliquer sur un dossier supprimé dans la recherche 2022-02-03 11:17:39 +01:00
Pierre de La Morinerie
d680602c84 models: validate private types_de_champ 2022-02-01 12:37:16 +01:00
Pierre de La Morinerie
e8e37cce15 models: refactor the types_de_champ validators
Context: we want to validate public and private types_de_champ
separately.

Before we validated the whole revision (and then validators themselves
enumerated all champs, public and private).

Now we validate the actual public types_de_champ, which will let us
validate separately the private types_de_champ.
2022-02-01 12:37:16 +01:00
Kara Diaby
96556ca4b3 locales 2022-01-31 10:03:44 +01:00
Kara Diaby
64f2dfdea1 routes 2022-01-31 10:03:44 +01:00
Pierre de La Morinerie
387701e7cb config: add a new SAML_IDP_ENABLED env var
This fixes the app crashing on launch when using the production profile,
because the certificates are not present.
2022-01-26 16:45:50 +01:00
Paul Chavard
ecebc8cf00 fix locale 2022-01-25 11:46:05 +01:00
Kara Diaby
2eb35065f8 fix dossier deletion mailers 2022-01-25 11:46:05 +01:00
Pierre de La Morinerie
0b4e82c25b config: move jobs env vars to the optional file 2022-01-19 15:43:44 +01:00
Pierre de La Morinerie
68fd3aea39 config: rename SOURCE to LOGRAGE_SOURCE 2022-01-19 15:43:44 +01:00
Pierre de La Morinerie
d4fada9f6c config: add MATOMO_HOST environment variable 2022-01-19 15:43:44 +01:00
Pierre de La Morinerie
cd7a86743b config: move related SendInBlue variables together 2022-01-19 15:43:44 +01:00
Pierre de La Morinerie
54667f8b11 config: remove SIGNING_KEY
It was used for initializing a custom message verifier in 
`app/services/signature_service.rb`.

But the use of SIGNING_KEY by this service was removed in
dbbe96d333 – and then the signature
service itself was removed completely in
69a51e3296.
2022-01-19 15:43:44 +01:00
Pierre de La Morinerie
75006c799e config: translate default env in english 2022-01-18 12:05:41 +01:00
Pierre de La Morinerie
a0e9764632 config: document INVISIBLE_CAPTCHA_SECRET 2022-01-18 12:05:41 +01:00
Paul Chavard
e3236e5f60 fix(mailer): transfer -> transfert 2022-01-13 17:59:06 +01:00
Kara Diaby
c306387b00 locales 2022-01-12 15:49:38 +01:00
Kara Diaby
510e8f2fdd routes 2022-01-12 15:49:37 +01:00
Martin
252eee272b feat(support#create): block with invisible captcha [avoid painful captcha] 2022-01-04 14:49:00 +01:00
Kara Diaby
37e991ccb8 User : delete the folder if the instructeur has hide it 2021-12-29 17:37:58 +01:00
Kara Diaby
7d7b847437 Instructeur : delete the folder if the user has hide it 2021-12-29 17:37:58 +01:00
Kara Diaby
f239d46a45 add hide_dossier method to instructeurs 2021-12-29 17:37:57 +01:00
Martin
d0ab1711ff fix(profil_controller#update_email): ensure we are not merging same account
fix(profil_controller#update_email): changing email from current_user.email to current_user.email destroy current user. whoops ☠️'

Update config/locales/en.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update config/locales/fr.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update spec/controllers/users/profil_controller_spec.rb

Update config/locales/fr.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update spec/controllers/users/profil_controller_spec.rb

