Commit graph

1237 commits

Author SHA1 Message Date
Pierre de La Morinerie
37645d3df2 config: fix (again) the CSP when running a LiveReload server locally
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.

Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
Pierre de La Morinerie
968e470684 config: never cache rails-generated pages
This instruct browsers to never cache content directly generated by the
controllers. This includes HTML pages, JSON responses, PDF files, etc.

This is because Some mobile browsers have a behaviour where, although
they will delete the session cookie when the browser shutdowns, they
will still serve a cached version of the page on relaunch.

The CSRF token in the HTML is then mismatched with the CSRF token in the
session cookie (because the session cookie has been cleared). This
causes form submissions to fail with an
"ActionController::InvalidAuthenticityToken" exception.

To prevent this, tell browsers to never cache the HTML of a page.
(This doesn’t affect assets files, which are still sent with the proper
cache headers).

See https://github.com/rails/rails/issues/21948
2020-04-14 18:29:17 +02:00
Paul Chavard
7a8fd3c679 Use graphql playground instead of graphiql 2020-04-09 19:38:19 +02:00
Christophe Robillard
ae18ff6627 Notifie tous les instructeurs lors dépôt dossier
- envoie un mail à tous les instructeurs d'une procédure après le dépôt
d'un nouveau dossier
2020-04-09 14:33:56 +02:00
Christophe Robillard
415d5c765e envoie une notification à chaque follower_instructeur après un commentaire déposé 2020-04-09 14:17:07 +02:00
kara Diaby
d18bc1c421 Improve the mapbox-gl support detection for older browsers 2020-04-09 11:01:20 +02:00
kara Diaby
56e9834389 Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
This reverts commit 473ed00b6c.
2020-04-09 11:01:20 +02:00
Pierre de La Morinerie
7e19dd2cda Revert "Revert "Fix middle-click on "Delete attachment" button""
This reverts commit 6e8bd6957f.
2020-04-09 10:40:08 +02:00
clemkeirua
34188c432c refactor _new_header so that user and instructeur search share similar signature 2020-04-09 09:42:31 +02:00
Pierre de La Morinerie
6e8bd6957f
Revert "Fix middle-click on "Delete attachment" button" 2020-04-08 17:40:58 +02:00
Pierre de La Morinerie
8ceb555941 routes: cleanup attachment routes 2020-04-08 11:57:06 +02:00
kara Diaby
473ed00b6c Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
This reverts commit fe0b3c2215.
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215 Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
This reverts commit 3e21b78142.
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react" 2020-04-07 15:32:14 +02:00
Pierre de La Morinerie
91260e2867 dossier: fix upload route of piece_justificative in repetitions
In repetitions, `form.index` doesn't make much sense. Turns out we
don't really need the index of the champ: we can just use the champ id.
2020-04-06 11:50:31 +02:00
kara Diaby
aa56cfd7a0 migrate map to mapbox-gl with a react component 2020-04-02 15:39:47 +02:00
Paul Chavard
7ba4c513e6 Refactor notify near deletion mailers 2020-04-01 17:40:52 +02:00
Paul Chavard
da52ec30bd Undo discard dossiers and demarches from manager 2020-03-31 17:08:28 +02:00
Paul Chavard
876e05aed3 Discard demarches from manager 2020-03-31 17:08:28 +02:00
Pierre de La Morinerie
6417c0d2c0 dossiers: allow auto upload of attachments 2020-03-31 13:09:44 +02:00
Paul Chavard
5005c54891 Add base cron job 2020-03-31 12:25:46 +02:00
Pierre de La Morinerie
fe13043efd dossier: prepare validations to piece_justificative champs
We can't yet enable the validations, because of an issue that will
(hopefully) be solved with Rails 6.

