Candidature: traitement par lot [GEN-1949] #5242

xavfernandez · 2024-12-10T16:20:42Z

🤔 Pourquoi ?

Indiquez le problème que nous sommes en train de résoudre et les objectifs métiers ou techniques qui sont visés par ces changements.

🍰 Comment ?

Décrivez en quelques mots la solution retenue et mise en oeuvre, les difficultés ou problèmes rencontrés. Attirez l'attention sur les décisions d'architecture ou de conception importantes.

🚨 À vérifier

Mettre à jour le CHANGELOG_breaking_changes.md ?

🏝️ Comment tester

Les instructions pour reproduire le problème, les profils de test, le parcours spécifique à utiliser, etc. Si vous disposez d'une recette jetable, mettre l'URL pour tester dans cette partie.

💻 Captures d'écran

github-actions · 2024-12-12T13:26:52Z

🥁 La recette jetable est prête ! 👉 Je veux tester cette PR !

itou/www/apply/views/batch_views.py

+        archived_nb,
+        ",".join(str(app_uid) for app_uid in archived_ids),
+    )
+    return HttpResponseRedirect(next_url)


To fix the problem, we need to ensure that the next_url is validated before it is used in the HttpResponseRedirect function. We can use Django's url_has_allowed_host_and_scheme function to check that the URL is safe to redirect to. This function ensures that the URL does not contain an explicit host name unless it is in the list of allowed hosts.

Modify the transfer function to validate next_url using url_has_allowed_host_and_scheme.

If next_url is not valid, redirect to a safe fallback URL.

itou/www/apply/views/batch_views.py

+            ",".join(str(app_uid) for app_uid in postponed_ids),
+        )
+    next_url = get_safe_url(request, "next_url", fallback_url=reverse("apply:list_for_siae"))
+    return HttpResponseRedirect(next_url)


xavfernandez added the ajouté Ajouté dans le changelog. label Dec 10, 2024

xavfernandez self-assigned this Dec 10, 2024

xavfernandez force-pushed the xfernandez/mass_action branch 6 times, most recently from 2d161d7 to a7a5fae Compare December 12, 2024 13:21

xavfernandez added the 1-recette-jetable [Payé à l’heure] Crée une recette jetable sur CC label Dec 12, 2024

xavfernandez force-pushed the xfernandez/mass_action branch 2 times, most recently from ec04e9e to 7cc3864 Compare December 13, 2024 10:16

github-advanced-security bot found potential problems Dec 13, 2024

View reviewed changes

xavfernandez force-pushed the xfernandez/mass_action branch from 86197bb to f61e6cc Compare December 13, 2024 16:30

github-advanced-security bot found potential problems Dec 13, 2024

View reviewed changes

itou/www/apply/views/batch_views.py Fixed Show fixed Hide fixed

xavfernandez force-pushed the xfernandez/mass_action branch 2 times, most recently from c48a175 to 7aa8731 Compare December 16, 2024 13:40

github-advanced-security bot found potential problems Dec 16, 2024

View reviewed changes

itou/www/apply/views/batch_views.py Fixed Show fixed Hide fixed

xavfernandez force-pushed the xfernandez/mass_action branch 3 times, most recently from bbdd791 to 81e4c07 Compare December 18, 2024 10:02

github-advanced-security bot found potential problems Dec 18, 2024

View reviewed changes

itou/www/apply/views/batch_views.py Fixed Show fixed Hide fixed

xavfernandez force-pushed the xfernandez/mass_action branch 6 times, most recently from 14bb543 to a55404b Compare December 20, 2024 10:40

github-advanced-security bot found potential problems Dec 20, 2024

View reviewed changes

xavfernandez force-pushed the xfernandez/mass_action branch from 5f7e775 to 36466b2 Compare December 23, 2024 10:41

xavfernandez added 19 commits January 10, 2025 11:20

add modals

8aeefe7

add batch archive view

ca3d2d8

add 1st version of transfer batch view

8d3c230

check destination for batch transfer

bdf2f9c

add postpone action

7cf5f6c

fix tooltip z-index

a51b0ed

switch to h2 in modals

2a40723

clearly state that this helper takes a lock

4f559c8

better error msg for transfer

c264ea2

remove margin special case from css

8ea0106

switch to btn-link

c2159e3

switch to success toast

8ba19f2

wip new version

abf111f

wip

63e3f2f

reuse template

ff24fc7

make multistep work

f4a2614

make refusal work

a06d50f

remove useless labels

96934e8

use htmx hook to reduce flicker

5c7be6f

xavfernandez force-pushed the xfernandez/mass_action branch from ea788af to 1d915a7 Compare January 10, 2025 10:21

xavfernandez added 5 commits January 10, 2025 11:27

switch to home-made wizard view

23af40a

add TODOs

59d8a25

improve compatibility

8a8e2ef

adapt wording depending on prescriber nb

ea3e3f5

improve wording based on job seeker nb

668f271

xavfernandez force-pushed the xfernandez/mass_action branch from 1d915a7 to 668f271 Compare January 10, 2025 10:27

xavfernandez added 4 commits January 10, 2025 12:00

wizard simplification

27a638e

make the steps dynamic

52d7268

provide default job seeker answers

dd69d42

add shortcuts detection

7d88e2a

@@ -10,2 +10,3 @@
             from django.urls import reverse
+            from django.utils.http import url_has_allowed_host_and_scheme
             from django.utils import timezone
@@ -434,2 +435,4 @@
                 next_url = get_safe_url(request, "next_url", fallback_url=reverse("apply:list_for_siae"))
+                if not url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
+                    next_url = reverse("apply:list_for_siae")
                 logger.info(

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Candidature: traitement par lot [GEN-1949] #5242

Candidature: traitement par lot [GEN-1949] #5242

xavfernandez commented Dec 10, 2024

github-actions bot commented Dec 12, 2024

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Candidature: traitement par lot [GEN-1949] #5242

Are you sure you want to change the base?

Candidature: traitement par lot [GEN-1949] #5242

Conversation

xavfernandez commented Dec 10, 2024

🤔 Pourquoi ?

🍰 Comment ?

🚨 À vérifier

🏝️ Comment tester

💻 Captures d'écran

github-actions bot commented Dec 12, 2024