Commit graph

576 commits

Author SHA1 Message Date
Nicolas Cavigneaux
9097664de5
chore: activate new config defaults for Rails 7 that should be compatible with current version 2023-05-03 11:35:30 +02:00
Nicolas Cavigneaux
6eef70750b
feat: add initializer to handle encrypted cookies rotation
This is needed to keep them working when switching from Rails 6.1 to Rails 7.0
2023-05-03 11:35:29 +02:00
Nicolas Cavigneaux
5ee60cbb0c
chore: update and default initializer for Rails 7 2023-05-03 11:35:29 +02:00
Nicolas Cavigneaux
c1453c5f5c
fix: ensure turbo_stream request are not considered as navigational 2023-05-03 11:35:28 +02:00
Nicolas Cavigneaux
00e640a21d
fix Zeitwerk check 2023-05-03 10:10:38 +02:00
Nicolas Cavigneaux
42689e34ba
chore: bump Rails (and required dependencies) to 7.0.4.2 2023-05-03 10:10:38 +02:00
simon lehericey
07d3496300 spec: always enable super_admin_otp for spec 2023-04-28 10:24:14 +02:00
Colin Darie
5cc2712873
refactor(dolist): drop smtp deliver method 2023-04-27 10:09:29 +02:00
Colin Darie
f7a80eb905
fix: dolist module/class mismatch 2023-04-27 10:09:00 +02:00
Paul Chavard
63b7a83689 feat(graphql): log dossier and procedure id on dossier fetch endoint 2023-04-19 18:00:08 +02:00
Colin Darie
9728493bda
Merge pull request #8924 from colinux/rubocop-upgrades
Tech: update rubocop, active nouveaux cops Rails/*
2023-04-19 13:37:10 +00:00
Colin Darie
b273e7b67e
chore(rubocop): fix Rails/RootPathnameMethods and assimiled cops 2023-04-19 12:55:13 +02:00
Martin
534ce34f87 amelioration(Dolist::ApiSender): lève une Dolist::IgnorableError afin de l'inscrire dans l'historique des EmailEvent 2023-04-19 11:22:13 +02:00
Martin
8fa2bbb67d amelioration(dolist): ne log erreurs pas les erreurs dans sentry lorsque le contact chez dolist est injoingable ou hardbounce 2023-04-19 11:22:13 +02:00
Paul Chavard
a5733002ed feat(graphql): improuve logs 2023-04-05 13:56:26 +02:00
Eric Leroy-Terquem
6f6bbd6ca1 feat(routing): put routing logic behind a feature flag 2023-03-30 10:52:53 +02:00
Colin Darie
b012d00745
Merge pull request #8814 from demarches-simplifiees/webinaire-link-fix
Webinaire link fix
2023-03-29 11:59:23 +00:00
Julie Salha
ed3b2cca6f
update content statement 2023-03-27 10:39:56 +02:00
Colin Darie
9a38da09ed
Merge pull request #8762 from demarches-simplifiees/8589-legal-notice
Accessibilité: internalise la page de mentions légales
2023-03-27 08:12:34 +00:00
Colin Darie
6d3c0de2ab fix(legal): use constant url 2023-03-23 19:01:19 +01:00
Chaïb Martinez
3912f5c93b update link 2023-03-23 16:49:41 +01:00
krichtof
da49497f0b
Merge pull request #8726 from demarches-simplifiees/disable-otp-4-super-admin
desactive le 2FA suivant la config
2023-03-20 10:34:27 +00:00
Colin Darie
c850986c96 chore: log pid for each request 2023-03-15 14:44:31 +01:00
Colin Darie
86f15b8c05 chore(job): config delayed job for long-living export jobs 2023-03-08 18:37:41 +01:00
Christophe Robillard
6af01077b6 disable 2FA according to config
2FA is disabled for superadmin unless `SUPER_ADMIN_OTP_ENABLED` is equal
to `enabled` (default value)
2023-03-02 13:47:48 +01:00
Eric Leroy-Terquem
3aa7793ed3 fix(groupe_instructeurs): can parse a monocolumn csv file 2023-02-22 09:49:26 +01:00
Paul Chavard
6f67ea09bb fix(lograge): send client_ip and request_id to es 2023-02-08 20:09:19 +01:00
Paul Chavard
f22cc8812b secu(graphql): log full queries and variables 2023-02-08 15:10:27 +01:00
Colin Darie
cb98bbad21 Revert "chore(sentry): more traces" 2023-02-06 11:52:30 +01:00
mfo
3cbb491cfc
Merge pull request #8574 from colinux/more-sentry-traces
chore(sentry): more traces
2023-02-06 11:01:06 +01:00
Colin Darie
b3702f4224
chore(sentry): more traces 2023-02-06 10:58:38 +01:00
Martin
6a25120f80 amelioration(dolist_api): echoue avec un fail pour remonter dans notre gestion des retry 2023-02-03 17:19:36 +01:00
Martin
2de9026c13 amelioration(dolist_api): forward le message_id afin de faciliter les investigations 2023-02-03 17:19:36 +01:00
Martin
709a9e82a2 amelioration(dolist): prepare l'usage de dolist par api
amelioration(email): ajoute la delivery_method dolist_api pour envoyer les mails via l'api comme recommandé par le fournisseur
2023-02-03 17:19:36 +01:00
Damien Le Thiec
493a60f221 Add prefill api to rack_attack 2023-01-11 15:35:43 +01:00
François Vantomme
eb812032e1 security(csp): whitelist amazon AWS for S3 storage 2023-01-11 12:59:19 +01:00
François Vantomme
08d276472b refactor(links): use localized FAQ URLs 2023-01-11 11:28:03 +01:00
Colin Darie
05b517a847
fix(mailer): observers on balancer and balanced delivery methods
- Les observers doivent être déclarés *avant*
  le chargement de nos delivery methods (Sendinblue & Dolist),
  sinon ils seront ignorés par ces derniers

