Commit graph

3246 commits

Author SHA1 Message Date
simon lehericey
b29bae4707 a procedure has an encrypted api_particulier_token
Co-authored-by: François VANTOMME <akarzim@gmail.com>
2021-07-30 11:18:44 +02:00
François Vantomme
17b659539f Feat (API Particulier): new encryption service 2021-07-30 11:18:44 +02:00
kara Diaby
69393c2921 modify groupe instructeur controller 2021-07-27 19:38:22 +02:00
kara Diaby
9c976c6b71 fixup! tests 2021-07-27 19:38:21 +02:00
Paul Chavard
64cfb4d64e Fix sort with revisions 2021-07-23 10:57:04 +02:00
Pierre de La Morinerie
6475cdff7a
Revert "Suppression de la clef "migrated": true sur les filtres des ProcedurePresentation" 2021-07-23 09:26:13 +02:00
Pierre de La Morinerie
e1909ed29f brouillon: redirect to sign-in when disconnected
There are two cases where the draft auto-save might fail because the
user is no longer authenticated:

- The user signed-out in another tab,
- The brower quit and re-opened, so the Session cookie expired.

In both cases, the auto-save will never succeed until the user
authenticates again, so displaying a "Retry" button is cruel.

Moreover, in plus of all auto-save requests failing with a small error,
the actual hard failure only occurs after filling all the form and
trying to submit it. Then the user is redirected to the sign-in page –
but all their changes are lost.

Instead, we now redirect to the sign-in page on the first 401 error
during the auto-save, let the user sign-in, and then redirect back to
the form.
2021-07-22 11:58:02 +02:00
Paul Chavard
388fb39eb5 Fix false positive blank champ warnings 2021-07-22 10:45:25 +02:00
Paul Chavard
ac0f50b488 Improuve champ blank check 2021-07-22 10:45:25 +02:00
Pierre de La Morinerie
fd74d9a062 lib: remove the 'migrated' key on filters
In a9a4f6e2a8, a task to migrate
ProcedurePresentation's filters was added.

This task added a "migrated: true" key to all migrated filters.

Now that this task has run, we can safely remove the extra key.
2021-07-20 16:51:32 +02:00
Pierre de La Morinerie
fda59c9231 lib: remove outdated tasks 2021-07-20 15:34:31 +02:00
Pierre de La Morinerie
32ab2f0a80 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-20 14:49:48 +02:00
Pierre de La Morinerie
831672391e app: use a long-lived cookie for CSRF token
See the ADR document for rationale.
2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
446c57ed63 specs: add a feature test for forgery protection 2021-07-20 11:11:52 +02:00
Pierre de La Morinerie
71741c5f98 views: fix checkbox wrongly selected in multiple_drop_down_list
The check for whether the checkbox should be checked or not was made by
matching the whole string. Thus, given two options 'valid' and
'invalid', the check for the presence of 'valid' would succeed even when
only 'invalid' was present in the values (because
`'valid'.includes?('invalid')`.

The code now checks against the list of items in the selected_options.
2021-07-20 09:01:07 +02:00
kara Diaby
0b6c7dace7 tests 2021-07-15 16:32:07 +02:00
Pierre de La Morinerie
40b3ea8ad6
Revert "Instructeurs : limitation de la valeur d'un filtre à 100 caractères" 2021-07-13 18:19:46 +02:00
kara Diaby
d2d046a39d fix encoding problems with cherlock Holmes gem 2021-07-13 10:58:41 +02:00
Pierre de La Morinerie
3c8a88a660 instructeur: limit the maximum size of a filter value
This prevents the URL from exceeding the max size, and
causing '414: Request-URI too large' errors.
2021-07-08 16:17:22 +02:00
Paul Chavard
527db7631e Add a point on map from coordinates input 2021-07-07 13:33:28 +02:00
Paul Chavard
ab31087f23 Hide cadastres if there is none 2021-07-07 12:28:27 +02:00
Pierre de La Morinerie
37c62ac0a3 app: display standard error page when no cookies are present
This occurs mostly when Safari attempts to perform a POST request
again (without sending any of the cookies).

