Commit graph

1325 commits

Author SHA1 Message Date
Christophe Robillard
a88172eb01 configure otp_secret_key secret 2020-11-05 16:03:55 +01:00
Christophe Robillard
efd8ec85e8 recover superadmin password or reset otp 2020-11-05 16:03:55 +01:00
Christophe Robillard
8d23f6ae99 remove useless redirection for manager sign_in and out
The manager alias for signin causes layout problems
2020-11-05 16:03:55 +01:00
Christophe Robillard
2a0ebd062a enable 2FA for manager
when trying to access manager, if superadmin did'nt enable otp, he/she is redirected to a page to enable 2FA. When superadmin is enabling 2FA, he has to to scan a qrcode with the 2FA application client. And afterwards, the superadmin has to log in with email, password and OTP code.
2020-11-05 16:03:55 +01:00
Christophe Robillard
305ccdc0cd add recoverable and two_factor stragegy for administration 2020-11-05 16:03:55 +01:00
Christophe Robillard
6c2eb22960 remove github authentication for manager 2020-11-05 16:03:55 +01:00
simon lehericey
d82d1132c2 Remove rack_mini_profiler from prod as it could show env var and force us to allow unsafe_eval and script in csp 2020-10-30 17:08:31 +01:00
kara Diaby
3d56b1d8b0 fix bootstrap cdn 2020-10-22 15:00:01 +02:00
clemkeirua
f298d2c2ba dedicated screen for inspecting user emails 2020-10-13 17:36:43 +02:00
clemkeirua
d7fff61d5d ajout de la gem sendinblue 2020-10-13 17:36:43 +02:00
clemkeirua
27b8797296 ajout d'une route /manager/users/:id/emails 2020-10-13 17:36:43 +02:00
Kara Diaby
0bd48999bd
Revert "feat/5635 - Supprime la possibilité pour l'expert invité d'envoyer un message" 2020-10-12 09:24:34 +02:00
kara Diaby
6636b7f14c Supprime la possibilité pour l'expert invité d'envoyer un message à l'usager 2020-10-08 11:14:09 +02:00
Paul Chavard
0aa06d0197 [GraphQL] expose dossier pdf, geojson and attestation 2020-10-06 21:54:43 +02:00
kara Diaby
57adb90c8f add the possibility for administrator to refuse external review on a specific procedure 2020-10-01 10:55:19 +02:00
kara Diaby
e174079850 fix send a copy link 2020-09-30 10:03:08 +02:00
clemkeirua
0d88674cea better translations 2020-09-25 09:35:16 +00:00
Paul Chavard
a49c962ab3 Redirect demandes to DEMANDE_INSCRIPTION_ADMIN_PAGE_URL 2020-09-24 09:57:43 +02:00
Paul Chavard
ea4bcf59ad remove demandes/new page 2020-09-23 16:27:17 +02:00
kara Diaby
cb4e91c405 Add iban type de champ 2020-09-23 15:56:26 +02:00
Christophe Robillard
61ea73580f use buttons instead of select for contact page 2020-09-22 16:09:15 +02:00
clemkeirua
111f309c7f changement de l'adresse de création de compte administrateur 2020-09-21 17:02:37 +02:00
clemkeirua
f9c4e967d6 remove :autosave_dossier_draft 2020-09-21 08:46:01 +00:00
kara Diaby
5c68d75107 add titre_identite champ 2020-09-18 14:57:08 +02:00
clemkeirua
1e32a3c11f add complexity check to admin account creation 2020-09-18 11:16:34 +02:00
clemkeirua
08d0fa80fa remove old route 2020-09-17 14:03:31 +02:00
clemkeirua
6643b598c3 remove :administrateur_graphql 2020-09-17 09:24:50 +02:00
clemkeirua
1be07c1ef5 remove :administrateur_champ_integer_number 2020-09-17 09:24:50 +02:00
clemkeirua
01ac4d7e19 remove operation_log_serialize_subject 2020-09-17 09:24:50 +02:00
kara Diaby
13e4589905 Publications page to the new UI (admin) 2020-09-16 09:15:44 +02:00
simon lehericey
5459c2fa7f Fix uninitialized excon constant 2020-09-08 18:36:24 +02:00
simon lehericey
19d73f13f0 variabilize banner message 2020-09-08 14:52:42 +02:00
kara Diaby
ae61c279af migrate emails text editor to new interface 2020-09-03 14:42:22 +02:00
simon lehericey
bd6705b90a Remove image and video analyzer which are not used 2020-09-02 17:00:26 +02:00
Judith
7eee9beed7 adapting the specs 2020-09-01 16:48:41 +02:00
Judith
9553dae7bd gem devise-i18n added to Gemfile to remove the config/locales/devises.*.yml files. 2020-09-01 16:47:40 +02:00
Judith
25a24ba7c8 removal of translation keys already present in the gem rails-i18n 2020-09-01 16:33:58 +02:00
Fabrice Gangler
1a43f888fb Feat: allow to disable France-Connect
Refs: #5440
2020-09-01 15:51:10 +02:00
Judith
7bc5a0a278 internationalization of /contact-admin 2020-09-01 12:58:19 +00:00
Fabrice Gangler
60d6b1909d Fix for using APPLICATION_NAME in .env file
Refs: #5450
2020-08-28 03:46:19 +02:00
Judith
af25fdd77c gem http_accept_language installed and (de)activable with feature flag 2020-08-27 16:15:01 +02:00
Judith
bfa4231f5e date and number formats changed according to rails-I18n locale 2020-08-27 11:03:34 +02:00
Judith
2f0953692c Internationalization of the Contact page in FR and EN 2020-08-27 11:03:34 +02:00
Pierre de La Morinerie
82c89fb56f config: remove comment about ActiveStorage integration with VirusScanner
As the comment states, it would be nice to load the Virus Scanner on
the Attachment (rather than the blob).