- dans le balancer, on ne peut pas appeler `.deliver` une seconde fois,
  sinon les observers (et interceptors) sont invoqués deux fois.
2023-01-11 00:57:16 +01:00
Colin Darie
6cb2389eef chore(email): add an observer which log the emails dispatched 2023-01-10 16:07:35 +01:00
François Vantomme
043dde8841
refactor(env): remove useless DOSSIER_DEPOSIT_RECEIPT_LOGO_SRC var 2022-12-22 19:44:57 +01:00
simon lehericey
172a9d5599 feat(timestamp): add certigna 2022-12-07 19:28:01 +01:00
simon lehericey
8771205679 clean(flipper): remove unused expert_not_allowed_to_invite 2022-12-05 12:22:29 +01:00
simon lehericey
905e3ab64e clean(flipper): remove unused gates 2022-12-05 12:22:29 +01:00
simon lehericey
ebd68484df clean(flipper): remove unused groups 2022-12-05 12:22:29 +01:00
Paul Chavard
07173401de fix(graphql): load playground from CDN 2022-11-17 15:50:05 +01:00
mfo
98b9547c36
Merge pull request #8017 from adullact/feature/self-hosted-sentry
Accepter les instances auto-hébergées de Sentry dans la Content Security Policy
2022-11-17 09:22:08 +01:00
Paul Chavard
6ad057dcee feat(graphql): upgrade playground version 2022-11-15 11:48:29 +01:00
François Vantomme
9bdce77faa
chore(csp): allow self-hosted Sentry 2022-11-08 09:49:45 +01:00
Paul Chavard
7de52d582a feat(conditional): remove conditional feature flag 2022-11-04 13:37:37 +00:00
Eric Leroy-Terquem
09c5b9dc99 remove categories_type_de_champ feature flag 2022-11-03 14:28:27 +01:00
Kara Diaby
b5b57b066f config initializers administrate 2022-11-02 10:19:43 +01:00
Colin Darie
72363eea48 chore(delayed_job/sentry): sample traces different from Rails requests 2022-10-26 22:57:41 +02:00
Colin Darie
59c93833a1 chore(delayed_job/sentry): don't wait for all (~25) attempts before reporting 2022-10-26 22:57:41 +02:00
simon lehericey
097082afc9 fix(dolist): reduce message name variability 2022-10-20 15:29:56 +02:00
simon lehericey
1cd0d45ece chore: mini profiler ignore vite routes 2022-10-06 16:56:26 +02:00
Eric Leroy-Terquem
ff2e9f0816 add feature flag 2022-10-05 09:21:08 +02:00
Martin
7125e8538a clean(engagement): remove last pieces of engagement champs 2022-10-04 07:17:47 +02:00
Christophe Robillard
8303df7263 update saml idp config 2022-10-03 13:41:58 +02:00
Colin Darie
5f08df7561 refactor(dsfr/button): remove useless & verbose Dsfr::ButtonComponent, in favor of good link_to / f.submit 2022-09-07 17:56:19 +02:00
Colin Darie
3148266b49 refactor(rgaa/contact): inject invisible_captcha styles into head instead of div 2022-08-31 17:46:04 +02:00
Christophe Robillard
f77c0fdfe4 add saml sp only if vars present 2022-08-25 21:31:14 +02:00
Christophe Robillard
3d175f107e add dolist saml config 2022-08-23 15:05:20 +02:00
Paul Chavard
f48048179c fix(conditional): enable conditional per procedure 2022-08-03 09:16:10 +02:00
simon lehericey
5d5f46b4d8 instances : prawn does not like svg
win 10% on pdf generation
2022-07-20 15:48:16 +02:00
Martin
87af7f3261 feat(exports): implement admin export 2022-07-20 14:08:33 +02:00
Paul Chavard
ea18c2b9ba chore(build): use vitejs 2022-06-23 15:22:54 +02:00
Pierre de La Morinerie
c1616adf8c app: remove procedure-estimated-fill-time feature-flag
The feature is now enabled for every procedure.

