demarches-normaliennes/spec/controllers/users/sessions_controller_spec.rb

describe Users::SessionsController, type: :controller do
  let(:email) { 'unique@plop.com' }
  let(:password) { 'un super mot de passe' }
  let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }
  let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }

  before do
    @request.env["devise.mapping"] = Devise.mappings[:user]
  end

  describe '#create' do
    context "when the user is also a gestionnaire and an administrateur" do
      let!(:administrateur) { create(:administrateur, email: email, password: password) }
      let(:gestionnaire) { administrateur.gestionnaire }
      let(:trusted_device) { true }
      let(:send_password) { password }

      before do
        Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)
        allow(controller).to receive(:trusted_device?).and_return(trusted_device)
        allow(GestionnaireMailer).to receive(:send_login_token).and_return(double(deliver_later: true))
      end

      subject do
        post :create, params: { user: { email: email, password: send_password } }
        user.reload
      end

      context 'when the device is not trusted' do
        let(:trusted_device) { false }

        it 'redirects to the root path' do
          subject

          expect(controller).to redirect_to(root_path)

          expect(controller.current_user).to eq(user)
          expect(controller.current_gestionnaire).to eq(gestionnaire)
          expect(controller.current_administrateur).to eq(administrateur)
          expect(user.loged_in_with_france_connect).to eq(nil)
        end
      end

      context 'when the device is trusted' do
        it 'signs in as user, gestionnaire and adminstrateur' do
          subject

          expect(response.redirect?).to be(true)
          expect(controller).not_to redirect_to link_sent_path(email: email)
          # TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path
          # expect(controller).to redirect_to gestionnaire_procedures_path

          expect(controller.current_user).to eq(user)
          expect(controller.current_gestionnaire).to eq(gestionnaire)
          expect(controller.current_administrateur).to eq(administrateur)
          expect(user.loged_in_with_france_connect).to be(nil)
        end
      end

      context 'when the credentials are wrong' do
        let(:send_password) { 'wrong_password' }

        it 'fails to sign in with bad credentials' do
          subject

          expect(response.unauthorized?).to be(true)
          expect(controller.current_user).to be(nil)
          expect(controller.current_gestionnaire).to be(nil)
          expect(controller.current_administrateur).to be(nil)
        end
      end
    end
  end

  describe '#destroy' do
    before do
      sign_in user
      delete :destroy
    end

    it 'user is sign out' do
      expect(subject.current_user).to be_nil
    end

    it 'loged_in_with_france_connect current_user attribut is nil' do
      user.reload
      expect(user.loged_in_with_france_connect.present?).to be_falsey
    end

    context 'when user is connect with france connect particulier' do
      let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }

      it 'redirect to france connect logout page' do
        expect(response).to redirect_to(FRANCE_CONNECT[:particulier][:logout_endpoint])
      end
    end

    context 'when user is not connect with france connect' do
      let(:loged_in_with_france_connect) { '' }

      it 'redirect to root page' do
        expect(response).to redirect_to(root_path)
      end
    end

    context "when associated gestionnaire" do
      let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
      let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }

      it 'signs user out' do
        sign_in user
        delete :destroy
        expect(@response.redirect?).to be(true)
        expect(subject.current_user).to be(nil)
      end

      it 'signs gestionnaire out' do
        sign_in gestionnaire
        delete :destroy
        expect(@response.redirect?).to be(true)
        expect(subject.current_gestionnaire).to be(nil)
      end

      it 'signs user + gestionnaire out' do
        sign_in user
        sign_in gestionnaire
        delete :destroy
        expect(@response.redirect?).to be(true)
        expect(subject.current_user).to be(nil)
        expect(subject.current_gestionnaire).to be(nil)
      end

      it 'signs user out from france connect' do
        user.update(loged_in_with_france_connect: User.loged_in_with_france_connects.fetch(:particulier))
        sign_in user
        delete :destroy
        expect(@response.headers["Location"]).to eq(FRANCE_CONNECT[:particulier][:logout_endpoint])
      end
    end

