Merge pull request #3254 from betagouv/spec_a_administrateur_always_has_a_gestionnaire

Spec Factory: an administrateur always has a gestionnaire

app/controllers/users/sessions_controller.rb

@@ -21,7 +21,7 @@ class Users::SessionsController < Sessions::SessionsController
     try_to_authenticate(Administrateur, remember_me)
 
     if user_signed_in?
-      current_user.update(loged_in_with_france_connect: '')
+      current_user.update(loged_in_with_france_connect: nil)
     end
 
     if gestionnaire_signed_in?

app/models/administrateur.rb

@@ -119,4 +119,8 @@ class Administrateur < ApplicationRecord
   def owns?(procedure)
     id == procedure.administrateur_id
   end
+
+  def gestionnaire
+    Gestionnaire.find_by(email: email)
+  end
 end

spec/controllers/admin/procedures_controller_spec.rb

@@ -203,7 +203,7 @@ describe Admin::ProceduresController, type: :controller do
       end
 
       context 'when procedure is correctly saved' do
-        let!(:gestionnaire) { create(:gestionnaire, email: admin.email) }
+        let(:gestionnaire) { admin.gestionnaire }
 
         before do
           post :create, params: { procedure: procedure_params }

spec/controllers/gestionnaires/passwords_controller_spec.rb

@@ -7,9 +7,9 @@ describe Gestionnaires::PasswordsController, type: :controller do
 
   describe "update" do
     context "unified login" do
-      let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'un super mot de passe') }
       let(:user) { create(:user, email: 'unique@plop.com', password: 'un super mot de passe') }
       let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'un super mot de passe') }
+      let(:gestionnaire) { administrateur.gestionnaire }
 
       before do
         @token = gestionnaire.send(:set_reset_password_token)

spec/controllers/users/passwords_controller_spec.rb

@@ -8,12 +8,10 @@ describe Users::PasswordsController, type: :controller do
   describe "update" do
     context "unified login" do
       let(:user) { create(:user, email: 'unique@plop.com', password: 'mot de passe complexe') }
-      let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'mot de passe complexe') }
       let(:administrateur) { create(:administrateur, email: 'unique@plop.com', password: 'mot de passe complexe') }
 
       before do
         @token = user.send(:set_reset_password_token)
-        gestionnaire # make sure it's created
         administrateur # make sure it's created
       end
 
@@ -26,7 +24,7 @@ describe Users::PasswordsController, type: :controller do
           }
         }
         expect(subject.current_user).to eq(user)
-        expect(subject.current_gestionnaire).to eq(gestionnaire)
+        expect(subject.current_gestionnaire.email).to eq(administrateur.email)
       end
 
       it "also signs administrateur in" do

spec/controllers/users/sessions_controller_spec.rb

@@ -1,129 +1,63 @@
-require 'spec_helper'
-
 describe Users::SessionsController, type: :controller do
+  let(:email) { 'unique@plop.com' }
+  let(:password) { 'un super mot de passe' }
   let(:loged_in_with_france_connect) { User.loged_in_with_france_connects.fetch(:particulier) }
-  let(:user) { create(:user, loged_in_with_france_connect: loged_in_with_france_connect) }
+  let!(:user) { create(:user, email: email, password: password, loged_in_with_france_connect: loged_in_with_france_connect) }
 
   before do
     @request.env["devise.mapping"] = Devise.mappings[:user]
   end
 
   describe '#create' do
-    it { expect(described_class).to be < Sessions::SessionsController }
+    context "when the user is also a gestionnaire and an administrateur" do
+      let!(:administrateur) { create(:administrateur, :with_admin_trusted_device, email: email, password: password) }
+      let(:gestionnaire) { administrateur.gestionnaire }
+      let(:trusted_device) { true }
+      let(:send_password) { password }
 
-    describe 'France Connect attribut' do
       before do
-        post :create, params: { user: { email: user.email, password: user.password } }
+        allow(controller).to receive(:trusted_device?).and_return(trusted_device)
+        post :create, params: { user: { email: email, password: send_password } }
         user.reload
       end
 
-      subject { user.loged_in_with_france_connect.present? }
+      context 'when the device is not trusted' do
+        let(:trusted_device) { false }
 
-      it { is_expected.to be_falsey }
-    end
+        it 'redirects to the confirmation link path' do
+          expect(subject).to redirect_to link_sent_path(email: email)
 
