Commit graph

49 commits

Author SHA1 Message Date
Paul Chavard
d6f9e57e77
secu(graphql): without a token, only persisted queries are allowed 2024-07-22 11:39:32 +02:00
Paul Chavard
c31321d695
chore(graphql): API::V2::DossiersController is not using tokens 2024-07-22 11:38:11 +02:00
Paul Chavard
38243434d2
refactor(graphql): add graphql_error helper 2024-07-22 11:38:11 +02:00
Paul Chavard
2ecaee6fe2
fix(graphql): use null_session forgery protection on graphql controller to allow open data requests 2024-06-06 16:29:34 +02:00
Christophe Robillard
357c07456c
generate export with export_template 2024-05-23 10:00:34 +02:00
Martin
f4d2f1ddf5 fix(export.pdf): expert should not have access to messagerie when it was disabled 2024-03-07 08:39:32 +01:00
Martin
c9ea79c7cc fix(api/attestations#pdf): missing acl 2024-02-22 15:08:40 +01:00
simon lehericey
7e8555923f feature(api): add ensure_token_is_not_expired to api_controller v1 and v2 2024-01-25 10:51:58 +01:00
simon lehericey
d8bc38bc69 feature(api): add ensure_authorized_network for api_controller v1 and v2 2024-01-25 10:51:58 +01:00
simon lehericey
afb6eacf57 feature(api): store any ip used 2023-12-21 16:02:11 +01:00
simon lehericey
8c0d2bb8cb refactor: add request_logs methods
it avoids having to change lograge.rb for adding an entry
2023-11-08 17:49:09 +01:00
simon lehericey
a431287db0 chore: @current_user is set by authenticate_from_token 2023-11-08 16:50:09 +01:00
simon lehericey
daf1443b0c chore: remove duplicated private 2023-11-08 16:50:09 +01:00
Paul Chavard
d93c624164 feat(traitement): add browser information 2023-11-08 00:09:38 +01:00
Paul Chavard
99e22a8cbe log(graphql): log deprecated order argument usage 2023-11-02 15:01:34 +00:00
simon lehericey
c248f96f31 fixup base controller 2023-09-20 14:11:10 +02:00
simon lehericey
24fd12ed70 explicit about different contexts 2023-09-20 14:11:09 +02:00
simon lehericey
f434c6a6ad refactor: try base controller 2023-09-20 14:11:09 +02:00
simon lehericey
40ed59a231 rename find_and_verify => authenticate 2023-09-20 14:11:09 +02:00
simon lehericey
0b03ba4d68 remove v1/v2 api token logic 2023-09-20 14:11:09 +02:00
Paul Chavard
e9cb50d09c feat(api): add last_authenticated_at timestamp to api requests 2023-08-02 13:22:18 +02:00
Paul Chavard
63b7a83689 feat(graphql): log dossier and procedure id on dossier fetch endoint 2023-04-19 18:00:08 +02:00
Paul Chavard
fbae6d941d feat(graphql): add error codes to graphql errors 2023-04-18 15:22:11 +02:00
Paul Chavard
a5733002ed feat(graphql): improuve logs 2023-04-05 13:56:26 +02:00
simon lehericey
8b5d493f12 clean: log current_user in api v2, when not using token_v3 2023-03-16 10:06:23 +01:00
Paul Chavard
8ee13f1719 feat(api_token): add allowed_procedure_ids and write_access 2023-03-15 19:09:49 +01:00
Paul Chavard
ade9811d10 Revert "Merge pull request #8635 from tchak/graphql-with-traces"
This reverts commit 76520ec77d, reversing
changes made to 2c729ff396.
2023-02-16 10:07:07 +01:00
Paul Chavard
74c6d45b74 feat(graphql): add tracing support for managers 2023-02-15 18:18:45 +01:00
Paul Chavard
f22cc8812b secu(graphql): log full queries and variables 2023-02-08 15:10:27 +01:00
Martin
ffd6a10618 clean(api/v2/base_controller): remove potential confusion 2023-01-19 18:09:38 +01:00
Paul Chavard
52c8fc7e8d feat(api_token): api v2 use new token 2022-12-07 18:19:37 +01:00
Paul Chavard
ee30a95847 fix(graphql): check if tokens are revoked 2022-11-25 16:27:11 +01:00
Paul Chavard
e3da500614 fix(graphql): variables should be a plain hash 2022-11-24 18:21:33 +01:00
Paul Chavard
5487ce0458 feat(graphql): implement stored queries 2022-11-02 11:26:57 +01:00
Paul Chavard
2ed26e8699 fix(graphql): properly handle variables json parse errors 2022-10-31 11:32:30 +01:00
Paul Chavard
473a772032 feat(graphql): on api exceptions log query and variables 2022-10-28 12:18:21 +02:00
simon lehericey
122c8107a5 fix(web_graphql): fix graphql web playground authorization 2022-10-03 18:08:03 +02:00
Paul Chavard
df47f4a7ab feat(graphql): new tokens should carry administrateur_id 2022-09-29 11:58:58 +02:00
Paul Chavard
758e7d68e6 fix(graphql): fix and improuve query parsing for logs 2021-11-24 13:23:05 +03:00
Pierre de La Morinerie
859a147c49 api: return error cause on parse error
Currently, when a query can't be parsed, the error is:
- logged to Sentry (which is useless to us),
- returned as a generic 'Internal Server Error' (which is useless to the
  user who made the query).

With this commit, the error is instead ignored from our logs (because it
is a user error), but the parse error details are returned to the user,
with the following format:

> {'errors': [{'message': 'Parse error on ")" (RPAREN) at [3, 23]'}]}
2021-11-19 15:15:10 +01:00
Paul Chavard
3c2515ce6d feat(graphql): add graphql_operation to rails logs 2021-11-02 12:02:00 +01:00
Pierre de La Morinerie
3f3d6ae399 controllers: use template: rather than file: to render PDFs
ActionView now throws an error if a relative path is used with `file:`.
2021-03-25 13:24:53 +01:00
Paul Chavard
e0f7f1f20c Do not hide graphql controller errors in test env 2021-02-11 17:45:14 +01:00
Pierre de La Morinerie
150ddab660 zeitwerk: Api -> API 2021-02-09 13:07:30 +01:00
Paul Chavard
41c3a98d7d Update Raven references to use Sentry 2021-01-28 19:46:36 +01:00
Paul Chavard
d31f4d4e25 GraphQL: render api errors as json 2020-12-18 12:25:52 +01:00
Paul Chavard
0aa06d0197 [GraphQL] expose dossier pdf, geojson and attestation 2020-10-06 21:54:43 +02:00
Paul Chavard
775a677465 GraphQL handle parse errors 2020-09-30 14:18:37 +02:00
Paul Chavard
bf6fbbf2b6 Add graphql end point 2019-09-24 10:47:21 +02:00