SocialGouv
diff --git a/‎packages/backend/src/_migrations/1756117243342-manual-migration.ts‎
Lines changed: 151 additions & 0 deletions b/‎packages/backend/src/_migrations/1756117243342-manual-migration.ts‎
Lines changed: 151 additions & 0 deletions
diff --git a/‎packages/backend/src/usagers/controllers/security-tests/usager-docs.controller.security-tests.ts‎
Lines changed: 97 additions & 0 deletions b/‎packages/backend/src/usagers/controllers/security-tests/usager-docs.controller.security-tests.ts‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎packages/backend/src/usagers/controllers/usager-docs.controller.ts‎
Lines changed: 51 additions & 2 deletions b/‎packages/backend/src/usagers/controllers/usager-docs.controller.ts‎
Lines changed: 51 additions & 2 deletions
diff --git a/‎packages/backend/src/usagers/controllers/usagers-decision.controller.ts‎
Lines changed: 9 additions & 2 deletions b/‎packages/backend/src/usagers/controllers/usagers-decision.controller.ts‎
Lines changed: 9 additions & 2 deletions
@@ -0,0 +1,151 @@
+import { MigrationInterface, QueryRunner } from "typeorm";
+import { v4 as uuidv4 } from "uuid";
+import { appLogger } from "../util";
+import { UsagerTable } from "../database";
+
+export class AddUuidToUsagerHistorique1756117243342
+  implements MigrationInterface
+{
+  name = "addUuidToUsagerHistorique1756117243342";
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    appLogger.warn(
+      "Début de la migration: ajout UUID aux éléments d'historique"
+    );
+
+    const countResult = await queryRunner.query(`
+      SELECT COUNT(*) as total
+      FROM usager u
+      WHERE u.historique IS NOT NULL
+        AND jsonb_array_length(u.historique) > 0
+        AND EXISTS (
+            SELECT 1
+            FROM jsonb_array_elements(u.historique) AS hist_elem
+            WHERE hist_elem->>'uuid' IS NULL
+               OR hist_elem->'uuid' IS NULL
+               OR NOT (hist_elem ? 'uuid')
+        )
+    `);
+
+    const totalUsagers = parseInt(countResult[0].total, 10);
+    appLogger.warn(`Total d'usagers concernés: ${totalUsagers}`);
+
+    if (totalUsagers === 0) {
+      appLogger.warn("Aucun usager concerné, fin de la migration");
+      return;
+    }
+
+    // Récupérer tous les usagers concernés
+    const usagersResult = await queryRunner.query(`
+      SELECT u.uuid, u.historique
+      FROM usager u
+      WHERE u.historique IS NOT NULL
+        AND jsonb_array_length(u.historique) > 0
+        AND EXISTS (
+            SELECT 1
+            FROM jsonb_array_elements(u.historique) AS hist_elem
+            WHERE hist_elem->>'uuid' IS NULL
+               OR hist_elem->'uuid' IS NULL
+               OR NOT (hist_elem ? 'uuid')
+        )
+      ORDER BY u.uuid
+    `);
+
+    const batchSize = 200;
+    let processedCount = 0;
+
+    // Traitement par batch de 200
+    for (let i = 0; i < usagersResult.length; i += batchSize) {
+      const batch = usagersResult.slice(i, i + batchSize);
+
+      const manager = queryRunner.manager;
+      await queryRunner.startTransaction();
+
+      try {
+        appLogger.warn(
+          `Traitement du batch ${Math.floor(i / batchSize) + 1}/${Math.ceil(
+            usagersResult.length / batchSize
+          )} (${batch.length} usagers)`
+        );
+
+        for (const usager of batch) {
+          const historique = usager.historique;
+          let modified = false;
+
+          for (const decision of historique) {
+            if (
+              !decision?.uuid ||
+              decision?.uuid === null ||
+              decision?.uuid === undefined
+            ) {
+              decision.uuid = uuidv4();
+              modified = true;
+            }
+          }
+          if (modified) {
+            await manager.update(
+              UsagerTable,
+              { uuid: usager.uuid },
+              { historique }
+            );
+            processedCount++;
+          }
+        }
+
+        await queryRunner.commitTransaction();
+        appLogger.warn(
+          `Batch traité avec succès (${processedCount} usagers modifiés au total)`
+        );
+      } catch (error) {
+        await queryRunner.rollbackTransaction();
+        appLogger.error(
+          `Erreur lors du traitement du batch ${
+            Math.floor(i / batchSize) + 1
+          }:`,
+          error
+        );
+        throw error;
+      }
+    }
+
+    // Vérification finale
+    const finalCountResult = await queryRunner.query(`
+      SELECT COUNT(*) as remaining
+      FROM usager u
+      WHERE u.historique IS NOT NULL
+        AND jsonb_array_length(u.historique) > 0
+        AND EXISTS (
+            SELECT 1
+            FROM jsonb_array_elements(u.historique) AS hist_elem
+            WHERE hist_elem->>'uuid' IS NULL
+               OR hist_elem->'uuid' IS NULL
+               OR NOT (hist_elem ? 'uuid')
+        )
+    `);
+
+    const remainingUsagers = parseInt(finalCountResult[0].remaining, 10);
+
+    if (remainingUsagers === 0) {
+      appLogger.warn(
+        `Migration réussie: ${processedCount} usagers modifiés, 0 usager restant sans UUID`
+      );
+    } else {
+      appLogger.error(
+        `Migration incomplète: ${remainingUsagers} usagers restent sans UUID`
+      );
+      throw new Error(
+        `Migration incomplète: ${remainingUsagers} usagers restent sans UUID`
+      );
+    }
+  }
+
+  public async down(): Promise<void> {
+    appLogger.warn(
+      "Rollback de la migration: suppression des UUID ajoutés dans l'historique"
+    );
+
+    appLogger.warn(
+      "Rollback ignoré pour éviter la suppression d'UUID légitimes"
+    );
+  }
+}
@@ -15,6 +15,103 @@ const CONTROLLER = "UsagerDocsController";
 
