Merge remote-tracking branch 'origin/master' into certification-dirig…

…eant-step1

.github/workflows/end-to-end.yml

@@ -20,7 +20,7 @@ env:
   FEATURE_SEND_MAIL: "True"
   INSEE_CONSUMER_KEY: ${{ secrets.INSEE_CONSUMER_KEY }}
   INSEE_CONSUMER_SECRET: ${{ secrets.INSEE_CONSUMER_SECRET }}
-  MONCOMPTEPRO_HOST: http://172.18.0.1:3000
+  HOST: http://172.18.0.1:3000
   ZAMMAD_TOKEN: ${{ secrets.ZAMMAD_TOKEN }}
 jobs:
   test:
@@ -67,7 +67,7 @@ jobs:
           HOST: http://localhost:4000
           PC_CLIENT_ID: standard_client_id
           PC_CLIENT_SECRET: standard_client_secret
-          PC_PROVIDER: ${{ env.MONCOMPTEPRO_HOST }}
+          PC_PROVIDER: ${{ env.HOST }}
           PC_SCOPES: openid email profile organization
           ACR_VALUE_FOR_2FA: https://proconnect.gouv.fr/assurance/consistency-checked-2fa
           STYLESHEET_URL: ""
@@ -80,7 +80,7 @@ jobs:
           HOST: http://localhost:4001
           PC_CLIENT_ID: proconnect_federation_client_id
           PC_CLIENT_SECRET: proconnect_federation_client_secret
-          PC_PROVIDER: ${{ env.MONCOMPTEPRO_HOST }}
+          PC_PROVIDER: ${{ env.HOST }}
           PC_SCOPES: openid uid given_name usual_name email siren siret organizational_unit belonging_population phone chorusdt is_service_public is_public_service
           PC_ID_TOKEN_SIGNED_RESPONSE_ALG: ES256
           PC_USERINFO_SIGNED_RESPONSE_ALG: ES256
@@ -92,7 +92,7 @@ jobs:
         ports:
           - 6379:6379
       postgres:
-        image: postgres:15.8
+        image: postgres:15.10
         env:
           POSTGRES_USER: ${{ env.PGUSER }}
           POSTGRES_PASSWORD: ${{ env.PGPASSWORD }}
@@ -108,15 +108,15 @@ jobs:
         with:
           cache: "npm"
           node-version-file: package.json
-      - run: npm ci --include=dev
+      - run: npm ci
+      - run: npm run build:workspaces
       - run: npm run migrate up
       - run: npm run fixtures:load-ci -- cypress/e2e/${{ matrix.e2e_test }}/fixtures.sql
       - run: npm run update-organization-info -- 500
-      - run: npm run build:workspaces
       - name: Cypress run
         uses: cypress-io/[email protected]
         with:
-          wait-on: ${{ env.MONCOMPTEPRO_HOST }}/users/start-sign-in
+          wait-on: ${{ env.HOST }}/users/start-sign-in
           build: npm run build:assets
           start: npx dotenvx run -f cypress/e2e/${{ matrix.e2e_test }}/env.conf --overload -- npm start
           install: false

.github/workflows/fixtures.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-22.04
     services:
       postgres:
-        image: postgres:15.8
+        image: postgres:15.10
         env:
           POSTGRES_USER: ${{ env.PGUSER }}
           POSTGRES_PASSWORD: ${{ env.PGPASSWORD }}
@@ -37,7 +37,10 @@ jobs:
         with:
           cache: "npm"
           node-version-file: package.json
-      - run: npm ci --omit=dev # omit dev dependencies to simulate deployed environment
+      - run: npm ci
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+      - run: npm run build:workspaces
       - run: npm run migrate up
       - run: npm run fixtures:load-ci -- scripts/fixtures.sql
       - run: npm run update-organization-info -- 500

.github/workflows/release.yml

@@ -28,7 +28,10 @@ jobs:
           cache: "npm"
           node-version-file: package.json
 
-      - run: npm ci --include=dev
+      - run: npm ci
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+
       - run: npm run build:workspaces
 
       - name: Create Release Pull Request

.github/workflows/test.yml

@@ -19,7 +19,9 @@ jobs:
         with:
           cache: "npm"
           node-version-file: package.json
-      - run: CYPRESS_INSTALL_BINARY=0 npm ci --include=dev
+      - run: npm ci
+        env:
+          CYPRESS_INSTALL_BINARY: 0
       - run: npm run build:workspaces
       - run: npm run test:lint
       - run: npm run test:workspaces

