feature(agent_connect_2fa): do not log AC/MonComptePro agent without 2fa

This commit is contained in:
simon lehericey 2024-09-16 11:02:02 +02:00
parent 5f25756ae2
commit 1706feec3d
No known key found for this signature in database
GPG key ID: CDE670D827C7B3C5
3 changed files with 37 additions and 4 deletions

View file

@ -23,11 +23,11 @@ class AgentConnect::AgentController < ApplicationController
end end
def callback def callback
user_info, id_token = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME]) user_info, id_token, amr = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
cookies.delete NONCE_COOKIE_NAME cookies.delete NONCE_COOKIE_NAME
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID && !amr.include?('mfa')
# MON COMPTE PRO ! return redirect_to ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'], allow_other_host: true
end end
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) }) instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })

View file

@ -32,6 +32,9 @@ DS_ENV="staging"
# AGENT_CONNECT_GOUV_SECRET="" # AGENT_CONNECT_GOUV_SECRET=""
# AGENT_CONNECT_GOUV_REDIRECT="" # AGENT_CONNECT_GOUV_REDIRECT=""
# url to redirect user to when 2FA is not configured mon compte pro FI is used
# MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL="https://app-sandbox.moncomptepro.beta.gouv.fr/connection-and-account?notification=2fa_not_configured"
# Certigna usage # Certigna usage
# CERTIGNA_ENABLED="disabled" # "enabled" by default # CERTIGNA_ENABLED="disabled" # "enabled" by default

View file

@ -34,10 +34,40 @@ describe AgentConnect::AgentController, type: :controller do
let(:code) { 'correct' } let(:code) { 'correct' }
let(:state) { original_state } let(:state) { original_state }
let(:user_info) { { 'sub' => 'sub', 'email' => email, 'given_name' => 'given', 'usual_name' => 'usual' } } let(:user_info) { { 'sub' => 'sub', 'email' => email, 'given_name' => 'given', 'usual_name' => 'usual' } }
let(:amr) { [] }
context 'and user_info returns some info' do context 'and user_info returns some info' do
before do before do
expect(AgentConnectService).to receive(:user_info).with(code, nonce).and_return([user_info, id_token]) ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'] = 'https://moncomptepro.fr/not_configured'
expect(AgentConnectService).to receive(:user_info).with(code, nonce).and_return([user_info, id_token, amr])
end
context 'and the instructeur use mon_compte_pro without 2FA' do
before do
user_info['idp_id'] = AgentConnect::AgentController::MON_COMPTE_PRO_IDP_ID
allow(controller).to receive(:sign_in)
end
context 'without 2FA' do
it 'redirects to MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL' do
subject
expect(controller).not_to have_received(:sign_in)
expect(response).to redirect_to(ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'])
expect(state_cookie).to be_nil
expect(nonce_cookie).to be_nil
end
end
context 'with 2FA' do
let(:amr) { ['mfa'] }
it 'creates the user, signs in and redirects to procedure_path' do
expect { subject }.to change { User.count }.by(1).and change { Instructeur.count }.by(1)
expect(controller).to have_received(:sign_in)
end
end
end end
context 'and the instructeur does not have an account yet' do context 'and the instructeur does not have an account yet' do