DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feature(agent_connect_2fa): do not log AC/MonComptePro agent without 2fa

Browse source
This commit is contained in:
simon lehericey 2024-09-16 11:02:02 +02:00
parent 5f25756ae2
commit 1706feec3d
No known key found for this signature in database
GPG key ID: CDE670D827C7B3C5
3 changed files with 37 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/agent_connect/agent_controller.rb
View file

@ -23,11 +23,11 @@ class AgentConnect::AgentController < ApplicationController
end
def callback
user_info, id_token = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
user_info, id_token, amr = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
cookies.delete NONCE_COOKIE_NAME
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID
# MON COMPTE PRO !
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID && !amr.include?('mfa')
return redirect_to ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'], allow_other_host: true
end
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })