Commit graph

382 commits

Author SHA1 Message Date
Pierre de La Morinerie
745b00366f Revert "app: hide IE11 deprecation banner during the strike"
This reverts commit c2882b6cc3.
2020-01-28 15:18:18 +01:00
Paul Chavard
4edc7b00cf Use geocoder 2020-01-15 15:04:04 +01:00
Paul Chavard
14295db9ad Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
This reverts commit 4373cb22cb.
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb Revert "Merge pull request #4552 from tchak/champ-communes"
This reverts commit 4cec26f73a, reversing
changes made to 0ef25ef36c.
2020-01-13 16:26:27 +01:00
Paul Chavard
cccb04d725 ActiveStorage url should expire after an hour 2020-01-08 14:43:05 +01:00
Paul Chavard
e61e39d345 Remove unused code and tests 2020-01-07 11:52:51 +01:00
Paul Chavard
22aa2d4ee0 Make all location champs autocomplete 2020-01-07 11:52:51 +01:00
Paul Chavard
422b7f37ec [GraphQL] expose file information 2019-12-11 12:34:49 +01:00
Pierre de La Morinerie
c2882b6cc3 app: hide IE11 deprecation banner during the strike
Having two banners appearing in a few days may be overwhelming for
users.
2019-12-04 17:32:04 +01:00
Christophe Robillard
4e7c779116 refuse les numéros de tel invalides
rend facultatif les numéros de téléphone
2019-12-04 05:34:43 +01:00
Pierre de La Morinerie
97af50c700 app: fix detection of Chrome iOS and Firefox iOS as outdated browsers
For instance, Firefox iOS is reported as `firefox? true, version 20`.

As on iOS only the system-provided Webkit is allowed, we can instead
safely assume that all browsers on a recent iOS device are modern.
2019-12-03 16:09:41 +01:00
Pierre de La Morinerie
2ee8cab067 app: display a deprecation banner for IE 11 2019-12-03 16:02:08 +01:00
Pierre de La Morinerie
bff7892ba8 dossiers: autosave drafts 2019-11-21 14:00:06 +01:00
Alexandre Friquet
8f5203cc2e
Merge branch 'dev' into 4482-echec-initilaisation-env-dev 2019-11-14 17:07:28 +01:00
Alexandre Friquet
d9680252b0 Fixes missing database on initialization: closes #4482. 2019-11-14 09:17:39 +01:00
Paul Chavard
f7cbbe815c [GraphQL]: Add default query to playground 2019-11-13 15:53:56 +01:00
clemkeirua
6351eabfdd remove notification to report-uri in production 2019-11-07 17:32:40 +01:00
clemkeirua
959aacdea5 Sendinblue email balancing using proper credentials
This reverts commit c61981e795.
2019-11-06 13:34:36 +01:00
clemkeirua
c61981e795 Revert "Sendinblue email balancing using interceptor"
This reverts commit b2135b6576.
2019-11-04 15:55:08 +01:00
Chaïb Martinez
b2135b6576 Sendinblue email balancing using interceptor
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-11-04 15:30:44 +01:00
Paul Chavard
18e91e7ca3 Extend old export format till mid-November 2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d Add a DS_PROXY_URL env variable 2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134 Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
This reverts commit 71227be37f.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f Revert "Decommission ActiveStorage proxy service and use openstack service"
This reverts commit 0ff6c793ae.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae Decommission ActiveStorage proxy service and use openstack service
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b migrate sendinblue API to v3 2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e merge with the work of paul, using 3 links 2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56 [fix #1537] Remove simple_form gem 2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63 remove download_as_zip feature flag 2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474 Put graphql behind a feature flag 2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3 Configure GraphQL::RailsLogger 2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7 Correctly create new flipper flags 2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b Migrate to flipper 2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a mailers: add a NO_REPLY address to transactional emails 2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616 Remove carrierwave uploaders 2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800 Add crips help domaine to defaut policy src
[fix #4234]

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e Use rack_attack_enabled?