    context "when associated administrateur" do
      let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }

      it 'signs user + gestionnaire + administrateur out' do
        sign_in user
        sign_in administrateur.gestionnaire
        sign_in administrateur
        delete :destroy
        expect(@response.redirect?).to be(true)
        expect(subject.current_user).to be(nil)
        expect(subject.current_gestionnaire).to be(nil)
        expect(subject.current_administrateur).to be(nil)
      end
    end
  end

  describe '#new' do
    subject { get :new }

    it { expect(subject.status).to eq 200 }

    context 'when a procedure location has been stored' do
      let(:procedure) { create :procedure, :published }

      before do
        controller.store_location_for(:user, commencer_path(path: procedure.path))
      end

      it 'makes the saved procedure available' do
        expect(subject.status).to eq 200
        expect(assigns(:procedure)).to eq procedure
      end
    end
  end

  describe '#sign_in_by_link' do
    context 'when the gestionnaire has non other account' do
      let(:gestionnaire) { create(:gestionnaire) }
      let!(:good_jeton) { gestionnaire.create_trusted_device_token }
      let(:logged) { false }

      before do
        if logged
          sign_in gestionnaire
        end
        allow(controller).to receive(:trust_device)
        allow(controller).to receive(:send_login_token_or_bufferize)
        post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
      end

      context 'when the gestionnaire is not logged in' do
        context 'when the token is valid' do
          let(:jeton) { good_jeton }

          it { is_expected.to redirect_to new_user_session_path }
          it { expect(controller.current_gestionnaire).to be_nil }
          it { expect(controller).to have_received(:trust_device) }
        end

        context 'when the token is invalid' do
          let(:jeton) { 'invalid_token' }

          it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
          it { expect(controller.current_gestionnaire).to be_nil }
          it { expect(controller).not_to have_received(:trust_device) }
          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
        end
      end

      context 'when the gestionnaire is logged in' do
        let(:logged) { true }

        context 'when the token is valid' do
          let(:jeton) { good_jeton }

          # redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
          it { is_expected.to redirect_to root_path }
          it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
          it { expect(controller).to have_received(:trust_device) }
        end

        context 'when the token is invalid' do
          let(:jeton) { 'invalid_token' }

          it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
          it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
          it { expect(controller).not_to have_received(:trust_device) }
          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
        end
      end
    end
  end

  describe '#trust_device and #trusted_device?' do
    subject { controller.trusted_device? }

    context 'when the trusted cookie is not present' do
      it { is_expected.to be false }
    end

    context 'when the cookie is outdated' do
      before do
        emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
        controller.trust_device(emission_date)
      end

      it { is_expected.to be false }
    end

    context 'when the cookie is ok' do
      before { controller.trust_device(Time.zone.now) }

      it { is_expected.to be true }
    end
  end
end
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`describe Users::SessionsController, type: :controller do`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`let(:email) { 'unique@plop.com' }`
			`let(:password) { 'un super mot de passe' }`
Use enum to the fullest with User.loged_in_with_france_connects 2018-08-28 11:41:37 +02:00			`let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }`
add france connect logout process 2015-10-07 16:38:29 +02:00
			`before do`
			`@request.env["devise.mapping"] = Devise.mappings[:user]`
			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#create' do`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`context "when the user is also a gestionnaire and an administrateur" do`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`let!(:administrateur) { create(:administrateur, email: email, password: password) }`
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00			`let(:gestionnaire) { administrateur.gestionnaire }`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`let(:trusted_device) { true }`
			`let(:send_password) { password }`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`before do`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`allow(controller).to receive(:trusted_device?).and_return(trusted_device)`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`allow(GestionnaireMailer).to receive(:send_login_token).and_return(double(deliver_later: true))`
			`end`

