demarches-normaliennes/spec/controllers/users/sessions_controller_spec.rb

describe Users::SessionsController, type: :controller do
  let(:email) { 'unique@plop.com' }
  let(:password) { 'démarches-simplifiées-pwd' }
  let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }
  let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }

  before do
    @request.env["devise.mapping"] = Devise.mappings[:user]
  end

  describe '#create' do
    let(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: 'particulier') }
    let(:send_password) { password }
    let(:remember_me) { '0' }

    subject do
      post :create, params: {
        user: {
          email: email,
          password: send_password,
          remember_me: remember_me
        }
      }
    end

    context 'when the credentials are right' do
      it 'signs in' do
        subject

        expect(response).to redirect_to(root_path)
        expect(controller.current_user).to eq(user)
        expect(user.reload.loged_in_with_france_connect).to be(nil)
        expect(user.reload.remember_created_at).to be_nil
      end

      context 'when remember_me is specified' do
        let(:remember_me) { '1' }

        it 'remembers' do
          subject

          expect(user.reload.remember_created_at).to be_present
        end
      end

      context 'when a previous path was registered' do
        let(:stored_path) { 'a_path' }

        before { controller.store_location_for(:user, stored_path) }

        it 'redirects to that previous path' do
          subject

          expect(response).to redirect_to(stored_path)
        end
      end

      context 'when the user is locked' do
        before { user.lock_access! }

        it 'redirects to new_path' do
          subject

          expect(response).to render_template(:new)
          expect(flash.alert).to eq(I18n.t('devise.failure.invalid'))
        end
      end
    end

    context 'when the credentials are wrong' do
      let(:send_password) { 'wrong_password' }

      it 'fails to sign in with bad credentials' do
        subject

        expect(response).to render_template(:new)
        expect(controller.current_user).to be(nil)
      end
    end
  end

  describe '#destroy' do
    let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }

    before do
      sign_in user
      delete :destroy
    end

    it 'user is sign out' do
      expect(subject.current_user).to be_nil
    end

    it 'loged_in_with_france_connect current_user attribut is nil' do
      user.reload
      expect(user.loged_in_with_france_connect.present?).to be_falsey
    end

    context 'when user is connect with france connect particulier' do
      let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }

      it 'redirect to france connect logout page' do
        expect(response).to redirect_to(FRANCE_CONNECT[:particulier][:logout_endpoint])
      end
    end

    context 'when user is not connect with france connect' do
      let(:loged_in_with_france_connect) { '' }

      it 'redirect to root page' do
        expect(response).to redirect_to(root_path)
      end
    end
  end

  describe '#new' do
    subject { get :new }

    it { expect(subject.status).to eq 200 }

    context 'when a procedure location has been stored' do
      let(:procedure) { create :procedure, :published }

      before do
        controller.store_location_for(:user, commencer_path(path: procedure.path))
      end

      it 'makes the saved procedure available' do
        expect(subject.status).to eq 200
        expect(assigns(:procedure)).to eq procedure
      end
    end
  end

  describe '#sign_in_by_link' do
    context 'when the instructeur has non other account' do
      let(:instructeur) { create(:instructeur) }
      let!(:good_jeton) { instructeur.create_trusted_device_token }
      let(:jeton) { good_jeton }
      let(:logged) { false }
      let(:valid_token) { true }

      before do
        if logged
          sign_in(instructeur.user)
        end
        allow(controller).to receive(:trust_device)
        allow(controller).to receive(:send_login_token_or_bufferize)
        allow_any_instance_of(TrustedDeviceToken).to receive(:token_valid?).and_return(valid_token)
        post :sign_in_by_link, params: { id: instructeur.id, jeton: jeton }
      end

      context 'when the instructeur is not logged in' do
        context 'when the token is valid' do
          it { is_expected.to redirect_to new_user_session_path }
          it { expect(controller.current_instructeur).to be_nil }
          it { expect(controller).to have_received(:trust_device) }
        end