Ref #7338
2022-06-01 11:11:55 +02:00
Pierre de La Morinerie
149c6399f5 view: properly hide labels of the datetime selector
The accessibility labels where not properly hidden, which
resulted in the labels being visible and stacked vertically.
2022-05-31 15:35:40 +02:00
Pierre de La Morinerie
3e91a16895 app: display estimated fill duration on procedure description 2022-05-25 10:39:15 +02:00
Pierre de La Morinerie
4fcb85fd65 app: remove procedure_dossier_papertrail feature flag
The feature is now enabled for all procedures.
2022-05-24 17:32:11 +02:00
simon lehericey
faae2f55d8 Flipper: remove deprecated conf
https://github.com/jnunemaker/flipper/pull/523
2022-05-16 16:10:35 +02:00
Paul Chavard
9e0b3b642f cleanup(sendinblue): remove sendinblue tracking 2022-05-06 11:14:44 +02:00
Martin
3737311390 feat(procedure.procedure_expires_when_termine_enabled): enable by default, allow contributor to choose the default settings of this flag using an env var during migration. ie: DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED=true|false
feat(administrateurs/procedures#show): warning/alert when procedure_expires_when_termine_enabled is not true on current procedure

feat(administrateur/procedure#update): after an update redirect to procedure show: suggested by: https://ux.stackexchange.com/questions/55291/after-updating-form-should-redirect-back-to-form-itself-or-to-the-show-page-or-b and confirmed by Olivier

clean(Flipper.archive_zip_globale): no more in use, so remove all occurences

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update app/views/administrateurs/procedures/_suggest_expires_when_termine.html.haml

