require 2fa placeholder

7 months ago · c4505e67f0
parent 889fcad859
commit c4505e67f0
10 changed files with 135 additions and 26 deletions
--- a/app/controllers/submit_form_controller.rb
+++ b/app/controllers/submit_form_controller.rb
@ -7,11 +7,11 @@ class SubmitFormController < ApplicationController
  skip_before_action :authenticate_user!
  skip_authorization_check

+  before_action :load_submitter, only: %i[show update completed]
+
  CONFIG_KEYS = [].freeze

  def show
-    @submitter = Submitter.find_by!(slug: params[:slug])
-
    submission = @submitter.submission

    return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at?
@ -50,26 +50,24 @@ class SubmitFormController < ApplicationController
  end

  def update
-    submitter = Submitter.find_by!(slug: params[:slug])
-
-    if submitter.completed_at?
+    if @submitter.completed_at?
      return render json: { error: I18n.t('form_has_been_completed_already') }, status: :unprocessable_entity
    end

-    if submitter.template.archived_at? || submitter.submission.archived_at?
+    if @submitter.template.archived_at? || @submitter.submission.archived_at?
      return render json: { error: I18n.t('form_has_been_archived') }, status: :unprocessable_entity
    end

-    if submitter.submission.expired?
+    if @submitter.submission.expired?
      return render json: { error: I18n.t('form_has_been_expired') }, status: :unprocessable_entity
    end

-    if submitter.declined_at?
+    if @submitter.declined_at?
      return render json: { error: I18n.t('form_has_been_declined') },
                    status: :unprocessable_entity
    end

-    Submitters::SubmitValues.call(submitter, params, request)
+    Submitters::SubmitValues.call(@submitter, params, request)

    head :ok
  rescue Submitters::SubmitValues::RequiredFieldError => e
@ -80,14 +78,16 @@ class SubmitFormController < ApplicationController
    render json: { error: e.message }, status: :unprocessable_entity
  end

-  def completed
-    @submitter = Submitter.completed.find_by!(slug: params[:submit_form_slug])
-  end
+  def completed; end

  def success; end

  private

+  def load_submitter
+    @submitter = Submitter.find_by!(slug: params[:slug] || params[:submit_form_slug])
+  end
+
  def build_attachments_index(submission)
    ActiveStorage::Attachment.where(record: submission.submitters, name: :attachments)
                             .preload(:blob).index_by(&:uuid)
--- a/app/controllers/templates_preferences_controller.rb
+++ b/app/controllers/templates_preferences_controller.rb
@ -25,7 +25,7 @@ class TemplatesPreferencesController < ApplicationController
                      documents_copy_email_attach_documents documents_copy_email_reply_to
                      completed_notification_email_attach_documents
                      completed_redirect_url
-                      submitters_order
+                      submitters_order require_phone_2fa
                      completed_notification_email_subject completed_notification_email_body
                      completed_notification_email_enabled completed_notification_email_attach_audit] +
                      [completed_message: %i[title body],
--- a/app/javascript/elements/fetch_form.js
+++ b/app/javascript/elements/fetch_form.js
@ -0,0 +1,36 @@
+export default class extends HTMLElement {
+  connectedCallback () {
+    this.form.addEventListener('submit', (e) => {
+      e.preventDefault()
+
+      this.submit()
+    })
+
+    if (this.dataset.onload === 'true') {
+      this.form.querySelector('button').click()
+    }
+  }
+
+  submit () {
+    fetch(this.form.action, {
+      method: this.form.method,
+      body: new FormData(this.form)
+    }).then(async (resp) => {
+      if (!resp.ok) {
+        try {
+          const data = JSON.parse(await resp.text())
+
+          if (data.error) {
+            alert(data.error)
+          }
+        } catch (err) {
+          console.error(err)
+        }
+      }
+    })
+  }
+
+  get form () {
+    return this.querySelector('form')
+  }
+}
--- a/app/javascript/form.js
+++ b/app/javascript/form.js
@ -3,11 +3,13 @@ import { createApp, reactive } from 'vue'
 import Form from './submission_form/form'
 import DownloadButton from './elements/download_button'
 import ToggleSubmit from './elements/toggle_submit'
+import FetchForm from './elements/fetch_form'