 export const UsagerDocsControllerSecurityTests: AppTestHttpClientSecurityTestDef[] =
   [
+    {
+      label: `${CONTROLLER}.getCerfa - without decisionUuid`,
+      query: async (context: AppTestContext) => ({
+        response: await AppTestHttpClient.get("/docs/cerfa/1/attestation", {
+          context,
+        }),
+        expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
+          context.user,
+          {
+            roles: ["simple", "responsable", "admin", "agent"],
+            validExpectedResponseStatus: HttpStatus.OK,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
+          }
+        ),
+      }),
+    },
+    {
+      label: `${CONTROLLER}.getCerfa - with valid decisionUuid`,
+      query: async (context: AppTestContext) => ({
+        response: await AppTestHttpClient.get(
+          "/docs/cerfa/1/attestation?decisionUuid=52ba789e-eb21-4d84-9176-abe1e0d3c778",
+          {
+            context,
+          }
+        ),
+        expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
+          context.user,
+          {
+            roles: ["simple", "responsable", "admin", "agent"],
+            validExpectedResponseStatus: HttpStatus.OK,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
+          }
+        ),
+      }),
+    },
+    {
+      label: `${CONTROLLER}.getCerfa - with invalid UUID format`,
+      query: async (context: AppTestContext) => ({
+        response: await AppTestHttpClient.get(
+          "/docs/cerfa/1/attestation?decisionUuid=invalid-uuid",
+          {
+            context,
+          }
+        ),
+        expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
+          context.user,
+          {
+            roles: ["simple", "responsable", "admin", "agent"],
+            validExpectedResponseStatus: HttpStatus.BAD_REQUEST, // Invalid UUID format
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
+          }
+        ),
+      }),
+    },
+    {
+      label: `${CONTROLLER}.getCerfa - with non-existing decisionUuid`,
+      query: async (context: AppTestContext) => ({
+        response: await AppTestHttpClient.get(
+          "/docs/cerfa/1/attestation?decisionUuid=f47ac10b-58cc-4372-a567-0e02b2c3d479",
+          {
+            context,
+          }
+        ),
+        expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
+          context.user,
+          {
+            roles: ["simple", "responsable", "admin", "agent"],
+            validExpectedResponseStatus: HttpStatus.BAD_REQUEST, // Non-existing decision
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
+          }
+        ),
+      }),
+    },
+    {
+      label: `${CONTROLLER}.getCerfa - legacy route support (if maintained)`,
+      query: async (context: AppTestContext) => ({
+        response: await AppTestHttpClient.get(
+          "/docs/1/c669f08b-74a8-4ffc-8128-c9e29e2fd535",
+          {
+            context,
+          }
+        ),
+        expectedStatus: expectedResponseStatusBuilder.allowStructureOnly(
+          context.user,
+          {
+            roles: ["simple", "responsable", "admin", "agent"],
+            validExpectedResponseStatus: HttpStatus.OK,
+            invalidStructureIdExpectedResponseStatus: HttpStatus.BAD_REQUEST,
+            validStructureIds: [1],
+          }
+        ),
+      }),
+    },
     {
       label: `${CONTROLLER}.getDocument`,
       query: async (context: AppTestContext) => ({
 