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

Update spec/views/administrateurs/procedures/show.html.haml_spec.rb

Co-authored-by: Pierre de La Morinerie <kemenaran@gmail.com>

fix(review): typo, why ena?, who knows

fix(env.example.optional): add missing DEFAULT_PROCEDURE_EXPIRES_WHEN_TERMINE_ENABLED
2022-05-05 13:07:11 +02:00
Pierre de La Morinerie
9bc5364ca2 app: add controller and view to generate a deposit receipt 2022-05-04 16:09:52 +02:00
Pierre de La Morinerie
fe56b7bb68 config: add papertrail feature-flag 2022-05-04 16:09:52 +02:00
Martin
a0df24b631 clean(SMTP.balancing): remove some env vars 2022-05-03 16:46:35 +02:00
simon lehericey
ea361643be types_de_champ -> types_de_champs_public 2022-05-03 11:05:24 +02:00
simon lehericey
aa0ef955d5 dolist config 2022-04-28 15:48:54 +02:00
Paul Chavard
433c01b1e6 Revert "Merge pull request #7137 from betagouv/faster_pdf"
This reverts commit 9da44bd913, reversing
changes made to ebac71796c.
2022-04-12 19:22:07 +02:00
simon lehericey
af27af7900 ! instances : prawn does not like svg
win 10% on pdf generation
2022-04-12 11:56:56 +02:00
Martin
7c0e8e406b fix(users/profiles#update): allow people from @assurance-maladie.fr to be a target email when user change his email 2022-04-06 16:07:25 +02:00
Paul Chavard
44c64669e9 Revert "Merge pull request #6787 from tchak/use-vite"
This reverts commit 5d572727b5, reversing
changes made to 43be4482ee.
2022-03-31 12:07:52 +02:00
simon lehericey
250b699664 remove duplicate csp 2022-03-29 16:27:08 +02:00
Paul Chavard
187e84a010 feat(assets): use vitejs to build javascript 2022-03-29 16:27:08 +02:00
simon lehericey
7ecf20ce75 harden email validation 2022-03-24 13:00:54 +01:00
Pierre de La Morinerie
2e04435117 gems: add strong_migrations 2022-03-16 10:30:25 +01:00
François Vantomme
d5cd0101c8 feat(footer): customize using custom views & locales 2022-03-10 17:31:20 +01:00
Pierre de La Morinerie
3481d27cba config: block browser external connections during system tests
During system tests, we don't want the headless browser to load
external resources:

- It is faster (we don't wait for external resources to be loaded)
- It avoids leaking our test setup to external service

Fixes #6982
2022-02-22 17:24:25 +01:00
Pierre de La Morinerie
6d5f44d489 config: translate the CSP comments from french to english 2022-02-22 17:17:55 +01:00
Pierre de La Morinerie
c2729ab7e2 config: add Matomo to the frame_src Content Security Policy
Solves the Matomo iframe being blocked on `/suivi`. Fix #5868
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
3276db016f config: add Matomo to the connect_src Content Security Policy
Solves Matomo connections being blocked. Fix #6949
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
6fa52e8a5a config: report CSP violations to report-uri 2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
0b2775a1a6 config: add back DS_PROXY_URL to CSP
Otherwise a bunch of "static.demarches-simplifiees.fr" domains would
be missing.
2022-02-15 12:49:52 +01:00
François Vantomme
d5f207d98c refactor(url): use env variables in content security policies 2022-02-15 12:49:52 +01:00
Jon
31996c7d09 chore(smtp): add mailcatcher configuration 2022-02-15 09:34:07 +01:00
François Vantomme
ac915494df feat(landing): hide testimonial & users sections 2022-02-15 08:49:23 +01:00
François Vantomme
e8f62e78fe feat(matomo): configure Matomo iframe URL with an env variable 2022-02-09 12:44:13 +01:00
Pierre de La Morinerie
3e20ea13d8
Revert "Utilisation des variables d'environnement lors de la déclaration des Content Security Policies" 2022-02-08 22:20:08 +01:00
François Vantomme
8eaecd184a refactor(url): use env variables in content security policies 2022-02-08 15:15:55 +01:00
Pierre de La Morinerie
847abca122 config: simplify mailer configuration again
Move everything to initializers, and replace the email settings
interceptor by a BalancerDeliveryMethod.

It has the advantage that it can be configured entirely from the
`config/environment.rb` file, without an extra file to look at.
2022-02-08 12:44:43 +01:00