Dockerfile

@@ -5,17 +5,21 @@ WORKDIR /app
 FROM base AS prod-deps
 RUN --mount=type=bind,source=package.json,target=package.json \
   --mount=type=bind,source=package-lock.json,target=package-lock.json \
-  --mount=type=bind,source=packages/email/package.json,target=packages/email/package.json \
   --mount=type=bind,source=packages/core/package.json,target=packages/core/package.json \
+  --mount=type=bind,source=packages/email/package.json,target=packages/email/package.json \
+  --mount=type=bind,source=packages/identite/package.json,target=packages/identite/package.json \
+  --mount=type=bind,source=packages/insee/package.json,target=packages/insee/package.json \
   --mount=type=cache,target=/root/.npm \
   npm ci --omit=dev
 
 FROM base AS build
 ENV CYPRESS_INSTALL_BINARY=0
 RUN --mount=type=bind,source=package.json,target=package.json \
   --mount=type=bind,source=package-lock.json,target=package-lock.json \
-  --mount=type=bind,source=packages/email/package.json,target=packages/email/package.json \
   --mount=type=bind,source=packages/core/package.json,target=packages/core/package.json \
+  --mount=type=bind,source=packages/email/package.json,target=packages/email/package.json \
+  --mount=type=bind,source=packages/identite/package.json,target=packages/identite/package.json \
+  --mount=type=bind,source=packages/insee/package.json,target=packages/insee/package.json \
   --mount=type=cache,target=/root/.npm \
   npm ci
 COPY tsconfig.json vite.config.mjs ./

assets/js/disabled-with-countdown.js

@@ -15,19 +15,19 @@ document.addEventListener(
           secondsToEndDate--;
 
           const prefixText =
-            element.value.match(/(.*)( \(disponible dans \d+:\d+\))/)?.[1] ||
-            element.value;
+            element.textContent.match(
+              /(.*)(\s+\(disponible dans \d+:\d+\))/,
+            )?.[1] || element.textContent;
           let suffixText = "";
 
           if (secondsToEndDate > 0) {
             const minutes = Math.floor(secondsToEndDate / 60);
             const seconds = String(secondsToEndDate % 60).padStart(2, "0");
             suffixText = ` (disponible dans ${minutes}:${seconds})`;
           }
+          element.textContent = prefixText + suffixText;
 
-          element.value = prefixText + suffixText;
-
-          if (secondsToEndDate <= 0) {
+          if (secondsToEndDate <= 0 || Number.isNaN(secondsToEndDate)) {
             element.disabled = false;
             clearInterval(intervalId);
           }

cypress/README.md

@@ -19,7 +19,7 @@ FEATURE_SEND_MAIL=True
 Note that this will delete your database. Load the specific fixtures in the database:
 
 ```bash
-ENABLE_DATABASE_DELETION=True npm run delete-database ; npx run-s "migrate up" "fixtures:load-ci cypress/e2e/redirect_after_session_expiration/fixtures.sql" "update-organization-info 2000"
+ENABLE_DATABASE_DELETION=True npm run delete-database ; npx run-s "build:workspaces" "migrate up" "fixtures:load-ci cypress/e2e/redirect_after_session_expiration/fixtures.sql" "update-organization-info 2000"
 ```
 
 ### Start ProConnect Identité with the test configuration

cypress/e2e/activate_totp/fixtures.sql

@@ -1,7 +1,8 @@
 INSERT INTO users
   (id, email, email_verified, email_verified_at, encrypted_password, created_at, updated_at, given_name, family_name, phone_number, job, force_2fa)
 VALUES
-  (1, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Lion', 'El''Jonson', 'I', 'Primarque', false);
+  (1, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Lion', 'El''Jonson', 'I', 'Primarque', false),
+  (2, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Raphapha', 'Dubibi', '0123456789', 'Sbire', false);
 