fix(spec): broken due to typo
2021-12-29 13:36:47 +01:00
Christophe Robillard
9a38d5e049 superadmin can only index and show zones 2021-12-23 19:07:42 +01:00
Christophe Robillard
537e6066d8 add Zones dashboard for superadmin 2021-12-23 19:07:42 +01:00
Fabrice Gangler
86a8d33ce7 fix(i18n): correct a typo 2021-12-23 10:56:40 +01:00
Christophe Robillard
eda8aacfe4 fix a11y problem for support page
L'interpolation de `support.index.product.answer_html` produisait des balises p vides, ce qui contrevenait au critère 8.9.1 RGAA (https://www.numerique.gouv.fr/publications/rgaa-accessibilite/methode/criteres/#test-8-9-1)
2021-12-23 10:49:52 +01:00
François Vantomme
14e0c68266 feat(api particulier): add MESRI field 2021-12-16 16:45:18 +01:00
François Vantomme
5097e78b45 feat(api particulier): add MESRI locales 2021-12-16 16:45:17 +01:00
François Vantomme
693a95904e style(api particulier): mentionne le statut étudiant dans les locales 2021-12-16 16:45:16 +01:00
Christophe Robillard
c9c1f206b9 fix zone acronyms 2021-12-15 19:37:32 +01:00
Christophe Robillard
829d644c10 group related options in zone select box 2021-12-15 19:37:32 +01:00
simon lehericey
0e7a6f5acf remove obsolete route 2021-12-15 13:43:32 +01:00
Pierre de La Morinerie
be1ddb59ec views: localize the stats partial
Also rename 'procédure' to 'démarches'.
2021-12-14 15:03:22 +01:00
maatinito
573b3d39e2 Fix date_trunc sql queries for timezoned forks 2021-12-14 08:50:09 +01:00
Martin
cf5794eebf clean(brakeman): remove unwanted warning 2021-12-13 17:09:20 +01:00
Martin
1795084dce fix(brakeman): no code injection here 2021-12-13 16:37:04 +01:00
simon lehericey
3bdf6b63d9 small wording fixes 2021-12-08 11:19:30 +01:00
Christophe Robillard
4ffd25a321 introduce zone concept from now on 2021-12-08 10:56:17 +01:00
François Vantomme
6ab8ac0662 feat (api particulier): add Pole emploi field 2021-12-08 10:36:25 +01:00
François Vantomme
2e05a3fde2 feat(api particulier): add Pole Emploi locales 2021-12-08 10:36:11 +01:00
François Vantomme
62bc2efbaa style(api particulier): mentionne Pôle Emploi dans les locales 2021-12-08 09:49:53 +01:00
François Vantomme
2110ef072c feat(api particulier): add DGFiP field 2021-12-07 11:03:05 +01:00
François Vantomme
abad34ea7c feat(api particulier): add DGFiP locales 2021-12-07 11:03:05 +01:00
François Vantomme
8ca8bdb6c4 fix(api particulier): correction d'une typo dans les locales 2021-12-07 11:03:05 +01:00
François Vantomme
4c8697656b style(api particulier): mentionne DGFIP dans les locales 2021-12-07 11:03:05 +01:00
Martin
45a74ee999 clean(routes): based on review 2021-12-06 13:09:46 +01:00
Martin
a9413f9b12 feat(manager): add procedure_expires_when_termine_enabled to administrate 2021-12-06 07:49:59 +01:00
Martin
081d5094a9 feat(instructeurs/procedure/dossiers#extend_conservation): add extends duree conservation in action button list, also rewire this action for user [extend by procedure.duree_conservation_dans_ds by default] but force 1.month for instructeur. add new icon for standby based on https://en.wikipedia.org/wiki/Power_symbol 2021-12-06 07:20:01 +01:00
Martin
d8a8d1fdab feat(instructeur/dossier/header/_expiration_banner): split trads and add dedicated expiration banner for instructeur. also enhance wording to include duree conservation + extension_conservation
feat(expiration_banner): enhance wording of expiration

feat(dossiers/expiration_banner): enhance wording regarding expiration to include duree_conservation_dossiers_dans_ds + extension_conservation, also add spec on expiration_banner for instructeur
2021-12-06 07:05:17 +01:00
Martin
22531560d8 feat(tabs.expirants): re-order so it comes before deleted dossiers 2021-12-06 07:05:17 +01:00
Christophe Robillard
3265ac2d84 localize zone 2021-12-02 19:24:26 +01:00
Christophe Robillard
5b8d872b6e populate zones 2021-12-02 19:16:11 +01:00
Pierre de La Morinerie
b7d17b0989 models: validate that no drop-downs are empty on publishing
Disallow publishing a procedure containing drop-downs with no selectable
values.
2021-12-02 09:00:37 +01:00
Pierre de La Morinerie
d524beee4e app: remove :instructeur_bypass_email_login_token from Flipper 2021-12-02 08:51:52 +01:00
Kara Diaby
ffcae81249 change locales 2021-11-30 14:27:58 +01:00
Pierre de La Morinerie
28dfc6a1ba manager: save bypass_email_login_token to both column and feature 2021-11-30 13:41:25 +01:00
Pierre de La Morinerie
99c77046d2 models: improve error message for invalid champs
Avoid prepending the message with 'Draft revision '
2021-11-30 13:34:41 +01:00
Pierre de La Morinerie
52b0fbf9b7 models: validate repetitions on publishing 2021-11-30 13:34:41 +01:00
simon lehericey
c4cde500ce fix acsv 2021-11-30 09:42:45 +01:00
Pierre de La Morinerie
184a401182 app: rename new_administrateur to administrateurs 2021-11-30 08:49:38 +01:00
Martin
970e43efb8 feat(stats#index): update Stat model to also query DossierDeleted in stats computation
tech(question): discard_and_keep_track! ; are we really keeping track with default_scope { kept } ?

feat(stats): add DeletedDossier in Stat computations

Revert "tech(question): discard_and_keep_track! ; are we really keeping track with default_scope { kept } ?"