			`subject do`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`post :create, params: { user: { email: email, password: send_password } }`
			`user.reload`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`context 'when the device is not trusted' do`
			`let(:trusted_device) { false }`
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it 'redirects to the root path' do`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`subject`

split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`expect(controller).to redirect_to(root_path)`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`expect(controller.current_user).to eq(user)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`expect(controller.current_gestionnaire).to eq(gestionnaire)`
			`expect(controller.current_administrateur).to eq(administrateur)`
			`expect(user.loged_in_with_france_connect).to eq(nil)`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`end`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`context 'when the device is trusted' do`
			`it 'signs in as user, gestionnaire and adminstrateur' do`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`subject`

			`expect(response.redirect?).to be(true)`
			`expect(controller).not_to redirect_to link_sent_path(email: email)`
[#2999] Rediriger vers la bonne page apres login (ne corrige pas le cas ou l'utilisateur est passe par le mail de confirmation) 2018-11-16 15:07:04 +01:00			`# TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`# expect(controller).to redirect_to gestionnaire_procedures_path`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`expect(controller.current_user).to eq(user)`
			`expect(controller.current_gestionnaire).to eq(gestionnaire)`
			`expect(controller.current_administrateur).to eq(administrateur)`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`expect(user.loged_in_with_france_connect).to be(nil)`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`end`
			`end`

SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`context 'when the credentials are wrong' do`
			`let(:send_password) { 'wrong_password' }`

			`it 'fails to sign in with bad credentials' do`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00			`subject`

			`expect(response.unauthorized?).to be(true)`
			`expect(controller.current_user).to be(nil)`
			`expect(controller.current_gestionnaire).to be(nil)`
			`expect(controller.current_administrateur).to be(nil)`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`
			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#destroy' do`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`before do`
add france connect logout process 2015-10-07 16:38:29 +02:00			`sign_in user`
			`delete :destroy`
			`end`

			`it 'user is sign out' do`
			`expect(subject.current_user).to be_nil`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`

Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`it 'loged_in_with_france_connect current_user attribut is nil' do`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`user.reload`
Remove dead code 2018-12-18 22:48:56 +01:00			`expect(user.loged_in_with_france_connect.present?).to be_falsey`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00
Delete FC Enterprise tests 2016-02-11 16:12:59 +01:00			`context 'when user is connect with france connect particulier' do`
Use enum to the fullest with User.loged_in_with_france_connects 2018-08-28 11:41:37 +02:00			`let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
			`it 'redirect to france connect logout page' do`
FC initializers: remove Hashie 2018-01-11 14:04:24 +01:00			`expect(response).to redirect_to(FRANCE_CONNECT[:particulier][:logout_endpoint])`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`
			`end`

add france connect logout process 2015-10-07 16:38:29 +02:00			`context 'when user is not connect with france connect' do`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`let(:loged_in_with_france_connect) { '' }`
sign_out all devises connect before sign_in an other 2015-12-09 15:10:11 +01:00
add france connect logout process 2015-10-07 16:38:29 +02:00			`it 'redirect to root page' do`
			`expect(response).to redirect_to(root_path)`
			`end`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
			`context "when associated gestionnaire" do`
			`let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }`
			`let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }`

			`it 'signs user out' do`
			`sign_in user`
			`delete :destroy`
			`expect(@response.redirect?).to be(true)`
			`expect(subject.current_user).to be(nil)`
			`end`

			`it 'signs gestionnaire out' do`
			`sign_in gestionnaire`
			`delete :destroy`
			`expect(@response.redirect?).to be(true)`
			`expect(subject.current_gestionnaire).to be(nil)`
			`end`

			`it 'signs user + gestionnaire out' do`
			`sign_in user`
			`sign_in gestionnaire`
			`delete :destroy`
			`expect(@response.redirect?).to be(true)`
			`expect(subject.current_user).to be(nil)`
			`expect(subject.current_gestionnaire).to be(nil)`
			`end`