 const safeRegisterElement = (name, element, options = {}) => !window.customElements.get(name) && window.customElements.define(name, element, options)

 safeRegisterElement('download-button', DownloadButton)
 safeRegisterElement('toggle-submit', ToggleSubmit)
+safeRegisterElement('fetch-form', FetchForm)
 safeRegisterElement('submission-form', class extends HTMLElement {
  connectedCallback () {
    this.appElem = document.createElement('div')
--- a/app/views/submissions/_detailed_form.html.erb
+++ b/app/views/submissions/_detailed_form.html.erb
@ -31,7 +31,7 @@
                  </submitters-autocomplete>
                  <submitters-autocomplete data-field="phone">
                    <linked-input data-target-id="<%= "detailed_phone_#{item['linked_to_uuid']}" if item['linked_to_uuid'].present? %>">
-                      <input type="tel" pattern="^\+[0-9\s\-]+$" oninvalid="this.value ? this.setCustomValidity('<%= t('use_international_format_1xxx_') %>') : ''" oninput="this.setCustomValidity('')" name="submission[1][submitters][][phone]" autocomplete="off" class="base-input !h-10 mt-1.5 w-full" placeholder="<%= "#{t('phone')} (#{t('optional')})" %>" id="detailed_phone_<%= item['uuid'] %>">
+                      <%= tag.input type: 'tel', pattern: '^\+[0-9\s\-]+$', oninvalid: "this.value ? this.setCustomValidity('#{t('use_international_format_1xxx_')}') : ''", oninput: "this.setCustomValidity('')", name: 'submission[1][submitters][][phone]', autocomplete: 'off', class: 'base-input !h-10 mt-1.5 w-full', placeholder: local_assigns[:require_phone_2fa] == true ? t(:phone) : "#{t('phone')} (#{t('optional')})", id: "detailed_phone_#{item['uuid']}", required: local_assigns[:require_phone_2fa] == true %>
                    </linked-input>
                  </submitters-autocomplete>
                </div>
--- a/app/views/submissions/new.html.erb
+++ b/app/views/submissions/new.html.erb
@ -1,10 +1,11 @@
+<% require_phone_2fa = @template.preferences['require_phone_2fa'] == true %>
 <%= render 'shared/turbo_modal_large', title: params[:selfsign] ? t('add_recipients') : t('add_new_recipients') do %>
-  <% options = [[t('via_email'), 'email'], [t('via_phone'), 'phone'], [t('detailed'), 'detailed'], [t('upload_list'), 'list']].compact %>
+  <% options = [require_phone_2fa ? nil : [t('via_email'), 'email'], require_phone_2fa ? nil : [t('via_phone'), 'phone'], [t('detailed'), 'detailed'], [t('upload_list'), 'list']].compact %>
  <toggle-visible data-element-ids="<%= options.map(&:last).to_json %>" class="relative text-center px-2 mt-4 block">
    <div class="flex justify-center">
      <% options.each_with_index do |(label, value), index| %>
        <div>
-          <%= radio_button_tag 'option', value, value == 'email', class: 'peer hidden', data: { action: 'change:toggle-visible#trigger' } %>
+          <%= radio_button_tag 'option', value, value == (require_phone_2fa ? 'detailed' : 'email'), class: 'peer hidden', data: { action: 'change:toggle-visible#trigger' } %>
          <label for="option_<%= value %>" class="block bg-base-200 md:min-w-[112px] text-sm font-semibold whitespace-nowrap py-1.5 px-4 peer-checked:bg-base-300 <%= 'hidden sm:inline-block' if value == 'list' %> <%= 'rounded-l-3xl' if index.zero? %> <%= 'rounded-r-3xl sm:rounded-r-none' if value == 'detailed' %> <%= 'rounded-r-3xl' if index == options.size - 1 %>">
            <%= label %>
          </label>
