Commit graph

13 commits

Author SHA1 Message Date
Colin Darie
a6554aa7bf
fix(users): don't expose email of accounts already confirmed 2024-07-29 12:07:02 +02:00
Sébastien Carceles
20136b7ac8
feat(demarche): create and prefill a dossier with POST request (#8233)
* add base controller for public api

* add dossiers controller with basic checks

* create the dossier

* ensure content-type is json

* prefill dossier with given values

* mark a dossier as prefilled

When a dossier is prefilled, it's allowed not to have a user.

Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.

* set user as owner of an orphan prefilled dossier

When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner

So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner

* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)

* system spec: prefilling dossier with post request
2023-01-03 14:46:10 +01:00
Pierre de La Morinerie
6664965961 mailers: add procedure context to the confirmation link
This allows to redirect the user to the procedure they signed up for
even when the browser session is not available (like if they changed
of browser).

Fix #4738
2020-02-25 11:45:36 +00:00
simon lehericey
dab1519b8c Remove credenticals synchronisation logic 2019-08-16 11:35:19 +02:00
Mathieu Magnin
dd27167c5d Enforce Timezone rule in Rubocop 2019-02-18 16:19:42 +01:00
Pierre de La Morinerie
5a36546485 layouts: rename "application" to "application_old" 2019-01-07 12:17:05 +01:00
Pierre de La Morinerie
c7ac43cfe7 confirmation: add a dedicated page with confirmation instructions
Fix #2586
2018-11-08 16:20:05 +01:00
Pierre de La Morinerie
b0541fba79 users: sign-in after confirming an account within a short time 2018-11-06 18:24:34 +01:00
Pierre de La Morinerie
bfd106ba30 session: migrate the "token confirmation" page to the new design 2018-10-03 15:09:30 +02:00
Pierre de La Morinerie
082ef92a99 invite: move invites link to the after_confirmation callback
Refactored from 6a69d958da

The `after_confirmation_path_for` isn't really made to be a callbback.
For instance, it is not executed during tests.

Moving the invitations linking to a proper documented callback allows
the linking to work in a testing environment, when invoking `user.confirm`.
2018-09-19 12:08:28 +02:00
simon lehericey
6a69d958da Devise: move after_sign_up to after_confirmation 2018-05-23 15:55:52 +02:00
Xavier J
4de9ce4ac2 Delete devise User unused controller 2016-12-15 15:39:18 +01:00
Tanguy PATTE
78e86f00ea [#884] add user 2015-09-23 10:02:01 +02:00