        context 'when the token is invalid' do
          let(:valid_token) { false }

          it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }
          it { expect(controller.current_instructeur).to be_nil }
          it { expect(controller).not_to have_received(:trust_device) }
          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
        end

        context 'when the token does not exist' do
          let(:jeton) { 'I do not exist' }

          it { is_expected.to redirect_to root_path }
          it { expect(controller.current_instructeur).to be_nil }
          it { expect(controller).not_to have_received(:trust_device) }
          it { expect(controller).not_to have_received(:send_login_token_or_bufferize) }
          it { expect(flash.alert).to eq('Votre lien est invalide.') }
        end
      end

      context 'when the instructeur is logged in' do
        let(:logged) { true }

        context 'when the token is valid' do
          # redirect to root_path, then redirect to instructeur_procedures_path (see root_controller)
          it { is_expected.to redirect_to root_path }
          it { expect(controller.current_instructeur).to eq(instructeur) }
          it { expect(controller).to have_received(:trust_device) }
        end

        context 'when the token is invalid' do
          let(:valid_token) { false }

          it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }
          it { expect(controller.current_instructeur).to eq(instructeur) }
          it { expect(controller).not_to have_received(:trust_device) }
          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
        end
      end
    end
  end

  describe '#trust_device and #trusted_device?' do
    subject { controller.trusted_device? }

    context 'when the trusted cookie is not present' do
      it { is_expected.to be false }
    end

    context 'when the cookie is outdated' do
      before do
        emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
        controller.trust_device(emission_date)
      end

      it { is_expected.to be false }
    end

    context 'when the cookie is ok' do
      before { controller.trust_device(Time.zone.now) }

      it { is_expected.to be true }
    end
  end
end
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`describe Users::SessionsController, type: :controller do`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`let(:email) { 'unique@plop.com' }`
#3928 administrator new & edit pwd pages 2019-06-20 00:36:50 +02:00			`let(:password) { 'démarches-simplifiées-pwd' }`
Use enum to the fullest with User.loged_in_with_france_connects 2018-08-28 11:41:37 +02:00			`let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00			`let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }`
add france connect logout process 2015-10-07 16:38:29 +02:00
			`before do`
			`@request.env["devise.mapping"] = Devise.mappings[:user]`
			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#create' do`
Spec: specify france_connect logic 2019-08-16 16:38:02 +02:00			`let(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: 'particulier') }`
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`let(:send_password) { password }`
Spec : specify remember me 2019-08-16 15:46:51 +02:00			`let(:remember_me) { '0' }`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`subject do`
Spec : specify remember me 2019-08-16 15:46:51 +02:00			`post :create, params: {`
			`user: {`
			`email: email,`
			`password: send_password,`
			`remember_me: remember_me`
			`}`
			`}`
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`end`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`context 'when the credentials are right' do`
			`it 'signs in' do`
			`subject`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00
Spec: specify the redirections when logged in 2019-08-16 12:25:28 +02:00			`expect(response).to redirect_to(root_path)`
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`expect(controller.current_user).to eq(user)`
Spec: specify france_connect logic 2019-08-16 16:38:02 +02:00			`expect(user.reload.loged_in_with_france_connect).to be(nil)`
Spec : specify remember me 2019-08-16 15:46:51 +02:00			`expect(user.reload.remember_created_at).to be_nil`
			`end`

			`context 'when remember_me is specified' do`
			`let(:remember_me) { '1' }`

			`it 'remembers' do`
			`subject`

			`expect(user.reload.remember_created_at).to be_present`
			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`end`
Spec: specify the redirections when logged in 2019-08-16 12:25:28 +02:00
			`context 'when a previous path was registered' do`
			`let(:stored_path) { 'a_path' }`

			`before { controller.store_location_for(:user, stored_path) }`

			`it 'redirects to that previous path' do`
			`subject`

			`expect(response).to redirect_to(stored_path)`
			`end`
			`end`
Spec: specify locked logic 2019-08-16 14:17:39 +02:00
			`context 'when the user is locked' do`
			`before { user.lock_access! }`

