Commit graph

1065 commits

Author SHA1 Message Date
pedong
8d03a6747c add lockable to User, Gestionnaire, administration, Administrateur 2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab replaced api-carto endpoint 2019-07-23 16:21:15 +02:00
clemkeirua
f166077f5e ajout d'un bouton de suppression des admin dans le manager 2019-07-23 16:11:15 +02:00
clemkeirua
92ec627425 update brakeman configuration 2019-07-17 18:04:32 +02:00
clemkeirua
d8b63cd4c9 added 'monavis' inside the procedure and for users 2019-07-17 18:04:32 +02:00
clemkeirua
25f81f1d3c download a dossier as zip with all attachments 2019-07-16 09:11:25 +02:00
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Pierre de La Morinerie
56c846900b champs: improve validation message of numeric fields
Replaces

> Champs value doit être un nombre

by

> La valeur du champ doit être un nombre entier (sans chiffres après
> la virgule)
2019-07-11 15:12:48 +02:00
Paul Chavard
3cb39c2840 Refactor message attachements to use active_storage 2019-07-10 15:35:29 +02:00
Pierre de La Morinerie
055fc63c45 profile: improve email success message wording 2019-07-10 11:31:09 +02:00
simon lehericey
ea79b9a595 typo: use ’ 2019-07-09 11:55:17 +02:00
simon lehericey
d36f6ebcd7 [fix #1709] A user can change its email 2019-07-09 11:55:17 +02:00
simon lehericey
0f9fdf3f75 Activate device email change confirmation 2019-07-09 11:55:17 +02:00
simon lehericey
d68d2be798 Profil: accessible to all roles 2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb Landing: voir les démarches -> comment trouver ma démarche 2019-07-03 12:59:09 +02:00
simon lehericey
c7e10fc43f Manager: remove repasser_en_instruction 2019-07-02 18:40:20 +02:00
simon lehericey
b79220e711 UI 2019-07-02 18:35:47 +02:00
Paul Chavard
fb0ef15e3c Export dossiers v2 2019-07-02 14:20:29 +02:00
clemkeirua
dfefb827d9 missing connect-src 2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf enable static + activate csp in production 2019-07-02 09:40:38 +02:00
clemkeirua
0cfd3e3c1f disable csp 2019-07-01 12:10:08 +02:00
clemkeirua
eaf850c1e9 enable csp 2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911 fix csp rule for crisp websocket 2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973 enable crisp websockets and css 2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4 add duplicate rules as fallback 2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0 add missing elements 2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
eb592f8ddf Add manager controller for bill signatures 2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
f355f849a6 Add BillSignature Model 2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
dace9a53d3 Add Universign timestamp API query 2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e more generic elements to the security policy 2019-06-17 09:51:27 +02:00
pedong
abcd58c35d [fix #3710] date with letter
Co-Authored-By: simon lehericey <mail@simon.lehericey.net>
2019-06-12 17:48:12 +02:00
Chaïb Martinez
eccd456325 Add crisp
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-06-05 17:41:47 +02:00
Paul Chavard
ff44b7a600 Refactor purge pj to be more generic 2019-05-29 15:54:51 +02:00
Pierre de La Morinerie
d410e31344 active_storage: document the virus scan hooks 2019-05-28 11:39:22 +02:00
Paul Chavard
6a3413018a Refresh attachments with virus scan result 2019-05-21 14:21:55 +02:00
Paul Chavard
cc4eba2b36 Less mokey patching 2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e more whitelist for the common domains we use 2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1 Use active storage load hook to extend blob 2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595 Put devtools behind feature flags 2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e use constant for localhost 2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6 changement de l'URI de report-uri 2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
abfeb1c2db locales: remove unused carrierwave localisation
- It was broken since the renaming of `extension_white_list` to
  `extension_whitelist` (f0ed61cce8)
- The localisation is already included in the `carrierwave-i18n` gem
- The localisation included in the gem is better than ours (it mentions
  which extensions are allowed).
2019-05-15 14:39:40 +02:00
Pierre de La Morinerie
d431eeeb93 carrierwave: fix typo
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Paul Chavard
9725f2a418 Enable new champs editor for all 2019-05-14 16:18:29 +02:00
Paul Chavard
3446782cd0 Remove deprecated editor 2019-05-14 16:18:29 +02:00
Paul Chavard
dba8d65137 Track dossier operations with author and subject 2019-05-14 14:31:03 +02:00
Chaïb Martinez
3004f96cf5 Add video and webinar URLs to admin pages
Fix #3850

