Skip to content

Commit

Permalink
Merge branch 'main' into refactor-access-token-generation
Browse files Browse the repository at this point in the history
  • Loading branch information
@remy-auricoste
remy-auricoste committed Nov 15, 2023
2 parents 124542a + c10da68 commit 0310f53
Show file tree
Hide file tree
Showing 41 changed files with 358 additions and 330 deletions.
6 changes: 6 additions & 0 deletions .github/CODEOWNERS
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.github/ @mission-apprentissage/mna
.infra/ @mission-apprentissage/mna
.bin/ @mission-apprentissage/mna
server/ @mission-apprentissage/lba
ui/ @mission-apprentissage/lba
shared/ @mission-apprentissage/lba
7 changes: 4 additions & 3 deletions .talismanrc
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
fileignoreconfig:
- filename: .bin/scripts/deploy-log-decrypt.sh
checksum: b9c969e31cc620084c9a3d97637d509a821c542dba236f96dc799beff4b66648
- filename: .bin/scripts/deploy-log-encrypt.sh
- filename: shared/routes/user.routes.ts
checksum: 9c972cfd3950e5a3ab026fe54ba05448af4c0a9362888d5107d3b3ab76311c41
version: ""
name: .bin/scripts/deploy-log-encrypt.sh
checksum: 8ebe245e2a3719defc295d0de3d02c42e2cb82cb2ecc9507ce0dd4273a428e5e
- filename: .bin/scripts/setup-local-env.sh
checksum: d0d72057a483d2988bc7fefec7f7a7e16abdb2db058b1df2d186e34459c4ba23
Expand Down
3 changes: 2 additions & 1 deletion server/src/common/model/schema/userRecruteur/usersRecruteur.schema.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { IUserRecruteur, IUserStatusValidation } from "shared"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { ETAT_UTILISATEUR, VALIDATION_UTILISATEUR } from "../../../../services/constant.service"
import { VALIDATION_UTILISATEUR } from "../../../../services/constant.service"
import { model, Schema } from "../../../mongodb"
import { mongoosePagination, Pagination } from "../_shared/mongoose-paginate"

Expand Down
3 changes: 2 additions & 1 deletion server/src/http/routes/auth/login.controller.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import Boom from "boom"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"
import { toPublicUser, zRoutes } from "shared/index"

import { getStaticFilePath } from "@/common/utils/getStaticFilePath"
Expand All @@ -7,7 +8,7 @@ import { createAuthMagicLink } from "@/services/appLinks.service"

import { startSession, stopSession } from "../../../common/utils/session.service"
import config from "../../../config"
import { CFA, ENTREPRISE, ETAT_UTILISATEUR } from "../../../services/constant.service"
import { CFA, ENTREPRISE } from "../../../services/constant.service"
import { sendUserConfirmationEmail } from "../../../services/etablissement.service"
import mailer from "../../../services/mailer.service"
import { getUser, getUserStatus, registerUser } from "../../../services/userRecruteur.service"
Expand Down
4 changes: 2 additions & 2 deletions server/src/http/routes/etablissementRecruteur.controller.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import Boom from "boom"
import { IUserRecruteur, toPublicUser, zRoutes } from "shared"
import { BusinessErrorCodes } from "shared/constants/errorCodes"
import { RECRUITER_STATUS } from "shared/constants/recruteur"
import { ETAT_UTILISATEUR, RECRUITER_STATUS } from "shared/constants/recruteur"

import { Recruiter, UserRecruteur } from "@/common/model"
import { startSession } from "@/common/utils/session.service"
Expand All @@ -10,7 +10,7 @@ import { getUserFromRequest } from "@/security/authenticationService"
import { getAllDomainsFromEmailList, getEmailDomain, isEmailFromPrivateCompany, isUserMailExistInReferentiel } from "../../common/utils/mailUtils"
import { notifyToSlack } from "../../common/utils/slackUtils"
import { getNearEtablissementsFromRomes } from "../../services/catalogue.service"
import { CFA, ENTREPRISE, ETAT_UTILISATEUR } from "../../services/constant.service"
import { CFA, ENTREPRISE } from "../../services/constant.service"
import {
entrepriseOnboardingWorkflow,
etablissementUnsubscribeDemandeDelegation,
Expand Down
5 changes: 3 additions & 2 deletions server/src/http/routes/user.controller.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import Boom from "boom"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"
import { IJob, getUserStatus, zRoutes } from "shared/index"

