feat: secure mail link

server/src/jobs/lba_recruteur/formulaire/relanceFormulaire.ts

@@ -71,8 +71,8 @@ export const relanceFormulaire = async (threshold: number /* number of days to e
           job_type: job.job_type,
           job_level_label: job.job_level_label,
           job_start_date: dayjs(job.job_start_date).format("DD/MM/YYYY"),
-          supprimer: createCancelJobLink({ user: contactCFA ?? contactEntreprise, jobId: job._id.toString() }),
-          pourvue: createProvidedJobLink({ user: contactCFA ?? contactEntreprise, jobId: job._id.toString() }),
+          supprimer: createCancelJobLink(contactCFA ?? contactEntreprise, job._id.toString()),
+          pourvue: createProvidedJobLink(contactCFA ?? contactEntreprise, job._id.toString()),
         })),
         threshold,
         url: `${config.publicUrl}/espace-pro/authentification`,

server/src/services/appLinks.service.ts

@@ -85,3 +85,60 @@ export function createCfaUnsubscribeToken(email: string, siret: string) {
     }
   )
 }
+
+export function createCancelJobLink(user: IUserRecruteur, jobId: string) {
+  const token = generateAccessToken(user, [
+    generateScope({
+      schema: zRoutes.put["/formulaire/offre/:jobId/cancel"],
+      options: {
+        params: {
+          jobId: jobId,
+        },
+        querystring: undefined,
+      },
+      resources: {
+        job: [jobId],
+      },
+    }),
+  ])
+
+  return `${config.publicUrl}/espace-pro/offre/${jobId}/cancel?token=${token}`
+}
+
+export function createProvidedJobLink(user: IUserRecruteur, jobId: string) {
+  const token = generateAccessToken(user, [
+    generateScope({
+      schema: zRoutes.put["/formulaire/offre/:jobId/provided"],
+      options: {
+        params: {
+          jobId: jobId,
+        },
+        querystring: undefined,
+      },
+      resources: {
+        job: [jobId],
+      },
+    }),
+  ])
+
+  return `${config.publicUrl}/espace-pro/offre/${jobId}/provided?token=${token}`
+}
+
+export function createViewDelegationLink(email: string, establishment_id: string, job_id: string, siret_formateur: string) {
+  const token = generateAccessToken({ type: "cfa", email, siret: siret_formateur }, [
+    generateScope({
+      schema: zRoutes.get["/formulaire/delegation/:establishment_id"],
+      options: {
+        params: {
+          establishment_id: establishment_id,
+        },
+        querystring: undefined,
+      },
+      resources: {
+        recruiter: [establishment_id],
+      },
+    }),
+  ])
+
+  return `${config.publicUrl}/espace-pro/proposition/formulaire/${establishment_id}/offre/${job_id}/siret/${siret_formateur}?token=${token}`
+}

server/src/services/formulaire.service.ts

@@ -11,7 +11,7 @@ import { Recruiter, UnsubscribeOF } from "../common/model/index"
 import { asyncForEach } from "../common/utils/asyncUtils"
 import config from "../config"
 
-import { createCfaUnsubscribeToken } from "./appLinks.service"
+import { createCfaUnsubscribeToken, createViewDelegationLink } from "./appLinks.service"
 import { getCatalogueEtablissements, getCatalogueFormations } from "./catalogue.service"
 import dayjs from "./dayjs.service"
 import { getEtablissement, sendEmailConfirmationEntreprise } from "./etablissement.service"

ui/pages/espace-pro/offre/[jobId]/[option].tsx

@@ -9,7 +9,7 @@ import { cancelOffre, fillOffre } from "../../../../utils/api"
 
 export default function MailActionsOnOffre() {
   const router = useRouter()
-  const { jobId, option } = router.query
+  const { jobId, option, token } = router.query
   const [result, setResult] = useState("")
 
   const error = () => {
@@ -19,15 +19,15 @@ export default function MailActionsOnOffre() {
   useEffect(() => {
     if (jobId && option) {
       if (option === "cancel") {
-        cancelOffre(jobId)
+        cancelOffre(jobId, token)
           .then(() => {
             setResult("ok")
           })
           .catch(() => error())
       }
 
       if (option === "provided") {
-        fillOffre(jobId)
+        fillOffre(jobId, token)
           .then(() => {
             setResult("ok")
           })

ui/utils/api.ts

@@ -37,11 +37,11 @@ export const archiveDelegatedFormulaire = (siret: string) => API.delete(`/formul
 export const getOffre = (jobId) => API.get(`/formulaire/offre/f/${jobId}`)
 export const createOffre = (establishment_id: string, newOffre: IJobWritable) => apiPost("/formulaire/:establishment_id/offre", { params: { establishment_id }, body: newOffre })
 export const patchOffreDelegation = (jobId, data, config) => API.patch(`/formulaire/offre/${jobId}/delegation`, data, config).catch(errorHandler)
-export const cancelOffre = (jobId) => API.put(`/formulaire/offre/${jobId}/cancel`)
+export const cancelOffre = (jobId, token) => apiPut(`/formulaire/offre/:jobId/cancel`, { params: { jobId }, headers: { authorization: `Bearer ${token}` } })
 export const cancelOffreFromAdmin = (jobId: string, data: IRoutes["put"]["/formulaire/offre/f/:jobId/cancel"]["body"]["_input"]) =>
   apiPut("/formulaire/offre/f/:jobId/cancel", { params: { jobId }, body: data })
 export const extendOffre = (jobId: string) => apiPut(`/formulaire/offre/:jobId/extend`, { params: { jobId } })
-export const fillOffre = (jobId) => API.put(`/formulaire/offre/${jobId}/provided`)
+export const fillOffre = (jobId, token) => apiPut(`/formulaire/offre/:jobId/provided`, { params: { jobId }, headers: { authorization: `Bearer ${token}` } })
 export const createEtablissementDelegation = ({ data, jobId }: { jobId: string; data: INewDelegations }) =>
   apiPost(`/formulaire/offre/:jobId/delegation`, { params: { jobId }, body: data })