Merge branch 'develop' into feature/change_base_image_gdal_3.8.3

.env.example

@@ -104,3 +104,5 @@ USE_THUMBOR=false
 # For dockerized thumbor service not exposed over the Internet, attache Geocity to its network with this override on top of this file:
 # COMPOSE_FILE=docker-compose.yml:docker-compose.thumbor.yml
 THUMBOR_SERVICE_URL="http://nginx-proxy"
+# https://docs.djangoproject.com/en/5.0/ref/settings/#csrf-trusted-origins
+CSRF_TRUSTED_ORIGINS=https://yoursite.geocity

README.md

@@ -1,6 +1,6 @@
 # Geocity - build your (geo)-forms easily! ![Geocity CI](https://github.com/yverdon/geocity/workflows/Geocity%20CI/badge.svg?branch=main)
 
-**[What is Geocity ?](https://geocity.ch/about)**
+**[What is Geocity ?](https://geocity-asso.ch)**
 
 **[Features and user guide](https://github.com/yverdon/geocity/wiki)**
 

docker-compose.yml

@@ -79,6 +79,7 @@ services:
       SITE_DOMAIN:
       USE_THUMBOR:
       THUMBOR_SERVICE_URL:
+      CSRF_TRUSTED_ORIGINS:
     ports:
       - "${DJANGO_DOCKER_PORT}:9000"
     networks:

geocity/apps/accounts/templates/account/lockout.html

@@ -25,7 +25,7 @@ <h3>{% translate "Votre compte a été verrouillé par mesure de sécurité. Mer
         <small>
           &copy; {% now "Y" %} Geocity
           &nbsp;|&nbsp;
-          <a href="https://geocity.ch/about" target="_blank" rel="noreferrer">{% translate "A propos" %}</a>
+          <a href="https://geocity-asso.ch" target="_blank" rel="noreferrer">{% translate "A propos" %}</a>
           {% if config.CONTACT_URL %}
             &nbsp;|&nbsp;
             <a href="{{ config.CONTACT_URL }}" target="_blank" rel="noreferrer">{% translate "Contact" %}</a>

geocity/apps/api/views.py

@@ -1,6 +1,6 @@
-import datetime
 import mimetypes
 import os
+from datetime import datetime, timedelta, timezone
 
 import requests
 from django.conf import settings
@@ -65,13 +65,13 @@ def get_queryset(self):
 
         base_filter = Q()
         if starts_at:
-            start = datetime.datetime.strptime(starts_at, "%Y-%m-%d")
+            start = datetime.strptime(starts_at, "%Y-%m-%d")
             base_filter &= Q(starts_at__gte=start)
         if ends_at:
-            end = datetime.datetime.strptime(ends_at, "%Y-%m-%d")
+            end = datetime.strptime(ends_at, "%Y-%m-%d")
             base_filter &= Q(ends_at__lte=end)
         if show_only_future == "true":
-            base_filter &= Q(ends_at__gte=datetime.datetime.now())
+            base_filter &= Q(ends_at__gte=datetime.now())
         if administrative_entities:
             base_filter &= Q(
                 submission__administrative_entity__in=administrative_entities.split(",")
@@ -90,7 +90,7 @@ def get_queryset(self):
             ).select_related("category"),
         )
 
-        today = datetime.datetime.today()
+        today = datetime.today()
         current_inquiry_prefetch = Prefetch(
             "submission__inquiries",
             queryset=SubmissionInquiry.objects.filter(
@@ -241,7 +241,7 @@ def get_queryset(self, geom_type=None):
             queryset=Form.objects.select_related("category"),
         )
 
-        today = datetime.datetime.today()
+        today = datetime.today()
         current_inquiry_prefetch = Prefetch(
             "inquiries",
             queryset=SubmissionInquiry.objects.filter(
@@ -485,6 +485,18 @@ def get_queryset(self):
 SubmissionPolyViewSet = submission_view_set_subset_factory("polygons")
 
