Merge branch 'main' into feat-lbac-1688-securisation-lien-mail-candidat

mission-apprentissage · Dec 13, 2023 · c52ef05 · c52ef05
2 parents 15bc3ed + f016b2d
commit c52ef05
Show file tree

Hide file tree

Showing 48 changed files with 965 additions and 600 deletions.
diff --git a/.bin/scripts/release-app.sh b/.bin/scripts/release-app.sh
@@ -11,4 +11,4 @@ fi
 readonly next_version="${1}"
 readonly mode=${2:-$defaultMode}
 
-"$ROOT_DIR/.bin/scripts/build-images.sh" $next_version $mode production recette
+"$ROOT_DIR/.bin/scripts/build-images.sh" $next_version $mode production recette pentest
diff --git a/.bin/scripts/seed-apply.sh b/.bin/scripts/seed-apply.sh
@@ -16,7 +16,7 @@ readonly SEED_GZ="$ROOT_DIR/.infra/files/configs/mongodb/seed.gz"
 readonly PASSPHRASE="$ROOT_DIR/.bin/SEED_PASSPHRASE.txt"
 readonly VAULT_FILE="${ROOT_DIR}/.infra/vault/vault.yml"
 
-read -p "La base de donnée va etre écraser, voulez vous continuer ? [y/N]: " response
+read -p "La base de donnée va être écrasée, voulez vous continuer ? [y/N]: " response
 case $response in
   [yY][eE][sS]|[yY])
     ;;

diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml
@@ -9,6 +9,7 @@ on:
         options:
           - production
           - recette
+          - pentest
       app_version:
         description: app version
         type: string

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -128,6 +128,21 @@ jobs:
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
       VAULT_PWD: ${{ secrets.VAULT_PWD }}
 
+  deploy-pentest:
+    concurrency:
+      group: "deploy-pentest-${{ github.workflow }}-${{ github.ref }}"
+    needs: ["release"]
+    name: Deploy ${{ needs.release.outputs.VERSION }} on pentest
+    uses: "./.github/workflows/_deploy.yml"
+    with:
+      environment: pentest
+      app_version: ${{ needs.release.outputs.VERSION }}
+    secrets:
+      DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
+      DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      VAULT_PWD: ${{ secrets.VAULT_PWD }}
+
   cypress:
     needs: ["deploy"]
     uses: "./.github/workflows/cypress.yml"

diff --git a/.infra/env.ini b/.infra/env.ini
@@ -17,6 +17,14 @@ alias_dns_name=lba-recette.apprentissage.beta.gouv.fr
 host_name=lba-recette
 env_type=recette
 
+[pentest]
+51.77.156.231
+[pentest:vars]
+dns_name=labonnealternance-pentest.apprentissage.beta.gouv.fr
+alias_dns_name=lba-pentest.apprentissage.beta.gouv.fr
+host_name=lba-pentest
+env_type=pentest
+
 [preview]
 146.59.199.41
 [preview:vars]

diff --git a/.infra/files/configs/metabase/setup-metabase.sh b/.infra/files/configs/metabase/setup-metabase.sh
@@ -33,7 +33,7 @@ curl -sS --retry 5 --retry-all-errors https://{{dns_name}}/metabase/api/setup \
         \"schedules\": {},
         \"details\": {
             \"use-conn-uri\": true,
-            \"conn-uri\": \"{{ vault[env_type].LBA_METABASE_URI }}\",
+            \"conn-uri\": \"{{ vault[env_type].LBA_METABASE_MONGODB_URI }}\",
             \"tunnel-enabled\": false,
             \"advanced-options\": true,
             \"ssl\": true

diff --git a/.infra/vault/vault.yml b/.infra/vault/vault.yml
diff --git a/.talismanrc b/.talismanrc
@@ -6,7 +6,9 @@ fileignoreconfig:
 - filename: .bin/scripts/setup-local-env.sh
   checksum: 47323f5183f73a794449666a816d5b797c7a5ed4c7ad219c3c885a57e2fcf1e9
 - filename: .github/workflows/release.yml
-  checksum: 694b85290832914912327d8aac141c4bccc4a18e301d7343b8a6c4471e4ad065
+  checksum: 872bbf42d5b8bd22f900fff9eb6e907abbbeec5ee70f988563c4b6bb315e3f3d
+- filename: .infra/env.ini
+  checksum: ecfc738f90046a14cf076ce52116ec4345d7613d27584c91d0b5830e98ea38f2
 - filename: .infra/files/configs/mongodb/mongod.conf
   checksum: 718bee5f44edc101636be8f11173ede5b728f2858abc3c26466ff9435f0d11de
 - filename: .infra/files/configs/mongodb/seed.gpg
@@ -16,7 +18,7 @@ fileignoreconfig:
 - filename: .infra/local/mongod.conf
   checksum: bb2ce0c27102259a5fa39da1fb4460af9ad6ad58adc715312e53dcd69c8e6be7
 - filename: .infra/vault/vault.yml
-  checksum: 136cba643cbfdfc04f35cd171fe488ad2836261ae88201b6f344b6edbb77d3ef
+  checksum: 6d1c44cc300df8268ccc4f083f99f1e6144d105c6fee3a50d4d339995b02d2ef
 - filename: docker-compose.yml
   checksum: 8cdd1da6c1155f26b417a27e26311d4f00b7d8bd6c21f1f86c1c7cb3f0599e6a
 - filename: server/.env.test
@@ -34,7 +36,7 @@ fileignoreconfig:
 - filename: server/src/http/routes/auth/password.controller.ts
   checksum: 0eb3948d875508edf6d31f0ffe1290aac0cc02c9c80c913bcb04a312edd062cc
 - filename: server/src/jobs/database/obfuscateCollections.ts
-  checksum: 2f71fedd1c4d31b429734a2364368d6edff84f3957cbaebd278def85196f6c6d
+  checksum: 73482f9b75b3ca47c3bc9377ce4d4e03f4ba21a351986c0ca8ae17382a5263e3
 - filename: server/src/jobs/job.actions.ts
   checksum: d716e214d828109181a138f0ae253d5489a3c544b2625917b458d1e07886c408
 - filename: server/src/jobs/lba_recruteur/formulaire/misc/removeVersionKeyFromRecruiters.ts
@@ -53,6 +55,8 @@ fileignoreconfig:
   checksum: 58153e7e57ef450bfbf061f322cd8b7643dba12513b183194b4eafdb166f58d3
 - filename: server/tests/unit/security/authorisationService.test.ts
   checksum: 581074420be582973bbfcdfafe1f700ca32f56e331911609cdc1cb2fb2626383
+- filename: server/tests/unit/util.test.ts
+  checksum: f248ec16629759106d43b02aafc092d55316aeb147dd75fa44f4acc990b4ece0
 - filename: shared/constants/recruteur.ts
   checksum: 28af032d2eb26aec7dd3bb1d32253f992a036626c36a92eb1e7ff07599fd0b2b
 - filename: shared/helpers/generateUri.ts

diff --git a/docker-bake.json b/docker-bake.json
@@ -14,6 +14,9 @@
     "preview": {
       "targets": ["server", "ui-preview"]
     },
+    "pentest": {
+      "targets": ["server", "ui-pentest"]
+    },
     "local": {
       "targets": ["server", "ui-local"]
     }
@@ -43,7 +46,7 @@
     "ui": {
       "inherits": ["common"],
       "matrix": {
-        "ENV": ["production", "recette", "preview", "local"]
+        "ENV": ["production", "recette", "pentest", "preview", "local"]
       },
       "name": "ui-${ENV}",
       "args": {

diff --git a/server/src/commands.ts b/server/src/commands.ts
@@ -539,6 +539,12 @@ program
   .option("-q, --queued", "Run job asynchronously", false)
   .action(createJobAction("recruiters:job-type:fix"))
 