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c update on the security policy headers 2019-05-09 14:55:21 +02:00
Nicolas Bouilleaud
3ff0c83485 Add multi-admin UI
refs #1626
2019-05-06 16:19:08 +02:00
clemkeirua
2ae02a132b Report-Only for tests 2019-05-06 10:07:51 +02:00
clemkeirua
64b858ef19 handle Gon + add report-uri URL 2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98 add security policy 2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9 Save virus scan status to blob metadata 2019-05-02 15:58:09 +02:00
Paul Chavard
d72cead7ff Remove unnecessary uglify options
New options :
terserOptions:
   { output: { ecma: 5, comments: false, ascii_only: true },
     parse: { ecma: 8 },
     compress: { ecma: 5, warnings: false, comparisons: false },
     mangle: { safari10: true } } }
2019-05-02 14:10:48 +02:00
Paul Chavard
2f633b5d23 Load leaflet from a separate chunk 2019-05-02 14:10:48 +02:00
Pierre de La Morinerie
e06e32238c api_entreprise: display a specific error message on network errors 2019-05-02 11:24:38 +02:00
Pierre de La Morinerie
6c8280fba6 api_entreprise: add a feature flag for toggling API INSEE v3 2019-04-30 17:27:58 +02:00
simon lehericey
1d051dc3ef Can change a piece_justificative_template on a type_de_champ 2019-04-18 11:13:35 +02:00
Mathieu Magnin
14c3fb7224 [Fix #3064] Add a preview button for state notifications emails 2019-04-11 11:03:13 +02:00
Pierre de La Morinerie
01e113d04f Revert "locales: tell that API Entreprise is unavailable for now"
This reverts commit a598383856.
2019-04-04 17:15:31 +02:00
Pierre de La Morinerie
41ad89d8ac commencer: fix redirection with invalid path 2019-04-04 14:03:40 +02:00
Paul Chavard
b9be186d2c Sentry should send environment information 2019-04-03 18:19:16 +02:00
Pierre de La Morinerie
22f2ca105e commencer: display a FranceConnect button
Fix #3640
2019-04-03 16:08:09 +02:00
simon lehericey
6d42c8f08a env.example: add TRUSTED_NETWORKS variable 2019-04-03 15:21:19 +02:00
Paul Chavard
639facaf2a Add new types_de_champ#move api 2019-04-03 14:38:07 +02:00
Paul Chavard
51c79ba6a6 Update webpacker and replace vue with react 2019-04-03 14:38:07 +02:00
Pierre de La Morinerie
a598383856 locales: tell that API Entreprise is unavailable for now 2019-04-03 11:24:51 +02:00
Paul Chavard
e71cdcd12c Move all the trackers to a separate js pack 2019-04-02 17:33:53 +02:00
Pierre de La Morinerie
97af31d54f app: rename references to betagouv/tps
Github has an automatic redirection, but better be clean.
2019-03-26 11:10:30 +01:00
Pierre de La Morinerie
30d11e0dac app: rename new_gestionnaire to gestionnaires 2019-03-26 10:48:59 +01:00
Pierre de La Morinerie
ded5b70444 app: rename new_user to users 2019-03-25 10:56:39 +01:00
Mathieu Magnin
2c1e1db37d [Fix #3617] 404 when filter[value] contains a "." 2019-03-19 14:25:57 +01:00
simon lehericey
ed6828c66c Notification: UI 2019-03-18 16:37:51 +01:00
simon lehericey
eae6986079 Puma: change config to enable cluster mode in production 2019-03-18 11:40:13 +01:00
Paul Chavard
504b26bf5e Add administrateur to demarche from manager 2019-03-12 11:59:01 +01:00
Mathieu Magnin
44f28ec565 Remove feature flag for publish draft 2019-03-12 11:26:07 +01:00
Frederic Merizen
b3c3541725 [#3477] Update brakeman config 2019-03-11 17:14:17 +01:00
Frederic Merizen
8d8376947d [Fix #3477] Individually remove values from multi-value filter 2019-03-11 17:14:17 +01:00
Frederic Merizen
98713b6a4d Proxy for SendinBlue API 2019-03-08 16:33:28 +01:00
Frederic Merizen
fc38880155 Move sendinblue client key to configuration file
This is not a secret (it's sent to the client as part of the JS anyway) so it's
not a big deal that it was on the public repository but it's still better to
have it be configurable.
2019-03-08 16:33:28 +01:00
Mathieu Magnin
1eed114d78 Add status page in footer 2019-03-05 17:42:00 +01:00
Frederic Merizen
d54a0a4612 Fix link to procedure brouillon in manager 2019-03-04 15:03:30 +01:00
simon lehericey
2920769a68 ActiveStorage: temp url are valid for 1 hour 2019-02-28 18:36:28 +01:00
simon lehericey
9d92e43d8d [fix #3315] Migrate service organisme 2019-02-18 16:50:44 +01:00
simon lehericey
a7e068003a [fix #3427] Administration can soft delete a dossier 2019-02-14 18:09:08 +01:00