			`it 'redirects to new_path' do`
			`subject`

Keep only the FC logic and use devise for the rest 2019-08-16 16:47:46 +02:00			`expect(response).to render_template(:new)`
Spec: specify locked logic 2019-08-16 14:17:39 +02:00			`expect(flash.alert).to eq(I18n.t('devise.failure.invalid'))`
			`end`
			`end`
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`context 'when the credentials are wrong' do`
			`let(:send_password) { 'wrong_password' }`
SessionControllerSpec: refactor #create tests 2019-01-09 13:47:52 +01:00
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`it 'fails to sign in with bad credentials' do`
			`subject`
[fix #3269] bufferize login token email 2019-01-10 10:41:03 +01:00
Rerender if wrong credentials 2019-08-16 16:41:28 +02:00			`expect(response).to render_template(:new)`
Spec: remove multi devise account tests 2019-08-16 11:52:40 +02:00			`expect(controller.current_user).to be(nil)`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`
			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#destroy' do`
Spec: sign_in with instructeur.user 2019-08-07 11:15:16 +02:00			`let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }`

force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`before do`
add france connect logout process 2015-10-07 16:38:29 +02:00			`sign_in user`
			`delete :destroy`
			`end`

			`it 'user is sign out' do`
			`expect(subject.current_user).to be_nil`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`

Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`it 'loged_in_with_france_connect current_user attribut is nil' do`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`user.reload`
Remove dead code 2018-12-18 22:48:56 +01:00			`expect(user.loged_in_with_france_connect.present?).to be_falsey`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`
add france connect logout process 2015-10-07 16:38:29 +02:00
Delete FC Enterprise tests 2016-02-11 16:12:59 +01:00			`context 'when user is connect with france connect particulier' do`
Use enum to the fullest with User.loged_in_with_france_connects 2018-08-28 11:41:37 +02:00			`let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00
			`it 'redirect to france connect logout page' do`
FC initializers: remove Hashie 2018-01-11 14:04:24 +01:00			`expect(response).to redirect_to(FRANCE_CONNECT[:particulier][:logout_endpoint])`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`end`
			`end`

add france connect logout process 2015-10-07 16:38:29 +02:00			`context 'when user is not connect with france connect' do`
Add FranceConnect Particulier Reactivate FranceConnect Entreprise 2015-12-24 10:12:23 +01:00			`let(:loged_in_with_france_connect) { '' }`
sign_out all devises connect before sign_in an other 2015-12-09 15:10:11 +01:00
add france connect logout process 2015-10-07 16:38:29 +02:00			`it 'redirect to root page' do`
			`expect(response).to redirect_to(root_path)`
			`end`
			`end`
force login_with_france_connect at false when connection devise user 2015-10-07 14:18:55 +02:00			`end`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00
describe '#method' rather than describe '.method' for instance methods 2018-03-20 16:00:30 +01:00			`describe '#new' do`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`subject { get :new }`

sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`it { expect(subject.status).to eq 200 }`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00
sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`context 'when a procedure location has been stored' do`
			`let(:procedure) { create :procedure, :published }`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00
sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`before do`
commencer: redirect to the procedure page after sign-in and sign-up 2019-01-16 16:16:15 +01:00			`controller.store_location_for(:user, commencer_path(path: procedure.path))`
Add draft/publish status for procedure. 2016-06-09 17:49:38 +02:00			`end`

