Colin Darie
77fb0553fc
chore: enable freeze string literals by comment
2024-08-22 09:26:48 +02:00
Paul Chavard
d6f9e57e77
secu(graphql): without a token, only persisted queries are allowed
2024-07-22 11:39:32 +02:00
Paul Chavard
c31321d695
chore(graphql): API::V2::DossiersController is not using tokens
2024-07-22 11:38:11 +02:00
Paul Chavard
38243434d2
refactor(graphql): add graphql_error helper
2024-07-22 11:38:11 +02:00
Paul Chavard
2ecaee6fe2
fix(graphql): use null_session forgery protection on graphql controller to allow open data requests
2024-06-06 16:29:34 +02:00
Paul Chavard
bf3455bbf0
fix(api): public api v1 should not inherit from api v1
2024-06-04 10:43:37 +02:00
Christophe Robillard
357c07456c
generate export with export_template
2024-05-23 10:00:34 +02:00
Martin
f4d2f1ddf5
fix(export.pdf): expert should not have access to messagerie when it was disabled
2024-03-07 08:39:32 +01:00
Martin
c9ea79c7cc
fix(api/attestations#pdf): missing acl
2024-02-22 15:08:40 +01:00
simon lehericey
7e8555923f
feature(api): add ensure_token_is_not_expired to api_controller v1 and v2
2024-01-25 10:51:58 +01:00
simon lehericey
d8bc38bc69
feature(api): add ensure_authorized_network for api_controller v1 and v2
2024-01-25 10:51:58 +01:00
simon lehericey
afb6eacf57
feature(api): store any ip used
2023-12-21 16:02:11 +01:00
simon lehericey
8c0d2bb8cb
refactor: add request_logs methods
...
it avoids having to change lograge.rb for adding an entry
2023-11-08 17:49:09 +01:00
simon lehericey
a431287db0
chore: @current_user is set by authenticate_from_token
2023-11-08 16:50:09 +01:00
simon lehericey
daf1443b0c
chore: remove duplicated private
2023-11-08 16:50:09 +01:00
Paul Chavard
d93c624164
feat(traitement): add browser information
2023-11-08 00:09:38 +01:00
Paul Chavard
99e22a8cbe
log(graphql): log deprecated order argument usage
2023-11-02 15:01:34 +00:00
simon lehericey
4a17dec87b
refactor procedure_controller
2023-09-20 14:11:10 +02:00
simon lehericey
40a15b9be4
refactor dossier_controller
2023-09-20 14:11:10 +02:00
simon lehericey
c248f96f31
fixup base controller
2023-09-20 14:11:10 +02:00
simon lehericey
24fd12ed70
explicit about different contexts
2023-09-20 14:11:09 +02:00
simon lehericey
f434c6a6ad
refactor: try base controller
2023-09-20 14:11:09 +02:00
simon lehericey
40ed59a231
rename find_and_verify => authenticate
2023-09-20 14:11:09 +02:00
simon lehericey
0b03ba4d68
remove v1/v2 api token logic
2023-09-20 14:11:09 +02:00
simon lehericey
4cbb8e91f2
Workable draft prefill identity (no link or query help)
2023-09-07 10:17:19 +02:00
Martin
05687e63ca
amelioration(dossier.routage): assigne le groupe d'instructeur au moment de passer_en_construction! un dossier et ignore ce concept de pre-setter le groupe d'instructeur sur tout le reste de l'app
2023-08-14 10:17:23 +02:00
Paul Chavard
e9cb50d09c
feat(api): add last_authenticated_at timestamp to api requests
2023-08-02 13:22:18 +02:00
Paul Chavard
39ba03783a
Merge pull request #8928 from tchak/feat-api-public-stats
...
ETQ citoyen, je voudrais avoir accès aux statistiques des démarches closes
2023-04-19 19:11:34 +00:00
Paul Chavard
418d3b55d0
feat(stats): give access to stats on closed procedures
2023-04-19 18:31:58 +02:00
Paul Chavard
63b7a83689
feat(graphql): log dossier and procedure id on dossier fetch endoint
2023-04-19 18:00:08 +02:00
Paul Chavard
fbae6d941d
feat(graphql): add error codes to graphql errors
2023-04-18 15:22:11 +02:00
Paul Chavard
a5733002ed
feat(graphql): improuve logs
2023-04-05 13:56:26 +02:00
simon lehericey
8b5d493f12
clean: log current_user in api v2, when not using token_v3
2023-03-16 10:06:23 +01:00
simon lehericey
7a6658700e
clean: log current_user in api v1
2023-03-16 10:06:23 +01:00
simon lehericey
a984c21f64
clean: remove unused Current.administrateur
2023-03-15 21:51:02 +01:00
Paul Chavard
8ee13f1719
feat(api_token): add allowed_procedure_ids and write_access
2023-03-15 19:09:49 +01:00
Paul Chavard
294a5135ce
feat(public/api): add dossier state api
2023-02-28 16:35:25 +01:00
Paul Chavard
ade9811d10
Revert "Merge pull request #8635 from tchak/graphql-with-traces"
...
This reverts commit 76520ec77d
, reversing
changes made to 2c729ff396
.
2023-02-16 10:07:07 +01:00
Paul Chavard
74c6d45b74
feat(graphql): add tracing support for managers
2023-02-15 18:18:45 +01:00
Paul Chavard
f22cc8812b
secu(graphql): log full queries and variables
2023-02-08 15:10:27 +01:00
Damien Le Thiec
962016e32e
Schema graph_ql ( #8406 )
...
* First draft schema graph_ql
* Add tests for json schema procedures
2023-01-23 11:31:06 +01:00
Sébastien Carceles
68ddae7382
feat(demarche): prefilling stats ( #8436 )
...
* force json content type for POST / PATCH / PUT
* add specs about stats dossiers funnel
* new endpoint to render stats about a procedure
2023-01-20 13:28:02 +00:00
Martin
ffd6a10618
clean(api/v2/base_controller): remove potential confusion
2023-01-19 18:09:38 +01:00
Sébastien Carceles
177dec2bdb
feat(dossier): add dossier id to prefill response ( #8382 )
2023-01-06 13:46:27 +00:00
Sébastien Carceles
20136b7ac8
feat(demarche): create and prefill a dossier with POST request ( #8233 )
...
* add base controller for public api
* add dossiers controller with basic checks
* create the dossier
* ensure content-type is json
* prefill dossier with given values
* mark a dossier as prefilled
When a dossier is prefilled, it's allowed not to have a user.
Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.
* set user as owner of an orphan prefilled dossier
When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner
So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner
* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)
* system spec: prefilling dossier with post request
2023-01-03 14:46:10 +01:00
Paul Chavard
4d4c378724
feat(api_geo): add api_geo service
2022-12-21 14:03:02 +01:00
Paul Chavard
52c8fc7e8d
feat(api_token): api v2 use new token
2022-12-07 18:19:37 +01:00
Paul Chavard
ee30a95847
fix(graphql): check if tokens are revoked
2022-11-25 16:27:11 +01:00
Paul Chavard
e3da500614
fix(graphql): variables should be a plain hash
2022-11-24 18:21:33 +01:00
Paul Chavard
5487ce0458
feat(graphql): implement stored queries
2022-11-02 11:26:57 +01:00