import { stopSession } from "@/common/utils/session.service"

import { Recruiter, UserRecruteur } from "../../common/model/index"
import { getStaticFilePath } from "../../common/utils/getStaticFilePath"
import config from "../../config"
import { ENTREPRISE, ETAT_UTILISATEUR, RECRUITER_STATUS } from "../../services/constant.service"
import { ENTREPRISE, RECRUITER_STATUS } from "../../services/constant.service"
import { activateEntrepriseRecruiterForTheFirstTime, deleteFormulaire, getFormulaire, reactivateRecruiter } from "../../services/formulaire.service"
import mailer from "../../services/mailer.service"
import { getUserAndRecruitersDataForOpcoUser } from "../../services/user.service"
Expand Down Expand Up @@ -211,7 +212,7 @@ export default (server: Server) => {
"/user/:userId/history",
{
schema: zRoutes.put["/user/:userId/history"],
preHandler: [],
onRequest: [server.auth(zRoutes.put["/user/:userId/history"])],
},
async (req, res) => {
const history = req.body
Expand Down
3 changes: 2 additions & 1 deletion server/src/jobs/jobs.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { createMongoDBIndexes } from "@/common/model"
import { IInternalJobsCronTask, IInternalJobsSimple } from "@/common/model/schema/internalJobs/internalJobs.types"
import { create as createMigration, status as statusMigration, up as upMigration } from "@/jobs/migrations/migrations"
import { ETAT_UTILISATEUR } from "@/services/constant.service"

import { getLoggerWithContext } from "../common/logger"
import config from "../config"
Expand Down
4 changes: 3 additions & 1 deletion server/src/jobs/lba_recruteur/formulaire/misc/UpdateEmailToLowerCase.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { logger } from "../../../../common/logger"
import { Recruiter, UserRecruteur } from "../../../../common/model/index"
import { asyncForEach } from "../../../../common/utils/asyncUtils"
import { ETAT_UTILISATEUR, RECRUITER_STATUS, VALIDATION_UTILISATEUR } from "../../../../services/constant.service"
import { RECRUITER_STATUS, VALIDATION_UTILISATEUR } from "../../../../services/constant.service"
import { runScript } from "../../../scriptWrapper"

function hasUpperCase(str) {
Expand Down
2 changes: 1 addition & 1 deletion server/src/jobs/lba_recruteur/opco/relanceOpco.ts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
import { IUserRecruteur } from "shared"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { getStaticFilePath } from "@/common/utils/getStaticFilePath"

import { UserRecruteur } from "../../../common/model/index"
import { asyncForEach } from "../../../common/utils/asyncUtils"
import config from "../../../config"
import { ETAT_UTILISATEUR } from "../../../services/constant.service"
import mailer from "../../../services/mailer.service"

/**
Expand Down
3 changes: 2 additions & 1 deletion server/src/jobs/lba_recruteur/user/misc/updateMissingActivationState.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import Boom from "boom"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { logger } from "../../../../common/logger"
import { UserRecruteur } from "../../../../common/model/index"
import { asyncForEach } from "../../../../common/utils/asyncUtils"
import { notifyToSlack } from "../../../../common/utils/slackUtils"
import { ENTREPRISE, ETAT_UTILISATEUR } from "../../../../services/constant.service"
import { ENTREPRISE } from "../../../../services/constant.service"
import { autoValidateCompany } from "../../../../services/etablissement.service"
import { activateEntrepriseRecruiterForTheFirstTime, getFormulaire } from "../../../../services/formulaire.service"
import { sendWelcomeEmailToUserRecruteur, updateUser } from "../../../../services/userRecruteur.service"
Expand Down
3 changes: 2 additions & 1 deletion server/src/jobs/lba_recruteur/user/misc/updateSiretInfosInError.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import Boom from "boom"
import { JOB_STATUS, type IUserRecruteur } from "shared"
import { ETAT_UTILISATEUR, RECRUITER_STATUS } from "shared/constants/recruteur"

