demarches-normaliennes/spec/controllers/france_connect/particulier_controller_spec.rb

describe FranceConnect::ParticulierController, type: :controller do
  let(:birthdate) { '20150821' }
  let(:email) { 'EMAIL_from_fc@test.com' }

  let(:user_info) do
    {
      france_connect_particulier_id: 'blablabla',
      given_name: 'titi',
      family_name: 'toto',
      birthdate: birthdate,
      birthplace: '1234',
      gender: 'M',
      email_france_connect: email
    }
  end

  describe '#auth' do
    subject { get :login }

    it { is_expected.to have_http_status(:redirect) }
  end

  describe '#callback' do
    let(:code) { 'plop' }

    subject { get :callback, params: { code: code } }

    context 'when params are missing' do
      subject { get :callback }

      it { is_expected.to redirect_to(new_user_session_path) }
    end

    context 'when param code is missing' do
      let(:code) { nil }

      it { is_expected.to redirect_to(new_user_session_path) }
    end

    context 'when param code is empty' do
      let(:code) { '' }

      it { is_expected.to redirect_to(new_user_session_path) }
    end

    context 'when code is correct' do
      before do
        allow(FranceConnectService).to receive(:retrieve_user_informations_particulier)
          .and_return(FranceConnectInformation.new(user_info))
      end

      context 'when france_connect_particulier_id exists in database' do
        let!(:fci) { FranceConnectInformation.create!(user_info.merge(user_id: fc_user&.id)) }

        context 'and is linked to an user' do
          let(:fc_user) { create(:user, email: 'associated_user@a.com') }

          it { expect { subject }.not_to change { FranceConnectInformation.count } }

          it 'signs in with the fci associated user' do
            subject
            expect(controller.current_user).to eq(fc_user)
            expect(fc_user.reload.loged_in_with_france_connect).to eq(User.loged_in_with_france_connects.fetch(:particulier))
          end

          context 'and the user has a stored location' do
            let(:stored_location) { '/plip/plop' }
            before { controller.store_location_for(:user, stored_location) }

            it { is_expected.to redirect_to(stored_location) }
          end
        end

        context 'and is linked an instructeur' do
          let(:fc_user) { create(:instructeur, email: 'another_email@a.com').user }

          before { subject }

          it do
            expect(response).to redirect_to(new_user_session_path)
            expect(flash[:alert]).to be_present
          end
        end

        context 'and is not linked to an user' do
          let(:fc_user) { nil }

          context 'and no user with the same email exists' do
            it 'creates an user with the same email and log in' do
              expect { subject }.to change { User.count }.by(1)

              user = User.last

              expect(user.email).to eq(email.downcase)
              expect(controller.current_user).to eq(user)
              expect(response).to redirect_to(root_path)
            end
          end

          context 'and an user with the same email exists' do
            let!(:preexisting_user) { create(:user, email: email) }

            it 'redirects to the merge process' do
              expect { subject }.not_to change { User.count }

              expect(response).to redirect_to(france_connect_particulier_merge_path(fci.reload.merge_token))
            end
          end
        end
      end

      context 'when france_connect_particulier_id does not exist in database' do
        it { expect { subject }.to change { FranceConnectInformation.count }.by(1) }

        describe 'FranceConnectInformation attributs' do
          let(:stored_fci) { FranceConnectInformation.last }

          before { subject }

          it { expect(stored_fci).to have_attributes(user_info.merge(birthdate: Time.zone.parse(birthdate).to_datetime)) }
        end

        it { is_expected.to redirect_to(root_path) }
      end
    end

    context 'when code is not correct' do
      before do
        allow(FranceConnectService).to receive(:retrieve_user_informations_particulier) { raise Rack::OAuth2::Client::Error.new(500, error: 'Unknown') }
        subject
      end

      it { expect(response).to redirect_to(new_user_session_path) }

      it { expect(flash[:alert]).to be_present }
    end
  end

  describe '#merge' do
    let(:fci) { FranceConnectInformation.create!(user_info) }
    let(:merge_token) { fci.create_merge_token! }