However, in order not to clobber the blob metadata, we want to run the
VirusScanner once the blob analyzer did run.

And the most direct way to detect that the blob analyzer did run is to
add an `on_update_commit` hook on the blob, as this hook will be
trigerred when saving changes to the metadata. This is what the current
solution uses. 

So the current solution is almost optimal, and has a low chance of
accidentally clobbering the blob metadata – as the virus scanner is only
started when the analysis phase is finished.
2020-08-26 16:11:01 +02:00
Christophe Robillard
090a247ba9 validates phone champ server side 2020-08-20 15:33:03 +02:00
Pierre de La Morinerie
d77efec7a0 config: enable active_record.belongs_to_required_by_default 2020-08-18 15:57:37 +02:00
Pierre de La Morinerie
ededf5c6c5 config: don't explicitely eager-load lib/
Rationale:

- `lib/` is supposed to contain code mostly independant from Rails;
- By default, Rails doesn't eager-load `lib/` anymore (this used to be
the case, but since a few releases).

If this commits triggers some errors, then these errors should be fixed
(rather that `lib/` being added again to the load path).
2020-08-18 11:02:09 +02:00
Pierre de La Morinerie
c514898b84 config: don't explicitely eager-load controllers/concerns
Per the documentation, Rails automatically loads `**/concerns` paths.

See https://guides.rubyonrails.org/autoloading_and_reloading_constants_classic_mode.html#autoload-paths-and-eager-load-paths
2020-08-18 11:02:09 +02:00
kara Diaby
9b66c894b2 Adapt configuration email view to the new UI 2020-08-06 16:56:24 +02:00
Pierre de La Morinerie
527a330c7a config: use Rails 6.0 config defaults
We already flipped the new defaults, so this is a no-op.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
bc0244456c config: explicitely use the classic autoloader
I'm sure we can use zeitwerk in the future, but let's retain the classic
loader until the config issues are proved to be safe.
2020-08-05 17:22:46 +02:00
Pierre de La Morinerie
fbbcd97463 config: flip config.active_record.collection_cache_versioning
This is related to internal cache implementation, and doesn't affect us.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
4a9f081cfc config: flip config.action_mailer.delivery_job
This is safe in all cases – except that it prevents a downgrade to
Rails 5. We don't intend to downgrade now, so this is fine.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
b556e2a99a config: flip config.active_storage.replace_on_assign_to_many
We don't have any `has_many_attached` relations in the code base, so
this is safe.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
54a4db1c47 config: flip config.active_storage.queues
ActiveStorage jobs are now moved to their own queue.