See https://github.com/betagouv/demarches-simplifiees.fr/issues/4926
2020-03-30 11:12:25 +02:00
Paul Chavard
a60b6b6776 Use ’ consistently instead of ' 2020-03-26 17:27:48 +01:00
Paul Chavard
c707a21f97 Rename delete_and_keep_track -> discard_and_keep_track 2020-03-26 14:23:23 +01:00
Paul Chavard
ec1cd989ab Show the reason on deleted dossiers 2020-03-25 16:57:03 +01:00
clemkeirua
5ef6f92fdc update CGU URL 2020-03-25 09:50:41 +00:00
Christophe Robillard
b4b92accf1 instructeur: show deleted dossiers for a procedure 2020-03-25 10:19:07 +01:00
clemkeirua
5896aedeeb added extension bouton to en_construction dossiers bound to expire 2020-03-24 18:10:51 +01:00
clemkeirua
057d7bc2f1 add interval data type to ActiveRecord 2020-03-24 18:10:13 +01:00
clemkeirua
c077762a04 added labels for datetime
cf https://stackoverflow.com/a/47836699
2020-03-24 16:54:35 +00:00
Pierre de La Morinerie
a716713ed6 locales: fix translation of champ value
Due to the extra 's', the names of Champs attributes were never
translated.
2020-03-24 15:42:02 +01:00
Paul Chavard
cd0acb1344 Cleanup dossier mailers 2020-03-19 16:52:18 +01:00
Pierre de La Morinerie
ea94ea05a0 config: configure CSP to allow live-reload requests
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Christophe Robillard
c21dd3b830 affiche infos d'un usager entreprise uniquement si diffusable
pour un usager de type entreprise qui a choisi de ne pas diffuser publiquement ses infos,
elles sont affichées uniquement aux instructeurs
2020-03-17 15:57:02 +00:00
clemkeirua
90a0879d71 ajout du bouton pour telecharger un pdf vide 2020-03-17 15:00:03 +01:00
clemkeirua
269881db12 generation d'un pdf vide à partir d'une procedure 2020-03-17 15:00:01 +01:00
Paul Chavard
444d19e191 Remove unused gems 2020-03-17 11:25:21 +01:00
Paul Chavard
ae2cfdd44e Update browser gem
`modern?` method was removed in version 4
2020-03-17 11:25:20 +01:00
Paul Chavard
0b06864f7a Upgrade core-js 2020-02-24 19:43:07 +01:00
Paul Chavard
318baf316e Add notify_en_construction_near_deletion mailer 2020-02-18 17:18:14 +01:00
Paul Chavard
8c77d91e9f Add notify_automatic_deletion_to_administration mailer 2020-02-18 17:18:06 +01:00
Paul Chavard
4e116f06a6 Add notify_automatic_deletion_to_user mailer 2020-02-18 17:15:32 +01:00
Pierre de La Morinerie
7ba76c6658 dossier: add a notice when some attachments of the dossier were lost
On the 22/01/2020, a technical error on the demarches-simplifees.fr
instance made us delete some files attached to some dossiers.