    subject { get :merge, params: { merge_token: merge_token } }

    context 'when the merge token is valid' do
      it { expect(subject).to have_http_status(:ok) }
    end

    context 'when the merge token is invalid' do
      before do
        merge_token
        fci.update(merge_token_created_at: 2.years.ago)
      end

      it do
        expect(subject).to redirect_to root_path
        expect(flash.alert).to eq('Votre compte FranceConnect a expiré, veuillez recommencer.')
      end
    end

    context 'when the merge token does not exist' do
      let(:merge_token) { 'i do not exist' }

      it do
        expect(subject).to redirect_to root_path
        expect(flash.alert).to eq('Votre compte FranceConnect a expiré, veuillez recommencer.')
      end
    end
  end
end
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`describe FranceConnect::ParticulierController, type: :controller do`
			`let(:birthdate) { '20150821' }`
launch merge process if an unlinked DS account with the same email exists 2021-10-13 00:45:20 +02:00			`let(:email) { 'EMAIL_from_fc@test.com' }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
FC ParticulierControllerSpec: final clean 2018-01-16 15:29:37 +01:00			`let(:user_info) do`
			`{`
			`france_connect_particulier_id: 'blablabla',`
			`given_name: 'titi',`
			`family_name: 'toto',`
			`birthdate: birthdate,`
			`birthplace: '1234',`
			`gender: 'M',`
			`email_france_connect: email`
			`}`
			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
FC ParticulierControllerSpec: simplier auth spec 2018-01-16 13:37:38 +01:00			`describe '#auth' do`
			`subject { get :login }`

			`it { is_expected.to have_http_status(:redirect) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`

FC ParticulierControllerSpec: callback handle empty string 2018-01-16 13:45:12 +01:00			`describe '#callback' do`
FC ParticulierControllerSpec: final clean 2018-01-16 15:29:37 +01:00			`let(:code) { 'plop' }`

Enable the Layout/SpaceInsideHashLiteralBraces cop 2018-01-16 13:34:24 +01:00			`subject { get :callback, params: { code: code } }`
FC ParticulierControllerSpec: callback handle empty string 2018-01-16 13:45:12 +01:00
france_connect: fix for params entirely missing from the callback Fix a Sentry exception encountered in production. 2019-05-09 13:54:50 +02:00			`context 'when params are missing' do`
			`subject { get :callback }`

			`it { is_expected.to redirect_to(new_user_session_path) }`
			`end`

FC ParticulierControllerSpec: mutualize subject 2018-01-16 14:11:17 +01:00			`context 'when param code is missing' do`
FC ParticulierControllerSpec: callback handle empty string 2018-01-16 13:45:12 +01:00			`let(:code) { nil }`

			`it { is_expected.to redirect_to(new_user_session_path) }`
			`end`

			`context 'when param code is empty' do`
			`let(:code) { '' }`

			`it { is_expected.to redirect_to(new_user_session_path) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`

FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`context 'when code is correct' do`
			`before do`
			`allow(FranceConnectService).to receive(:retrieve_user_informations_particulier)`
			`.and_return(FranceConnectInformation.new(user_info))`
			`end`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`context 'when france_connect_particulier_id exists in database' do`
launch merge process if an unlinked DS account with the same email exists 2021-10-13 00:45:20 +02:00			`let!(:fci) { FranceConnectInformation.create!(user_info.merge(user_id: fc_user&.id)) }`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`context 'and is linked to an user' do`
			`let(:fc_user) { create(:user, email: 'associated_user@a.com') }`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`it { expect { subject }.not_to change { FranceConnectInformation.count } }`

			`it 'signs in with the fci associated user' do`
			`subject`
			`expect(controller.current_user).to eq(fc_user)`
			`expect(fc_user.reload.loged_in_with_france_connect).to eq(User.loged_in_with_france_connects.fetch(:particulier))`
			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`context 'and the user has a stored location' do`
			`let(:stored_location) { '/plip/plop' }`
			`before { controller.store_location_for(:user, stored_location) }`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`it { is_expected.to redirect_to(stored_location) }`
			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`

Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`context 'and is linked an instructeur' do`
			`let(:fc_user) { create(:instructeur, email: 'another_email@a.com').user }`
refactor as created fci must have an user_id 2021-04-26 16:27:28 +02:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`before { subject }`
refactor as created fci must have an user_id 2021-04-26 16:27:28 +02:00
Sign in with a user linked by france connect sub (openid) instead of looking linked user by email because : - follows FC recommendation to fetch ds account by openid - the email is not a valid key as many user can share the same FCI email. The following scenario is now working A user A (email: 1@mail.com) uses FC to connect to DS => It is connected as 1@mail.com Another user B (email: generic@mail.com) uses FC to connect => It is connected as generic@mail.com The first user A change its FC email to generic@mail.com and connect to DS => It is still connected as 1@mail.com 2021-10-11 11:39:14 +02:00			`it do`
			`expect(response).to redirect_to(new_user_session_path)`
			`expect(flash[:alert]).to be_present`
			`end`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`end`
launch merge process if an unlinked DS account with the same email exists 2021-10-13 00:45:20 +02:00
			`context 'and is not linked to an user' do`
			`let(:fc_user) { nil }`

			`context 'and no user with the same email exists' do`
			`it 'creates an user with the same email and log in' do`
			`expect { subject }.to change { User.count }.by(1)`

			`user = User.last`

			`expect(user.email).to eq(email.downcase)`
			`expect(controller.current_user).to eq(user)`
			`expect(response).to redirect_to(root_path)`
			`end`
			`end`

			`context 'and an user with the same email exists' do`
			`let!(:preexisting_user) { create(:user, email: email) }`

			`it 'redirects to the merge process' do`
			`expect { subject }.not_to change { User.count }`

			`expect(response).to redirect_to(france_connect_particulier_merge_path(fci.reload.merge_token))`
			`end`
			`end`
			`end`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`end`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`context 'when france_connect_particulier_id does not exist in database' do`
			`it { expect { subject }.to change { FranceConnectInformation.count }.by(1) }`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`describe 'FranceConnectInformation attributs' do`
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`let(:stored_fci) { FranceConnectInformation.last }`
- Add FranceConnectInformation table to make safe FranceConnect pivot identity. - Adapt source code with the new table 2016-01-21 17:06:09 +01:00
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`before { subject }`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00
Use time.zone functions instead of server time functions (Time.zone.today vs Date.today) 2019-11-25 14:39:42 +01:00			`it { expect(stored_fci).to have_attributes(user_info.merge(birthdate: Time.zone.parse(birthdate).to_datetime)) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`it { is_expected.to redirect_to(root_path) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`context 'when code is not correct' do`
			`before do`
			`allow(FranceConnectService).to receive(:retrieve_user_informations_particulier) { raise Rack::OAuth2::Client::Error.new(500, error: 'Unknown') }`
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`subject`
FC ParticulierControllerSpec: remove one context 2018-01-16 13:52:44 +01:00			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`it { expect(response).to redirect_to(new_user_session_path) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
FC ParticulierControllerSpec: simplify ... well you know 2018-01-16 15:16:51 +01:00			`it { expect(flash[:alert]).to be_present }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`
			`end`
securely retrieve fci 2021-10-13 09:23:14 +02:00
			`describe '#merge' do`
			`let(:fci) { FranceConnectInformation.create!(user_info) }`
			`let(:merge_token) { fci.create_merge_token! }`

			`subject { get :merge, params: { merge_token: merge_token } }`

			`context 'when the merge token is valid' do`
			`it { expect(subject).to have_http_status(:ok) }`
			`end`

			`context 'when the merge token is invalid' do`
			`before do`
			`merge_token`
			`fci.update(merge_token_created_at: 2.years.ago)`
			`end`

			`it do`
			`expect(subject).to redirect_to root_path`
			`expect(flash.alert).to eq('Votre compte FranceConnect a expiré, veuillez recommencer.')`
			`end`
			`end`

			`context 'when the merge token does not exist' do`
			`let(:merge_token) { 'i do not exist' }`

			`it do`
			`expect(subject).to redirect_to root_path`
			`expect(flash.alert).to eq('Votre compte FranceConnect a expiré, veuillez recommencer.')`
			`end`
			`end`
			`end`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`