Commit graph

378 commits

Author SHA1 Message Date
Pierre de La Morinerie
fbbcd97463 config: flip config.active_record.collection_cache_versioning
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc config: flip config.action_mailer.delivery_job
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a config: flip config.active_storage.replace_on_assign_to_many
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47 config: flip config.active_storage.queues
ActiveStorage jobs are now moved to their own queue.

For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373 config: flip config.active_job.return_false_on_aborted_enqueue
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0 config: flip action_dispatch_return_only_media_type_on_content_type
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.

Example:

```ruby
reponse.content_type == 'text/html; charset=utf-8'
```

The MIME type-only fragment can now be accessed using `#media_type`.

Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75 config: flip config.action_dispatch.use_cookies_with_metadata
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.

Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d config: flip config.action_view.default_enforce_utf8
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Paul Chavard
4c87e547b3 Put IGN map behind a feature flag 2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e Add carte ign 2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531 add cdn.jsdeliver.net to the CSP 2020-07-27 16:54:46 +02:00
Fabrice Gangler
1352cde321 Feat: allow emails senders to be configured in .env file
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d specific deactivation of rubocop DS/ApplicationName rule 2020-07-23 16:20:16 +02:00
clemkeirua
c658428441 added application name in config/ 2020-07-23 16:17:54 +02:00
clemkeirua
31a262efef extraction d'urls doc/faq/… dans url.rb 2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159 Add revisions migrations 2020-07-21 19:35:30 +02:00
clemkeirua
c0cf8b1341 fix display of labels for datetime on screenreaders 2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d allow status page URL to be configured in .env 2020-07-17 15:53:49 +02:00
Paul Chavard
6a24c3f812 Rails app:update 2020-07-07 18:03:56 +02:00
clemkeirua
6a3811a4e2 fix catalog v3 2020-06-19 14:20:32 +02:00
krichtof
ff6eaf73db
Revert "Suppression de l'utilisation de Keystone v2" 2020-06-04 17:32:25 +02:00
Paul Chavard
901b6e23a8 Remove legacy carto 2020-06-04 16:03:23 +02:00
clemkeirua
def744d627 remove now useless keystone v2 2020-06-04 12:05:27 +00:00
clemkeirua
868decd06e add overide for fog openstack v3 2020-06-02 15:03:37 +02:00
Pierre de La Morinerie
c9820adbc4 urls: fix link to autosave FAQ article 2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
6eca93faab urls: fix link to admin FAQ category 2020-05-18 16:53:19 +02:00
Pierre de La Morinerie
93bb5283ff app: remove the feature flag for pieces justificatives auto-upload
The feature works as intended: we can remove the feature flag.
2020-05-14 17:39:07 +02:00
Keirua
a869a04e1e Mise à jour de l'URL de doc sur l'archivage
Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>
2020-05-13 16:45:27 +02:00
clemkeirua
84888be255 clarification de l'archivage/suppression 2020-05-13 16:45:27 +02:00
kara Diaby
2fc438ab65 Fix safari and firefox compatibility mapbox gl 2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee Migrate the map editor to mapbox-gl with react component 2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2 config: fix (again) the CSP when running a LiveReload server locally
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.

Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
Paul Chavard
7a8fd3c679 Use graphql playground instead of graphiql 2020-04-09 19:38:19 +02:00
kara Diaby
56e9834389 Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
This reverts commit 473ed00b6c.
2020-04-09 11:01:20 +02:00
kara Diaby
473ed00b6c Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
This reverts commit fe0b3c2215.
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215 Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
This reverts commit 3e21b78142.
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react" 2020-04-07 15:32:14 +02:00
kara Diaby
aa56cfd7a0 migrate map to mapbox-gl with a react component 2020-04-02 15:39:47 +02:00
Pierre de La Morinerie
6417c0d2c0 dossiers: allow auto upload of attachments 2020-03-31 13:09:44 +02:00
clemkeirua
5ef6f92fdc update CGU URL 2020-03-25 09:50:41 +00:00
clemkeirua
057d7bc2f1 add interval data type to ActiveRecord 2020-03-24 18:10:13 +01:00
clemkeirua
c077762a04 added labels for datetime
cf https://stackoverflow.com/a/47836699
2020-03-24 16:54:35 +00:00
Pierre de La Morinerie
ea94ea05a0 config: configure CSP to allow live-reload requests
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Paul Chavard
444d19e191 Remove unused gems 2020-03-17 11:25:21 +01:00
Paul Chavard
ae2cfdd44e Update browser gem
`modern?` method was removed in version 4
2020-03-17 11:25:20 +01:00
Pierre de La Morinerie
745b00366f Revert "app: hide IE11 deprecation banner during the strike"
This reverts commit c2882b6cc3.
2020-01-28 15:18:18 +01:00
Paul Chavard
4edc7b00cf Use geocoder 2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
This reverts commit 4373cb22cb.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb Revert "Merge pull request #4552 from tchak/champ-communes"
This reverts commit 4cec26f73a, reversing
changes made to 0ef25ef36c.
2020-01-13 16:26:27 +01:00
Paul Chavard
cccb04d725 ActiveStorage url should expire after an hour 2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345 Remove unused code and tests 2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0 Make all location champs autocomplete 2020-01-07 11:52:51 +01:00
Paul Chavard
422b7f37ec [GraphQL] expose file information 2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3 app: hide IE11 deprecation banner during the strike
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Christophe Robillard
4e7c779116 refuse les numéros de tel invalides
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
97af50c700 app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
For instance, Firefox iOS is reported as `firefox? true, version 20`.

As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
2ee8cab067 app: display a deprecation banner for IE 11 2019-12-03 16:02:08 +01:00
Pierre de La Morinerie
bff7892ba8 dossiers: autosave drafts 2019-11-21 14:00:06 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev 2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0 Fixes missing database on initialization: closes #4482. 2019-11-14 09:17:39 +01:00
Paul Chavard
f7cbbe815c [GraphQL]: Add default query to playground 2019-11-13 15:53:56 +01:00
clemkeirua
6351eabfdd remove notification to report-uri in production 2019-11-07 17:32:40 +01:00
clemkeirua
959aacdea5 Sendinblue email balancing using proper credentials
This reverts commit c61981e795.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795 Revert "Sendinblue email balancing using interceptor"
This reverts commit b2135b6576.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576 Sendinblue email balancing using interceptor
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Paul Chavard
18e91e7ca3 Extend old export format till mid-November 2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d Add a DS_PROXY_URL env variable 2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134 Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
This reverts commit 71227be37f.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f Revert "Decommission ActiveStorage proxy service and use openstack service"
This reverts commit 0ff6c793ae.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae Decommission ActiveStorage proxy service and use openstack service
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b migrate sendinblue API to v3 2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e merge with the work of paul, using 3 links 2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56 [fix #1537] Remove simple_form gem 2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63 remove download_as_zip feature flag 2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474 Put graphql behind a feature flag 2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3 Configure GraphQL::RailsLogger 2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7 Correctly create new flipper flags 2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b Migrate to flipper 2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a mailers: add a NO_REPLY address to transactional emails 2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616 Remove carrierwave uploaders 2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800 Add crips help domaine to defaut policy src
[fix #4234]

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e Use rack_attack_enabled?
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25 RackAttack: use remote ip and test it ! 2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d add Gem rack_attack for prevent attack brute-force 2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb Rename gestionnaire to instructeur in a comment
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70 Rename gestionnaire in code to instructeur 2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3 #3928 Added constants to define password min length & complexity 2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9 models: remove old pieces justificatives 2019-07-30 16:11:17 +02:00
pedong
9438f962c5 add alert for account is locked 2019-07-29 17:48:44 +02:00
pedong
8d03a6747c add lockable to User, Gestionnaire, administration, Administrateur 2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab replaced api-carto endpoint 2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840 Refactor message attachements to use active_storage 2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75 Activate device email change confirmation 2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb Landing: voir les démarches -> comment trouver ma démarche 2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9 missing connect-src 2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf enable static + activate csp in production 2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9 enable csp 2019-06-27 11:10:29 +02:00