This PR adds a warning when browsing a dossier containing attachments
that were deleted.
2020-02-12 11:49:33 +01:00
simon lehericey
3d652ffaf8 Remove unused key 2020-02-10 13:59:15 +01:00
simon lehericey
6de55f44b4 Remove Fog conf for carrierewave
The conf now is config/storage.yaml
2020-02-10 13:56:45 +01:00
Christophe Robillard
cee4c5b8fb Revert "Revert "4127 fix superadmin supprime compte usager""
This reverts commit 751f24f7bb.
2020-02-04 16:07:01 +01:00
Paul Chavard
a86129c3a1 Revert "Revert "Update javascript dependencies and add webpack-bundle-analyzer""
This reverts commit eddd59e554.
2020-02-03 14:54:25 +01:00
Keirua
eddd59e554
Revert "Update javascript dependencies and add webpack-bundle-analyzer" 2020-01-29 14:51:55 +01:00
Paul Chavard
a223eb05da Update javascript dependencies and add webpack-bundle-analyzer 2020-01-28 16:37:44 +01:00
clemkeirua
5f65665b07 added a method for modifying a user email 2020-01-28 16:15:46 +01:00
Paul Chavard
7478a51846 [GraphQL] use official skylight support 2020-01-28 15:39:37 +01:00
Pierre de La Morinerie
745b00366f Revert "app: hide IE11 deprecation banner during the strike"
This reverts commit c2882b6cc3.
2020-01-28 15:18:18 +01:00
Pierre de La Morinerie
751f24f7bb
Revert "4127 fix superadmin supprime compte usager" 2020-01-21 18:57:54 +01:00
Christophe Robillard
a6d007dbd3 supprime un instructeur 2020-01-21 15:05:33 +01:00
clemkeirua
12430a8068 ajout d'un écran intermediaire pour gérer la reaffectation des dossiers 2020-01-20 16:15:02 +01:00
clemkeirua
45c8c8ca21 an admin can delete a groupe-instructeur with 0 dossier 2020-01-20 16:15:02 +01:00
Paul Chavard
4edc7b00cf Use geocoder 2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
This reverts commit 4373cb22cb.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb Revert "Merge pull request #4552 from tchak/champ-communes"
This reverts commit 4cec26f73a, reversing
changes made to 0ef25ef36c.
2020-01-13 16:26:27 +01:00
Christophe Robillard
9a62d3fe0c delete a user 2020-01-13 10:06:43 +01:00
Pierre de La Morinerie
f04fb3830c config: fix France Connect callback URL when testing locally
When testing France Connect on a local development environment, the
callback URL should be something like `http://localhost:3000/…/…`

But currently, the callback URL uses `https`, even in development. This
causes the callback URL to be rejected by France Connect.

This commit overrides the callback URL when in development, to use
an `http` URL instead. In doesn't affect the production settings.
2020-01-08 15:44:49 +01:00
Paul Chavard
cccb04d725 ActiveStorage url should expire after an hour 2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345 Remove unused code and tests 2020-01-07 11:52:51 +01:00
Paul Chavard
ff46ee366e Fix user brouillon spec 2020-01-07 11:52:51 +01:00
Paul Chavard
4bbd16576b Add champ communes 2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0 Make all location champs autocomplete 2020-01-07 11:52:51 +01:00
simon lehericey
c95b7a33fa Add brakeman exception for a export.file.service_url 2019-12-18 13:13:15 +01:00
simon lehericey
d0f0533a32 Remove unused code 2019-12-18 13:13:15 +01:00
Paul Chavard
422b7f37ec [GraphQL] expose file information 2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3 app: hide IE11 deprecation banner during the strike
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Paul Chavard
2f060fc30a Add depubliee state to procedures 2019-12-04 16:52:41 +01:00
Paul Chavard
e429c79eb1 Allow administrators to set themselves démarches as déclaratives 2019-12-04 12:30:26 +01:00
Christophe Robillard
4e7c779116 refuse les numéros de tel invalides
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
simon lehericey
006e426a11 Work on deletion mail 2019-12-03 17:18:53 +01:00
simon lehericey
6391f7ff9c Work on notify_near_deletion mailer 2019-12-03 17:18:53 +01:00
Pierre de La Morinerie
97af50c700 app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
For instance, Firefox iOS is reported as `firefox? true, version 20`.