			`it 'signs user out from france connect' do`
Use enum to the fullest with User.loged_in_with_france_connects 2018-08-28 11:41:37 +02:00			`user.update(loged_in_with_france_connect: User.loged_in_with_france_connects.fetch(:particulier))`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`sign_in user`
			`delete :destroy`
FC initializers: remove Hashie 2018-01-11 14:04:24 +01:00			`expect(@response.headers["Location"]).to eq(FRANCE_CONNECT[:particulier][:logout_endpoint])`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00			`end`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00			`context "when associated administrateur" do`
			`let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00
Spec Factory: an administrateur always has a gestionnaire 2019-01-07 15:11:55 +01:00			`it 'signs user + gestionnaire + administrateur out' do`
			`sign_in user`
			`sign_in administrateur.gestionnaire`
			`sign_in administrateur`
			`delete :destroy`
			`expect(@response.redirect?).to be(true)`
			`expect(subject.current_user).to be(nil)`
			`expect(subject.current_gestionnaire).to be(nil)`
			`expect(subject.current_administrateur).to be(nil)`
Can connect admin with user session path 2016-12-07 17:03:36 +01:00			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#new' do`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`subject { get :new }`

sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`it { expect(subject.status).to eq 200 }`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00
sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`context 'when a procedure location has been stored' do`
			`let(:procedure) { create :procedure, :published }`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00
sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`before do`
commencer: redirect to the procedure page after sign-in and sign-up 2019-01-16 16:16:15 +01:00			`controller.store_location_for(:user, commencer_path(path: procedure.path))`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00			`end`

sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`it 'makes the saved procedure available' do`
			`expect(subject.status).to eq 200`
			`expect(assigns(:procedure)).to eq procedure`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`end`
			`end`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
			`describe '#sign_in_by_link' do`
			`context 'when the gestionnaire has non other account' do`
			`let(:gestionnaire) { create(:gestionnaire) }`
Gestionnaire: login_token! -> create_trusted_device_token 2019-02-18 17:05:30 +01:00			`let!(:good_jeton) { gestionnaire.create_trusted_device_token }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`let(:logged) { false }`
login_token: add missing tests 2019-01-03 16:00:58 +01:00
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`before do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`if logged`
			`sign_in gestionnaire`
			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`allow(controller).to receive(:trust_device)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`allow(controller).to receive(:send_login_token_or_bufferize)`
Fix a gestionnaire sign in bug 2018-12-26 17:35:28 +01:00			`post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`

split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the gestionnaire is not logged in' do`
			`context 'when the token is valid' do`
			`let(:jeton) { good_jeton }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { is_expected.to redirect_to new_user_session_path }`
			`it { expect(controller.current_gestionnaire).to be_nil }`
			`it { expect(controller).to have_received(:trust_device) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is invalid' do`
			`let(:jeton) { 'invalid_token' }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }`
			`it { expect(controller.current_gestionnaire).to be_nil }`
			`it { expect(controller).not_to have_received(:trust_device) }`
			`it { expect(controller).to have_received(:send_login_token_or_bufferize) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`

split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the gestionnaire is logged in' do`
			`let(:logged) { true }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is valid' do`
			`let(:jeton) { good_jeton }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)`
			`it { is_expected.to redirect_to root_path }`
			`it { expect(controller.current_gestionnaire).to eq(gestionnaire) }`
			`it { expect(controller).to have_received(:trust_device) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is invalid' do`
			`let(:jeton) { 'invalid_token' }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }`
			`it { expect(controller.current_gestionnaire).to eq(gestionnaire) }`
			`it { expect(controller).not_to have_received(:trust_device) }`
			`it { expect(controller).to have_received(:send_login_token_or_bufferize) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`
			`end`
			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
			`describe '#trust_device and #trusted_device?' do`
			`subject { controller.trusted_device? }`

			`context 'when the trusted cookie is not present' do`
			`it { is_expected.to be false }`
			`end`

			`context 'when the cookie is outdated' do`
			`before do`
valid period depend on trusted_device_token.created_at 2019-02-04 11:57:50 +01:00			`emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute`
			`controller.trust_device(emission_date)`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`end`

			`it { is_expected.to be false }`
			`end`

			`context 'when the cookie is ok' do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`before { controller.trust_device(Time.zone.now) }`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
			`it { is_expected.to be true }`
			`end`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`