 
+class CustomFileResponse(FileResponse):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        # Add header Expires
+        expiration_date = datetime.now() + timedelta(days=7)
+        expiration_date_http_format = expiration_date.strftime(
+            "%a, %d %b %Y %H:%M:%S GMT"
+        )
+        self["Expires"] = expiration_date_http_format
+
+
 def image_display(request, submission_id, image_name):
     safe_submission_id = get_valid_filename(submission_id)
     safe_image_name = get_valid_filename(image_name)
@@ -496,7 +508,7 @@ def image_display(request, submission_id, image_name):
     ):
         image_file = open(image_path, "rb")
         mime_type, encoding = mimetypes.guess_type(image_path)
-        response = FileResponse(image_file, content_type=mime_type)
+        response = CustomFileResponse(image_file, content_type=mime_type)
         return response
     else:
         return JsonResponse({"message": "unauthorized."}, status=404)
@@ -541,7 +553,7 @@ def image_thumbor_display(request, submission_id, image_name):
         response = requests.get(image_url)
 
     mime_type = get_mime_type(response.content)
-    thumbor_response = FileResponse(response, content_type=mime_type)
+    thumbor_response = CustomFileResponse(response, content_type=mime_type)
 
     return thumbor_response
 
@@ -625,21 +637,19 @@ def get_queryset(self):
             submissions = get_agenda_submissions(entities, submissions)
 
         if "starts_at" in query_params:
-            starts_at = datetime.datetime.strptime(
-                query_params["starts_at"], "%Y-%m-%d"
-            )
-            starts_at = starts_at.replace(tzinfo=datetime.timezone.utc)
+            starts_at = datetime.strptime(query_params["starts_at"], "%Y-%m-%d")
+            starts_at = starts_at.replace(tzinfo=timezone.utc)
             submissions = submissions.filter(geo_time__ends_at__gte=starts_at)
 
         if "ends_at" in query_params:
-            ends_at = datetime.datetime.strptime(query_params["ends_at"], "%Y-%m-%d")
+            ends_at = datetime.strptime(query_params["ends_at"], "%Y-%m-%d")
             ends_at = ends_at.replace(
-                hour=23, minute=59, second=59, tzinfo=datetime.timezone.utc
+                hour=23, minute=59, second=59, tzinfo=timezone.utc
             )
             submissions = submissions.filter(geo_time__starts_at__lte=ends_at)
 
         if "starts_at" not in query_params and "ends_at" not in query_params:
-            today = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(
+            today = datetime.now(timezone.utc) + timedelta(
                 hours=settings.LOCAL_TIME_ZONE_UTC
             )
             submissions = submissions.filter(geo_time__ends_at__gte=today)

geocity/apps/core/templates/base_generic.html

@@ -206,7 +206,7 @@
           <small>
             &copy; {% now "Y" %} Geocity
             &nbsp;|&nbsp;
-            <a href="https://geocity.ch/about" target="_blank" rel="noreferrer">{% translate "A propos" %}</a>
+            <a href="https://geocity-asso.ch" target="_blank" rel="noreferrer">{% translate "A propos" %}</a>
             {% if config.CONTACT_URL %}
               &nbsp;|&nbsp;
               <a href="{{ config.CONTACT_URL }}" target="_blank" rel="noreferrer">{% translate "Contact" %}</a>