This reverts commit d1155b7eeaaf1a9f80189e59667e109541fcb089.

feat(stats): support deleted_dossiers for last_four_months_hash and cumulative_hash. extract sanitize query & merge hashes in methdos

clean(rubocop): lint with rubocop

Update db/migrate/20211126080118_add_index_to_deleted_at_to_deleted_dossiers.rb

Co-authored-by: LeSim <mail@simon.lehericey.net>

fix(rubocop): avoid uneeded allocation

fix(migration): add concurrent index with expected synthax

fix(brakeman): add ignore message since group date_trunc evaluation is used by only ourself
2021-11-26 13:29:40 +01:00
Kara Diaby
67d331e788 modify locales fr and en 2021-11-26 09:45:13 +01:00
Kara Diaby
fef7f79237 add route 2021-11-26 09:45:13 +01:00
kara Diaby
eaac293da3 add a new tab traités on user dossiers 2021-11-26 09:45:13 +01:00
Martin
fdf0f18fda fix(i18n): wrap text under i18n.t
i18n(france_connect/*): replace wording with i18n

fix(lint): i18n key issue

secu(views/france_connect/particulier/merge.html.haml): sanitize france_connect_email just in case

fix(brakeman): sanitize FCI.email_france_connect when used with html_safe via an I18n.t, also add exception to brakeman
2021-11-25 17:34:37 +01:00
Martin
ff073f8884 Add confirmation by email when merging DC/FC accounts
feat(fci.confirmation_code): add confirmation code to france_connect_informations

feat(user_mailer.france_connect_confirmation_code): add confirmation by email mail method/preview/spec, pointing to merge_mail_with_existing_account (reuse existing method)

feat(mail_merge): mail merge

feat(merge.cannot_use_france_connect): same behaviour as callback

clean(fci.confirmation_code): use same token for mail validation as merge

feat(resend_france_connect/particulier/merge_confirmation): resend email with link. also enhance some trads, cleanup halfy finished refacto

clean(tech): finalize story by plugging merge_with_new_account to email validation

fix(deadspec): was removed

fix(spec): broken after last refactoring

lint(rubocop): space before parenthesis

lint(haml-lint): yoohoooo space before =

fix(lint): scss now :D

Update app/assets/stylesheets/buttons.scss

cleanup

feat(france_connect): re-add confirm by email, with an option for confirmation by email instead of only confirmation by email

fixup! Add confirmation by email when merging DC/FC accounts

fix(lint): haml_spec failure
2021-11-25 17:34:34 +01:00
mfo
e7d9d047fe
Merge branch 'main' into 6649-etq-usager-instructeur-rendre-la-suppression-plus-visible 2021-11-24 14:07:32 +01:00
simon lehericey
6e7d2e057a typo 2021-11-24 12:50:52 +01:00
simon lehericey
f60055637a add missing redirect_uri env 2021-11-24 12:47:01 +01:00
Pierre de La Morinerie
60c2718f29 models: remove custom code for file size validation message
With active_storage_validations 0.9.6, we can use the %{max_size}
variable directly in the error message.
2021-11-24 10:06:45 +01:00
Martin
0fd9e15cc1 i18n(expiration_banner): extract test in i18n files 2021-11-23 15:23:22 +01:00
simon lehericey
5234a1854c manage AgentConnect callback 2021-11-23 14:17:59 +01:00
simon lehericey
3316dfc866 reopen openid_connect gem to support AC encrypted jwt response 2021-11-23 14:17:59 +01:00
simon lehericey
898df449d4 redirect to AgentConnect 2021-11-23 14:17:59 +01:00
simon lehericey
45ce274721 add agent connect secrets 2021-11-23 14:17:59 +01:00
simon lehericey
d2432e34eb AgentConnect UI 2021-11-23 14:17:59 +01:00
Martin
b6adf5fc72 feat(dossiers/show): enhance header with expirations message/banner. also ensure consistent design between dossier states
fix(spec): broken due to last refactoring