In that case, our custom `422.html` page is more helpful to the user
(because it has a link to the previous page) than a "No cookies" blank
text.
2021-07-06 16:29:22 +02:00
Christophe Robillard
bc07a875eb integrate a mininum weight for the average dossier weight
before this commit, the average dossier weight took account only pieces
justificatives. With this commit, we add a minimum weight for other
files included in an archive like pdf_export, log operations,
attachments added to traitements. This minimum weight is set arbitrary,
from the observation of some random procedures in production
2021-07-06 15:58:45 +02:00
Pierre de La Morinerie
09933454ff app: improve InvalidAuthenticityToken logging
- Log on all controllers
- Improve description of the controller action involved
- Ignore Safari bogus requests
2021-07-06 12:42:01 +02:00
Christophe Robillard
54d91335f2 remove the ability to download an 'everything' archive
there are sometimes an error that happen when building an everything
archive. The error explanation is not understood at the moment.
To deliver the archive feature quickly, we remove the 'everything' archive for
the moment
2021-07-05 11:05:07 +02:00
Paul Chavard
280e54b59d Enable test revisions 2021-07-01 15:59:07 +02:00
Pierre de La Morinerie
1faf91bdbe experts: protect password update as well as sign-up 2021-06-30 10:46:42 +02:00
Pierre de La Morinerie
6f7a2fde57 experts: fix saving password on sign-in 2021-06-30 10:46:42 +02:00
Pierre de La Morinerie
4f5c5e26ae spec: cleanup spec for Experts::AvisController 2021-06-30 10:46:42 +02:00
Christophe Robillard
66cc0dd08d Revert "Revert "Expose dossier PDF export as IO""
This reverts commit 362093eff0.
2021-06-24 21:01:59 +02:00
krichtof
362093eff0
Revert "Expose dossier PDF export as IO" 2021-06-24 19:21:37 +02:00
Paul Chavard
b73d504f8d Expose dossier PDF export as IO
Co-authored-by: Christophe Robillard <christophe.robillard@beta.gouv.fr>
2021-06-24 17:49:24 +02:00
Paul Chavard
a4482233b8 [GraphQL] expose deleted dossiers 2021-06-24 11:51:37 +02:00
Paul Chavard
0ca5e1abe2 Preview should reflect revision changes 2021-06-24 11:39:49 +02:00
Paul Chavard
8b2c2c6466 Handle carte layers changes 2021-06-24 11:39:49 +02:00
Paul Chavard
35eccb5630 Show separate blocks for types de champ and annotation changes 2021-06-23 09:40:07 +02:00
Paul Chavard
19195008e8 Expose removed types_de_champ in exports 2021-06-23 09:40:07 +02:00
simon lehericey
eadae7af6b show all available tdc for procedure presentation 2021-06-23 09:40:07 +02:00
Paul Chavard
8d49b5556a test revision changes 2021-06-23 09:40:07 +02:00
Paul Chavard
f238710044 Add last_month export 2021-06-23 09:23:10 +02:00
kara Diaby
bcc23ae7a6 test file 2021-06-22 16:33:38 +02:00
kara Diaby
309b3414d6 tests 2021-06-22 16:33:38 +02:00
Pierre de La Morinerie
5908b8019a specs: properly use xhr: true in javascript requests
This avoids an unexpected `ActionController::InvalidCrossOriginRequest`
exception to be raised when the forgery protection is disabled.
2021-06-22 13:21:55 +02:00
Paul Chavard
1f7d86d5a5 Add delete dossier action to dossiers list 2021-06-18 11:35:00 +02:00
Christophe Robillard
fdec9b2fd5 archives: don't update dossiers
this fix avoid to touch dossier after attaching pdf_export_for_instructeur
2021-06-18 11:00:57 +02:00
Christophe Robillard
7851d6b1cc archives: count archived dossiers 2021-06-18 08:59:13 +02:00
Pierre de La Morinerie
12d17bc245 spec: fix Timecop.freeze without Timecop.return
Time was frozen without being un-frozen at the end of the spec.

This caused a spec in `Procedure#publish_or_reopen!` to fail randomly.

Fixed by using the `Timecop.freeze do` form, which unfreezes after the
execution of the block.
2021-06-17 17:36:43 +02:00
Christophe Robillard
896190b91e return nil when no traitement time 2021-06-17 16:31:53 +02:00
Christophe Robillard
887c5cb4a9 correct rubocop offenses 2021-06-17 16:31:53 +02:00
Christophe Robillard
a5ae5af56a extract NB_DAYS_RECENT_DOSSIERS and PERCENTILE 2021-06-17 16:31:53 +02:00