@@ -1,14 +1,17 @@
 import {
+  BadRequestException,
   Body,
   Controller,
   Delete,
   Get,
   HttpStatus,
   Param,
+  ParseEnumPipe,
   ParseIntPipe,
   ParseUUIDPipe,
   Patch,
   Post,
+  Query,
   Res,
   UploadedFile,
   UseGuards,
@@ -40,16 +43,20 @@ import { PatchUsagerDocDto, PostUsagerDocDto } from "../dto";
 import crypto from "node:crypto";
 import { ExpressRequest } from "../../util/express";
 import { FILES_SIZE_LIMIT } from "../../util/file-manager";
-import { join } from "node:path";
+import { join, resolve } from "node:path";
 import { FileManagerService } from "../../util/file-manager/file-manager.service";
-import { Usager, UsagerDoc } from "@domifa/common";
+import { CerfaDocType, Usager, UsagerDoc } from "@domifa/common";
 import {
   USAGER_DOCS_FIELDS_TO_SELECT,
   usagerDocsRepository,
   UsagerDocsTable,
 } from "../../database";
 import { Response } from "express";
 import { appLogger } from "../../util";
+import { input } from "node-pdftk";
+import { generateCerfaData } from "../utils";
+import { readFile } from "fs-extra";
+import { isUUID } from "class-validator";
 
 @UseGuards(AuthGuard("jwt"), AppUserGuard)
 @ApiTags("docs")
@@ -223,6 +230,48 @@ export class UsagerDocsController {
     return res.status(HttpStatus.OK).json(docs);
   }
 
+  @UseGuards(UsagerAccessGuard)
+  @AllowUserStructureRoles("admin", "agent", "responsable", "simple")
+  @Get("cerfa/:usagerRef/:typeCerfa")
+  public async getCerfa(
+    @Res() res: Response,
+    @Param("typeCerfa", new ParseEnumPipe(CerfaDocType))
+    typeCerfa: CerfaDocType,
+    @Param("usagerRef", new ParseIntPipe()) _usagerRef: number,
+    @CurrentUser() user: UserStructureAuthenticated,
+    @CurrentUsager() currentUsager: Usager,
+    @Query("decisionUuid") decisionUuid?: string
+  ) {
+    if (decisionUuid && !isUUID(decisionUuid)) {
+      throw new BadRequestException("decisionUuid must be a valid UUID");
+    }
+
+    const pdfForm =
+      typeCerfa === CerfaDocType.attestation ||
+      typeCerfa === CerfaDocType.attestation_future
+        ? "../../_static/static-docs/attestation.pdf"
+        : "../../_static/static-docs/demande.pdf";
+
+    const pdfInfos = generateCerfaData(
+      currentUsager,
+      user,
+      typeCerfa,
+      decisionUuid
+    );
+
+    const filePath = await readFile(resolve(__dirname, pdfForm));
+
+    try {
+      const buffer = await input(filePath).fillForm(pdfInfos).output();
+      return res.setHeader("content-type", "application/pdf").send(buffer);
+    } catch (err) {
+      appLogger.error(err);
+      return res
+        .status(HttpStatus.INTERNAL_SERVER_ERROR)
+        .json({ message: "CERFA_ERROR" });
+    }
+  }
+
   @Get(":usagerRef")
   @UseGuards(UsagerAccessGuard)
   public async getUsagerDocuments(
 
@@ -34,6 +34,8 @@ import {
   UsagerDecision,
   UsagerNote,
   Usager,
+  UsagerDecisionStatut,
+  UserStructureRole,
 } from "@domifa/common";
 import { format } from "date-fns";
 import { getLastInteractionOut } from "../../modules/interactions/services";
@@ -59,9 +61,14 @@ export class UsagersDecisionController {
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     @Param("usagerRef", new ParseIntPipe()) _usagerRef: number
   ): Promise<Usager> {
+    const decisionsToCheck: UsagerDecisionStatut[] = [
+      "ATTENTE_DECISION",
+      "INSTRUCTION",
+    ];
+    const rightsToCheck: UserStructureRole[] = ["responsable", "admin"];
     if (
-      !["ATTENTE_DECISION", "INSTRUCTION"].includes(decision.statut) &&
-      !["reposable", "admmin"].includes(user.role)
+      !decisionsToCheck.includes(decision.statut) &&
+      !rightsToCheck.includes(user.role)
     ) {
       throw new Error("CANNOT_SET_DECISION");
     }