spec(dossier.extend_conservation): add system spec

lint(ruby): still not yet ready for auto lint in IDE...
2021-11-23 05:50:25 +01:00
Martin
3d1533dee9 feat(users/dossiers?statut=dossiers-expirant): add dossiers-expirant tab 2021-11-19 15:14:39 +01:00
mfo
82b23b92c0
Merge branch 'main' into 6624/etq-instructeur-je-souhaite-supprimer-des-messages-envoyes-par-erreur 2021-11-17 05:41:56 +01:00
Paul Chavard
406c5a61cc fix(dossier): fix dossier traitements display 2021-11-16 19:00:20 +03:00
mfo
1d174df2ec
Merge branch 'main' into 6624/etq-instructeur-je-souhaite-supprimer-des-messages-envoyes-par-erreur 2021-11-16 16:37:15 +01:00
Martin
c24bc45137 clean(trads): remove unused i18n 2021-11-16 16:25:32 +01:00
Martin
f0950b592b clean(CommentaireService): extract soft delete within controller. returning an instance with an error[:base] is not persisted with validation : avoid poluting stuff 2021-11-16 16:13:11 +01:00
Paul Chavard
7914775809 feat(routage): administrateur can disable routage
fix #6627
2021-11-16 11:49:51 +03:00
Martin
d4c74b5621 feat(rc.1): refine with better translations, better design 2021-11-15 14:15:05 +01:00
Martin
3b78a9d81a feat(rc): first stable 2021-11-15 13:53:32 +01:00
Paul Chavard
1adafd22d0 fix(graphql): add graphql_operation to lograge 2021-11-04 16:18:10 +01:00
simon lehericey
652b8367be accept or refuse merge 2021-11-04 16:10:09 +01:00
simon lehericey
894e8fdd47 move update_email check to before_action 2021-11-04 16:10:09 +01:00
Paul Chavard
ba0211ba52 feat(champ): ask for departement before asking for commune 2021-11-04 11:55:25 +01:00
Pierre de La Morinerie
5f2233d07d specs: reduce BCrypt complexity during tests
BCrypt is used to compute Instructeur tokens, and takes a surprisingly
ong time during specs.

Reducing the complexity to speed it up.

Speeds up this spec from 0m 57s to 0m 20s.
2021-11-03 19:38:01 +01:00
kara Diaby
f1f2b76a3d revisions 2021-10-27 12:00:39 +02:00
Paul Chavard
6e8e0c7b6b feat(type_de_champ): reflect changes of secondary labels and descriptions 2021-10-26 12:18:01 +02:00
Pierre de La Morinerie
d0e87a08cf services: cache zxcvbn dictionaries per-thread
Before, every time a password was tested, the dictionaries were parsed
again by zxcvbn.

Parsing dictionaries is slow: it may take up to ~1s. This doesn't matter
that much in production, but it makes tests very slow (because we tend
to create a lot of User records).

With this changes, the initializer tester is shared between calls, class
instances and threads. It is lazily loaded on first use, in order not to
slow down the application boot sequence.

This uses ~20 Mo of memory (only once for all threads), but makes tests
more that twice faster.

For instance, model tests go from **8m 21s** to **3m 26s**.

NB:
An additionnal optimization could be to preload the tester on
boot, before workers are forked, to take advantage of Puma copy-on-write
mechanism. In this way all forked workers would use the same cached
instance.

But:

- We're not actually sure this would work properly. What if Ruby updates
  an interval ivar on the class, and this forces the OS to copy the
  whole data structure in each fork?
- Puma phased restarts are not compatible with copy-on-write anyway.

So we're avoiding this optimisation for now, and take the extra 20 Mo
per worker.
2021-10-25 12:04:56 +02:00
Pierre de La Morinerie
136d0bc341 config: remove pre and post boot code from puma config
This is no longer needed since Rails 5.1.