+program
+  .command("fix-applications")
+  .description("Répare les adresses emails comportant des caractères erronés dans la collection applications")
+  .option("-q, --queued", "Run job asynchronously", false)
+  .action(createJobAction("fix-applications"))
+
 program
   .command("fix-data-validation-recruiters")
   .description("Répare les data de la collection recruiters")

diff --git a/server/src/common/model/schema/diplomesmetiers/diplomesmetiers.types.ts b/server/src/common/model/schema/diplomesmetiers/diplomesmetiers.types.ts
@@ -2,7 +2,7 @@ interface IDiplomesMetiers {
   intitule_long: string
   codes_romes: string[]
   codes_rncps: string[]
-  acronymes_intitule: string[]
+  acronymes_intitule: string
   created_at: Date
   last_update_at: Date
 }

diff --git a/server/src/common/model/schema/unsubscribedLbaCompany/unsubscribedLbaCompany.schema.ts b/server/src/common/model/schema/unsubscribedLbaCompany/unsubscribedLbaCompany.schema.ts
@@ -3,9 +3,21 @@ import { IUnsubscribedLbaCompany } from "shared"
 import { model, Schema } from "../../../mongodb.js"
 import { lbaCompanySchema } from "../lbaCompany/lbaCompany.schema.js"
 
+const { siret, raison_sociale, enseigne, naf_code, naf_label, rome_codes, insee_city_code, zip_code, city, company_size, created_at, last_update_at } = lbaCompanySchema.obj
 const unsubscribedLbaCompanySchema = new Schema<IUnsubscribedLbaCompany>(
   {
-    ...lbaCompanySchema.obj,
+    siret,
+    raison_sociale,
+    enseigne,
+    naf_code,
+    naf_label,
+    rome_codes,
+    insee_city_code,
+    zip_code,
+    city,
+    company_size,
+    created_at,
+    last_update_at,
     unsubscribe_date: {
       type: Date,
       default: Date.now,

diff --git a/server/src/common/utils/sendTrackingEvent.ts b/server/src/common/utils/sendTrackingEvent.ts
@@ -1,13 +1,15 @@
+import { ZApiCallNew } from "shared/models"
+
 import { ApiCalls } from "../model/index"
 
 import { sentryCaptureException } from "./sentryUtils"
 
 const trackApiCall = async ({
   caller,
   api_path,
-  training_count,
-  job_count,
-  result_count,
+  training_count = 0,
+  job_count = 0,
+  result_count = 0,
   response,
 }: {
   caller: string
@@ -18,15 +20,16 @@ const trackApiCall = async ({
   result_count?: number
 }) => {
   try {
-    const apiCall = new ApiCalls({
+    const apiCallParams = {
       caller,
       api_path,
       training_count,
       job_count,
       result_count,
       response,
-    })
+    }
 
+    const apiCall = new ApiCalls(ZApiCallNew.parse(apiCallParams))
     await apiCall.save()
   } catch (err) {
     sentryCaptureException(err)

diff --git a/server/src/config.ts b/server/src/config.ts
@@ -3,7 +3,7 @@ import env from "env-var"
 const config = {
   version: env.get("PUBLIC_VERSION").required().asString(),
   port: env.get("LBA_SERVER_PORT").required().asPortNumber(),
-  env: env.get("LBA_ENV").required().asEnum(["local", "recette", "production", "preview"]),
+  env: env.get("LBA_ENV").required().asEnum(["local", "recette", "pentest", "production", "preview"]),
   publicUrl: env.get("LBA_PUBLIC_URL").required().asString(),
   outputDir: env.get("LBA_OUTPUT_DIR").required().asString(),
   formationsEndPoint: "/api/v1/entity/formations",