-    context "unified login" do
-      let(:email) { 'unique@plop.com' }
-      let(:password) { 'un super mot de passe' }
-
-      let(:user) { create(:user, email: email, password: password) }
-      let(:gestionnaire) { create(:gestionnaire, :with_trusted_device, email: email, password: password) }
-      let(:administrateur) { create(:administrateur, email: email, password: password) }
-
-      it 'signs user in' do
-        post :create, params: { user: { email: user.email, password: user.password } }
-        expect(@response.redirect?).to be(true)
-        expect(subject.current_user).to eq(user)
-        expect(subject.current_gestionnaire).to be(nil)
-        expect(subject.current_administrateur).to be(nil)
-        expect(user.reload.loged_in_with_france_connect).to be(nil)
-      end
-
-      it 'signs gestionnaire in' do
-        post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
-
-        expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
-        expect(subject.current_user).to be(nil)
-        expect(subject.current_gestionnaire).to be(nil)
-        expect(subject.current_administrateur).to be(nil)
-      end
-
-      context 'when the device is trusted' do
-        before do
-          allow(controller).to receive(:trusted_device?).and_return(true)
-          post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
-        end
-
-        it 'directly log the gestionnaire' do
-          expect(@response.redirect?).to be(true)
-          expect(subject).not_to redirect_to link_sent_path(email: gestionnaire.email)
-          # TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path
-          # expect(subject).to redirect_to gestionnaire_procedures_path
-          expect(subject.current_user).to be(nil)
-          expect(subject.current_gestionnaire).to eq(gestionnaire)
-          expect(subject.current_administrateur).to be(nil)
-        end
-      end
-
-      context 'signs administrateur in' do
-        # an admin has always an gestionnaire role
-        before { gestionnaire }
-
-        it 'signs administrateur in' do
-          post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
-
-          expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
-          expect(subject.current_user).to be(nil)
-          expect(subject.current_gestionnaire).to be(nil)
-          expect(subject.current_administrateur).to eq(nil)
-        end
-      end
-
-      context {
-        before do
-          user
-          gestionnaire
-        end
-
-        it 'signs user + gestionnaire + administrateur in' do
-          post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
-
-          expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
-
-          # TODO: fix me
-          # Strange behaviour: sign_out(:user) does not work in spec
-          # but seems to work in live
-          # expect(controller.current_user).to be(nil)
+          # do not know why, should be test related
+          expect(subject.current_user).to eq(user)
 
           expect(subject.current_gestionnaire).to be(nil)
           expect(subject.current_administrateur).to be(nil)
           expect(user.reload.loged_in_with_france_connect).to be(nil)
         end
-      }
-
-      it 'fails to sign in with bad credentials' do
-        post :create, params: { user: { email: user.email, password: 'wrong_password' } }
-        expect(@response.unauthorized?).to be(true)
-        expect(subject.current_user).to be(nil)
-        expect(subject.current_gestionnaire).to be(nil)
-        expect(subject.current_administrateur).to be(nil)
       end
 
-      context 'with different passwords' do
-        let!(:gestionnaire) { create(:gestionnaire, email: email, password: 'mot de passe complexe') }
-        let!(:administrateur) { create(:administrateur, email: email, password: 'mot de passe complexe') }
+      context 'when the device is trusted' do
+        it 'signs in as user, gestionnaire and adminstrateur' do
+          expect(@response.redirect?).to be(true)
+          expect(subject).not_to redirect_to link_sent_path(email: email)
+          # TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path
+          # expect(subject).to redirect_to gestionnaire_procedures_path
 
-        before do
-          user
+          expect(subject.current_user).to eq(user)
+          expect(subject.current_gestionnaire).to eq(gestionnaire)
+          expect(subject.current_administrateur).to eq(administrateur)
+          expect(user.loged_in_with_france_connect).to be(nil)
         end
+      end
 
-        it 'should sync passwords on login' do
-          post :create, params: { user: { email: email, password: password } }
-          gestionnaire.reload
-          administrateur.reload
-          expect(user.valid_password?(password)).to be(true)
-          expect(gestionnaire.valid_password?(password)).to be(true)
-          expect(administrateur.valid_password?(password)).to be(true)
+      context 'when the credentials are wrong' do
+        let(:send_password) { 'wrong_password' }
+
+        it 'fails to sign in with bad credentials' do
+          expect(@response.unauthorized?).to be(true)
+          expect(subject.current_user).to be(nil)
+          expect(subject.current_gestionnaire).to be(nil)
+          expect(subject.current_administrateur).to be(nil)
         end
       end
     end
@@ -193,20 +127,20 @@ describe Users::SessionsController, type: :controller do
         delete :destroy
         expect(@response.headers["Location"]).to eq(FRANCE_CONNECT[:particulier][:logout_endpoint])
       end
+    end
 
-      context "when associated administrateur" do
-        let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }
+    context "when associated administrateur" do
+      let(:administrateur) { create(:administrateur, email: 'unique@plop.com') }
 