For consistency, we also move our own analysis jobs (VirusScannerJob)
on the same `:active_storage_analysis` queue.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
c6cdd08373 config: flip config.active_job.return_false_on_aborted_enqueue
We don't have any instance of aborting inside a job in the code base,
so this setting is safe to flip.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
65809f8ea0 config: flip action_dispatch_return_only_media_type_on_content_type
This makes `ActionDispatch::Controller#content_type` return not only
the MIME type, but also in some circumstances the charset.

Example:

```ruby
reponse.content_type == 'text/html; charset=utf-8'
```

The MIME type-only fragment can now be accessed using `#media_type`.

Changes to the tests are not stricly necessary (because no charset is
present in the actual value), but represent the intent better.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
8427f0eb75 config: flip config.action_dispatch.use_cookies_with_metadata
This makes cookies more secure, by adding an automatic "purpose" field
to each cookie.

Cookies generated by Rails 5 are still forward-compatible. However
from now on the generated cookies will not be backward-compatible with
Rails 6.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
e8fa65f79d config: flip config.action_view.default_enforce_utf8
This prevents charset workaround on IE 8 and lower. We don't support
these browsers anyway, so we can flip the feature off.
2020-08-05 16:48:36 +02:00
Pierre de La Morinerie
a1be888f7c config: use Rails 5.2 config defaults 2020-08-05 16:48:29 +02:00
Pierre de La Morinerie
0d55919fab config: use Rails 5.1 defaults
New or changed defaults are:

- config.assets.unknown_asset_fallback: false
- config.action_view.form_with_generates_remote_forms: true
2020-08-05 13:02:56 +02:00
Kara Diaby
4afc07c677
Merge pull request #5403 from tchak/add-carte-ign
Add carte ign
2020-08-03 11:04:32 +02:00
jpoulvel
bf94cc021b
Merge pull request #5424 from betagouv/new_design_edit_attestation
New design page admin/attestation_templates/edit
2020-07-31 11:18:22 +02:00
Paul Chavard
4c87e547b3 Put IGN map behind a feature flag 2020-07-30 17:22:28 +02:00
Paul Chavard
f1cbc9846e Add carte ign 2020-07-30 16:58:20 +02:00
Keirua
b3e98048f9
Merge pull request #5418 from betagouv/mise-en-avant-france-connect
#5428 - France connect avant les boutons de login/signup
2020-07-30 10:32:12 +02:00
jpoulvel
62e04a6ca9
Merge branch 'dev' into new_design_edit_attestation 2020-07-30 09:53:09 +02:00
kara Diaby
d4c6e501c6 Ajoute la liste des démarches de l'interface administrateur sur la nouvelle UI 2020-07-29 15:35:52 +02:00
Judith
5df3838173 - tranferred controllers from admin to mew_administrateur
- removed admin/attestation_templates views
- changed routes accordingly
2020-07-29 12:26:27 +02:00
Keirua
347dbe4c87
Merge pull request #5417 from betagouv/cleanup-incident-janvier
Suppression du message d'alerte suite aux problèmes d'upload
2020-07-29 11:00:12 +02:00
clemkeirua
b8eea05163 ajout de traductions 2020-07-29 09:27:16 +02:00
clemkeirua
db0d230531 add cdn.jsdeliver.net to the CSP 2020-07-27 16:54:46 +02:00
clemkeirua
de1df85462 suppression du message d'alerte suite aux problèmes d'upload 2020-07-27 10:32:03 +02:00
Fabrice Gangler
1352cde321 Feat: allow emails senders to be configured in .env file
Refs: #5408
2020-07-24 10:50:55 +02:00
clemkeirua
7e085c657d specific deactivation of rubocop DS/ApplicationName rule 2020-07-23 16:20:16 +02:00
clemkeirua
c658428441 added application name in config/ 2020-07-23 16:17:54 +02:00
clemkeirua
c1208add62 remplacement de demarches-simplifiees.fr par un paramètre dans les vues 2020-07-23 16:16:36 +02:00
clemkeirua
31a262efef extraction d'urls doc/faq/… dans url.rb 2020-07-23 16:16:36 +02:00
clemkeirua
3340a2b091 ajout du nom d'application tot au demarrage
The application name is used in the views, but also in the initializers and in the config/ directory

