demarches-normaliennes/spec/controllers/application_controller_spec.rb

describe ApplicationController, type: :controller do
  describe 'before_action: set_sentry_user' do
    it 'is present' do
      before_actions = ApplicationController
        ._process_action_callbacks
        .filter { |process_action_callbacks| process_action_callbacks.kind == :before }
        .map(&:filter)

      expect(before_actions).to include(:set_sentry_user)
      expect(before_actions).to include(:redirect_if_untrusted)
    end
  end

  describe 'set_sentry_user and append_info_to_payload' do
    let(:current_user) { nil }
    let(:current_instructeur) { nil }
    let(:current_administrateur) { nil }
    let(:current_super_admin) { nil }
    let(:payload) { {} }

    before do
      allow(@controller).to receive(:media_type).and_return('text/plain')
      allow(@controller).to receive(:current_user).and_return(current_user)
      expect(@controller).to receive(:current_instructeur).and_return(current_instructeur)
      expect(@controller).to receive(:current_administrateur).at_least(:once).and_return(current_administrateur)
      expect(@controller).to receive(:current_super_admin).and_return(current_super_admin)
      allow(Sentry).to receive(:set_user)

      @controller.send(:set_sentry_user)
      @controller.send(:append_info_to_payload, payload)
    end

    context 'when no one is logged in' do
      it do
        expect(Sentry).to have_received(:set_user)
          .with({ id: 'Guest' })
      end

      it do
        [:db_runtime, :view_runtime, :variant, :rendered_format].each do |key|
          payload.delete(key)
        end
        expect(payload[:to_log].compact).to eq({
          user_agent: 'Rails Testing',
          user_roles: 'Guest'
        })
      end
    end

    context 'when a user is logged in' do
      let(:current_user) { create(:user) }

      it do
        expect(Sentry).to have_received(:set_user)
          .with({ id: "User##{current_user.id}" })
      end

      it do
        [:db_runtime, :view_runtime, :variant, :rendered_format].each do |key|
          payload.delete(key)
        end
        expect(payload[:to_log].compact).to eq({
          user_agent: 'Rails Testing',
          user_id: current_user.id,
          user_roles: 'User'
        })
      end
    end

    context 'when someone is logged as a user, instructeur, administrateur and super_admin' do
      let(:current_user) { create(:user) }
      let(:current_instructeur) { create(:instructeur) }
      let(:current_administrateur) { create(:administrateur) }
      let(:current_super_admin) { create(:super_admin) }

      it do
        expect(Sentry).to have_received(:set_user)
          .with({ id: "User##{current_user.id}" })
      end

      it do
        [:db_runtime, :view_runtime, :variant, :rendered_format].each do |key|
          payload.delete(key)
        end
        expect(payload[:to_log].compact).to eq({
          user_agent: 'Rails Testing',
          user_id: current_user.id,
          user_roles: 'User, Instructeur, Administrateur, SuperAdmin'
        })
      end
    end
  end

  describe 'reject before action' do
    let(:path_info) { '/one_path' }

    before do
      allow(@controller).to receive(:redirect_to)
      allow(@controller).to receive(:sign_out)
      allow(@controller).to receive(:render)
      @request.path_info = path_info
    end

    context 'when no super_admin is logged in' do
      before { @controller.send(:reject) }

      it { expect(@controller).to have_received(:sign_out).with(:user) }
      it { expect(@controller).to have_received(:sign_out).with(:instructeur) }
      it { expect(@controller).to have_received(:sign_out).with(:administrateur) }
      it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
      it { expect(@controller).to have_received(:redirect_to).with(root_path) }

      context 'when the path is safe' do
        ['/', '/manager', '/super_admins'].each do |path|
          let(:path_info) { path }

          it { expect(@controller).not_to have_received(:sign_out) }
          it { expect(@controller).not_to have_received(:redirect_to) }
          it { expect(flash.alert).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
        end
      end