Paul Chavard
5da5f75c5f [Types de Champ Editeur] Save on change and only edited model 2019-02-07 17:05:55 +01:00
simon lehericey
32281092e6 mina: reuse gem between deployment 2019-02-06 14:41:45 +01:00
Paul Chavard
071448e1d9 Champ Repetition dossier editor 2019-02-04 16:19:07 +01:00
Paul Chavard
862ab4ed04 “Bloc répétable” is ready to be tested 2019-02-04 15:46:39 +01:00
Pierre de La Morinerie
283f110e9b stats: improve numeric separators and suffixes 2019-02-01 11:02:37 +01:00
pedong
6103176a78 [fix #1238] add previsualization attestation for gestionnaire 2019-01-22 14:54:24 +01:00
Pierre de La Morinerie
016e5f2e6f commencer: add an independant page 2019-01-21 14:45:38 +01:00
Paul Chavard
6036d7906f Enable champ_siret for all 2019-01-17 15:17:48 +01:00
Paul Chavard
9136c9dfa0 Enable support_form for all 2019-01-17 15:17:48 +01:00
Paul Chavard
41c9b21509 Use new editor 2019-01-17 11:20:31 +01:00
Paul Chavard
e1a1a2b2ad Add new admin procedure update action 2019-01-17 11:20:31 +01:00
Paul Chavard
d9d0b29cbf Add Vue.js 2019-01-17 11:20:31 +01:00
Frederic Merizen
0846860748 Proxy for active storage service provider 2019-01-16 11:34:57 +01:00
Pierre de La Morinerie
3b92fe93fc stats: make groupdate week start on Monday 2019-01-10 16:14:14 +01:00
gregoirenovel
5fa5f2aa37 Bump development gems
- rubocop (0.61.1 → 0.62.0)
2019-01-05 11:47:55 +01:00
gregoirenovel
0596d53ac2 Enable the Lint/UnusedBlockArgument cop 2019-01-03 10:53:50 +01:00
gregoirenovel
8ffcc16ec5 Avoid EOL ifs 2019-01-03 10:53:50 +01:00
gregoirenovel
7ffe40868b Use parentheses 2019-01-03 10:53:50 +01:00
Chaïb Martinez
0fe473b84e Add 2 new categories in admin contact form 2018-12-20 15:29:49 +01:00
Paul Chavard
5d1c24f3d8 Add type de champ repetition models (with row) 2018-12-19 15:31:11 +01:00
Frederic Merizen
832b4a61bc Drop CleverCloud Service for ActiveStorage 2018-12-19 10:36:02 +01:00
Frederic Merizen
57a136c861 Make champ PJ generally available 2018-12-18 11:11:23 +01:00
Mathieu Magnin
5ab0853f1c Harmonize user champ pj purge route to gestionnaire 2018-12-14 11:38:59 +01:00
Mathieu Magnin
edf3eefa87 Fix Sentry 114, Instructeur can delete pj in private champs 2018-12-13 17:27:05 +01:00
Frederic Merizen
0a1bdbb6d3 [#2180] Passer sur le nouveau fournisseur de stockage 2018-12-11 19:54:11 +01:00
pedong
de5de75869 [fix #2985] del champ_linked_dropdown in feature 2018-12-10 16:47:22 +01:00
simon lehericey
db6c86b242 DossierController: user can destroy pjs 2018-12-06 10:45:10 +01:00
Mathieu Magnin
55525af060 Add rake task to run after party with mina 2018-12-04 14:43:55 +01:00
Paul Chavard
2f2aa580f8 Update activestorage.js 2018-12-04 11:37:00 +01:00
Paul Chavard
6043e59937 Disable after party 2018-12-01 10:30:35 +01:00
Frederic Merizen
dd07a8ca1f [#2180] Use different container for activestorage and for carrierwave 2018-11-29 11:31:58 +01:00
Paul Chavard
b9af07b845 Add admin support contact form 2018-11-28 16:50:37 +01:00
Paul Chavard
3f62d2b0b6 Allow to override active_job adapter 2018-11-27 17:26:21 +01:00
pedong
ef1c17beaa [Fix #3056] get url api in the environment variable 2018-11-27 14:47:10 +01:00
Mathieu Magnin
804f0665e3 Re-enable releases cleanup 2018-11-22 18:26:18 +01:00
gregoirenovel
d0ec53a494 Move accessibilite to the root controller 2018-11-22 02:00:54 +01:00
gregoirenovel
82d764e340 Move tour_de_france to the root controller 2018-11-22 02:00:54 +01:00
gregoirenovel
4a8b56cded Remove an unneeded slash 2018-11-22 02:00:54 +01:00
gregoirenovel
be08e5a248 Move a route to a better position 2018-11-22 02:00:54 +01:00
gregoirenovel
dffd132564 Remove a useless file 2018-11-22 01:51:55 +01:00
gregoirenovel
455e7ef364 Remove a dead route 2018-11-22 01:47:29 +01:00
Mathieu Magnin
167aff30f4 Cancel cleanup 2018-11-21 16:28:02 +01:00
Mathieu Magnin
88b8c190f5 Cleanup releases after deploy 2018-11-21 14:35:00 +01:00
Mathieu Magnin
3ce9dd39af [Fix #3008] Soft delete demarche button in manager 2018-11-21 14:29:42 +01:00
Pierre de La Morinerie
ac9a87f27b config: fix email assets not having the full URL domain prepended
When sending emails, the mailer doesn't have access to the request
host. It needs to infer it by itself.