@ -13,14 +14,16 @@
    </div>
  </toggle-visible>
  <div class="px-5 mb-5 mt-4">
-    <div id="email">
-      <%= render 'email_form', template: @template %>
-    </div>
-    <div id="phone" class="hidden">
-      <%= render 'phone_form', template: @template %>
-    </div>
-    <div id="detailed" class="hidden">
-      <%= render 'detailed_form', template: @template %>
+    <% unless require_phone_2fa %>
+      <div id="email">
+        <%= render 'email_form', template: @template %>
+      </div>
+      <div id="phone" class="hidden">
+        <%= render 'phone_form', template: @template %>
+      </div>
+    <% end %>
+    <div id="detailed" class="<%= 'hidden' unless require_phone_2fa %>">
+      <%= render 'detailed_form', template: @template, require_phone_2fa: %>
    </div>
    <div id="list" class="hidden">
      <%= render 'list_form', template: @template %>
--- a/app/views/templates_preferences/_form_fields.html.erb
+++ b/app/views/templates_preferences/_form_fields.html.erb
--- a/app/views/templates_preferences/show.html.erb
+++ b/app/views/templates_preferences/show.html.erb
@ -51,7 +51,7 @@
        <%= form_for @template, url: template_preferences_path(@template), method: :post, html: { autocomplete: 'off', class: 'mt-1' }, data: { close_on_submit: false } do |f| %>
          <toggle-on-submit data-element-id="form_saved_alert"></toggle-on-submit>
          <% configs = AccountConfigs.find_or_initialize_for_key(current_account, AccountConfig::SUBMITTER_COMPLETED_EMAIL_KEY).value %>
-          <%= f.fields_for :preferences, Struct.new(:completed_redirect_url, :completed_message).new(@template.preferences['completed_redirect_url'].presence, Struct.new(:title, :body).new(*(@template.preferences['completed_message'] || {}).values_at('title', 'body'))) do |ff| %>
+          <%= f.fields_for :preferences, Struct.new(:completed_redirect_url, :completed_message, :require_phone_2fa).new(@template.preferences['completed_redirect_url'].presence, Struct.new(:title, :body).new(*(@template.preferences['completed_message'] || {}).values_at('title', 'body')), @template.preferences['require_phone_2fa'] == true) do |ff| %>
            <div class="form-control mb-2">
              <%= ff.label :completed_redirect_url, t('redirect_on_completion_url'), class: 'label' %>
              <%= ff.url_field :completed_redirect_url, required: false, class: 'base-input', dir: 'auto' %>
@ -64,6 +64,7 @@
                </autoresize-textarea>
              </div>
            <% end %>
+            <%= render 'templates_preferences/form_fields', ff: %>
          <% end %>
          <div class="form-control pt-2">
            <%= f.button button_title(title: t('save'), disabled_with: t('saving')), class: 'base-button' %>
--- a/config/locales/i18n.yml
+++ b/config/locales/i18n.yml
@ -26,6 +26,11 @@ en: &en
  reply_to: Reply to
  pending_by_me: Pending by me
  partially_completed: Partially completed
+  require_phone_2fa_to_open: Require phone 2FA to open
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: The sender has requested a two factor authentication via one time password sent to your <b>%{phone}</b> phone number.
+  send_verification_code: Send verification code
+  code_has_been_resent: Code has been re-sent
+  invalid_code: Invalid code
  unarchive: Unarchive
  signed: Signed
  first_party: 'First Party'
@ -788,6 +793,11 @@ en: &en
      read: Read your data