      context 'when the path is api related' do
        let(:path_info) { '/api/some-stuff' }
        let(:json_error) { { error: ApplicationController::MAINTENANCE_MESSAGE }.to_json }
        it { expect(@controller).not_to have_received(:sign_out) }
        it { expect(@controller).not_to have_received(:redirect_to) }
        it { expect(flash.alert).to be_nil }
        it { expect(@controller).to have_received(:render).with({ json: json_error, status: :service_unavailable }) }
      end
    end

    context 'when a super_admin is logged in' do
      let(:current_super_admin) { create(:super_admin) }

      before do
        sign_in(current_super_admin)
        @controller.send(:reject)
      end

      it { expect(@controller).not_to have_received(:sign_out) }
      it { expect(@controller).not_to have_received(:redirect_to) }
      it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
    end
  end

  describe '#redirect_if_unstrusted' do
    let(:current_instructeur) { create(:instructeur) }

    before do
      allow(@controller).to receive(:current_instructeur).and_return(current_instructeur)
      allow(@controller).to receive(:redirect_to)
      allow(@controller).to receive(:trusted_device?).and_return(trusted_device)
      allow(@controller).to receive(:instructeur_signed_in?).and_return(instructeur_signed_in)
      allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
      allow(@controller).to receive(:send_login_token_or_bufferize)
      allow(@controller).to receive(:get_stored_location_for).and_return(nil)
      allow(@controller).to receive(:store_location_for)
      allow(IPService).to receive(:ip_trusted?).and_return(ip_trusted)
    end

    subject { @controller.send(:redirect_if_untrusted) }

    context 'when the path is sensitive' do
      let(:sensitive_path) { true }

      before do
        current_instructeur.update!(bypass_email_login_token: false)
      end

      context 'when the instructeur is signed_in' do
        let(:instructeur_signed_in) { true }

        context 'when the ip is not trusted' do
          let(:ip_trusted) { false }

          context 'when the device is trusted' do
            let(:trusted_device) { true }

            before { subject }

            it { expect(@controller).not_to have_received(:redirect_to) }
          end

          context 'when the device is not trusted' do
            let(:trusted_device) { false }

            before { subject }

            it { expect(@controller).to have_received(:redirect_to) }
            it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
            it { expect(@controller).to have_received(:store_location_for) }
          end
        end

        context 'when the ip is trusted' do
          let(:ip_trusted) { true }

          context 'when the device is not trusted' do
            let(:trusted_device) { false }

            before { subject }

            it { expect(@controller).not_to have_received(:redirect_to) }
          end
        end
      end
    end
  end
end
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`describe ApplicationController, type: :controller do`
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`describe 'before_action: set_sentry_user' do`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`it 'is present' do`
			`before_actions = ApplicationController`
			`._process_action_callbacks`
Add Style/CollectionMethods to rubocop 2019-09-12 11:26:22 +02:00			`.filter { \|process_action_callbacks\| process_action_callbacks.kind == :before }`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`.map(&:filter)`

Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`expect(before_actions).to include(:set_sentry_user)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`expect(before_actions).to include(:redirect_if_untrusted)`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`
			`end`

Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`describe 'set_sentry_user and append_info_to_payload' do`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`let(:current_user) { nil }`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`let(:current_instructeur) { nil }`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`let(:current_administrateur) { nil }`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`let(:current_super_admin) { nil }`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`let(:payload) { {} }`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
			`before do`
spec: fix application_controller_spec Rails controllers now looks for `media_type` rather than `content_type`. 2020-06-29 17:54:15 +02:00			`allow(@controller).to receive(:media_type).and_return('text/plain')`
Cleanup application_controller and current_user 2019-09-17 11:01:20 +02:00			`allow(@controller).to receive(:current_user).and_return(current_user)`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`expect(@controller).to receive(:current_instructeur).and_return(current_instructeur)`
feat(graphql): new tokens should carry administrateur_id 2022-09-28 12:40:44 +02:00			`expect(@controller).to receive(:current_administrateur).at_least(:once).and_return(current_administrateur)`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`expect(@controller).to receive(:current_super_admin).and_return(current_super_admin)`
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`allow(Sentry).to receive(:set_user)`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`@controller.send(:set_sentry_user)`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`@controller.send(:append_info_to_payload, payload)`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`