According to rails doc (https://guides.rubyonrails.org/v6.0/configuring.html#locations-for-initialization-code),
if we want to do some things before the initializers and the environment, the only place to do so is in config/application.rb
2020-07-23 16:16:36 +02:00
Paul Chavard
8b9e73a30a
Merge pull request #5382 from adullact/feat_status-page-customisation
#5379 - Allow status page URL to be configured in the .env file
2020-07-22 22:10:58 +02:00
Paul Chavard
35461f0159 Add revisions migrations 2020-07-21 19:35:30 +02:00
Keirua
b2aa90b729
Merge pull request #5392 from betagouv/fix-CI-accessibility-errors
Fix CI accessibility errors
2020-07-21 17:15:45 +02:00
krichtof
8c5308b9dc
Merge pull request #5396 from betagouv/5395-relancer-expert
5395 instructeur : relance un expert pour une demande d'avis
2020-07-21 15:02:53 +02:00
Christophe Robillard
689a51588f translations for avis list view 2020-07-21 10:46:55 +02:00
Fabrice Gangler
62672c02e0 move STATUS_PAGE_URL into env.example.optional 2020-07-20 16:37:31 +02:00
Fabrice Gangler
f7402afa06 add env.example.optional 2020-07-20 16:31:02 +02:00
Christophe Robillard
d9cb5c067f relance un expert 2020-07-20 16:26:16 +02:00
Christophe Robillard
bde8fe2c5d update wording for revoke 2020-07-20 16:08:35 +02:00
Pierre de La Morinerie
b192b48fc7 config: use Rails 5.0 options
Stop overriding Rails 5.0 options, and use the framework defaults.

(Except for `active_record.belongs_to_required_by_default`, which is a
lot of work and will be fixed later.)
2020-07-20 15:54:48 +02:00
clemkeirua
c0cf8b1341 fix display of labels for datetime on screenreaders 2020-07-20 11:37:01 +02:00
Gangler Fabrice
39feca251d allow status page URL to be configured in .env 2020-07-17 15:53:49 +02:00
Christophe Robillard
3ea34834a7 revoke expert avis 2020-07-16 21:05:11 +02:00
kara Diaby
9dc542af09 Revert "Revert "Feat/5287 - New design for admin procedure detail""
This reverts commit cf5eb3f251.
2020-07-15 17:00:03 +02:00
Christophe Robillard
8111babdd6 user: revoque un invité sur un dossier 2020-07-14 18:25:31 +02:00
Kara Diaby
cf5eb3f251
Revert "Feat/5287 - New design for admin procedure detail" 2020-07-13 11:36:42 +02:00
kara Diaby
7f3b38cfee Merge admin dashboard to new design for procedure details 2020-07-09 12:18:22 +02:00
clemkeirua
60c3047e4f mise à jour de doc pour se passer d'overmind 2020-07-09 09:32:09 +02:00
Christophe Robillard
2c56511204 validate api_entreprise_token 2020-07-08 18:59:22 +02:00
Christophe Robillard
8f9d6d2871 show which instructeur took decision and when
and also replace "sans suite" by "classé sans suite"
2020-07-08 18:15:15 +02:00
Pierre de La Morinerie
58c97efde4 config: enable debug assets in development
Historically, debug assets were disabled because they made reloading
pages very slow. This seems fixed by Rails 6.
2020-07-08 17:48:21 +02:00