Commit graph

13136 commits

Author SHA1 Message Date
Pierre de La Morinerie
3d25fc995a db: add uniqueness constraints to Champs 2021-07-22 17:56:14 +02:00
Pierre de La Morinerie
0fd23ebd43 db: fix schema.rb leftovers 2021-07-22 17:55:47 +02:00
Pierre de La Morinerie
0202747a9d
Merge pull request #6360 from betagouv/redirect-to-sign-in-on-autosave-401
En cas de déconnexion, l'Usager en train de remplir un formulaire est redirigé vers la page de connexion (#6360)
2021-07-22 12:06:49 +02:00
Pierre de La Morinerie
e1909ed29f brouillon: redirect to sign-in when disconnected
There are two cases where the draft auto-save might fail because the
user is no longer authenticated:

- The user signed-out in another tab,
- The brower quit and re-opened, so the Session cookie expired.

In both cases, the auto-save will never succeed until the user
authenticates again, so displaying a "Retry" button is cruel.

Moreover, in plus of all auto-save requests failing with a small error,
the actual hard failure only occurs after filling all the form and
trying to submit it. Then the user is redirected to the sign-in page –
but all their changes are lost.

Instead, we now redirect to the sign-in page on the first 401 error
during the auto-save, let the user sign-in, and then redirect back to
the form.
2021-07-22 11:58:02 +02:00
Pierre de La Morinerie
7808f6dd4f js: document utils.ajax() 2021-07-22 11:58:02 +02:00
Pierre de La Morinerie
c6fff58f38 js: fix typo in comment 2021-07-22 11:58:01 +02:00
Pierre de La Morinerie
071d9145ca js: don't attempt to log unexistent statusText 2021-07-22 11:58:01 +02:00
Paul Chavard
99b836da2c
Merge pull request #6357 from tchak/fix-false-positive-unspecified-tags-messages
Fix false positive unspecified tags messages
2021-07-22 11:23:35 +02:00
Paul Chavard
388fb39eb5 Fix false positive blank champ warnings 2021-07-22 10:45:25 +02:00
Paul Chavard
ac0f50b488 Improuve champ blank check 2021-07-22 10:45:25 +02:00
Pierre de La Morinerie
38b73f0fee
Merge pull request #6355 from betagouv/remove-filters-migration-leftover
Suppression de la clef "migrated": true sur les filtres des ProcedurePresentation (#6355)
2021-07-20 17:00:59 +02:00
Pierre de La Morinerie
fd74d9a062 lib: remove the 'migrated' key on filters
In a9a4f6e2a8, a task to migrate
ProcedurePresentation's filters was added.

This task added a "migrated: true" key to all migrated filters.

Now that this task has run, we can safely remove the extra key.
2021-07-20 16:51:32 +02:00
Pierre de La Morinerie
38c4da2deb lib: document ProgressReport usage 2021-07-20 16:51:32 +02:00
Pierre de La Morinerie
9f9e1fdab7
Merge pull request #6354 from betagouv/remove-outdated-tasks
Suppression d'anciennes tâches Rake (#6354)
2021-07-20 16:38:08 +02:00
Pierre de La Morinerie
fda59c9231 lib: remove outdated tasks 2021-07-20 15:34:31 +02:00
Paul Chavard
f0c81517f4
Merge pull request #6353 from betagouv/main
2021-07-20-03
2021-07-20 15:13:10 +02:00
Paul Chavard
2ecfa4ce66
Merge pull request #6352 from betagouv/limit-filter-size
Instructeurs : limitation de la valeur d'un filtre à 100 caractères
2021-07-20 15:02:53 +02:00
Pierre de La Morinerie
32ab2f0a80 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-20 14:49:48 +02:00
lydiasan
4efd160cad
Merge pull request #6112 from betagouv/edition-dossiers
i18n: traduction dossiers/edition
2021-07-20 14:29:33 +02:00
lydiasan
7de10731a6 i18n: localize dossiers edition 2021-07-20 14:18:20 +02:00
Paul Chavard
b7c0a42fd5
Merge pull request #6349 from tchak/fix-communes-autocomplete
Get more results from communes API and use local matcher
2021-07-20 13:44:41 +02:00
Paul Chavard
c7b0b8495b Get more results from communes API and use local matcher 2021-07-20 13:34:17 +02:00
Pierre de La Morinerie
6b948f1bd6
Merge pull request #6351 from betagouv/main 2021-07-20 13:20:41 +02:00
Pierre de La Morinerie
a08815d95f
Merge pull request #6332 from betagouv/fix-csrf-with-long-lived-cookie
Correctif pour diminuer le nombre d'erreurs InvalidAuthenticityToken ("La requête a été rejetée") (#6332)
2021-07-20 13:11:41 +02:00
Pierre de La Morinerie
5b4f7f9ae9 app: restore the default cache settings
We initially did that to avoid a browser being restarted to display a
cached form with a stale CSRF token – thus provoking an
InvalidAuthenticityToken exception when the form is submitted.