See https://github.com/rails/rails/pull/31241
2021-10-25 11:28:09 +02:00
simon lehericey
738d08a1d9 change in whitelist 2021-10-19 21:07:24 +02:00
simon lehericey
44c880adc4 allow instructeur and administrateur to change their email to legit domain (#6550) 2021-10-19 15:54:57 +02:00
simon lehericey
ce40e1127d merge with another new account 2021-10-14 14:47:50 +02:00
simon lehericey
19f81b594b merge with an existing account by using the password 2021-10-14 14:47:50 +02:00
simon lehericey
f7299da1e7 launch merge process if an unlinked DS account with the same email exists 2021-10-14 14:47:50 +02:00
simon lehericey
8c81558e56 english locales 2021-10-12 14:27:20 +02:00
simon lehericey
57a7f82a8f add cnaf ui 2021-10-12 14:27:20 +02:00
simon lehericey
40d0cfcdc4 add champ validation 2021-10-12 14:27:20 +02:00
simon lehericey
d68129b34d add cnaf type de champ 2021-10-12 14:26:40 +02:00
simon lehericey
b69dafc3d4 CNAF in lowercase 2021-10-12 14:26:40 +02:00
simon lehericey
05e127af4b corrige une locale 2021-10-12 14:26:40 +02:00
Pierre de La Morinerie
0b02fce5e4 jobs: move ActiveJobLogSubscriber out of initializers
This is a class of its own, it doesn't need to be in the initializers.
2021-10-12 11:40:19 +02:00
kara Diaby
6251c3369b routes 2021-10-05 15:37:29 +02:00
kara Diaby
6c82e40ddb routes 2021-10-05 15:00:21 +02:00
Pierre de La Morinerie
f277731b3d app: upgrade webpacker by running rails webpacker:install 2021-09-30 17:05:26 +02:00
kara Diaby
eb951c75e4 change stats colors 2021-09-28 14:49:24 +02:00
Paul Chavard
357c684688 feat(routage): self managing instructeurs 2021-09-27 15:06:17 +02:00
simon lehericey
75043070da add CNAFAdapter 2021-09-22 12:08:24 +02:00
simon lehericey
07962cc2c7 service: match remote keys 2021-09-22 12:08:24 +02:00
Ismael MOUSSA S
7c7c9c9ea4 Fix file size validation message 2021-09-21 12:11:20 -05:00
simon lehericey
2e1bed8748 an admin can save its sources 2021-09-21 11:21:10 -05:00
Pierre de La Morinerie
6656d1130b i18n: refactor admin support locales
This allow i18n-tasks to better detect dynamic keys.
2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
f9220891a7 i18n: refactor user support locales
This allow i18n-tasks to better detect dynamic keys.
2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
ede23fa542 i18n: remove unused locales about user feedback 2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
274b92c453 i18n: remove simple_form locale files
We don't even use simple_form.
2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
f050a4757a i18n-tasks: consider model names localizations as used 2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
580ae1c063 i18n: add automated check for inconsistent interpolations 2021-09-21 10:44:20 -05:00
Pierre de La Morinerie
b4e850b88b config: remove old retro-compatibility Job constants
These constants were defined so that existing enqueued jobs wouldn't
fail during the app upgrade.

These jobs are long gone. Let's remove the compatibility code.
2021-09-21 10:43:33 -05:00
simon lehericey
75481a644c Add confirm alert 2021-09-20 13:58:11 +02:00
simon lehericey
7239657a75 [Fix #6481] a user see its waiting transfers 2021-09-20 13:58:11 +02:00
simon lehericey
c34476a766 a user can transfer all its dossier 2021-09-20 13:58:11 +02:00
Paul Chavard
c9accbf5a5 refactor(i18n): localize routage description 2021-09-18 11:51:27 +02:00
Paul Chavard
64298503b1 fix(i18n): fix missing translations in partials 2021-09-18 11:44:41 +02:00
Paul Chavard
0c5c8faf16 feat(routage): enable routage for everyone 2021-09-18 11:22:35 +02:00
Paul Chavard
eea6b961d7 refactor(routage): remove administrateur_routage feature flag 2021-09-18 11:21:26 +02:00
simon lehericey
5dbd81ebeb show api particulier sources 2021-09-17 13:50:23 +02:00
Pierre de La Morinerie
64e10c6d8c i18n: fix english file with fr key 2021-09-16 08:16:09 -05:00
Pierre de La Morinerie
c6bc42ad76 i18n: fix english keys scope for passwords views 2021-09-16 07:59:19 -05:00
Pierre de La Morinerie
715b5ea6d8 i18n: move controller keys to the proper scope 2021-09-16 07:59:19 -05:00
Pierre de La Morinerie
0104a71e53 i18n: remove unused english key 2021-09-16 07:51:56 -05:00
Pierre de La Morinerie
973945fb58 i18n-tasks: add gems locales to the search path 2021-09-16 07:51:56 -05:00
Pierre de La Morinerie
446738fbbf i18n: make dynamic scopes explicit
This fixes i18n-tasks not being able to recognize the scopes.
2021-09-16 07:51:56 -05:00
Pierre de La Morinerie
95d1cd6992 i18n: cleanup gender locales
The dot in the localized key messes up with i18n-tasks, and causes
false positives for missing strings.
2021-09-16 07:51:56 -05:00
Pierre de La Morinerie
745e19bb8e localize 2021-09-16 09:07:47 +02:00
simon lehericey
69bb174e29 add feature flipped link to add api particulier token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
ee6d19e3ee an admin can save it's api particulier token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:56:42 +02:00
simon lehericey
4c0dd43055 add jetons particulier index page
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
simon lehericey
620a5374e8 Add api particulier url in conf
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-09-15 14:37:04 +02:00
Peng-Fei DONG
1979c44f9c set OTP: Enable or Disable 2021-09-09 10:25:15 -05:00
Pierre de La Morinerie
407f46b7de gems: remove smart_listing
It was only used in the old design, which we recently removed
completely.
2021-09-09 09:58:41 -05:00
Pierre de La Morinerie
80f9d4adc0 devise: use password_strength component in SuperAdmin::PasswordsController 2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
ed8b19d2eb app: use password_complexity in Administrateurs::ActivateController 2021-09-09 09:40:39 -05:00
Pierre de La Morinerie
428ca8755f app: add a password_complexity component
This component will replace the previous `password_field` component.
2021-09-09 09:40:39 -05:00
Paul Chavard
3235f42a63 feat(dossier): add dossier transfers UI 2021-09-08 15:10:43 +02:00
Paul Chavard
d6cbdf2a48 feat(dossier): add dossier transfer models 2021-09-08 14:39:46 +02:00
Ismael MOUSSA S. (T0194673)
9d012d51e8 delete features flag option : 'make_experts_notifiable' 2021-09-07 10:49:20 +02:00
Paul Chavard
6a5a8233b5 feat(i18n): send dossier emails with its user locale and improuve translations 2021-09-07 09:51:23 +02:00
Pierre de La Morinerie
d4d0c0b1f3 gems: clean brakeman obsolete false-positives
These were made obsolete by the new brakeman version.
2021-09-02 16:12:52 -05:00
Pierre de La Morinerie
f9529da8bd gems: update brakeman
This prevent a false-positive warning about a vulnerable loofah version.