 INSERT INTO organizations
   (id, siret, created_at, updated_at)
@@ -11,4 +12,5 @@ VALUES
 INSERT INTO users_organizations
   (user_id, organization_id, is_external, verification_type, has_been_greeted)
 VALUES
-  (1, 1, false, 'verified_email_domain', true);
+  (1, 1, false, 'verified_email_domain', true),
+  (2, 1, false, 'verified_email_domain', true);

cypress/e2e/activate_totp/index.cy.ts

@@ -12,6 +12,8 @@ describe("add 2fa authentication", () => {
       .contains("Configurer un code à usage unique")
       .click();
 
+    cy.contains("Configurer une application d’authentification");
+
     // Extract the code from the front to generate the TOTP key
     cy.get("#humanReadableTotpKey")
       .invoke("text")
@@ -36,4 +38,21 @@ describe("add 2fa authentication", () => {
       },
     );
   });
+
+  it("should see an help link on third failed attempt", function () {
+    cy.visit("/connection-and-account");
+
+    cy.login("[email protected]");
+
+    cy.get('[href="/authenticator-app-configuration"]')
+      .contains("Configurer un code à usage unique")
+      .click();
+
+    cy.get("[name=totpToken]").type("123456");
+    cy.get(
+      '[action="/authenticator-app-configuration"] [type="submit"]',
+    ).click();
+
+    cy.contains("Code invalide.");
+  });
 });

cypress/e2e/signin_with_email_verification/index.cy.ts

@@ -6,7 +6,7 @@ describe("sign-in with email verification renewal", () => {
 
     cy.login("[email protected]");
 
-    cy.contains("Vérifier votre email");
+    cy.contains("Confirmer votre adresse");
 
     cy.contains(
       "Information : pour garantir la sécurité de votre compte, nous avons besoin d’authentifier votre navigateur.",
@@ -36,25 +36,17 @@ describe("sign-in with email verification renewal", () => {
 
     cy.login("[email protected]");
 
-    cy.get('a[href="/users/verify-email-help"]')
-      .contains(
-        "J'ai attendu quelques secondes et je ne reçois pas de code de vérification",
-      )
-      .click();
-
-    cy.contains("Vous ne recevez pas le code de vérification");
-
-    cy.get('[action="/users/send-email-verification"]  [type="submit"]')
-      .contains("Cliquez ici pour recevoir un nouveau code")
+    cy.get('[action="/users/send-email-verification"]')
+      .contains("Recevoir un nouvel email")
       .should("be.disabled");
 
     // Wait for countdown to last
     cy.wait(10 * 1000);
 
     cy.maildevDeleteAllMessages();
 
-    cy.get('[action="/users/send-email-verification"]  [type="submit"]')
-      .contains("Cliquez ici pour recevoir un nouveau code")
+    cy.get('[action="/users/send-email-verification"]')
+      .contains("Recevoir un nouvel email")
       .click();
 
     cy.contains(

cypress/e2e/signin_with_totp/fixtures.sql

@@ -19,6 +19,12 @@ VALUES
    'Jean', 'Jean', '0123456789', 'Sbire',
    'kuOSXGk68H2B3pYnph0uyXAHrmpbWaWyX/iX49xVaUc=.VMPBZSO+eAng7mjS.cI2kRY9rwhXchcKiiaMZIg==',
    CURRENT_TIMESTAMP, true
+  ),
+  (4, '[email protected]', true, CURRENT_TIMESTAMP,
+   '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP,
+   'Jean', 'Jean', '0123456789', 'Sbire',
+   'kuOSXGk68H2B3pYnph0uyXAHrmpbWaWyX/iX49xVaUc=.VMPBZSO+eAng7mjS.cI2kRY9rwhXchcKiiaMZIg==',
+   CURRENT_TIMESTAMP, true
   );
 
 INSERT INTO organizations
@@ -30,7 +36,9 @@ INSERT INTO users_organizations
   (user_id, organization_id, is_external, verification_type, has_been_greeted)
 VALUES
   (1, 1, false, 'domain', true),
-  (2, 1, false, 'domain', true);
+  (2, 1, false, 'domain', true),
+  (3, 1, false, 'domain', true),
+  (4, 1, false, 'domain', true);
 
 INSERT INTO oidc_clients
   (client_name, client_id, client_secret, redirect_uris,

cypress/e2e/signin_with_totp/index.cy.ts

@@ -71,17 +71,28 @@ describe("sign-in with TOTP on untrusted browser", () => {
     cy.contains('"amr": [\n    "pwd",\n    "totp",\n    "mfa"\n  ],');
   });
 