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25 RackAttack: use remote ip and test it ! 2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d add Gem rack_attack for prevent attack brute-force 2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb Rename gestionnaire to instructeur in a comment
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70 Rename gestionnaire in code to instructeur 2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3 #3928 Added constants to define password min length & complexity 2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9 models: remove old pieces justificatives 2019-07-30 16:11:17 +02:00
pedong
9438f962c5 add alert for account is locked 2019-07-29 17:48:44 +02:00
pedong
8d03a6747c add lockable to User, Gestionnaire, administration, Administrateur 2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab replaced api-carto endpoint 2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840 Refactor message attachements to use active_storage 2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75 Activate device email change confirmation 2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb Landing: voir les démarches -> comment trouver ma démarche 2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9 missing connect-src 2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf enable static + activate csp in production 2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9 enable csp 2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911 fix csp rule for crisp websocket 2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973 enable crisp websockets and css 2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4 add duplicate rules as fallback 2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0 add missing elements 2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
dace9a53d3 Add Universign timestamp API query 2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e more generic elements to the security policy 2019-06-17 09:51:27 +02:00
Pierre de La Morinerie
d410e31344 active_storage: document the virus scan hooks 2019-05-28 11:39:22 +02:00
Paul Chavard
cc4eba2b36 Less mokey patching 2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e more whitelist for the common domains we use 2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1 Use active storage load hook to extend blob 2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595 Put devtools behind feature flags 2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e use constant for localhost 2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6 changement de l'URI de report-uri 2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
d431eeeb93 carrierwave: fix typo
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Chaïb Martinez
3004f96cf5 Add video and webinar URLs to admin pages
Fix #3850

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c update on the security policy headers 2019-05-09 14:55:21 +02:00
clemkeirua
64b858ef19 handle Gon + add report-uri URL 2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98 add security policy 2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9 Save virus scan status to blob metadata 2019-05-02 15:58:09 +02:00
Paul Chavard
b9be186d2c Sentry should send environment information 2019-04-03 18:19:16 +02:00
Paul Chavard