We also need to ignore a new warning, about an unsafe redirect. This is
unsafe when the object given in redirect can be a hash that includes
a `:host` key. But here we are redirecting to a plain string, which is
definitely safe.
2021-09-02 16:11:23 -05:00
Pierre de La Morinerie
a004ac59df app: move archive to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
e7c8a9fff5 app: move clone to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
56fa7e7cd6 app: move destroy to NewAdministrateur::ProceduresController
The code was already moved; only the route and tests were not.
2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
3e83ad454f app: move new_from_existing to NewAdministrateur::ProceduresController 2021-09-02 14:51:31 -05:00
Pierre de La Morinerie
7729385d89 controllers: remove dead code on Admin::ProceduresController
This code has been migrated to NewAdministrateur::ProceduresController.
2021-09-02 14:51:26 -05:00
Pierre de La Morinerie
3fc934c8fb app: remove leftovers of publish_validate route
The correponding code and feature have been removed a while ago.
2021-09-02 14:50:41 -05:00
Pierre de La Morinerie
0f9d7d6b8c app: remove old Admin::InstructeursController
It was only hosting the deprecated "Instructeurs globally attached to
this admin", which wasn't used anywhere in the app anymore.
2021-09-02 14:40:36 -05:00
lydiasan
ed7a9aaf39 ajout des traductions pour la page reset-link-sent 2021-09-01 17:49:52 +02:00
Paul Chavard
a3cc072bbd feat(i18n): translate countries selector 2021-08-31 13:15:26 +02:00
Paul Chavard
241f564ecc refactor(i18n): move signature translation keys to shared 2021-08-26 17:53:59 +02:00
Paul Chavard
89d9a4a477 feat(i18n): translate notification emails actions 2021-08-26 17:53:59 +02:00
Paul Chavard
6eb072e69f feat(i18n): translate email greetings 2021-08-26 17:53:59 +02:00
lydiasan
156b9894fe ajout des traductions pour la demande de mdp 2021-08-26 17:43:00 +02:00
Paul Chavard
8c6978c0cb feat(i18n): translate devise related emails 2021-08-26 12:08:40 +02:00
Paul Chavard
8e1bfb469f fix(dossier): send expiration notifications 2 weeks prior to supression instead of a month 2021-08-26 11:28:57 +02:00
Pierre de La Morinerie
47e1555dce i18n: properly translate the locale dropdown title 2021-08-24 12:57:51 -05:00
Pierre de La Morinerie
83b04aca59 i18n: move 'layouts' locales to their proper location 2021-08-24 12:57:51 -05:00
Christophe Robillard
99c16e8dc0 i18n for header 2021-08-20 12:09:01 +02:00
Christophe Robillard
a5750ed4ce i18n for registration page 2021-08-20 12:09:01 +02:00
Paul Chavard
2e707e118c fix(i18n): remove space before question mark in english 2021-08-20 10:40:12 +01:00
Christophe Robillard
bf3580ca2f i18n for page commencer 2021-08-20 09:19:25 +02:00
Paul Chavard
ffa8c0c80a feat(dossiers): enable dossiers termine expiration behind feature flag
feature flag "procedure_process_expired_dossiers_termine" controls if a procedure has expiration
enabled on dossiers termine

