Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Candidature: traitement par lot [GEN-1949] #5242

Merged
merged 10 commits into from
Jan 30, 2025
Merged

Candidature: traitement par lot [GEN-1949] #5242

merged 10 commits into from
Jan 30, 2025

Conversation

xavfernandez
Copy link
Contributor

🤔 Pourquoi ?

Indiquez le problème que nous sommes en train de résoudre et les objectifs métiers ou techniques qui sont visés par ces changements.

🍰 Comment ?

Décrivez en quelques mots la solution retenue et mise en oeuvre, les difficultés ou problèmes rencontrés. Attirez l'attention sur les décisions d'architecture ou de conception importantes.

🚨 À vérifier

  • Mettre à jour le CHANGELOG_breaking_changes.md ?

🏝️ Comment tester

Les instructions pour reproduire le problème, les profils de test, le parcours spécifique à utiliser, etc. Si vous disposez d'une recette jetable, mettre l'URL pour tester dans cette partie.

💻 Captures d'écran

@xavfernandez xavfernandez added the ajouté Ajouté dans le changelog. label Dec 10, 2024
@xavfernandez xavfernandez self-assigned this Dec 10, 2024
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 6 times, most recently from 2d161d7 to a7a5fae Compare December 12, 2024 13:21
@xavfernandez xavfernandez added the 1-recette-jetable [Payé à l’heure] Crée une recette jetable sur CC label Dec 12, 2024
@github-actions GitHub Actions
Copy link

🥁 La recette jetable est prête ! 👉 Je veux tester cette PR !

@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 2 times, most recently from ec04e9e to 7cc3864 Compare December 13, 2024 10:16
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 13, 2024
View reviewed changes
itou/www/apply/views/batch_views.py Dismissed Show dismissed Hide dismissed
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch from 86197bb to f61e6cc Compare December 13, 2024 16:30
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 2 times, most recently from c48a175 to 7aa8731 Compare December 16, 2024 13:40
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 3 times, most recently from bbdd791 to 81e4c07 Compare December 18, 2024 10:02
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 6 times, most recently from 14bb543 to a55404b Compare December 20, 2024 10:40
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 20, 2024
View reviewed changes
itou/www/apply/views/batch_views.py Dismissed Show dismissed Hide dismissed
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch from 5f7e775 to 36466b2 Compare December 23, 2024 10:41
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch 8 times, most recently from a625e54 to 3aa57c1 Compare January 29, 2025 16:47
@notion-workspace Notion Workspace
Copy link

🌿 [5/5] En tant qu’utilisateur je peux créer un compte candidat depuis l’espace “Mes candidats”

@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch from 3aa57c1 to 8933e0e Compare January 30, 2025 08:53
@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch from 8933e0e to c25bc84 Compare January 30, 2025 09:50
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 30, 2025
View reviewed changes
itou/www/apply/views/batch_views.py
)

if not application_ids:
return HttpResponseRedirect(next_url)

Check warning

Code scanning / CodeQL

URL redirection from remote source Medium

Untrusted URL redirection depends on a
user-provided value
Loading
.

Copilot Autofix AI 3 days ago

To fix the problem, we need to ensure that the next_url is validated before it is used in the redirection. We can use Django's url_has_allowed_host_and_scheme function to check that the URL is safe to redirect to. This function ensures that the URL is either relative or belongs to an allowed host.

We will modify the refuse function to include this validation step. If the next_url is not valid, we will redirect to a default safe URL (e.g., the home page).

Suggested changeset 1
itou/www/apply/views/batch_views.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/itou/www/apply/views/batch_views.py b/itou/www/apply/views/batch_views.py
--- a/itou/www/apply/views/batch_views.py
+++ b/itou/www/apply/views/batch_views.py
@@ -11,2 +11,3 @@
 from django.utils import timezone
+from django.utils.http import url_has_allowed_host_and_scheme
 from django.views.decorators.http import require_POST
@@ -174,4 +175,4 @@
     next_url = get_safe_url(request, "next_url")
-    if next_url is None:
-        # This is somewhat extreme but will force developpers to always provide a proper next_url
+    if next_url is None or not url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
+        # This is somewhat extreme but will force developers to always provide a proper next_url
         raise Http404
EOF
@@ -11,2 +11,3 @@
from django.utils import timezone
from django.utils.http import url_has_allowed_host_and_scheme
from django.views.decorators.http import require_POST
@@ -174,4 +175,4 @@
next_url = get_safe_url(request, "next_url")
if next_url is None:
# This is somewhat extreme but will force developpers to always provide a proper next_url
if next_url is None or not url_has_allowed_host_and_scheme(next_url, allowed_hosts=None):
# This is somewhat extreme but will force developers to always provide a proper next_url
raise Http404
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@notion-workspace Notion Workspace
Copy link

🌿 [5/5] En tant qu’utilisateur je peux créer un compte candidat depuis l’espace “Mes candidats”

@xavfernandez xavfernandez force-pushed the xfernandez/mass_action branch from c25bc84 to aceb5ee Compare January 30, 2025 09:58
@xavfernandez xavfernandez added this pull request to the merge queue Jan 30, 2025
Merged via the queue into master with commit 94bd233 Jan 30, 2025
9 checks passed
@xavfernandez xavfernandez deleted the xfernandez/mass_action branch January 30, 2025 10:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonial tonial tonial left review comments

@celine-m-s celine-m-s celine-m-s approved these changes

@hellodeloo hellodeloo hellodeloo approved these changes

@rsebille rsebille rsebille approved these changes

@francoisfreitag francoisfreitag Awaiting requested review from francoisfreitag

Assignees

@xavfernandez xavfernandez

Labels
1-recette-jetable [Payé à l’heure] Crée une recette jetable sur CC ajouté Ajouté dans le changelog.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@xavfernandez @celine-m-s @hellodeloo @tonial @rsebille