 es: &es
+  require_phone_2fa_to_open: Requiere 2FA por teléfono para abrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: El remitente ha solicitado una autenticación de dos factores mediante una contraseña de un solo uso enviada a su número de teléfono <b>%{phone}</b>.
+  send_verification_code: Enviar código de verificación
+  code_has_been_resent: El código ha sido reenviado
+  invalid_code: Código inválido
  always_enforce_signing_order: Siempre imponer el orden de firma
  bcc_recipients: Destinatarios CCO
  edit_per_party: Editar por parte
@ -1558,6 +1568,11 @@ es: &es
      read: Leer tus datos

 it: &it
+  require_phone_2fa_to_open: Richiedi l'autenticazione a due fattori tramite telefono per aprire
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Il mittente ha richiesto un'autenticazione a due fattori tramite una password monouso inviata al tuo numero di telefono <b>%{phone}</b>.
+  send_verification_code: Invia codice di verifica
+  code_has_been_resent: Il codice è stato inviato di nuovo
+  invalid_code: Codice non valido
  always_enforce_signing_order: Applicare sempre l'ordine di firma
  bcc_recipients: Destinatari BCC
  edit_per_party: Modifica per partito
@ -2327,6 +2342,11 @@ it: &it
      read: Leggi i tuoi dati

 fr: &fr
+  require_phone_2fa_to_open: Requiert une 2FA par téléphone pour ouvrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: L'expéditeur a demandé une authentification à deux facteurs via un mot de passe à usage unique envoyé à votre numéro de téléphone <b>%{phone}</b>.
+  send_verification_code: Envoyer le code de vérification
+  code_has_been_resent: Le code a été renvoyé
+  invalid_code: Code invalide
  always_enforce_signing_order: Toujours appliquer l'ordre de signature
  bcc_recipients: Destinataires en CCI
  edit_per_party: Éditer par partie
@ -3098,6 +3118,11 @@ fr: &fr
      read: Lire vos données

 pt: &pt
+  require_phone_2fa_to_open: Necessário autenticação de dois fatores via telefone para abrir
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: O remetente solicitou uma autenticação de dois fatores via senha de uso único enviada para seu número <b>%{phone}</b>.
+  send_verification_code: Enviar código de verificação
+  code_has_been_resent: Código foi reenviado
+  invalid_code: Código inválido
  always_enforce_signing_order: Sempre impor a ordem de assinatura
  bcc_recipients: Destinatários BCC
  edit_per_party: Edita por festa
@ -3869,6 +3894,11 @@ pt: &pt
      read: Ler seus dados

 de: &de
+  require_phone_2fa_to_open: Telefon-2FA zum Öffnen erforderlich
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Der Absender hat eine Zwei-Faktor-Authentifizierung per Einmalpasswort angefordert, das an Ihre <b>%{phone}</b>-Telefonnummer gesendet wurde.
+  send_verification_code: Bestätigungscode senden
+  code_has_been_resent: Code wurde erneut gesendet
+  invalid_code: Ungültiger Code
  always_enforce_signing_order: Immer die Reihenfolge der Unterschriften erzwingen
  bcc_recipients: BCC-Empfänger
  edit_per_party: Bearbeiten pro Partei
@ -4639,6 +4669,11 @@ de: &de
      read: Lese deine Daten

 pl:
+  require_phone_2fa_to_open: Wymagaj uwierzytelniania telefonicznego 2FA do otwarcia
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Nadawca zażądał uwierzytelnienia dwuetapowego poprzez jednorazowe hasło wysłane na Twój <b>%{phone}</b> numer telefonu.
+  send_verification_code: Wyślij kod weryfikacyjny
+  code_has_been_resent: Kod został wysłany ponownie
+  invalid_code: Niepoprawny kod
  awaiting_completion_by_the_other_party: "Oczekuje na dokończenie przez drugą stronę"
  view: Widok
  hi_there: Cześć,
@ -4698,6 +4733,11 @@ pl:
  resend_code: Wyślij Kod Ponownie

 uk:
+  require_phone_2fa_to_open: Вимагати двофакторну автентифікацію через телефон для відкриття
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Відправник запросив двофакторну автентифікацію за допомогою одноразового пароля, відправленого на ваш номер телефону <b>%{phone}</b>.
+  send_verification_code: Надіслати код підтвердження
+  code_has_been_resent: Код повторно надіслано
+  invalid_code: Невірний код
  awaiting_completion_by_the_other_party: "Очікує завершення з боку іншої сторони"
  view: Переглянути
  hi_there: Привіт,
@ -4757,6 +4797,11 @@ uk:
  resend_code: Відправити код знову