51c79ba6a6 Update webpacker and replace vue with react 2019-04-03 14:38:07 +02:00
Frederic Merizen
98713b6a4d Proxy for SendinBlue API 2019-03-08 16:33:28 +01:00
Mathieu Magnin
1eed114d78 Add status page in footer 2019-03-05 17:42:00 +01:00
simon lehericey
2920769a68 ActiveStorage: temp url are valid for 1 hour 2019-02-28 18:36:28 +01:00
Pierre de La Morinerie
283f110e9b stats: improve numeric separators and suffixes 2019-02-01 11:02:37 +01:00
Pierre de La Morinerie
3b92fe93fc stats: make groupdate week start on Monday 2019-01-10 16:14:14 +01:00
gregoirenovel
5fa5f2aa37 Bump development gems
- rubocop (0.61.1 → 0.62.0)
2019-01-05 11:47:55 +01:00
gregoirenovel
0596d53ac2 Enable the Lint/UnusedBlockArgument cop 2019-01-03 10:53:50 +01:00
gregoirenovel
8ffcc16ec5 Avoid EOL ifs 2019-01-03 10:53:50 +01:00
gregoirenovel
7ffe40868b Use parentheses 2019-01-03 10:53:50 +01:00
pedong
ef1c17beaa [Fix #3056] get url api in the environment variable 2018-11-27 14:47:10 +01:00
gregoirenovel
dffd132564 Remove a useless file 2018-11-22 01:51:55 +01:00
Frederic Merizen
d901cb286b [#2180] Bump fog-openstack 2018-11-16 11:11:39 +01:00
Frederic Merizen
6da33f2387 [#2180] Drop fog 2018-11-16 11:11:39 +01:00
Chaïb Martinez
8d02b4dbdf Add Matomo Suivi page 2018-11-08 14:25:37 +01:00
pengfei
7950597bf5 [fix #2858] env api geo 2018-11-06 12:54:01 +01:00
simon lehericey
b00dec4bf6 Conf: storage.apientreprise.fr -> static.demarches-simplifiees.fr 2018-10-25 17:05:22 +02:00
gregoirenovel
fed1f05456 Add CADRE_JURIDIQUE_URL 2018-10-25 14:45:13 +02:00
gregoirenovel
394524b397 Improve the webhook description 2018-10-25 14:45:13 +02:00
gregoirenovel
cfc58000c6 Improve urls.rb 2018-10-25 14:45:13 +02:00
Paul Chavard
7ffbe417f9 Add ApiGeo RPG adapter 2018-10-23 18:13:44 +02:00
Paul Chavard
ed46e2c3be Use Typhoeus in ApiGeo adapter 2018-10-23 18:13:44 +02:00
Chaïb Martinez
535fe6d13a Link directly to the instructeur tutorial in the instructeur email 2018-10-23 11:23:24 +02:00
Chaïb Martinez
796ff972e6 Add a webinaire registration CTA at the end of the admin email 2018-10-23 11:23:24 +02:00
Chaïb Martinez
e8dd6b00bf Link to the admin tutorial instead of the doc 2018-10-23 11:23:24 +02:00
gregoirenovel
442b4a241b Make API_ADRRESSE_URL canonical 2018-10-15 20:55:46 +02:00
gregoirenovel
9156acb839 Use double quotes in urls.rb 2018-10-15 20:55:46 +02:00
gregoirenovel
bf63e7d6ab Use HTTPS for the API Adresse URL 2018-10-15 20:55:46 +02:00
gregoirenovel
a7a6898ce3 Constantize the API Adresse URL 2018-10-15 20:55:46 +02:00
gregoirenovel
f3caa8ef7f Remove apipie (and maruku) 2018-10-09 17:23:07 +02:00
gregoirenovel
a1bab24681 Change the link to the API documentation 2018-10-09 17:23:07 +02:00
gregoirenovel
a171186dd8 Enable Style/TrailingCommaInHashLiteral 2018-10-03 12:03:21 +02:00
gregoirenovel
6eeba14885 Enable Style/WordArray 2018-10-03 12:03:21 +02:00
Mathieu Magnin
5d6f8de5a0 [Fix #1285] Add a custom dictionary for zxcvbn 2018-09-26 09:02:59 +02:00
gregoirenovel
5db408efdb [Fix #1511] Remove the now obsolete DS logo 2018-09-24 12:16:58 +02:00
Pierre de La Morinerie
b4aadf43cd initializers: check that env vars declared in env.example are present
If an environment variable is declared in `config/env.example`, but not
present in the actual environment, the server initialization will raise
an exception.

Empty strings are allowed (because some values are relevant only in
development or production).