re #3796
2021-08-18 16:11:35 +01:00
François Vantomme
17b659539f Feat (API Particulier): new encryption service 2021-07-30 11:18:44 +02:00
Paul Chavard
020ce2dcaa fix shared locales namespace 2021-07-28 13:09:50 +02:00
kara Diaby
77b57edb2f fixup! routes 2021-07-27 19:38:21 +02:00
lydiasan
7de10731a6 i18n: localize dossiers edition 2021-07-20 14:18:20 +02:00
Pierre de La Morinerie
5b4f7f9ae9 app: restore the default cache settings
We initially did that to avoid a browser being restarted to display a
cached form with a stale CSRF token – thus provoking an
InvalidAuthenticityToken exception when the form is submitted.

But now that we use a long-lived CSRF token, we can submit forms with
a stale CSRF token successfully (because the long-lived CSRF cookie)
is still valid – so we no longer need to change the HTML cache behavior.

This fixes issues where the browser Back button wants to display a
previous POST document, but can't because of the 'no-store' setting. In
this case the browser either displays an error, or re-attempts the POST
request (without any cookies), which results in an 
InvalidAuthenticityToken exception.

See `docs/adr-csrf-forgery.md` for more explanations.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
9eb2e13d43 config: report job exceptions after max retry count reached
Previously Sentry reported job exceptions even if a retry
strategy was specified. So we had to ignore retried job exceptions
entirely.

Since sentry-delayed-job 0.4.4, we can instead let Sentry report
job exceptions when the retry count is exhausted. Which is
exactly the behavior we want.
2021-07-01 15:06:14 +02:00
Paul Chavard
15ff046428 Improuve revision changes messages 2021-06-24 11:39:49 +02:00
Paul Chavard
8b2c2c6466 Handle carte layers changes 2021-06-24 11:39:49 +02:00
Paul Chavard
35eccb5630 Show separate blocks for types de champ and annotation changes 2021-06-23 09:40:07 +02:00
Paul Chavard
7cb2f91fea Add revisions feature flag 2021-06-23 09:40:07 +02:00
Paul Chavard
f238710044 Add last_month export 2021-06-23 09:23:10 +02:00
Pierre de La Morinerie
b5bde6608c routes: replace the email param in the Avis URLs by a query param 2021-06-17 11:15:51 +02:00
Pierre de La Morinerie
ab442cd8d1 routes: remove unused redirections 2021-06-17 11:15:51 +02:00
Pierre de La Morinerie
51159117c9 routes: replace the email param in the URL to a query param
This basically moves from:

    /lien-envoye/foo@bar.com

to:

    /lien-envoye?email=foo@bar.com

This allow to properly censor the data in Matomo (so that email
addresses don't end up stored in Matomo).
2021-06-17 11:15:51 +02:00
kara Diaby
99d00c00ce change routes 2021-06-15 11:20:20 +02:00
kara Diaby
da1d83b967 add route 2021-06-04 15:29:08 +02:00
Pierre de La Morinerie
fcd5df3c2b i18n: add missing i18n keys for User model
The key for naming the User model was missing – so the default
localization from devise-i18n was used. Unfortunately devise-i18n lacks
the plural form.