As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
3212dfddca app: allow hiding the browser banner for one week 2019-12-03 16:09:18 +01:00
Pierre de La Morinerie
2ee8cab067 app: display a deprecation banner for IE 11 2019-12-03 16:02:08 +01:00
Paul Chavard
7b947feae4 Rename demarche archivée to demarche close 2019-11-28 15:07:16 +01:00
Pierre de La Morinerie
68f5aae99d autosave: add feature test 2019-11-21 14:00:06 +01:00
Pierre de La Morinerie
bff7892ba8 dossiers: autosave drafts 2019-11-21 14:00:06 +01:00
Matthieu FAURE
87813c42d9
Update config/env.example
Co-Authored-By: Keirua <Keirua@users.noreply.github.com>
2019-11-20 15:40:02 +01:00
Matthieu FAURE
1f2f904f8f
Update config/env.example
Co-Authored-By: Keirua <Keirua@users.noreply.github.com>
2019-11-20 15:39:50 +01:00
Matthieu FAURE
85bbafc256
Update config/env.example based on @keirua review
Co-Authored-By: Keirua <Keirua@users.noreply.github.com>
2019-11-20 11:03:19 +01:00
Matthieu FAURE
0089a9d520
Update config/env.example based on @keirua review
Co-Authored-By: Keirua <Keirua@users.noreply.github.com>
2019-11-20 11:01:54 +01:00
Matthieu FAURE
98d545b1d9
Update config/env.example based on @keirua review
Co-Authored-By: Keirua <Keirua@users.noreply.github.com>
2019-11-20 11:01:27 +01:00
Matthieu FAURE
1a63d7e4e2 DOC ajout commentaires + explications pour env.example 2019-11-19 15:24:57 +01:00
simon lehericey
874439580b Pluralize some texts 2019-11-18 17:08:51 +01:00
simon lehericey
9ca026a630 Use a select2 box for looking to instructeurs 2019-11-18 17:08:51 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev 2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0 Fixes missing database on initialization: closes #4482. 2019-11-14 09:17:39 +01:00
Paul Chavard
ba03dbf8dd [GraphQL] Add dossierEnvoyerMessage mutation 2019-11-13 19:54:27 +01:00
Paul Chavard
f7cbbe815c [GraphQL]: Add default query to playground 2019-11-13 15:53:56 +01:00
Paul Chavard
9ce81f665b [GraphQL]: fix geo_areas docs 2019-11-13 15:53:56 +01:00
Paul Chavard
fe84e8e0f7 Remove carrierwave 2019-11-12 15:26:18 +01:00
clemkeirua
6351eabfdd remove notification to report-uri in production 2019-11-07 17:32:40 +01:00
clemkeirua
04c13190c3 introduce smtp_key in order to use 2 different sendinblue keys
client_key is exposed to the client via gon, so if we use it for sending email too we are exposing a key so anybody could send an email.
The current client_key has a different level of right and can't send emails so it's ok to expose it.
2019-11-06 13:34:36 +01:00
clemkeirua
959aacdea5 Sendinblue email balancing using proper credentials
This reverts commit c61981e795.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795 Revert "Sendinblue email balancing using interceptor"
This reverts commit b2135b6576.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576 Sendinblue email balancing using interceptor
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Pierre de La Morinerie
8e6930d257 instructeurs: fix ProcedurePresentation to use instructeur.user.email
The `joins` are declared explicitely in order to associate a predictable
name to the joined table.

Otherwise, when the query is joined with `:users`, ActiveRecord will
alias the join automatically  to solve the conflict. Unfortunately, the
automatic resolution means that the table name becomes unpredictable,
and thus unsuitable to perform queries on.
2019-11-04 10:44:24 +01:00
Paul Chavard
18e91e7ca3 Extend old export format till mid-November 2019-10-31 17:11:46 +01:00
Nicolas Bouilleaud
72b7ff221c move procedure to new design 2019-10-31 10:27:19 +01:00
Paul Chavard
73d4ecf35d Add a DS_PROXY_URL env variable 2019-10-30 16:15:38 +01:00
simon lehericey
477f7c9837 Remove instructeur 2019-10-30 14:27:51 +01:00
simon lehericey
79b808470c Add instructeur 2019-10-30 14:27:51 +01:00
simon lehericey
94081a3997 Show Groupe Instructeur 2019-10-30 14:27:51 +01:00
simon lehericey
4491dca19a Index Groupe Instructeur 2019-10-30 14:27:51 +01:00
Paul Chavard
6a3d725134 Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
This reverts commit 71227be37f.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f Revert "Decommission ActiveStorage proxy service and use openstack service"
This reverts commit 0ff6c793ae.
2019-10-29 10:30:40 +01:00
Jérôme Desboeufs
86819cd532 Fix typos 2019-10-25 09:41:22 +02:00
simon lehericey
54d6d21c27 Add Pg statement timeout variable to allow long migration 2019-10-24 15:54:25 +02:00
simon lehericey
fbe93e0fce Fix pluralization in search page 2019-10-23 21:47:20 +02:00
simon lehericey
35bba62297 Update routing critéria name 2019-10-23 21:47:20 +02:00
simon lehericey
a5ffe9f54b Remove instructeur from the group 2019-10-23 21:47:20 +02:00
simon lehericey
a6deafd885 Add instructeurs to groupe 2019-10-23 21:47:20 +02:00
simon lehericey
3dd3af8482 Groupe instructeur update 2019-10-23 21:47:20 +02:00
simon lehericey
9a6336f508 Groupe instructeur create 2019-10-23 21:47:20 +02:00
simon lehericey
733e83cc54 Groupe instructeur show 2019-10-23 21:47:20 +02:00
simon lehericey
2749c00ce3 Groupe instructeur index 2019-10-23 21:47:20 +02:00
Paul Chavard
0ff6c793ae Decommission ActiveStorage proxy service and use openstack service
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
Paul Chavard
86b271997b Invite experts to linked dossiers
closes #3669
2019-10-23 13:10:09 +02:00
Pierre de La Morinerie
d542bca8de admin: relabel the number champ
Avoid two type de champs having the same label.