geocity/apps/reports/management/commands/add_payment_reports.py

@@ -65,33 +65,35 @@ def _create_payment_report(self, group, layout):
             order=4,
             report=report,
             title="",
-            content="""<table border="1" cellpadding="1" cellspacing="1" style="width:100%">
-	<tbody>
-		<tr>
-			<td><strong>Libell&eacute;</strong></td>
-			<td>&nbsp;</td>
-			<td style="text-align:right"><strong>Prix CHF TTC</strong></td>
-		</tr>
-		<tr>
-			<td>
-			<p>&nbsp;</p>
-
-			<p>{{ transaction_data.line_text }} : {{request_data.properties.submission_price.text}}</p>
-
-			<p>&nbsp;</p>
-			</td>
-			<td>&nbsp;</td>
-			<td style="text-align:right">{{request_data.properties.submission_price.amount}}</td>
-		</tr>
-		<tr>
-			<td><strong>Montant pay&eacute;</strong></td>
-			<td>&nbsp;</td>
-			<td style="text-align:right"><strong>{{request_data.properties.submission_price.amount}}</strong></td>
-		</tr>
-	</tbody>
-</table>
-
-<p>&nbsp;</p>""",
+            content="""<div class="raw-html-embed">
+    <table border="1" cellpadding="1" cellspacing="1" style="width:100%">
+        <tbody>
+            <tr>
+                <td><strong>Libell&eacute;</strong></td>
+                <td>&nbsp;</td>
+                <td style="text-align:right"><strong>Prix CHF TTC</strong></td>
+            </tr>
+            <tr>
+                <td>
+                <p>&nbsp;</p>
+
+                <p>{{ transaction_data.line_text }} : {{request_data.properties.submission_price.text}}</p>
+
+                <p>&nbsp;</p>
+                </td>
+                <td>&nbsp;</td>
+                <td style="text-align:right">{{request_data.properties.submission_price.amount}}</td>
+            </tr>
+            <tr>
+                <td><strong>Montant pay&eacute;</strong></td>
+                <td>&nbsp;</td>
+                <td style="text-align:right"><strong>{{request_data.properties.submission_price.amount}}</strong></td>
+            </tr>
+        </tbody>
+    </table>
+
+    <p>&nbsp;</p>
+</div>""",
         )
         section_paragraph_4.save()
 
@@ -149,33 +151,35 @@ def _create_refund_report(self, group, layout):
             order=4,
             report=report,
             title="",
-            content="""<table border="1" cellpadding="1" cellspacing="1" style="width:100%">
-	<tbody>
-		<tr>
-			<td><strong>Libell&eacute;</strong></td>
-			<td>&nbsp;</td>
-			<td style="text-align:right"><strong>Prix CHF TTC</strong></td>
-		</tr>
-		<tr>
-			<td>
-			<p>&nbsp;</p>
-
-			<p>{{ transaction_data.line_text }} : {{request_data.properties.submission_price.text}}</p>
-
-			<p>&nbsp;</p>
-			</td>
-			<td>&nbsp;</td>
-			<td style="text-align:right">-{{request_data.properties.submission_price.amount}}</td>
-		</tr>
-		<tr>
-			<td><strong>Montant rembours&eacute;</strong></td>
-			<td>&nbsp;</td>
-			<td style="text-align:right"><strong>-{{request_data.properties.submission_price.amount}}</strong></td>
-		</tr>
-	</tbody>
-</table>
-
-<p>&nbsp;</p>""",
+            content="""<div class="raw-html-embed">
+    <table border="1" cellpadding="1" cellspacing="1" style="width:100%">
+        <tbody>
+            <tr>
+                <td><strong>Libell&eacute;</strong></td>
+                <td>&nbsp;</td>
+                <td style="text-align:right"><strong>Prix CHF TTC</strong></td>
+            </tr>
+            <tr>
+                <td>
+                <p>&nbsp;</p>
+
+                <p>{{ transaction_data.line_text }} : {{request_data.properties.submission_price.text}}</p>
+
+                <p>&nbsp;</p>
+                </td>
+                <td>&nbsp;</td>
+                <td style="text-align:right">-{{request_data.properties.submission_price.amount}}</td>
+            </tr>
+            <tr>
+                <td><strong>Montant rembours&eacute;</strong></td>
+                <td>&nbsp;</td>
+                <td style="text-align:right"><strong>-{{request_data.properties.submission_price.amount}}</strong></td>
+            </tr>
+        </tbody>
+    </table>
+
+    <p>&nbsp;</p>
+</div>""",
         )
         section_paragraph_4.save()
 

geocity/apps/submissions/services.py

@@ -1,6 +1,7 @@
 import tempfile
 import zipfile
 from datetime import datetime
+from email.header import Header
 
 import filetype
 from constance import config
@@ -168,7 +169,7 @@ def send_validation_reminder(submission, absolute_uri_func):
 
 def send_email_notification(data, attachments=None):
     from_email_name = (
-        f'{data["submission"].administrative_entity.expeditor_name} '
+        f'{Header(data["submission"].administrative_entity.expeditor_name, "utf-8").encode()} '
         if data["submission"].administrative_entity.expeditor_name
         else ""
     )

geocity/apps/submissions/tables.py

@@ -1,5 +1,6 @@
 import collections
 import json
+from collections import OrderedDict
 from datetime import datetime, timedelta
 from io import BytesIO as IO
 
