demarches-normaliennes/spec/controllers/manager/confirmation_urls_controller_spec.rb

describe Manager::ConfirmationUrlsController, type: :controller do
  let(:inviter_super_admin) { create(:super_admin) }
  let(:inviter_administrateur) { create(:administrateur, email: inviter_super_admin.email) }

  let(:invited_super_admin) { create(:super_admin) }
  let(:invited_administrateur) { create(:administrateur, email: invited_super_admin.email) }

  let(:procedure) { create(:procedure, administrateurs: [inviter_administrateur]) }

  before { sign_in inviter_super_admin }

  describe "#add_administrateur_with_confirmation" do
    render_views

    let(:params) do
      {
        procedure_id: procedure.id,
        email: invited_administrateur.email
      }
    end

    before { get :new, params: params }

    it { expect(response).to render_template(:new) }

    it { expect(response.body).to match(/Veuillez partager ce lien/) }

    it "shows the confirmation url with encrypted parameters" do
      expect(response.body).to include(
        new_manager_procedure_administrateur_confirmation_url(
          procedure,
          q: encrypt({ email: invited_administrateur.email, inviter_id: inviter_super_admin.id })
        )
      )
    end

    describe 'edge cases' do
      context 'when the administrateur does not exist' do
        let(:params) do
          {
            procedure_id: procedure.id,
            email: "wrong@email.com"
          }
        end

        it { expect(flash[:alert]).to match(/Cet administrateur n'existe pas/) }

        it { expect(response).to redirect_to(manager_procedure_path(procedure)) }
      end

      context 'when the administrateur has already been added to the procedure' do
        let(:params) do
          {
            procedure_id: procedure.id,
            email: inviter_super_admin.email
          }
        end

        it { expect(flash[:alert]).to match(/Cet administrateur a déjà été ajouté/) }

        it { expect(response).to redirect_to(manager_procedure_path(procedure)) }
      end
    end
  end

  private

  def encrypt(parameters)
    key = Rails.application.key_generator.generate_key("confirm_adding_administrateur")
    verifier = ActiveSupport::MessageVerifier.new(key)
    Base64.urlsafe_encode64(verifier.generate(parameters))
  end
end
build and render secured URL to invite admin For clarity and a better understanding, use a dedicated controller to build and render the confirmation URL to share in order to add a new administrateur. 2022-09-09 11:45:14 +02:00			`describe Manager::ConfirmationUrlsController, type: :controller do`
			`let(:inviter_super_admin) { create(:super_admin) }`
			`let(:inviter_administrateur) { create(:administrateur, email: inviter_super_admin.email) }`

			`let(:invited_super_admin) { create(:super_admin) }`
			`let(:invited_administrateur) { create(:administrateur, email: invited_super_admin.email) }`

			`let(:procedure) { create(:procedure, administrateurs: [inviter_administrateur]) }`

			`before { sign_in inviter_super_admin }`

			`describe "#add_administrateur_with_confirmation" do`
			`render_views`

			`let(:params) do`
			`{`
			`procedure_id: procedure.id,`
			`email: invited_administrateur.email`
			`}`
			`end`

			`before { get :new, params: params }`

			`it { expect(response).to render_template(:new) }`

			`it { expect(response.body).to match(/Veuillez partager ce lien/) }`

			`it "shows the confirmation url with encrypted parameters" do`
			`expect(response.body).to include(`
confirm adding a new admin to a procedure For clarity and a better understanding, use a dedicated controller to allow the current admin to confirm adding an administrateur to a procedure. 2022-09-09 14:48:40 +02:00			`new_manager_procedure_administrateur_confirmation_url(`
build and render secured URL to invite admin For clarity and a better understanding, use a dedicated controller to build and render the confirmation URL to share in order to add a new administrateur. 2022-09-09 11:45:14 +02:00			`procedure,`
			`q: encrypt({ email: invited_administrateur.email, inviter_id: inviter_super_admin.id })`
			`)`
			`)`
			`end`

			`describe 'edge cases' do`
			`context 'when the administrateur does not exist' do`
			`let(:params) do`
			`{`
			`procedure_id: procedure.id,`
			`email: "wrong@email.com"`
			`}`
			`end`

			`it { expect(flash[:alert]).to match(/Cet administrateur n'existe pas/) }`

			`it { expect(response).to redirect_to(manager_procedure_path(procedure)) }`
			`end`

			`context 'when the administrateur has already been added to the procedure' do`
			`let(:params) do`
			`{`
			`procedure_id: procedure.id,`
			`email: inviter_super_admin.email`
			`}`
			`end`

			`it { expect(flash[:alert]).to match(/Cet administrateur a déjà été ajouté/) }`

			`it { expect(response).to redirect_to(manager_procedure_path(procedure)) }`
			`end`
			`end`
			`end`

			`private`

			`def encrypt(parameters)`
review: use salt to generate key 2022-09-13 07:47:30 +02:00			`key = Rails.application.key_generator.generate_key("confirm_adding_administrateur")`
build and render secured URL to invite admin For clarity and a better understanding, use a dedicated controller to build and render the confirmation URL to share in order to add a new administrateur. 2022-09-09 11:45:14 +02:00			`verifier = ActiveSupport::MessageVerifier.new(key)`
			`Base64.urlsafe_encode64(verifier.generate(parameters))`
			`end`
			`end`