But now that we use a long-lived CSRF token, we can submit forms with
a stale CSRF token successfully (because the long-lived CSRF cookie)
is still valid – so we no longer need to change the HTML cache behavior.

This fixes issues where the browser Back button wants to display a
previous POST document, but can't because of the 'no-store' setting. In
this case the browser either displays an error, or re-attempts the POST
request (without any cookies), which results in an 
InvalidAuthenticityToken exception.

See `docs/adr-csrf-forgery.md` for more explanations.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63 specs: add a feature test for forgery protection 2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
a03d8d0705 controllers: remove useless handle_verified_request override
This is a leftover of 09933454ff
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
da3af3218b
Merge pull request #6348 from betagouv/main 2021-07-20 09:40:20 +02:00
Pierre de La Morinerie
eec82b3798
Merge pull request #6339 from betagouv/update-sentry-javascript
Mise à jour du SDK de Sentry (#6339)
2021-07-20 09:31:12 +02:00
Pierre de La Morinerie
63cde95fc9 js: ignore errors generated by a Microsoft crawler
Sentry has a lot of Javacript errors stating:

> UnhandledRejection: Non-Error promise rejection captured with value: Object Not Found Matching Id:2 

This is apparently caused by a Microsoft crawler (maybe for scanning
targets of email links), and can be safely ignored.

See https://forum.sentry.io/t/unhandledrejection-non-error-promise-rejection-captured-with-value/14062/12
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
0dfe4fc899 js: update to @sentry/browser v6.9.0
Helps with de-duplicating issues being trigerred in a loop.

See https://github.com/getsentry/sentry-javascript/pull/3730
2021-07-20 09:21:59 +02:00
Pierre de La Morinerie
d4face20d2
Merge pull request #6337 from betagouv/dependabot/bundler/addressable-2.8.0
Mise à jour de `addressable` de la version 2.7.0 à 2.8.0 (#6337)
2021-07-20 09:21:20 +02:00
dependabot[bot]
73935c23e4
build(deps): bump addressable from 2.7.0 to 2.8.0
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sporkmonger/addressable/releases)
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-20 07:13:05 +00:00
Pierre de La Morinerie
695b9b194e
Merge pull request #6334 from betagouv/fix-invalid-checkbox-selection
Correction de l'affichage des cases à cocher dans les listes multiples lorsque plusieurs options ont des valeurs similaires (#6334)
2021-07-20 09:09:38 +02:00
Pierre de La Morinerie
71741c5f98 views: fix checkbox wrongly selected in multiple_drop_down_list
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.

The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
Kara Diaby
068389dde8
Merge pull request #6344 from betagouv/main
2021-07-15-01
2021-07-15 17:01:55 +02:00
Kara Diaby
a35d46ebf4
Merge branch 'production' into main 2021-07-15 16:50:25 +02:00
Kara Diaby
40268f5abf
Merge pull request #6343 from betagouv/fix-content-type-csv-import
Autorise le content type windows concernant les imports CSV
2021-07-15 16:48:48 +02:00
kara Diaby
0b6c7dace7 tests 2021-07-15 16:32:07 +02:00
kara Diaby
c731f8cf1f add windows content type to avoid errors 2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
c5bfab1007
Merge pull request #6342 from betagouv/main 2021-07-13 18:43:07 +02:00
Pierre de La Morinerie
ebf0b5ce8f
Merge pull request #6341 from betagouv/revert-6333-limit-filter-size
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" (#6341)
2021-07-13 18:33:33 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" 2021-07-13 18:19:46 +02:00
Kara Diaby
832fbb8795
Merge pull request #6340 from betagouv/main
2021-07-13-01
2021-07-13 16:00:12 +02:00
Pierre de La Morinerie
674d8f9a9b
Merge pull request #6335 from betagouv/fix-import-csv
Administrateur : corrige l'import de fichiers CSV utilisant d'autres encodages que l'UTF-8 (#6335)
2021-07-13 12:17:56 +02:00
kara Diaby
d2d046a39d fix encoding problems with cherlock Holmes gem 2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
e4a5f9845b
Merge pull request #6333 from betagouv/limit-filter-size
Instructeurs : limitation de la valeur d'un filtre à 100 caractères (#6333)
2021-07-09 00:28:23 +02:00
Pierre de La Morinerie
3c8a88a660 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
krichtof
5000a09451
Merge pull request #6331 from tchak/fix-cadastres-again
Trigger onStyleChange when leyers are toggled
2021-07-07 16:53:44 +02:00