-  it("should trigger totp rate limiting", function () {
+  it("should display error message", function () {
     cy.visit("/users/start-sign-in");
 
     cy.login("[email protected]");
 
+    cy.get("[name=totpToken]").type("123456");
+    cy.get(
+      '[action="/users/2fa-sign-in-with-authenticator-app"] [type="submit"]',
+    ).click();
+    cy.contains("Code invalide.");
+  });
+
+  it("should trigger totp rate limiting", function () {
+    cy.visit("/users/start-sign-in");
+
+    cy.login("[email protected]");
+
     for (let i = 0; i < 5; i++) {
       cy.get("[name=totpToken]").type("123456");
       cy.get(
         '[action="/users/2fa-sign-in-with-authenticator-app"] [type="submit"]',
       ).click();
-      cy.contains("le code que vous avez utilisé est invalide.");
     }
 
     cy.get("[name=totpToken]").type("123456");

cypress/e2e/signup_entreprise_unipersonnelle/index.cy.ts

@@ -15,7 +15,9 @@ describe("Signup into new entreprise unipersonnelle", () => {
     cy.get('[action="/users/sign-up"]  [type="submit"]').click();
 
     // Check that the website is waiting for the user to verify their email
-    cy.get("#verify-email > p").contains("[email protected]");
+    cy.get("#verify-email > div > p").contains(
+      "[email protected]",
+    );
 
     cy.maildevGetMessageBySubject("Vérification de votre adresse email")
       .then((email) => {

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: postgres:15.8
+    image: postgres:15.10
     ports:
       - "5432:5432"
     environment:

installation.md

@@ -42,7 +42,13 @@ This guide provides steps to run the ProConnect Identité Node.js application lo
 
    Then fill your `.env` file with them.
 
-4. **Database Initialization**: The database will be automatically initialized with data from `scripts/fixtures.sql`.
+4. **Build internal dependencies**: Build the internal dependencies located in the `packages` directory.
+
+   ```bash
+   npm run build:workspaces
+   ```
+
+5. **Database Initialization**: The database will be automatically initialized with data from `scripts/fixtures.sql`.
 
    ```bash
    npm run fixtures:load

migrations/1545154190802_create-users-table.cjs

@@ -1,7 +1,7 @@
 exports.shorthands = undefined;
 
 exports.up = async (pgm) => {
-  await pgm.db.query(`    
+  await pgm.db.query(`
 CREATE TABLE users (
     id serial NOT NULL,
     email character varying DEFAULT ''::character varying NOT NULL,
@@ -21,16 +21,16 @@ CREATE TABLE users (
     type character varying
 );`);
 
-  await pgm.db.query(` 
+  await pgm.db.query(`
 ALTER TABLE ONLY users
     ADD CONSTRAINT users_pkey PRIMARY KEY (id);
 `);
 
   await pgm.db.query(`
-CREATE UNIQUE INDEX index_users_on_email ON users USING btree (email); 
+CREATE UNIQUE INDEX index_users_on_email ON users USING btree (email);
 `);
 
-  await pgm.db.query(` 
+  await pgm.db.query(`
 CREATE UNIQUE INDEX index_users_on_reset_password_token ON users USING btree (reset_password_token);
 `);
 

migrations/1623752868625_add-moderation-table.cjs

@@ -3,6 +3,8 @@ exports.shorthands = undefined;
 exports.up = async (pgm) => {
   await pgm.db.query(`
 CREATE TYPE moderation_type AS ENUM('organization_join_block');
+  `);
+  await pgm.db.query(`
 CREATE TABLE moderations (
     id serial,
     user_id int NOT NULL,

migrations/1633705667117_add-new-moderation-type.cjs

@@ -4,6 +4,8 @@ exports.up = async (pgm) => {
   await pgm.db.query(`
 ALTER TABLE moderations
 ALTER COLUMN type TYPE character varying;
+  `);
+  await pgm.db.query(`
 DROP TYPE moderation_type;
 `);
 };

migrations/1702600151114_add-webauthn.cjs

@@ -16,6 +16,9 @@ exports.up = async (pgm) => {
               REFERENCES users (id)
               ON DELETE CASCADE
       );
+  `);
+
+  await pgm.db.query(`
       CREATE UNIQUE INDEX index_authenticators_on_credential_id ON authenticators USING btree (credential_id);
   `);