feat: Securisation du Backend

2026-04-04 02:01:28 +00:00 · 2026-02-27 10:45:36 +01:00
parent 2fef6d61a4
commit fa843097ba
55 changed files with 2898 additions and 910 deletions
--- a/Back-End/GestionEmail/views.py
+++ b/Back-End/GestionEmail/views.py
@ -2,6 +2,8 @@ from django.http.response import JsonResponse
 from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework import status
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
 from django.db.models import Q
 from Auth.models import Profile, ProfileRole

@ -20,9 +22,11 @@ class SendEmailView(APIView):
    """
    API pour envoyer des emails aux parents et professeurs.
    """
+    permission_classes = [IsAuthenticated]
+
    def post(self, request):
        # Ajouter du debug
-        logger.info(f"Request data received: {request.data}")
+        logger.info(f"Request data received (keys): {list(request.data.keys()) if request.data else []}")  # Ne pas logger les valeurs (RGPD)
        logger.info(f"Request content type: {request.content_type}")

        data = request.data
@ -34,11 +38,9 @@ class SendEmailView(APIView):
        establishment_id = data.get('establishment_id', '')

        # Debug des données reçues
-        logger.info(f"Recipients: {recipients} (type: {type(recipients)})")
-        logger.info(f"CC: {cc} (type: {type(cc)})")
-        logger.info(f"BCC: {bcc} (type: {type(bcc)})")
+        logger.info(f"Recipients (count): {len(recipients)}")
        logger.info(f"Subject: {subject}")
-        logger.info(f"Message length: {len(message) if message else 0}")
+        logger.debug(f"Message length: {len(message) if message else 0}")
        logger.info(f"Establishment ID: {establishment_id}")

        if not recipients or not message:
@ -70,12 +72,12 @@ class SendEmailView(APIView):
            logger.error(f"NotFound error: {str(e)}")
            return Response({'error': str(e)}, status=status.HTTP_404_NOT_FOUND)
        except Exception as e:
-            logger.error(f"Exception during email sending: {str(e)}")
-            logger.error(f"Exception type: {type(e)}")
-            import traceback
-            logger.error(f"Traceback: {traceback.format_exc()}")
-            return Response({'error': str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+            logger.error(f"Exception during email sending: {str(e)}", exc_info=True)
+            return Response({'error': 'Erreur lors de l\'envoi de l\'email'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

+
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
 def search_recipients(request):
    """
    API pour rechercher des destinataires en fonction d'un terme de recherche et d'un établissement.