Soon this champ will even be deprecated and disappear.

Ref #4414
2019-10-22 15:59:43 +02:00
clemkeirua
4a6893d88b migrate sendinblue API to v3 2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e merge with the work of paul, using 3 links 2019-10-22 09:51:14 +02:00
clemkeirua
70ea5e167e procedure download is performed through a controller in order not to leak the URL 2019-10-22 09:50:58 +02:00
clemkeirua
1af2b63ed1 initial implementation of async export 2019-10-22 09:50:58 +02:00
simon lehericey
1e8e45232a Setup a timeout on long query 2019-10-17 16:45:18 +02:00
simon lehericey
f31c184b56 [fix #1537] Remove simple_form gem 2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63 remove download_as_zip feature flag 2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474 Put graphql behind a feature flag 2019-09-24 10:47:21 +02:00
Paul Chavard
a51fc75628 Expose graphiql 2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3 Configure GraphQL::RailsLogger 2019-09-24 10:47:21 +02:00
Paul Chavard
bf6fbbf2b6 Add graphql end point 2019-09-24 10:47:21 +02:00
Paul Chavard
52e84f2ffe Add graphql object types 2019-09-24 10:47:21 +02:00
Nicolas Bouilleaud
3e2985b305 First attempt at procedure stats
fixes #3945, #3946, #3948
2019-09-17 16:43:48 +02:00
Nicolas Bouilleaud
c26a701a17 Refactor and redesign publish modal
* remove the autocomplete menu
* use ujs to pre-validate the procedure
* tweak the UI
2019-09-17 16:30:48 +02:00
Nicolas Bouilleaud
92e6032115 Remove path availability dead code when creating/editing a procedure
There’s no “path” field anymore in the Procedure form, it can only be set when publishing.
2019-09-17 16:30:48 +02:00
Paul Chavard
d24e0e72a7 Correctly create new flipper flags 2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b Migrate to flipper 2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a mailers: add a NO_REPLY address to transactional emails 2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616 Remove carrierwave uploaders 2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800 Add crips help domaine to defaut policy src
[fix #4234]

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e Use rack_attack_enabled?
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25 RackAttack: use remote ip and test it ! 2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d add Gem rack_attack for prevent attack brute-force 2019-08-20 13:29:29 +02:00
simon lehericey
840be2408e Remove administrateur devise methods 2019-08-14 15:06:15 +02:00
Paul Chavard
e68d2cf5e2 Enable champ repetition for all 2019-08-14 12:53:51 +01:00
Paul Chavard
9eaf14968f Enable export v2 for all 2019-08-14 12:53:51 +01:00
Paul Chavard
0969b1f85f Enable email_login_token for all gestionnaires 2019-08-14 12:53:51 +01:00