Merge pull request #3234 from betagouv/fix-signin

Fix a gestionnaire sign in bug
This commit is contained in:
gregoirenovel 2018-12-26 18:18:42 +01:00 committed by GitHub
commit 336e6c4953
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 10 deletions

View file

@ -140,8 +140,8 @@ class Gestionnaire < ApplicationRecord
end
def login_token_valid?(login_token)
BCrypt::Password.new(encrypted_login_token) == login_token
30.minutes.ago < login_token_created_at
BCrypt::Password.new(encrypted_login_token) == login_token &&
30.minutes.ago < login_token_created_at
rescue BCrypt::Errors::InvalidHash
false
end

View file

@ -255,11 +255,11 @@ describe Users::SessionsController, type: :controller do
let(:gestionnaire) { create(:gestionnaire) }
before do
allow(controller).to receive(:trust_device)
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
end
context 'when the token is valid' do
let(:login_token) { gestionnaire.login_token! }
let(:jeton) { gestionnaire.login_token! }
# TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
@ -269,7 +269,7 @@ describe Users::SessionsController, type: :controller do
end
context 'when the token is invalid' do
let(:login_token) { 'invalid_token' }
let(:jeton) { 'invalid_token' }
it { is_expected.to redirect_to new_user_session_path }
it { expect(controller.current_gestionnaire).to be_nil }
@ -286,11 +286,11 @@ describe Users::SessionsController, type: :controller do
let!(:administrateur) { create(:administrateur, email: email, password: password) }
before do
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
end
context 'when the token is valid' do
let(:login_token) { gestionnaire.login_token! }
let(:jeton) { gestionnaire.login_token! }
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
it { expect(controller.current_administrateur).to eq(administrateur) }

View file

@ -27,10 +27,11 @@ module FeatureHelpers
if sign_in_by_link
mail = ActionMailer::Base.deliveries.last
message = mail.body.parts.join(&:to_s)
login_token = message[/connexion-par-jeton\/(.*)/, 1]
message = mail.html_part.body.raw_source
gestionnaire_id = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 1]
jeton = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 2]
visit sign_in_by_link_path(login_token)
visit sign_in_by_link_path(gestionnaire_id, jeton: jeton)
end
end