This fixes the manager dashboard displaying "User" instead of "Users".
2021-05-27 16:08:55 +02:00
François Vantomme
bc6d5aca0e Fix (Sentry): prefer Rails secrets over ENV variables 2021-05-27 11:12:27 +02:00
Jon
2a0a65a90f fix(sentry): specify current environment for sentry config 2021-05-27 11:12:27 +02:00
Paul Chavard
9b0dae4cc2 Fix apostrophes ‘ -> ’ 2021-05-26 18:05:14 +02:00
lydiasan
2d6ad4f2c1
Merge branch 'main' into localize-dropdown-button 2021-05-25 14:45:52 +02:00
Pierre de La Morinerie
d93342e1d7 config: cleanup allowed tags after Rails 6.1 migration 2021-05-25 11:06:53 +02:00
Paul Chavard
e74dcb0056 Remove ign feature flag 2021-05-24 11:50:16 +02:00
Paul Chavard
01c558953b Remove API GEO legacy adapter 2021-05-24 11:50:16 +02:00
kara Diaby
b3caa2e5f4 add route 2021-05-18 11:42:10 +02:00
lydiasan
42153d1d37 ajout du selecteur de langue 2021-05-12 16:30:35 +02:00
Paul Chavard
8a74438dc1 Use conservation_extension instead of en_construction_conservation_extension 2021-05-11 17:33:53 +02:00
Paul Chavard
e8cdded515 Use explicit name to avoid unknown constant errors 2021-05-06 16:10:48 +02:00
Pierre de La Morinerie
b8f71bd52c i18n: fix enum values for Dossier.state
According to Rails i18n guide, enum values should be localized
as `<model>/<enum>`, not as sub-values to the attribute.

This fixes an exception in administrate when displaying a Dossier
in the Manager.

Note: we need to change the way GraphQL attributes are generated, because
`AASM::Core::State#display_name` doesn’t honor the `model/attribute.value`
convention (and instead tries to localize as `model.attribute/value`).
So instead we lookup the localized name using ActiveRecord.
2021-05-06 14:38:25 +02:00
Paul Chavard
327bec0637 Use HELO 2021-05-06 08:59:18 +02:00
Christophe Robillard
2516abc277 activate rack_mini_profiler in dev and display query count 2021-05-05 17:16:10 +02:00
Paul Chavard
bcbfcdc537 Revert "Merge pull request #6142 from tchak/enable_brouillon_extend_conservation"
This reverts commit 48eb4d9778, reversing
changes made to 5539d5cb8c.

# Conflicts:
#	app/models/dossier.rb
#	db/schema.rb
2021-05-04 16:03:29 +02:00
Paul Chavard
b2a867266a Allow users to extend conservation on drafts 2021-04-29 19:50:30 +02:00
Christophe Robillard
f40d96fbd2 Revert "Revert "Export de tous les dossier d'une démarche""
This reverts commit d9a588b52e.
2021-04-29 17:29:47 +02:00
krichtof
d9a588b52e
Revert "Export de tous les dossier d'une démarche" 2021-04-29 16:07:18 +02:00
Pierre de La Morinerie
fbfe5c3817 jobs: also retry native ActiveStorage's jobs on transient errors 2021-04-29 14:08:12 +02:00
Christophe Robillard
59a08ad307 affiche quand l'archive a été générée 2021-04-28 11:40:58 +02:00
Christophe Robillard
8b2849408c instructeurs can create and download archives 2021-04-28 11:40:58 +02:00
Pierre de La Morinerie
4a12e973bf i18n: add unbreakable spaces to reset_link_sent locales 2021-04-27 13:56:57 +02:00
Pierre de La Morinerie
d530b272a1 password: add specific page for reset instructions 2021-04-22 14:24:15 +02:00
Pierre de La Morinerie
9ad57fde2a initializers: lazy-load Mailjet gem
This fixes an error message on app startup about autoloaded
constants:

> DEPRECATION WARNING: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper.

The reason for this error is that the Mailjet gem forces the
immediate loading of `action_mailer`. Which leads to the
following sequence of events:

On app init, when bundler requires all the gems in the Gemfile:
- The Mailjet gem is required,
- It loads `ActionMailer::Base`.

Later, when Rails initializes itself:
- `ActionText` creates an `action_text.helpers` initializer,
- This initializer register hooks to add `ActionText` helpers
when either `action_controller_base` or `action_mailer` are loaded,
- But as `action_mailer` has already been loaded, the hook is trigerred
immediately,
- ActiveSupport::Dependencies notices `ActionText` constants do not
exist yet, auto-load them, and add the constants to
`ActiveSupport::Dependencies.autoloaded_constants`.

And even later, at the end of the Rails initialization process:
- The `:warn_if_autoloaded` initializer is run,
- It notices that `autoloaded_constants` is not empty, and prints the
warning message.

See https://github.com/mailjet/mailjet-gem/issues/213
2021-04-20 15:11:43 +02:00
Pierre de La Morinerie
8cb7a49dd9 password: add password reset instructions 2021-04-20 09:34:53 +02:00
Pierre de La Morinerie
85691b9f2e sign_in: no need to specify password length 2021-04-20 09:34:52 +02:00