diff --git a/server/src/db/migrations/20231120000000-cleaning_applications.ts b/server/src/db/migrations/20231120000000-cleaning_applications.ts
@@ -0,0 +1,31 @@
+import { Db } from "mongodb"
+
+import { logger } from "@/common/logger"
+
+export const up = async (db: Db) => {
+  await db.collection("applications").updateMany(
+    { company_naf: null },
+    { $set: { company_naf: "" } },
+    {
+      // @ts-expect-error bypassDocumentValidation is not properly set in @types/mongodb
+      bypassDocumentValidation: true,
+    }
+  )
+
+  await db.collection("applications").updateMany(
+    { job_title: null },
+    { $set: { job_title: "" } },
+    {
+      // @ts-expect-error bypassDocumentValidation is not properly set in @types/mongodb
+      bypassDocumentValidation: true,
+    }
+  )
+
+  // removing unreachable lbacompanies
+  await db.collection("bonnesboites").deleteMany({ naf_label: null })
+
+  // removing buggy line
+  await db.collection("domainesmetiers").deleteMany({ domaine: null })
+
+  logger.info("20231120000000-cleaning_applications")
+}
diff --git a/server/src/db/migrations/20231211000000-trim-unsubscribed-lbacompanies.ts b/server/src/db/migrations/20231211000000-trim-unsubscribed-lbacompanies.ts
@@ -0,0 +1,34 @@
+import { Db } from "mongodb"
+
+import { logger } from "@/common/logger"
+
+export const up = async (db: Db) => {
+  await db.collection("unsubscribedbonnesboites").dropIndex("opco_1")
+  await db.collection("unsubscribedbonnesboites").dropIndex("opco_short_name_1")
+  await db.collection("unsubscribedbonnesboites").dropIndex("opco_url_1")
+  await db.collection("unsubscribedbonnesboites").updateMany(
+    {},
+    {
+      $unset: {
+        username: "",
+        email: "",
+        phone: "",
+        geo_coordinates: "",
+        recruitment_potential: "",
+        street_number: "",
+        street_name: "",
+        website: "",
+        algorithm_origin: "",
+        opco: "",
+        opco_short_name: "",
+        opco_url: "",
+      },
+    },
+    {
+      // @ts-expect-error bypassDocumentValidation is not properly set in @types/mongodb
+      bypassDocumentValidation: true,
+    }
+  )
+
+  logger.info("20231211000000-trim-unsubscribed-lbacompanies")
+}
diff --git a/server/src/http/routes/unsubscribeLbaCompany.controller.ts b/server/src/http/routes/unsubscribeLbaCompany.controller.ts
@@ -35,8 +35,22 @@ export default function (server: Server) {
       } else if (lbaCompaniesToUnsubscribe.length > 1) {
         result = UNSUBSCRIBE_EMAIL_ERRORS.ETABLISSEMENTS_MULTIPLES
       } else {
+        const { siret, raison_sociale, enseigne, naf_code, naf_label, rome_codes, insee_city_code, zip_code, city, company_size, created_at, last_update_at } =
+          lbaCompaniesToUnsubscribe[0]
+
         const unsubscribedLbaCompany = new UnsubscribedLbaCompany({
-          ...lbaCompaniesToUnsubscribe[0],
+          siret,
+          raison_sociale,
+          enseigne,
+          naf_code,
+          naf_label,
+          rome_codes,
+          insee_city_code,
+          zip_code,
+          city,
+          company_size,
+          created_at,
+          last_update_at,
           unsubscribe_reason: reason,
         })
 

diff --git a/server/src/jobs/applications/fixApplications.ts b/server/src/jobs/applications/fixApplications.ts
@@ -0,0 +1,38 @@
+import { cleanEmail } from "shared/helpers/common"
+
+import { logger } from "@/common/logger"
+import { db } from "@/common/mongodb"
+
+const removeOrReplaceCharsInDB = async () => {
+  logger.info("Nettoyage des adresses emails mal formées dans applications.applicant_email")
+
+  const charsRegex = /[^a-zA-Z0-9@_.+-]/
+  const applicantsCursor = await db.collection("applications").find({ applicant_email: { $regex: charsRegex } })
+
+  for await (const application of applicantsCursor) {
+    const applicant_email = cleanEmail(application.applicant_email)
+    if (applicant_email !== application.applicant_email) {
+      await db.collection("applications").updateOne({ _id: application._id }, { $set: { applicant_email } })
+    }
+  }
+}
+
+export default async function fixApplications() {
+  await removeOrReplaceCharsInDB()
+
+  await db.collection("applications").updateMany(
+    { company_naf: null },
+    { $set: { company_naf: "" } },
+    {
+      bypassDocumentValidation: true,
+    }
+  )
+
+  await db.collection("applications").updateMany(
+    { job_title: null },
+    { $set: { job_title: "" } },
+    {
+      bypassDocumentValidation: true,
+    }
+  )
+}