move token validity to trusted_device_token

2019-02-02 22:16:11 +01:00 · 2019-02-02 22:16:11 +01:00 · 23db8a160c
commit 23db8a160c
parent b9b83cca3a
5 changed files with 26 additions and 29 deletions
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -70,7 +70,11 @@ class Users::SessionsController < Sessions::SessionsController

  def sign_in_by_link
    gestionnaire = Gestionnaire.find(params[:id])
-    if gestionnaire&.login_token_valid?(params[:jeton])
+    trusted_device_token = gestionnaire
+      .trusted_device_tokens
+      .find_by(token: params[:jeton])
+
+    if trusted_device_token&.token_valid?
      trust_device
      flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."

--- a/app/models/gestionnaire.rb
+++ b/app/models/gestionnaire.rb
@ -2,7 +2,6 @@ class Gestionnaire < ApplicationRecord
  include CredentialsSyncableConcern
  include EmailSanitizableConcern

-  LOGIN_TOKEN_VALIDITY = 45.minutes
  LOGIN_TOKEN_YOUTH = 15.minutes

  devise :database_authenticatable, :registerable, :async,
@ -140,13 +139,6 @@ class Gestionnaire < ApplicationRecord
    trusted_device_token.token
  end

-  def login_token_valid?(login_token)
-    trusted_device_token = trusted_device_tokens.find_by(token: login_token)
-
-    trusted_device_token.present? &&
-      LOGIN_TOKEN_VALIDITY.ago < trusted_device_token.created_at
-  end
-
  def dossiers_id_with_notifications(dossiers)
    dossiers = dossiers.followed_by(self)

--- a/app/models/trusted_device_token.rb
+++ b/app/models/trusted_device_token.rb
@ -1,4 +1,10 @@
 class TrustedDeviceToken < ApplicationRecord
+  LOGIN_TOKEN_VALIDITY = 45.minutes
+
  belongs_to :gestionnaire
  has_secure_token
+
+  def token_valid?
+    LOGIN_TOKEN_VALIDITY.ago < created_at
+  end
 end
--- a/spec/models/gestionnaire_spec.rb
+++ b/spec/models/gestionnaire_spec.rb
@ -392,26 +392,6 @@ describe Gestionnaire, type: :model do
    end
  end

-  describe '#login_token_valid?' do
-    let!(:gestionnaire) { create(:gestionnaire) }
-    let!(:good_token) { gestionnaire.login_token! }
-
-    it { expect(gestionnaire.login_token_valid?(good_token)).to be true }
-    it { expect(gestionnaire.login_token_valid?('bad_token')).to be false }
-
-    context 'when the token as expired' do
-      before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
-
-      it { expect(gestionnaire.login_token_valid?(good_token)).to be false }
-    end
-
-    context 'when the gestionnaire does not have a token' do
-      before { gestionnaire.update(encrypted_login_token: nil) }
-
-      it { expect(gestionnaire.login_token_valid?(nil)).to be false }
-    end
-  end
-
  describe '#young_login_token?' do
    let!(:gestionnaire) { create(:gestionnaire) }

--- a/spec/models/trusted_device_token_spec.rb
+++ b/spec/models/trusted_device_token_spec.rb
@ -0,0 +1,15 @@
+RSpec.describe TrustedDeviceToken, type: :model do
+  describe '#token_valid?' do
+    let(:token) { TrustedDeviceToken.create }
+
+    context 'when the token is create after login_token_validity' do
+      it { expect(token.token_valid?).to be true }
+    end
+
+    context 'when the token is create before login_token_validity' do
+      before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
+
+      it { expect(token.token_valid?).to be false }
+    end
+  end
+end