			`context 'when no one is logged in' do`
			`it do`
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`expect(Sentry).to have_received(:set_user)`
Send browser support information and format user id 2019-04-04 14:21:18 +02:00			`.with({ id: 'Guest' })`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`it do`
			`[:db_runtime, :view_runtime, :variant, :rendered_format].each do \|key\|`
			`payload.delete(key)`
			`end`
refactor: add request_logs methods it avoids having to change lograge.rb for adding an entry 2023-11-08 12:19:03 +01:00			`expect(payload[:to_log].compact).to eq({`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`user_agent: 'Rails Testing',`
Make info extraction method more safe 2018-08-13 16:40:16 +02:00			`user_roles: 'Guest'`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`})`
			`end`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`

			`context 'when a user is logged in' do`
			`let(:current_user) { create(:user) }`

			`it do`
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`expect(Sentry).to have_received(:set_user)`
Send browser support information and format user id 2019-04-04 14:21:18 +02:00			`.with({ id: "User##{current_user.id}" })`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`end`

			`it do`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`[:db_runtime, :view_runtime, :variant, :rendered_format].each do \|key\|`
			`payload.delete(key)`
			`end`
refactor: add request_logs methods it avoids having to change lograge.rb for adding an entry 2023-11-08 12:19:03 +01:00			`expect(payload[:to_log].compact).to eq({`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`user_agent: 'Rails Testing',`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`user_id: current_user.id,`
Make info extraction method more safe 2018-08-13 16:40:16 +02:00			`user_roles: 'User'`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`})`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`
			`end`

refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`context 'when someone is logged as a user, instructeur, administrateur and super_admin' do`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`let(:current_user) { create(:user) }`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`let(:current_instructeur) { create(:instructeur) }`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`let(:current_administrateur) { create(:administrateur) }`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`let(:current_super_admin) { create(:super_admin) }`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00
			`it do`
Update Raven references to use Sentry 2021-01-28 14:49:22 +01:00			`expect(Sentry).to have_received(:set_user)`
Send browser support information and format user id 2019-04-04 14:21:18 +02:00			`.with({ id: "User##{current_user.id}" })`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`end`

			`it do`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`[:db_runtime, :view_runtime, :variant, :rendered_format].each do \|key\|`
			`payload.delete(key)`
			`end`
refactor: add request_logs methods it avoids having to change lograge.rb for adding an entry 2023-11-08 12:19:03 +01:00			`expect(payload[:to_log].compact).to eq({`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`user_agent: 'Rails Testing',`
Replace logstasher with lograge 2018-08-12 10:31:28 +02:00			`user_id: current_user.id,`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`user_roles: 'User, Instructeur, Administrateur, SuperAdmin'`
Add user info to LogStasher 2018-01-17 14:40:31 +01:00			`})`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`
			`end`
			`end`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00
			`describe 'reject before action' do`
			`let(:path_info) { '/one_path' }`

			`before do`
			`allow(@controller).to receive(:redirect_to)`
			`allow(@controller).to receive(:sign_out)`
			`allow(@controller).to receive(:render)`
			`@request.path_info = path_info`
			`end`

refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`context 'when no super_admin is logged in' do`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`before { @controller.send(:reject) }`

			`it { expect(@controller).to have_received(:sign_out).with(:user) }`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`it { expect(@controller).to have_received(:sign_out).with(:instructeur) }`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`it { expect(@controller).to have_received(:sign_out).with(:administrateur) }`
			`it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }`
			`it { expect(@controller).to have_received(:redirect_to).with(root_path) }`

			`context 'when the path is safe' do`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`['/', '/manager', '/super_admins'].each do \|path\|`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`let(:path_info) { path }`

			`it { expect(@controller).not_to have_received(:sign_out) }`
			`it { expect(@controller).not_to have_received(:redirect_to) }`
			`it { expect(flash.alert).to eq(ApplicationController::MAINTENANCE_MESSAGE) }`
			`end`
			`end`

			`context 'when the path is api related' do`
			`let(:path_info) { '/api/some-stuff' }`
			`let(:json_error) { { error: ApplicationController::MAINTENANCE_MESSAGE }.to_json }`
			`it { expect(@controller).not_to have_received(:sign_out) }`
			`it { expect(@controller).not_to have_received(:redirect_to) }`
			`it { expect(flash.alert).to be_nil }`
			`it { expect(@controller).to have_received(:render).with({ json: json_error, status: :service_unavailable }) }`
			`end`
			`end`

refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`context 'when a super_admin is logged in' do`
			`let(:current_super_admin) { create(:super_admin) }`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00
			`before do`
refacto: rename administration to super_admin 2020-11-05 15:09:11 +01:00			`sign_in(current_super_admin)`
[fix #1877] add maintenance mode 2018-04-26 10:52:41 +02:00			`@controller.send(:reject)`
			`end`

			`it { expect(@controller).not_to have_received(:sign_out) }`
			`it { expect(@controller).not_to have_received(:redirect_to) }`
			`it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }`
			`end`
			`end`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
			`describe '#redirect_if_unstrusted' do`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`let(:current_instructeur) { create(:instructeur) }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
			`before do`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`allow(@controller).to receive(:current_instructeur).and_return(current_instructeur)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`allow(@controller).to receive(:redirect_to)`
			`allow(@controller).to receive(:trusted_device?).and_return(trusted_device)`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`allow(@controller).to receive(:instructeur_signed_in?).and_return(instructeur_signed_in)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)`
			`allow(@controller).to receive(:send_login_token_or_bufferize)`
Revert "Revert "go to procedure after cliking link"" This reverts commit 952bae32fe6ba5d2729ebc7205a525d1f56c1d71. 2020-03-18 16:29:48 +01:00			`allow(@controller).to receive(:get_stored_location_for).and_return(nil)`
save path before redirect to link_sent_path 2019-02-06 20:51:04 +01:00			`allow(@controller).to receive(:store_location_for)`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00			`allow(IPService).to receive(:ip_trusted?).and_return(ip_trusted)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`end`

			`subject { @controller.send(:redirect_if_untrusted) }`

			`context 'when the path is sensitive' do`
			`let(:sensitive_path) { true }`

Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`before do`
app: use Instructeur.bypass_email_login_token 2021-11-25 15:37:40 +01:00			`current_instructeur.update!(bypass_email_login_token: false)`
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`end`

Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`context 'when the instructeur is signed_in' do`
			`let(:instructeur_signed_in) { true }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`context 'when the ip is not trusted' do`
			`let(:ip_trusted) { false }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`context 'when the device is trusted' do`
			`let(:trusted_device) { true }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`before { subject }`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`it { expect(@controller).not_to have_received(:redirect_to) }`
Enable flipflop for instructeurs 2019-03-06 15:21:10 +01:00			`end`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`context 'when the device is not trusted' do`
			`let(:trusted_device) { false }`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`before { subject }`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`it { expect(@controller).to have_received(:redirect_to) }`
			`it { expect(@controller).to have_received(:send_login_token_or_bufferize) }`
			`it { expect(@controller).to have_received(:store_location_for) }`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00			`end`
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`end`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`context 'when the ip is trusted' do`
			`let(:ip_trusted) { true }`
Use IPService to remove secure connexion from trusted networks 2019-04-03 14:27:28 +02:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`context 'when the device is not trusted' do`
			`let(:trusted_device) { false }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`before { subject }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00
Enable email_login_token for all gestionnaires 2019-07-31 15:04:49 +02:00			`it { expect(@controller).not_to have_received(:redirect_to) }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`end`
			`end`
			`end`
			`end`
			`end`
[FIX #433] Add Raven Metadata on the current user/gestionnaire/admin ... 2017-06-28 07:08:25 +02:00			`end`