feature(agent_connect_2fa): do not log AC/MonComptePro agent without 2fa
This commit is contained in:
parent
5f25756ae2
commit
1706feec3d
3 changed files with 37 additions and 4 deletions
|
@ -23,11 +23,11 @@ class AgentConnect::AgentController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def callback
|
def callback
|
||||||
user_info, id_token = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
|
user_info, id_token, amr = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
|
||||||
cookies.delete NONCE_COOKIE_NAME
|
cookies.delete NONCE_COOKIE_NAME
|
||||||
|
|
||||||
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID
|
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID && !amr.include?('mfa')
|
||||||
# MON COMPTE PRO !
|
return redirect_to ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'], allow_other_host: true
|
||||||
end
|
end
|
||||||
|
|
||||||
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })
|
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })
|
||||||
|
|
|
@ -32,6 +32,9 @@ DS_ENV="staging"
|
||||||
# AGENT_CONNECT_GOUV_SECRET=""
|
# AGENT_CONNECT_GOUV_SECRET=""
|
||||||
# AGENT_CONNECT_GOUV_REDIRECT=""
|
# AGENT_CONNECT_GOUV_REDIRECT=""
|
||||||
|
|
||||||
|
# url to redirect user to when 2FA is not configured mon compte pro FI is used
|
||||||
|
# MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL="https://app-sandbox.moncomptepro.beta.gouv.fr/connection-and-account?notification=2fa_not_configured"
|
||||||
|
|
||||||
# Certigna usage
|
# Certigna usage
|
||||||
# CERTIGNA_ENABLED="disabled" # "enabled" by default
|
# CERTIGNA_ENABLED="disabled" # "enabled" by default
|
||||||
|
|
||||||
|
|
|
@ -34,10 +34,40 @@ describe AgentConnect::AgentController, type: :controller do
|
||||||
let(:code) { 'correct' }
|
let(:code) { 'correct' }
|
||||||
let(:state) { original_state }
|
let(:state) { original_state }
|
||||||
let(:user_info) { { 'sub' => 'sub', 'email' => email, 'given_name' => 'given', 'usual_name' => 'usual' } }
|
let(:user_info) { { 'sub' => 'sub', 'email' => email, 'given_name' => 'given', 'usual_name' => 'usual' } }
|
||||||
|
let(:amr) { [] }
|
||||||
|
|
||||||
context 'and user_info returns some info' do
|
context 'and user_info returns some info' do
|
||||||
before do
|
before do
|
||||||
expect(AgentConnectService).to receive(:user_info).with(code, nonce).and_return([user_info, id_token])
|
ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'] = 'https://moncomptepro.fr/not_configured'
|
||||||
|
expect(AgentConnectService).to receive(:user_info).with(code, nonce).and_return([user_info, id_token, amr])
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'and the instructeur use mon_compte_pro without 2FA' do
|
||||||
|
before do
|
||||||
|
user_info['idp_id'] = AgentConnect::AgentController::MON_COMPTE_PRO_IDP_ID
|
||||||
|
allow(controller).to receive(:sign_in)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'without 2FA' do
|
||||||
|
it 'redirects to MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL' do
|
||||||
|
subject
|
||||||
|
|
||||||
|
expect(controller).not_to have_received(:sign_in)
|
||||||
|
expect(response).to redirect_to(ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'])
|
||||||
|
expect(state_cookie).to be_nil
|
||||||
|
expect(nonce_cookie).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with 2FA' do
|
||||||
|
let(:amr) { ['mfa'] }
|
||||||
|
|
||||||
|
it 'creates the user, signs in and redirects to procedure_path' do
|
||||||
|
expect { subject }.to change { User.count }.by(1).and change { Instructeur.count }.by(1)
|
||||||
|
|
||||||
|
expect(controller).to have_received(:sign_in)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'and the instructeur does not have an account yet' do
|
context 'and the instructeur does not have an account yet' do
|
||||||
|
|
Loading…
Reference in a new issue