 cs:
+  require_phone_2fa_to_open: Vyžadovat otevření pomocí telefonního 2FA
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: Odesílatel požádal o dvoufaktorové ověření pomocí jednorázového hesla zaslaného na vaše telefonní číslo <b>%{phone}</b>.
+  send_verification_code: Odeslat ověřovací kód
+  code_has_been_resent: Kód byl znovu odeslán
+  invalid_code: Neplatný kód
  awaiting_completion_by_the_other_party: "Čeká se na dokončení druhou stranou"
  view: Zobrazit
  hi_there: Ahoj,
@ -4816,6 +4861,11 @@ cs:
  resend_code: Znovu Odeslat Kód

 he:
+  require_phone_2fa_to_open: דרוש אימות דו-שלבי באמצעות טלפון לפתיחה
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: השולח ביקש אימות דו-שלבי באמצעות סיסמה חד פעמית שנשלחה למספר הטלפון שלך <b>%{phone}</b>.
+  send_verification_code: שלח קוד אימות
+  code_has_been_resent: הקוד נשלח מחדש
+  invalid_code: קוד שגוי
  awaiting_completion_by_the_other_party: "המתנה להשלמה מצד הצד השני"
  view: תצוגה
  hi_there: שלום,
@ -4875,6 +4925,11 @@ he:
  resend_code: שלח קוד מחדש

 nl:
+  require_phone_2fa_to_open: Vereis telefoon 2FA om te openen
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: De afzender heeft gevraagd om tweefactorauthenticatie via een eenmalig wachtwoord, verzonden naar uw <b>%{phone}</b> telefoonnummer.
+  send_verification_code: Verificatiecode verzenden
+  code_has_been_resent: Code is opnieuw verzonden
+  invalid_code: Invalid code
  awaiting_completion_by_the_other_party: "In afwachting van voltooiing door de andere partij"
  view: Bekijken
  hi_there: Hallo,
@ -4934,6 +4989,11 @@ nl:
  resend_code: Code Opnieuw Verzenden

 ar:
+  require_phone_2fa_to_open: "تطلب فتح عبر تحقق الهاتف ذو العاملين"
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: "المرسل طلب تحقق ذو عاملين عبر كلمة مرور لمرة واحدة مرسل إلى رقم هاتفك <b>%{phone}</b>."
+  send_verification_code: "إرسال رمز التحقق"
+  code_has_been_resent: "تم إعادة إرسال الرمز"
+  invalid_code: "رمز غير صالح"
  awaiting_completion_by_the_other_party: "في انتظار إكتمال الطرف الآخر"
  view: عرض
  hi_there: مرحبا,
@ -4993,6 +5053,11 @@ ar:
  resend_code: إعادة إرسال الرمز

 ko:
+  require_phone_2fa_to_open: 휴대폰 2FA를 열 때 요구함
+  the_sender_has_requested_a_two_factor_authentication_via_one_time_password_sent_to_your_html: 발신자가 <b>%{phone}</b> 전화번호로 보내진 일회용 비밀번호를 통해 이중 인증을 요청했습니다.
+  send_verification_code: 인증 코드 보내기
+  code_has_been_resent: 코드가 재전송되었습니다.
+  invalid_code: 잘못된 코드
  awaiting_completion_by_the_other_party: "다른 당사자의 완료를 기다리고 있습니다"
  view: 보기
  hi_there: 안녕하세요,
--- a/lib/api_path_consider_json_middleware.rb
+++ b/lib/api_path_consider_json_middleware.rb
@ -8,7 +8,9 @@ class ApiPathConsiderJsonMiddleware
  def call(env)
    if env['PATH_INFO'].starts_with?('/api') &&
       (!env['PATH_INFO'].ends_with?('/documents') || env['REQUEST_METHOD'] != 'POST') &&
-       !env['PATH_INFO'].ends_with?('/attachments')
+       !env['PATH_INFO'].ends_with?('/attachments') &&
+       !env['PATH_INFO'].ends_with?('/submitter_sms_clicks') &&
+       !env['PATH_INFO'].ends_with?('/submitter_email_clicks')
      env['CONTENT_TYPE'] = 'application/json'
    end