Closed
Conversation
## Ticket(s) lié(s) 1334 ## Description Les comptes OVA secondaires à valider n'apparaissaient plus dans la liste des utilisateurs à valider. Amélioration au passage de la récupération de l'adresse ## Screenshot / liens loom Avant : <img width="1309" height="612" alt="image" src="https://github.com/user-attachments/assets/2fa6539b-5d0e-4dbc-a54d-b35309521804" /> Après <img width="1205" height="298" alt="image" src="https://github.com/user-attachments/assets/09f043fe-c50a-4e4b-acfc-896239d2db67" /> ## Check-list - [X] Ma branche est rebase sur main - [ ] Des tests ont été écrits pour tous les endpoints créés ou modifiés - [ ] Refacto "à la volée" des parties sur lesquelles j'ai codée - [X] Plus de `console.log` - [ ] J'ai ajouté une validation de schéma sur la route que j'ai ajouté ou modifié - [ ] J'ai converti les fichiers vue en `<script lang="ts">` - [ ] Mon code est en Typescript (autant que possible) **Testing instructions** Pré-requis : Avoir un compte OVA principal validé Séquence : Je créé un compte avec un siret d’un établissement secondaire Je valide mon email dans la messagerie Connecté avec un compte sur l’OVA Siège social dans le menu Organisateurs puis Liste des utilisateurs Je dois voir : Mon compte OVA principal Le compte OVA secondaire à valider
revu-bot
reviewed
Feb 23, 2026
Collaborator
revu-bot
left a comment
revu-bot
left a comment
There was a problem hiding this comment.
Summary
This PR fixes a critical bug where secondary OVA accounts weren't appearing in the user validation list. The fix modifies the SQL query to match accounts by SIREN (first 9 digits) instead of full SIRET, allowing secondary establishments to be properly retrieved.
Key Changes
- Backend SQL Query: Modified to use SIREN-based matching (
substr(u.siret,1,9)) instead of exact SIRET matching - Address Retrieval: Added fallback to
opm_etablissementstable with UNION for better address coverage - Frontend Error Handling: Added try-catch block to prevent crashes when parsing malformed addresses
Issues Found
- [CRITICAL] SQL injection vulnerability in UNION query with unvalidated SIRET
- [IMPORTANT] Inconsistent whitespace (tabs mixed with spaces) in SQL query
- [IMPORTANT] Missing null/undefined check before string operations
- [MINOR] Silent error handling may hide data quality issues
revu-bot
reviewed
Feb 23, 2026
revu-bot
reviewed
Feb 23, 2026
revu-bot
reviewed
Feb 23, 2026
olivier-rabot
changed the title
olivier-rabot
temporarily deployed
to
production
GitHub Actions
Inactive
olivier-rabot
temporarily deployed
to
review-auto
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release 1.26.1