Merge pull request #3234 from betagouv/fix-signin
Fix a gestionnaire sign in bug
This commit is contained in:
commit
336e6c4953
3 changed files with 11 additions and 10 deletions
|
@ -140,8 +140,8 @@ class Gestionnaire < ApplicationRecord
|
|||
end
|
||||
|
||||
def login_token_valid?(login_token)
|
||||
BCrypt::Password.new(encrypted_login_token) == login_token
|
||||
30.minutes.ago < login_token_created_at
|
||||
BCrypt::Password.new(encrypted_login_token) == login_token &&
|
||||
30.minutes.ago < login_token_created_at
|
||||
rescue BCrypt::Errors::InvalidHash
|
||||
false
|
||||
end
|
||||
|
|
|
@ -255,11 +255,11 @@ describe Users::SessionsController, type: :controller do
|
|||
let(:gestionnaire) { create(:gestionnaire) }
|
||||
before do
|
||||
allow(controller).to receive(:trust_device)
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:login_token) { gestionnaire.login_token! }
|
||||
let(:jeton) { gestionnaire.login_token! }
|
||||
|
||||
# TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
|
||||
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
||||
|
@ -269,7 +269,7 @@ describe Users::SessionsController, type: :controller do
|
|||
end
|
||||
|
||||
context 'when the token is invalid' do
|
||||
let(:login_token) { 'invalid_token' }
|
||||
let(:jeton) { 'invalid_token' }
|
||||
|
||||
it { is_expected.to redirect_to new_user_session_path }
|
||||
it { expect(controller.current_gestionnaire).to be_nil }
|
||||
|
@ -286,11 +286,11 @@ describe Users::SessionsController, type: :controller do
|
|||
let!(:administrateur) { create(:administrateur, email: email, password: password) }
|
||||
|
||||
before do
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:login_token) { gestionnaire.login_token! }
|
||||
let(:jeton) { gestionnaire.login_token! }
|
||||
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller.current_administrateur).to eq(administrateur) }
|
||||
|
|
|
@ -27,10 +27,11 @@ module FeatureHelpers
|
|||
|
||||
if sign_in_by_link
|
||||
mail = ActionMailer::Base.deliveries.last
|
||||
message = mail.body.parts.join(&:to_s)
|
||||
login_token = message[/connexion-par-jeton\/(.*)/, 1]
|
||||
message = mail.html_part.body.raw_source
|
||||
gestionnaire_id = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 1]
|
||||
jeton = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 2]
|
||||
|
||||
visit sign_in_by_link_path(login_token)
|
||||
visit sign_in_by_link_path(gestionnaire_id, jeton: jeton)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue