demarches-normaliennes/spec/controllers/users/sessions_controller_spec.rb

227 lines
7.6 KiB
Ruby
Raw Normal View History

describe Users::SessionsController, type: :controller do
let(:email) { 'unique@plop.com' }
let(:password) { 'démarches-simplifiées-pwd' }
let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }
let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }
2015-10-07 16:38:29 +02:00
before do
@request.env["devise.mapping"] = Devise.mappings[:user]
end
describe '#create' do
context "when the user is also a instructeur and an administrateur" do
2019-03-06 15:21:10 +01:00
let!(:administrateur) { create(:administrateur, email: email, password: password) }
let(:instructeur) { administrateur.instructeur }
2019-08-07 11:15:16 +02:00
let(:user) { instructeur.user }
let(:trusted_device) { true }
let(:send_password) { password }
before do
allow(controller).to receive(:trusted_device?).and_return(trusted_device)
allow(InstructeurMailer).to receive(:send_login_token).and_return(double(deliver_later: true))
end
subject do
post :create, params: { user: { email: email, password: send_password } }
user.reload
end
context 'when the device is not trusted' do
before do
Flipflop::FeatureSet.current.test!.switch!(:bypass_email_login_token, false)
end
let(:trusted_device) { false }
2019-08-08 15:36:22 +02:00
it 'redirects to the send_linked_path' do
subject
2019-08-08 15:36:22 +02:00
expect(controller).to redirect_to(link_sent_path(email: user.email))
expect(controller.current_user).to eq(user)
expect(controller.current_instructeur).to eq(instructeur)
2019-08-08 15:36:22 +02:00
# WTF?
# expect(controller.current_administrateur).to eq(administrateur)
2019-02-01 17:17:10 +01:00
expect(user.loged_in_with_france_connect).to eq(nil)
2018-10-30 18:24:29 +01:00
end
end
2018-10-30 18:24:29 +01:00
context 'when the device is trusted' do
it 'signs in as user, instructeur and adminstrateur' do
subject
expect(response.redirect?).to be(true)
expect(controller).not_to redirect_to link_sent_path(email: email)
# TODO when signing in as non-administrateur, and not starting a demarche, log in to instructeur path
# expect(controller).to redirect_to instructeur_procedures_path
expect(controller.current_user).to eq(user)
expect(controller.current_instructeur).to eq(instructeur)
expect(controller.current_administrateur).to eq(administrateur)
expect(user.loged_in_with_france_connect).to be(nil)
2018-10-30 18:24:29 +01:00
end
end
context 'when the credentials are wrong' do
let(:send_password) { 'wrong_password' }
it 'fails to sign in with bad credentials' do
subject
expect(response.unauthorized?).to be(true)
expect(controller.current_user).to be(nil)
expect(controller.current_instructeur).to be(nil)
expect(controller.current_administrateur).to be(nil)
end
end
end
2015-10-07 16:38:29 +02:00
end
describe '#destroy' do
2019-08-07 11:15:16 +02:00
let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }
before do
2015-10-07 16:38:29 +02:00
sign_in user
delete :destroy
end
it 'user is sign out' do
expect(subject.current_user).to be_nil
end
it 'loged_in_with_france_connect current_user attribut is nil' do
user.reload
2018-12-18 22:48:56 +01:00
expect(user.loged_in_with_france_connect.present?).to be_falsey
end
2015-10-07 16:38:29 +02:00
2016-02-11 16:12:59 +01:00
context 'when user is connect with france connect particulier' do
let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }
it 'redirect to france connect logout page' do
2018-01-11 14:04:24 +01:00
expect(response).to redirect_to(FRANCE_CONNECT[:particulier][:logout_endpoint])
end
end
2015-10-07 16:38:29 +02:00
context 'when user is not connect with france connect' do
let(:loged_in_with_france_connect) { '' }
2015-10-07 16:38:29 +02:00
it 'redirect to root page' do
expect(response).to redirect_to(root_path)
end
end
context "when associated administrateur" do
2019-08-08 16:55:51 +02:00
let(:administrateur) { create(:administrateur, user: user) }
it 'signs user + instructeur + administrateur out' do
sign_in user
2019-08-09 10:46:39 +02:00
sign_in(administrateur.user)
delete :destroy
expect(@response.redirect?).to be(true)
expect(subject.current_user).to be(nil)
expect(subject.current_instructeur).to be(nil)
expect(subject.current_administrateur).to be(nil)
end
end
end
describe '#new' do
subject { get :new }
it { expect(subject.status).to eq 200 }
context 'when a procedure location has been stored' do
let(:procedure) { create :procedure, :published }
before do
controller.store_location_for(:user, commencer_path(path: procedure.path))
end
it 'makes the saved procedure available' do
expect(subject.status).to eq 200
expect(assigns(:procedure)).to eq procedure
end
end
end
describe '#sign_in_by_link' do
context 'when the instructeur has non other account' do
let(:instructeur) { create(:instructeur) }
let!(:good_jeton) { instructeur.create_trusted_device_token }
2019-02-01 17:17:10 +01:00
let(:logged) { false }
2019-01-03 16:00:58 +01:00
before do
2019-02-01 17:17:10 +01:00
if logged
2019-08-07 11:15:16 +02:00
sign_in(instructeur.user)
2019-02-01 17:17:10 +01:00
end
2018-10-30 18:24:29 +01:00
allow(controller).to receive(:trust_device)
2019-02-01 17:17:10 +01:00
allow(controller).to receive(:send_login_token_or_bufferize)
post :sign_in_by_link, params: { id: instructeur.id, jeton: jeton }
end
context 'when the instructeur is not logged in' do
2019-02-01 17:17:10 +01:00
context 'when the token is valid' do
let(:jeton) { good_jeton }
2019-02-01 17:17:10 +01:00
it { is_expected.to redirect_to new_user_session_path }
it { expect(controller.current_instructeur).to be_nil }
2019-02-01 17:17:10 +01:00
it { expect(controller).to have_received(:trust_device) }
end
2019-02-01 17:17:10 +01:00
context 'when the token is invalid' do
let(:jeton) { 'invalid_token' }
it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }
it { expect(controller.current_instructeur).to be_nil }
2019-02-01 17:17:10 +01:00
it { expect(controller).not_to have_received(:trust_device) }
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
end
end
context 'when the instructeur is logged in' do
2019-02-01 17:17:10 +01:00
let(:logged) { true }
2019-02-01 17:17:10 +01:00
context 'when the token is valid' do
let(:jeton) { good_jeton }
# redirect to root_path, then redirect to instructeur_procedures_path (see root_controller)
2019-02-01 17:17:10 +01:00
it { is_expected.to redirect_to root_path }
it { expect(controller.current_instructeur).to eq(instructeur) }
2019-02-01 17:17:10 +01:00
it { expect(controller).to have_received(:trust_device) }
end
2019-02-01 17:17:10 +01:00
context 'when the token is invalid' do
let(:jeton) { 'invalid_token' }
it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }
it { expect(controller.current_instructeur).to eq(instructeur) }
2019-02-01 17:17:10 +01:00
it { expect(controller).not_to have_received(:trust_device) }
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
end
end
end
end
2018-10-30 18:24:29 +01:00
describe '#trust_device and #trusted_device?' do
subject { controller.trusted_device? }
context 'when the trusted cookie is not present' do
it { is_expected.to be false }
end
context 'when the cookie is outdated' do
before do
emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
controller.trust_device(emission_date)
2018-10-30 18:24:29 +01:00
end
it { is_expected.to be false }
end
context 'when the cookie is ok' do
2019-02-01 17:17:10 +01:00
before { controller.trust_device(Time.zone.now) }
2018-10-30 18:24:29 +01:00
it { is_expected.to be true }
end
end
end