2018-09-04 10:20:20 +02:00
gregoirenovel
df742421a8 Remove an env var 2018-09-03 16:13:38 +02:00
Paul Chavard
c67f8dcaaa Add after_party 2018-08-30 11:54:54 +01:00
Paul Chavard
c3e2d61d0a Add helpscout config 2018-08-29 10:41:42 +01:00
gregoirenovel
5085357db9 Improve the formatting of the urls.rb file 2018-08-28 10:44:17 +02:00
gregoirenovel
9284afc649 Use a constant for the API Entreprise URL 2018-08-28 10:44:16 +02:00
gregoirenovel
5f60e204d1 Use parentheses 2018-08-27 09:21:20 +02:00
Paul Chavard
3e23ba5a4f [ENV] Add lograge config 2018-08-23 15:55:32 +02:00
Mathieu Magnin
907f48e148 [ENV] Configure Raven (Sentry) 2018-08-23 15:55:32 +02:00
Paul Chavard
296e3a9b09 [ENV] Add fog config 2018-08-23 15:55:32 +02:00
Mathieu Magnin
db8e750f1a [ENV] Configure Api Entreprise token 2018-08-23 15:55:32 +02:00
Mathieu Magnin
5ff869e1bc [ENV] Add Mailjet conf 2018-08-23 15:55:32 +02:00
Mathieu Magnin
aa0a4cf87f [ENV] Devise config 2018-08-23 15:55:32 +02:00
Mathieu Magnin
9eb48413b5 [ENV] Active storage config in storage.yml 2018-08-23 15:55:31 +02:00
Mathieu Magnin
8934d495e9 [ENV] GH config in secrets.yml 2018-08-23 15:55:31 +02:00
Mathieu Magnin
238d94cdc3 [ENV] France connect particulier config in secrets.yml 2018-08-23 15:55:31 +02:00
gregoirenovel
9c94308209 Enforce a minimum Edge version 2018-08-22 11:20:52 +02:00
gregoirenovel
3d14ae418f Unify the syntax in browser.rb 2018-08-22 11:20:39 +02:00
gregoirenovel
fad18d6173 Update the minimum browsers versions 2018-08-21 18:21:14 +02:00
Paul Chavard
40a1e22cc9 Remove logstasher and add custom job structured logger 2018-08-16 12:26:13 +02:00
Paul Chavard
c7b97073ee Log backtrace on exceptions 2018-08-13 18:32:00 +02:00
Paul Chavard
9de3e6e74b Make info extraction method more safe 2018-08-13 18:32:00 +02:00
simon lehericey
839b7627ac [fix #2387] Rack: increase max multipart number 2018-08-13 17:45:47 +02:00
Paul Chavard
a6a4790a35 Replace logstasher with lograge 2018-08-13 12:44:00 +02:00
simon lehericey
9196a3ef4c Logstasher: remove bugging initializer 2018-08-10 13:07:41 +02:00
Paul Chavard
a0979b1d57 Fix logstasher custom fields 2018-08-07 16:26:44 +02:00
Pierre de La Morinerie
fdbda30877 javascript: transpile compatible JS for all browsers we support 2018-08-06 17:50:10 +02:00
Pierre de La Morinerie
22b83dd67c browsers: enforce IE 11 as the minimum required IE version
This is already documented in the README, but not enforced.
2018-08-06 16:33:10 +02:00
Paul Chavard
3645c56416 Use Chartkick with defer option 2018-08-01 17:02:30 +02:00
Pierre de La Morinerie
956c3fe36c Replace hardcoded phone numbers by a CONTACT_PHONE constant 2018-06-25 11:51:15 +02:00
gregoirenovel
23931a7591 Remove the contact_email locale 2018-06-01 00:00:11 +02:00
gregoirenovel
185f08f63e Add constants for email addresses 2018-06-01 00:00:11 +02:00
gregoirenovel
661010100d [Fix #1536] Remove stringupcasepatch 2018-05-31 11:49:25 +02:00
simon lehericey
569da996d2 [fix #1915] enable devise paranoid mode 2018-05-23 16:11:03 +02:00
simon lehericey
5bd589344e Devise: confirm user email 2018-05-23 15:55:52 +02:00
gregoirenovel
a246181afd Add API_GEO_URL 2018-05-22 19:01:46 +02:00
gregoirenovel
1839269dd9 Add API_CARTO_URL 2018-05-22 18:53:34 +02:00
gregoirenovel
0b35bfffa5 Move constants to urls.rb 2018-05-22 17:35:11 +02:00
gregoirenovel
5757782d29 Fix the mentions legales link 2018-05-22 17:28:17 +02:00
gregoirenovel
a98ab683aa Update FAQ_URL 2018-05-22 17:23:56 +02:00
gregoirenovel
de201fca04 Add FAQ_URL 2018-05-22 17:23:56 +02:00