sign_in: extract the procedure context to a ProcedureContextConcern 2019-01-14 16:25:48 +01:00			`it 'makes the saved procedure available' do`
			`expect(subject.status).to eq 200`
			`expect(assigns(:procedure)).to eq procedure`
Connexion page is contextualized with procedure title and description when is access with link. 2016-05-26 15:59:50 +02:00			`end`
			`end`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
			`describe '#sign_in_by_link' do`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`context 'when the instructeur has non other account' do`
			`let(:instructeur) { create(:instructeur) }`
			`let!(:good_jeton) { instructeur.create_trusted_device_token }`
Spec: factorize 2019-08-27 10:05:12 +02:00			`let(:jeton) { good_jeton }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`let(:logged) { false }`
Spec: resend token if it's invalid 2019-08-27 10:04:12 +02:00			`let(:valid_token) { true }`
login_token: add missing tests 2019-01-03 16:00:58 +01:00
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`before do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`if logged`
Spec: sign_in with instructeur.user 2019-08-07 11:15:16 +02:00			`sign_in(instructeur.user)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`allow(controller).to receive(:trust_device)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`allow(controller).to receive(:send_login_token_or_bufferize)`
Spec: resend token if it's invalid 2019-08-27 10:04:12 +02:00			`allow_any_instance_of(TrustedDeviceToken).to receive(:token_valid?).and_return(valid_token)`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`post :sign_in_by_link, params: { id: instructeur.id, jeton: jeton }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`

Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`context 'when the instructeur is not logged in' do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is valid' do`
			`it { is_expected.to redirect_to new_user_session_path }`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`it { expect(controller.current_instructeur).to be_nil }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { expect(controller).to have_received(:trust_device) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is invalid' do`
Spec: resend token if it's invalid 2019-08-27 10:04:12 +02:00			`let(:valid_token) { false }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }`
			`it { expect(controller.current_instructeur).to be_nil }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { expect(controller).not_to have_received(:trust_device) }`
			`it { expect(controller).to have_received(:send_login_token_or_bufferize) }`
			`end`
[fix #4238] When the token does not exist, redirect to home page without sending a new link 2019-08-27 10:21:06 +02:00
			`context 'when the token does not exist' do`
			`let(:jeton) { 'I do not exist' }`

			`it { is_expected.to redirect_to root_path }`
			`it { expect(controller.current_instructeur).to be_nil }`
			`it { expect(controller).not_to have_received(:trust_device) }`
			`it { expect(controller).not_to have_received(:send_login_token_or_bufferize) }`
			`it { expect(flash.alert).to eq('Votre lien est invalide.') }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`

Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`context 'when the instructeur is logged in' do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`let(:logged) { true }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is valid' do`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`# redirect to root_path, then redirect to instructeur_procedures_path (see root_controller)`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { is_expected.to redirect_to root_path }`
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`it { expect(controller.current_instructeur).to eq(instructeur) }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { expect(controller).to have_received(:trust_device) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`context 'when the token is invalid' do`
Spec: resend token if it's invalid 2019-08-27 10:04:12 +02:00			`let(:valid_token) { false }`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00
Rename gestionnaire in code to instructeur 2019-08-06 11:02:54 +02:00			`it { is_expected.to redirect_to link_sent_path(email: instructeur.email) }`
			`it { expect(controller.current_instructeur).to eq(instructeur) }`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`it { expect(controller).not_to have_received(:trust_device) }`
			`it { expect(controller).to have_received(:send_login_token_or_bufferize) }`
			`end`
Session: send a mail to confirm gestionnaire login 2018-10-03 11:11:02 +02:00			`end`
			`end`
			`end`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
			`describe '#trust_device and #trusted_device?' do`
			`subject { controller.trusted_device? }`

			`context 'when the trusted cookie is not present' do`
			`it { is_expected.to be false }`
			`end`

			`context 'when the cookie is outdated' do`
			`before do`
valid period depend on trusted_device_token.created_at 2019-02-04 11:57:50 +01:00			`emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute`
			`controller.trust_device(emission_date)`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00			`end`

			`it { is_expected.to be false }`
			`end`

			`context 'when the cookie is ok' do`
split login and trusted_device logic 2019-02-01 17:17:10 +01:00			`before { controller.trust_device(Time.zone.now) }`
Session: add trusted_device cookie 2018-10-30 18:24:29 +01:00
			`it { is_expected.to be true }`
			`end`
			`end`
Sign user + gestionnaire in (OpenSimplif) Hacks into users/sessions to sign in and sign out a gestionnaire and/or a user at the same time, as long as credentials are identical (same email, same password). 2016-10-11 11:12:45 +02:00			`end`