import { logger } from "../../../../common/logger"
import { Recruiter, UserRecruteur } from "../../../../common/model/index"
import { asyncForEach } from "../../../../common/utils/asyncUtils"
import { sentryCaptureException } from "../../../../common/utils/sentryUtils"
import { notifyToSlack } from "../../../../common/utils/slackUtils"
import { CFA, ENTREPRISE, ETAT_UTILISATEUR, RECRUITER_STATUS } from "../../../../services/constant.service"
import { CFA, ENTREPRISE } from "../../../../services/constant.service"
import { autoValidateCompany, getEntrepriseDataFromSiret, sendEmailConfirmationEntreprise } from "../../../../services/etablissement.service"
import { activateEntrepriseRecruiterForTheFirstTime, archiveFormulaire, getFormulaire, sendMailNouvelleOffre, updateFormulaire } from "../../../../services/formulaire.service"
import { autoValidateUser, deactivateUser, getUser, setUserInError, updateUser } from "../../../../services/userRecruteur.service"
Expand Down
21 changes: 21 additions & 0 deletions server/src/services/appLinks.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,3 +64,24 @@ export function createOptoutValidateMagicLink(email: string, siret: string) {
)
return `${config.publicUrl}/espace-pro/authentification/optout/verification?token=${encodeURIComponent(token)}`
}

export function createCfaUnsubscribeToken(email: string, siret: string) {
return generateAccessToken(
{ type: "cfa", email, siret },
[
{
schema: zRoutes.post["/etablissement/:establishment_siret/proposition/unsubscribe"],
options: {
params: {
establishment_siret: siret,
},
querystring: undefined,
},
resources: {},
},
],
{
expiresIn: "30d",
}
)
}
6 changes: 0 additions & 6 deletions server/src/services/constant.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ export enum VALIDATION_UTILISATEUR {
MANUAL = "MANUELLE",
}
export const ENTREPRISE_DELEGATION = "ENTREPRISE_DELEGATION"
export enum ETAT_UTILISATEUR {
VALIDE = "VALIDÉ",
DESACTIVE = "DESACTIVÉ",
ATTENTE = "EN ATTENTE DE VALIDATION",
ERROR = "ERROR",
}

export const ADMIN = "ADMIN"
export const ENTREPRISE = "ENTREPRISE"
Expand Down
3 changes: 2 additions & 1 deletion server/src/services/etablissement.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import Boom from "boom"
import type { FilterQuery } from "mongoose"
import { IEtablissement, ILbaCompany, IRecruiter, IReferentielData, IUserRecruteur } from "shared"
import { BusinessErrorCodes } from "shared/constants/errorCodes"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { getStaticFilePath } from "@/common/utils/getStaticFilePath"
import { getHttpClient } from "@/common/utils/httpUtils"
Expand All @@ -16,7 +17,7 @@ import config from "../config"
import { createValidationMagicLink } from "./appLinks.service"
import { validationOrganisation } from "./bal.service"
import { getCatalogueEtablissements } from "./catalogue.service"
import { CFA, ENTREPRISE, ETAT_UTILISATEUR, RECRUITER_STATUS } from "./constant.service"
import { CFA, ENTREPRISE, RECRUITER_STATUS } from "./constant.service"
import dayjs from "./dayjs.service"
import {
IAPIAdresse,
Expand Down
6 changes: 4 additions & 2 deletions server/src/services/formulaire.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import Boom from "boom"
import type { ObjectId } from "mongodb"
import type { FilterQuery, ModelUpdateOptions, UpdateQuery } from "mongoose"
import { IDelegation, IJob, IJobWritable, IRecruiter, IUserRecruteur, JOB_STATUS } from "shared"
import { ETAT_UTILISATEUR, RECRUITER_STATUS } from "shared/constants/recruteur"

import { getRomeDetailsFromAPI } from "@/common/apis/Pe"
import { getStaticFilePath } from "@/common/utils/getStaticFilePath"
Expand All @@ -10,8 +11,8 @@ import { Recruiter, UnsubscribeOF } from "../common/model/index"
import { asyncForEach } from "../common/utils/asyncUtils"
import config from "../config"