For this we need two settings:

- action_mailer.default_url_options, to generate urls to routes
- action_mailer.asset_host, to generate full urls to assets

Only the first one of these settings was set in production.

Fix #2518
2018-11-21 12:30:00 +01:00
Frederic Merizen
e69e459649 [#2180] Add activestorage-openstack 2018-11-16 11:11:40 +01:00
Frederic Merizen
d901cb286b [#2180] Bump fog-openstack 2018-11-16 11:11:39 +01:00
Frederic Merizen
6da33f2387 [#2180] Drop fog 2018-11-16 11:11:39 +01:00
Paul Chavard
2eb61bd6ed Move dossier invites handler to invites controller 2018-11-14 15:16:49 +01:00
Pierre de La Morinerie
f7c586f3e4 features: add maintenance features to the 'production' group 2018-11-13 16:38:56 +01:00
Pierre de La Morinerie
0eb21fe8c4 manager: localize model names 2018-11-13 11:20:12 +01:00
simon lehericey
fb76197404 SessionController: flipflop trusted device 2018-11-13 10:41:45 +01:00
simon lehericey
36621bffeb FlipFlop: enable for gestionnaire 2018-11-13 10:41:45 +01:00
simon lehericey
5690599289 Session: send a mail to confirm gestionnaire login 2018-11-13 10:41:45 +01:00
Paul Chavard
624b442cd7 Remove “Outil de changement d'état d'un dossier” 2018-11-08 14:56:45 +01:00
Chaïb Martinez
8d02b4dbdf Add Matomo Suivi page 2018-11-08 14:25:37 +01:00
Pierre de La Morinerie
b94bc654c9 config: remove duplicated line
The line is duplicated above in the same file.
2018-11-06 17:11:09 +01:00
Frederic Merizen
31ca0552ab [#835] Extract avis creation into concern 2018-11-06 15:44:43 +01:00
Frederic Merizen
6a43be4f39 [#835] Extra paths deserve eagler loading in production too 2018-11-06 15:44:43 +01:00
Frederic Merizen
02fa30c83b [#835] Remove redundant values from autoload_paths
(Level 1 subdirectories of app are already globbed by default rails config)
2018-11-06 15:44:43 +01:00
Paul Chavard
7a60f1b549 Enable champ carte for everyone 2018-11-06 14:26:32 +01:00
pengfei
7950597bf5 [fix #2858] env api geo 2018-11-06 12:54:01 +01:00
Paul Chavard
ca09aa52a3 Put IntegerNumberChamp behind a flag 2018-11-06 11:28:44 +01:00
Paul Chavard
074050a91a Add IntegerNumberChamp 2018-11-06 11:28:44 +01:00