@@ -510,7 +511,7 @@ def create_export(self, export_format):
             # Handle null selected_forms (due to old bug YC-1093)
             if list_selected_forms:
                 sheet_name = "_".join(map(str, list_selected_forms))
-                ordered_dict = SubmissionPrintSerializer(submission).data
+                ordered_dict = OrderedDict(SubmissionPrintSerializer(submission).data)
                 ordered_dict.move_to_end("geometry")
                 data_dict = dict(ordered_dict)
                 data_str = json.dumps(data_dict)

geocity/apps/submissions/templates/submissions/emails/submission_changed.txt

@@ -11,7 +11,6 @@
 {% else %}
 {% translate "Vous pouvez la consulter sur le lien suivant" %}: {{ submission_url }}
 {% endif %}
-
 {% translate "Avec nos meilleures salutations," %}
 {% if administrative_entity.custom_signature %}
 {{ administrative_entity.custom_signature }}

geocity/apps/submissions/views.py

@@ -1255,6 +1255,15 @@ def anonymous_submission(request):
         raise Http404
 
 
+def display_warning_message_for_awaiting_supplement_submission(request):
+    messages.warning(
+        request,
+        _(
+            "N'oubliez pas de renvoyer le formulaire une fois que vous aurez ajouté les compléments demandés."
+        ),
+    )
+
+
 @redirect_bad_status_to_detail
 @login_required
 @user_passes_test(has_profile)
@@ -1450,6 +1459,9 @@ def submission_fields(request, submission_id):
         if form_payment is not None:
             requires_online_payment = form_payment.requires_online_payment
 
+    if submission.status == models.Submission.STATUS_AWAITING_SUPPLEMENT:
+        display_warning_message_for_awaiting_supplement_submission(request)
+
     if request.method == "POST":
         # Disable `required` fields validation to allow partial save
         form = forms.FieldsForm(
@@ -1650,6 +1662,9 @@ def submission_appendices(request, submission_id):
         current_step_type=StepType.APPENDICES,
     )
 
+    if submission.status == models.Submission.STATUS_AWAITING_SUPPLEMENT:
+        display_warning_message_for_awaiting_supplement_submission(request)
+
     if request.method == "POST":
         form = forms.AppendicesForm(
             instance=submission,
@@ -1703,6 +1718,9 @@ def submission_contacts(request, submission_id):
         request.POST or None, instance=submission
     )
 
+    if submission.status == models.Submission.STATUS_AWAITING_SUPPLEMENT:
+        display_warning_message_for_awaiting_supplement_submission(request)
+
     if request.method == "POST":
         formset = forms.get_submission_contacts_formset_initiated(
             submission, data=request.POST
@@ -1777,6 +1795,9 @@ def submission_geo_time(request, submission_id):
         ).all(),
     )
 
+    if submission.status == models.Submission.STATUS_AWAITING_SUPPLEMENT:
+        display_warning_message_for_awaiting_supplement_submission(request)
+
     if request.method == "POST":
         if formset.is_valid():
             with transaction.atomic():
@@ -1973,6 +1994,9 @@ def submission_submit(request, submission_id):
         if step.errors_count and step.url
     ]
 
+    if submission.status == models.Submission.STATUS_AWAITING_SUPPLEMENT:
+        display_warning_message_for_awaiting_supplement_submission(request)
+
     if request.method == "POST":
         if incomplete_steps:
             raise SuspiciousOperation

geocity/settings.py

@@ -42,6 +42,8 @@
 
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
+CSRF_TRUSTED_ORIGINS = os.getenv("CSRF_TRUSTED_ORIGINS").split(",")
+
 
 # SESSION TIMEOUT
 # default session time is one hour