import { createCfaUnsubscribeToken } from "./appLinks.service"
import { getCatalogueEtablissements, getCatalogueFormations } from "./catalogue.service"
import { ETAT_UTILISATEUR, RECRUITER_STATUS } from "./constant.service"
import dayjs from "./dayjs.service"
import { getEtablissement, sendEmailConfirmationEntreprise } from "./etablissement.service"
import mailer from "./mailer.service"
Expand Down Expand Up @@ -543,6 +544,7 @@ export const getJob = async (id: string | ObjectId): Promise<IJob | null> => {
*/
export async function sendDelegationMailToCFA(email: string, offre: IJob, recruiter: IRecruiter, siret_code: string) {
const unsubscribeOF = await UnsubscribeOF.findOne({ establishment_siret: siret_code })
const unsubscribeToken = createCfaUnsubscribeToken(email, siret_code)
if (unsubscribeOF) return
await mailer.sendEmail({
to: email,
Expand All @@ -561,7 +563,7 @@ export async function sendDelegationMailToCFA(email: string, offre: IJob, recrui
rhythm: offre.job_rythm,
offerButton: `${config.publicUrl}/espace-pro/proposition/formulaire/${recruiter.establishment_id}/offre/${offre._id}/siret/${siret_code}`,
createAccountButton: `${config.publicUrl}/espace-pro/creation/cfa`,
unsubscribeUrl: `${config.publicUrl}/espace-pro/proposition/formulaire/${recruiter.establishment_id}/offre/${offre._id}/siret/${siret_code}/unsubscribe`,
unsubscribeUrl: `${config.publicUrl}/espace-pro/proposition/formulaire/${recruiter.establishment_id}/offre/${offre._id}/siret/${siret_code}/unsubscribe?token=${unsubscribeToken}`,
},
})
}
Expand Down
6 changes: 3 additions & 3 deletions server/src/services/user.service.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
import type { FilterQuery } from "mongoose"
import { IRecruiter, IUserRecruteur } from "shared"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { Recruiter, User, UserRecruteur } from "../common/model/index"
import { IUser } from "../common/model/schema/user/user.types"
import * as sha512Utils from "../common/utils/sha512Utils"

import { ETAT_UTILISATEUR } from "./constant.service"

/**
* @description Hash password
* @param {User} user
Expand Down Expand Up @@ -131,7 +130,7 @@ const changePassword = async (username: string, newPassword: string) => {

type IUserRecruterPicked = Pick<
IUserRecruteur,
"_id" | "first_name" | "last_name" | "establishment_id" | "establishment_raison_sociale" | "establishment_siret" | "createdAt" | "email" | "phone"
"_id" | "first_name" | "last_name" | "establishment_id" | "establishment_raison_sociale" | "establishment_siret" | "createdAt" | "email" | "phone" | "type"
>

type TReturnedType = {
Expand All @@ -158,6 +157,7 @@ const getUserAndRecruitersDataForOpcoUser = async (opco: string): Promise<TRetur
email: 1,
phone: 1,
status: 1,
type: 1,
})
.lean(),
Recruiter.find({ opco }).select({ establishment_id: 1, origin: 1, jobs: 1, _id: 0 }).lean(),
Expand Down
3 changes: 2 additions & 1 deletion server/src/services/userRecruteur.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@ import { randomUUID } from "crypto"
import Boom from "boom"
import type { FilterQuery, ModelUpdateOptions, UpdateQuery } from "mongoose"
import { IUserRecruteur, IUserRecruteurWritable, IUserStatusValidation } from "shared"
import { ETAT_UTILISATEUR } from "shared/constants/recruteur"

import { getStaticFilePath } from "@/common/utils/getStaticFilePath"

import { UserRecruteur } from "../common/model/index"
import config from "../config"

import { createAuthMagicLink } from "./appLinks.service"
import { CFA, ENTREPRISE, ETAT_UTILISATEUR, VALIDATION_UTILISATEUR, ADMIN } from "./constant.service"
import { CFA, ENTREPRISE, VALIDATION_UTILISATEUR, ADMIN } from "./constant.service"
import mailer from "./mailer.service"

