demarches-normaliennes/app/models/administrateur.rb

class Administrateur < ApplicationRecord
  include CredentialsSyncableConcern
  include EmailSanitizableConcern
  include ActiveRecord::SecureToken

  devise :database_authenticatable, :registerable, :async,
    :recoverable, :rememberable, :trackable, :validatable

  has_and_belongs_to_many :gestionnaires
  has_many :procedures
  has_many :administrateurs_procedures
  has_many :admin_procedures, through: :administrateurs_procedures, source: :procedure
  has_many :services
  has_many :dossiers, -> { state_not_brouillon }, through: :procedures

  before_validation -> { sanitize_email(:email) }

  scope :inactive, -> { where(active: false) }

  validate :password_complexity, if: Proc.new { |a| Devise.password_length.include?(a.password.try(:size)) }

  def password_complexity
    if password.present?
      score = Zxcvbn.test(password, [], ZXCVBN_DICTIONNARIES).score
      if score < 4
        errors.add(:password, :not_strength)
      end
    end
  end

  def self.find_inactive_by_token(reset_password_token)
    self.inactive.with_reset_password_token(reset_password_token)
  end

  def self.find_inactive_by_id(id)
    self.inactive.find(id)
  end

  def renew_api_token
    api_token = Administrateur.generate_unique_secure_token
    encrypted_token = BCrypt::Password.create(api_token)
    update(encrypted_token: encrypted_token)
    api_token
  end

  def valid_api_token?(api_token)
    BCrypt::Password.new(encrypted_token) == api_token
  rescue BCrypt::Errors::InvalidHash
    false
  end

  def registration_state
    if active?
      'Actif'
    elsif reset_password_period_valid?
      'En attente'
    else
      'Expiré'
    end
  end

  def invite!(administration_id)
    if active?
      raise "Impossible d'inviter un utilisateur déjà actif !"
    end

    reset_password_token = set_reset_password_token

    AdministrationMailer.invite_admin(self, reset_password_token, administration_id).deliver_later

    reset_password_token
  end

  def remind_invitation!
    if active?
      raise "Impossible d'envoyer un rappel d'invitation à un utilisateur déjà actif !"
    end

    reset_password_token = set_reset_password_token

    AdministrateurMailer.activate_before_expiration(self, reset_password_token).deliver_later
  end

  def invitation_expired?
    !active && !reset_password_period_valid?
  end

  def self.reset_password(reset_password_token, password)
    administrateur = self.reset_password_by_token({
      password: password,
      password_confirmation: password,
      reset_password_token: reset_password_token
    })

    if administrateur && administrateur.errors.empty?
      administrateur.update_column(:active, true)
    end

    administrateur
  end

  def feature_enabled?(feature)
    Flipflop.feature_set.feature(feature)
    features[feature.to_s]
  end

  def disable_feature(feature)
    Flipflop.feature_set.feature(feature)
    features.delete(feature.to_s)
    save
  end

  def enable_feature(feature)
    Flipflop.feature_set.feature(feature)
    features[feature.to_s] = true
    save
  end

  def owns?(procedure)
    id == procedure.administrateur_id
  end
end
Enable some Rails cops 2018-03-06 13:44:29 +01:00			`class Administrateur < ApplicationRecord`
[Fix #1479] Sanitize Administrateur email before validation 2018-02-28 14:30:59 +01:00			`include CredentialsSyncableConcern`
			`include EmailSanitizableConcern`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`include ActiveRecord::SecureToken`
[Fix #1479] Sanitize Administrateur email before validation 2018-02-28 14:30:59 +01:00
[Fix #1972] Make devise mails async 2018-05-26 00:06:40 +02:00			`devise :database_authenticatable, :registerable, :async,`
Enable the Layout/AlignParameters cop 2017-06-12 13:49:51 +02:00			`:recoverable, :rememberable, :trackable, :validatable`
Create relation between Administrateur, Gestionnaire and Procedure 2015-11-10 10:23:15 +01:00
Migrate Admin / Gestionnaire / Procédure gestion in database 2016-05-20 15:39:17 +02:00			`has_and_belongs_to_many :gestionnaires`
Create relation between Administrateur, Gestionnaire and Procedure 2015-11-10 10:23:15 +01:00			`has_many :procedures`
[Ref #1626] Add the administrateurs_procedures table and associations 2018-03-23 11:39:36 +01:00			`has_many :administrateurs_procedures`
			`has_many :admin_procedures, through: :administrateurs_procedures, source: :procedure`
Service: create model 2018-04-17 16:11:49 +02:00			`has_many :services`
Allow administrateur to try dossier info on aperçu page 2018-09-07 18:17:51 +02:00			`has_many :dossiers, -> { state_not_brouillon }, through: :procedures`
add api_token for admin 2015-12-14 17:28:36 +01:00
[Fix #1479] Sanitize Administrateur email before validation 2018-02-28 14:30:59 +01:00			`before_validation -> { sanitize_email(:email) }`
Sync password after login 2017-02-07 16:56:21 +01:00
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`scope :inactive, -> { where(active: false) }`

[Fix #1285] Password strength is ensured when saving an administrateur 2018-01-25 10:50:06 +01:00			`validate :password_complexity, if: Proc.new { \|a\| Devise.password_length.include?(a.password.try(:size)) }`

			`def password_complexity`
			`if password.present?`
			`score = Zxcvbn.test(password, [], ZXCVBN_DICTIONNARIES).score`
			`if score < 4`
			`errors.add(:password, :not_strength)`
			`end`
			`end`
			`end`

Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`def self.find_inactive_by_token(reset_password_token)`
			`self.inactive.with_reset_password_token(reset_password_token)`
			`end`

			`def self.find_inactive_by_id(id)`
			`self.inactive.find(id)`
			`end`

add api_token for admin 2015-12-14 17:28:36 +01:00			`def renew_api_token`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`api_token = Administrateur.generate_unique_secure_token`
			`encrypted_token = BCrypt::Password.create(api_token)`
Administrateur: do not save api_token in clear text anymore 2018-09-26 17:22:36 +02:00			`update(encrypted_token: encrypted_token)`
Api Token: store token in an encrypted form 2018-08-24 16:45:43 +02:00			`api_token`
add api_token for admin 2015-12-14 17:28:36 +01:00			`end`

ApiController: check token validity for a given admin 2018-09-26 15:39:45 +02:00			`def valid_api_token?(api_token)`
			`BCrypt::Password.new(encrypted_token) == api_token`
			`rescue BCrypt::Errors::InvalidHash`
			`false`
			`end`

Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`def registration_state`
			`if active?`
			`'Actif'`
			`elsif reset_password_period_valid?`
			`'En attente'`
			`else`
			`'Expiré'`
			`end`
			`end`

[Fix #1735] Sign the admin account creation email 2018-05-31 18:07:19 +02:00			`def invite!(administration_id)`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`if active?`
			`raise "Impossible d'inviter un utilisateur déjà actif !"`
			`end`
Enable the Layout/TrailingWhitespace cop 2018-01-15 22:13:52 +01:00
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`reset_password_token = set_reset_password_token`
Enable the Layout/TrailingWhitespace cop 2018-01-15 22:13:52 +01:00
[Fix #1735] Sign the admin account creation email 2018-05-31 18:07:19 +02:00			`AdministrationMailer.invite_admin(self, reset_password_token, administration_id).deliver_later`
Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00
			`reset_password_token`
			`end`

[Fix #1907] A new token should be regenerated, because the one in db is encrypted 2018-05-03 18:30:40 +02:00			`def remind_invitation!`
			`if active?`
			`raise "Impossible d'envoyer un rappel d'invitation à un utilisateur déjà actif !"`
			`end`

			`reset_password_token = set_reset_password_token`

			`AdministrateurMailer.activate_before_expiration(self, reset_password_token).deliver_later`
			`end`

Add invitation related methods to administrateur model 2018-01-11 14:17:50 +01:00			`def invitation_expired?`
			`!active && !reset_password_period_valid?`
			`end`

			`def self.reset_password(reset_password_token, password)`
			`administrateur = self.reset_password_by_token({`
			`password: password,`
			`password_confirmation: password,`
			`reset_password_token: reset_password_token`
			`})`

			`if administrateur && administrateur.errors.empty?`
			`administrateur.update_column(:active, true)`
			`end`

			`administrateur`
			`end`

Add administrateur#feature_enabled? method 2018-03-27 15:43:59 +02:00			`def feature_enabled?(feature)`
Add flipflop config 2018-04-18 12:16:25 +02:00			`Flipflop.feature_set.feature(feature)`
			`features[feature.to_s]`
			`end`

			`def disable_feature(feature)`
			`Flipflop.feature_set.feature(feature)`
			`features.delete(feature.to_s)`
			`save`
			`end`

			`def enable_feature(feature)`
			`Flipflop.feature_set.feature(feature)`
			`features[feature.to_s] = true`
			`save`
Add administrateur#feature_enabled? method 2018-03-27 15:43:59 +02:00			`end`

procedure AASM callbacks 2018-05-17 15:39:37 +02:00			`def owns?(procedure)`
			`id == procedure.administrateur_id`
			`end`
Add Administrateurs role and his connexion is ok. 2015-10-23 16:19:55 +02:00			`end`