Merge branch 'master' into douglasduteil/feat-use-crisp-for-moderatio…

…n-exchange

README.md

@@ -110,7 +110,7 @@ Afin de configurer votre module ou votre client OpenId Connect, vous trouverez c
 
 Voici à quoi ressemble le bouton MonComptePro :
 
-![](/assets/button-moncomptepro.svg)
+![](/public/button-moncomptepro.svg)
 
 Pour intègrer ce bouton sur votre service, 3 options s’offrent à vous.
 

package.json

@@ -53,6 +53,7 @@
     "@types/express-session": "^1.18.0",
     "@types/morgan": "^1.9.9",
     "@zootools/email-spell-checker": "^1.12.0",
+    "await-to-js": "^3.0.0",
     "axios": "^1.6.8",
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.20.2",
@@ -80,7 +81,7 @@
     "nocache": "^4.0.0",
     "node-pg-migrate": "^7.6.1",
     "npm-run-all2": "^6.1.2",
-    "oidc-provider": "^8.4.6",
+    "oidc-provider": "^8.5.1",
     "pg": "^8.11.5",
     "qrcode": "^1.5.3",
     "rate-limiter-flexible": "^2.4.2",
@@ -101,7 +102,7 @@
     "@types/lodash-es": "^4.17.12",
     "@types/mocha": "^10.0.7",
     "@types/node": "^22.1.0",
-    "@types/oidc-provider": "^8.4.4",
+    "@types/oidc-provider": "^8.5.2",
     "@types/qrcode": "^1.5.5",
     "@types/sinonjs__fake-timers": "^8.1.5",
     "axe-core": "^4.8.4",

scripts/create-anonymized-copy-of-database.sh

@@ -17,6 +17,7 @@ echo "$(logPrefix) Cleaning anonymized database in correct order..."
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS users_organizations"
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS users_oidc_clients"
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS moderations"
+psql $DEST_DB_URL --command="DROP TABLE IF EXISTS email_domains"
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS organizations"
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS users"
 psql $DEST_DB_URL --command="DROP TABLE IF EXISTS oidc_clients"
@@ -44,8 +45,12 @@ SELECT
   regexp_replace(magic_link_token, '.', '*', 'g') as magic_link_token,
   magic_link_sent_at,
   email_verified_at,
+  regexp_replace(current_challenge, '.', '*', 'g') as current_challenge,
   needs_inclusionconnect_welcome_page,
-  needs_inclusionconnect_onboarding_help
+  needs_inclusionconnect_onboarding_help,
+  regexp_replace(encrypted_totp_key, '.', '*', 'g') as encrypted_totp_key,
+  totp_key_verified_at,
+  force_2fa
 FROM users"
 psql $SRC_DB_URL --command="ALTER TABLE tmp_users ADD PRIMARY KEY (id)"
 pg_dump --table=tmp_users $SRC_DB_URL | psql $DEST_DB_URL
@@ -55,6 +60,9 @@ psql $SRC_DB_URL --command="DROP TABLE IF EXISTS tmp_users"
 echo "$(logPrefix) Creating anonymized copy of table organizations..."
 pg_dump --table=organizations $SRC_DB_URL | psql $DEST_DB_URL
 
+echo "$(logPrefix) Creating anonymized copy of table email_domains..."
+pg_dump --table=email_domains $SRC_DB_URL | psql $DEST_DB_URL
+
 echo "$(logPrefix) Creating anonymized copy of table moderations..."
 pg_dump --table=moderations $SRC_DB_URL | psql $DEST_DB_URL
 
@@ -72,7 +80,11 @@ SELECT
   post_logout_redirect_uris,
   scope,
   client_uri,
-  client_description
+  client_description,
+  userinfo_signed_response_alg,
+  id_token_signed_response_alg,
+  authorization_signed_response_alg,
+  introspection_signed_response_alg
 FROM oidc_clients"
 psql $SRC_DB_URL --command="ALTER TABLE tmp_oidc_clients ADD PRIMARY KEY (id)"
 pg_dump --table=tmp_oidc_clients $SRC_DB_URL | psql $DEST_DB_URL

scripts/fixtures.sql

@@ -437,7 +437,9 @@ VALUES
      'https://staging2.api-entreprise.v2.datapass.api.gouv.fr',
      'https://staging.v2.datapass.api.gouv.fr',
      'https://staging1.v2.datapass.api.gouv.fr',
-     'https://staging2.v2.datapass.api.gouv.fr'
+     'https://staging2.v2.datapass.api.gouv.fr',
+     'https://sandbox.hubee.v2.datapass.api.gouv.fr',
+     'https://staging.hubee.v2.datapass.api.gouv.fr'
      ],
    'openid email profile phone organization organizations',
    'https://datapass-development.api.gouv.fr',

src/controllers/user/official-contact-email-verification.ts

@@ -1,5 +1,6 @@
+import { to } from "await-to-js";
 import { NextFunction, Request, Response } from "express";
-import { z, ZodError } from "zod";
+import { z } from "zod";
 import {
   ApiAnnuaireError,
   InvalidTokenError,
@@ -105,23 +106,24 @@ export const postOfficialContactEmailVerificationMiddleware = async (
       params: req.params,
     });
 
-    await verifyOfficialContactEmailToken({
-      user_id: getUserFromAuthenticatedSession(req).id,
-      organization_id,
-      token: official_contact_email_verification_token,
-    });
+    const [error] = await to(
+      verifyOfficialContactEmailToken({
+        user_id: getUserFromAuthenticatedSession(req).id,
+        organization_id,
+        token: official_contact_email_verification_token,
+      }),
+    );
 
-    return next();
-  } catch (error) {
-    if (
-      req.params?.organization_id &&
-      (error instanceof InvalidTokenError || error instanceof ZodError)
-    ) {
+    if (error instanceof InvalidTokenError) {
       return res.redirect(
         `/users/official-contact-email-verification/${req.params.organization_id}?notification=invalid_verify_email_code`,
       );
+    } else if (error) {
+      return next(error);
     }
 
+    return next();
+  } catch (error) {
     next(error);
   }
 };

src/managers/session/authenticated.ts

@@ -1,3 +1,4 @@
+import * as Sentry from "@sentry/node";
 import { Request, Response } from "express";
 import { Session, SessionData } from "express-session";
 import { isEmpty } from "lodash-es";
@@ -122,6 +123,12 @@ export const getUserFromAuthenticatedSession = (req: Request) => {
     throw new UserNotLoggedInError();
   }
 
+  Sentry.setUser({
+    email: req.session.user.email,
+    id: req.session.user.id,
+    ip_address: req.ip,
+    username: `${req.session.user.given_name} ${req.session.user.family_name}`,
+  });
   return req.session.user;
 };
 
@@ -132,6 +139,13 @@ export const updateUserInAuthenticatedSession = (req: Request, user: User) => {
   ) {
     throw new UserNotLoggedInError();
   }
+
+  Sentry.setUser({
+    email: req.session.user.email,
+    id: req.session.user.id,
+    ip_address: req.ip,
+    username: `${req.session.user.given_name} ${req.session.user.family_name}`,
+  });
   req.session.user = user;
 };