/**
Expand Down
1 change: 1 addition & 0 deletions shared/models/usersRecruteur.model.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ export const zReferentielData = z
export type IReferentielData = z.output<typeof zReferentielData>

export type IUserStatusValidation = z.output<typeof ZUserStatusValidation>
export type IUserStatusValidationJson = Jsonify<z.input<typeof ZUserStatusValidation>>
export type IUserRecruteur = z.output<typeof ZUserRecruteur>
export type IUserRecruteurWritable = z.output<typeof ZUserRecruteurWritable>
export type IUserRecruteurJson = Jsonify<z.input<typeof ZUserRecruteur>>
Expand Down
5 changes: 0 additions & 5 deletions shared/routes/etablissement.routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,11 @@ export const zEtablissementRoutes = {
premium_refusal_date: true,
}).strict(),
},
// TODO SHOULD HAVE AUTH ???? Jwt at least
securityScheme: null,
},
},
post: {
"/etablissements/:id/premium/affelnet/accept": {
// TODO_SECURITY_FIX ajouter un jwt
method: "post",
path: "/etablissements/:id/premium/affelnet/accept",
params: z.object({ id: zObjectId }).strict(),
Expand All @@ -82,7 +80,6 @@ export const zEtablissementRoutes = {
"/etablissements/:id/premium/accept": {
method: "post",
path: "/etablissements/:id/premium/accept",
// TODO_SECURITY_FIX ajouter un jwt
params: z.object({ id: zObjectId }).strict(),
response: {
"2xx": ZEtablissement,
Expand All @@ -92,7 +89,6 @@ export const zEtablissementRoutes = {
"/etablissements/:id/premium/affelnet/refuse": {
method: "post",
path: "/etablissements/:id/premium/affelnet/refuse",
// TODO_SECURITY_FIX ajouter un jwt
params: z.object({ id: zObjectId }).strict(),
response: {
"2xx": ZEtablissement,
Expand All @@ -102,7 +98,6 @@ export const zEtablissementRoutes = {
"/etablissements/:id/premium/refuse": {
method: "post",
path: "/etablissements/:id/premium/refuse",
// TODO_SECURITY_FIX ajouter un jwt
params: z.object({ id: zObjectId }).strict(),
response: {
"2xx": ZEtablissement,
Expand Down
1 change: 0 additions & 1 deletion shared/routes/recruiters.routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,6 @@ export const zRecruiterRoutes = {
"/etablissement/:establishment_siret/proposition/unsubscribe": {
method: "post",
path: "/etablissement/:establishment_siret/proposition/unsubscribe",
// TODO_SECURITY_FIX jwt
params: z.object({ establishment_siret: extensions.siret }).strict(),
response: {
"2xx": z
Expand Down
14 changes: 9 additions & 5 deletions shared/routes/user.routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ export const zUserRecruteurRoutes = {
},
securityScheme: {
auth: "cookie-session",
access: "recruiter:manage",
access: "user:manage",
ressources: {
user: [
{
Expand Down Expand Up @@ -157,7 +157,6 @@ export const zUserRecruteurRoutes = {
"/user/:userId": {
method: "put",
path: "/user/:userId",
// TODO_SECURITY_FIX session et cookie + permissions
params: z.object({ userId: zObjectId }).strict(),
body: ZUserRecruteurWritable.pick({
last_name: true,
Expand All @@ -174,7 +173,7 @@ export const zUserRecruteurRoutes = {
},
securityScheme: {
auth: "cookie-session",
access: "recruiter:manage",
access: "user:manage",
ressources: {
user: [{ _id: { type: "params", key: "userId" } }],
},
Expand All @@ -197,7 +196,6 @@ export const zUserRecruteurRoutes = {
"/user/:userId/history": {
method: "put",
path: "/user/:userId/history",
// TODO_SECURITY_FIX session et cookie + permissions + role
params: z.object({ userId: zObjectId }).strict(),
body: ZUserStatusValidation.pick({
validation_type: true,
Expand All @@ -210,7 +208,13 @@ export const zUserRecruteurRoutes = {
"200": z.any(),
// "200": ZUserRecruteur,
},
securityScheme: null,
securityScheme: {
auth: "cookie-session",
access: "user:manage",
ressources: {
user: [{ _id: { type: "params", key: "userId" } }],
},
},
},
},
delete: {
Expand Down
Loading

0 comments on commit 0310f53

Please sign in to comment.