-        it 'signs user + gestionnaire + administrateur out' do
-          sign_in user
-          sign_in gestionnaire
-          sign_in administrateur
-          delete :destroy
-          expect(@response.redirect?).to be(true)
-          expect(subject.current_user).to be(nil)
-          expect(subject.current_gestionnaire).to be(nil)
-          expect(subject.current_administrateur).to be(nil)
-        end
+      it 'signs user + gestionnaire + administrateur out' do
+        sign_in user
+        sign_in administrateur.gestionnaire
+        sign_in administrateur
+        delete :destroy
+        expect(@response.redirect?).to be(true)
+        expect(subject.current_user).to be(nil)
+        expect(subject.current_gestionnaire).to be(nil)
+        expect(subject.current_administrateur).to be(nil)
       end
     end
   end
@@ -284,8 +218,8 @@ describe Users::SessionsController, type: :controller do
       let(:password) { 'un super mot de passe' }
 
       let!(:user) { create(:user, email: email, password: password) }
-      let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
       let!(:administrateur) { create(:administrateur, email: email, password: password) }
+      let(:gestionnaire) { administrateur.gestionnaire }
 
       before do
         post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }

spec/factories/administrateur.rb

@@ -3,6 +3,16 @@ FactoryBot.define do
   factory :administrateur do
     email { generate(:administrateur_email) }
     password { 'mon chien aime les bananes' }
+
+    after(:create) do |admin|
+      create(:gestionnaire, email: admin.email, password: admin.password)
+    end
+  end
+
+  trait :with_admin_trusted_device do
+    after(:create) do |admin|
+      admin.gestionnaire.update(features: { "enable_email_login_token" => true })
+    end
   end
 
   trait :with_api_token do

spec/features/admin/connection_spec.rb

@@ -5,8 +5,7 @@ feature 'Administrator connection' do
 
   let(:email) { 'admin1@admin.com' }
   let(:password) { 'mon chien aime les bananes' }
-  let!(:admin) { create(:administrateur, :with_procedure, email: email, password: password) }
-  let!(:gestionnaire) { create(:gestionnaire, :with_trusted_device, email: email, password: password) }
+  let!(:admin) { create(:administrateur, :with_admin_trusted_device, :with_procedure, email: email, password: password) }
 
   before do
     visit new_administrateur_session_path

spec/features/admin/procedure_creation_spec.rb

@@ -116,7 +116,7 @@ feature 'As an administrateur I wanna create a new procedure', js: true do
         end
       end
 
-      scenario 'After adding champ and file, check impossibility to publish procedure, add instructeur and make publication' do
+      scenario 'After adding champ and file, make publication' do
         fill_in 'procedure_types_de_champ_attributes_0_libelle', with: 'libelle de champ'
         click_on 'add_type_de_champ'
         click_on 'onglet-pieces'
@@ -125,17 +125,6 @@ feature 'As an administrateur I wanna create a new procedure', js: true do
         fill_in 'procedure_types_de_piece_justificative_attributes_0_libelle', with: 'libelle de piece'
         click_on 'add_piece_justificative'
 
-        click_on 'onglet-infos'
-        expect(page).to have_current_path(admin_procedure_path(Procedure.last))
-        expect(page).to have_selector('#disabled-publish-procedure')
-        expect(page.find_by_id('disabled-publish-procedure')[:disabled]).to eq('true')
-
-        click_on 'onglet-instructeurs'
-        expect(page).to have_current_path(admin_procedure_instructeurs_path(Procedure.last))
-        fill_in 'gestionnaire_email', with: 'gestionnaire@apientreprise.fr'
-        click_on 'add-gestionnaire-email'
-        page.first('.gestionnaire-affectation').click
-
         click_on 'onglet-infos'
         expect(page).to have_current_path(admin_procedure_path(Procedure.last))
         expect(page).to have_selector('#publish-procedure', visible: true)

spec/models/administrateur_spec.rb

@@ -22,7 +22,7 @@ describe Administrateur, type: :model do
 
     it 'syncs credentials to associated administrateur' do
       administrateur = create(:administrateur)
-      gestionnaire = create(:gestionnaire, email: administrateur.email)
+      gestionnaire = administrateur.gestionnaire
 
       administrateur.update(email: 'whoami@plop.com', password: 'et encore un autre mdp')
 

spec/models/gestionnaire_spec.rb

@@ -149,13 +149,12 @@ describe Gestionnaire, type: :model do
     end
 
     it 'syncs credentials to associated administrateur' do
-      gestionnaire = create(:gestionnaire)
-      admin = create(:administrateur, email: gestionnaire.email)
+      admin = create(:administrateur)
+      gestionnaire = admin.gestionnaire
 
-      gestionnaire.update(email: 'whoami@plop.com', password: 'super secret')
+      gestionnaire.update(password: 'super secret')
 
       admin.reload
-      expect(admin.email).to eq('whoami@plop.com')
       expect(admin.valid_password?('super secret')).to be(true)
     end
   end