From 03eb47016c597b8a1f12e2b4c86fdd829200ba3e Mon Sep 17 00:00:00 2001 From: gregoirenovel Date: Wed, 26 Dec 2018 17:35:28 +0100 Subject: [PATCH] Fix a gestionnaire sign in bug --- app/models/gestionnaire.rb | 4 ++-- spec/controllers/users/sessions_controller_spec.rb | 10 +++++----- spec/support/feature_helpers.rb | 7 ++++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/app/models/gestionnaire.rb b/app/models/gestionnaire.rb index 589cc7f27..dab20d0ac 100644 --- a/app/models/gestionnaire.rb +++ b/app/models/gestionnaire.rb @@ -140,8 +140,8 @@ class Gestionnaire < ApplicationRecord end def login_token_valid?(login_token) - BCrypt::Password.new(encrypted_login_token) == login_token - 30.minutes.ago < login_token_created_at + BCrypt::Password.new(encrypted_login_token) == login_token && + 30.minutes.ago < login_token_created_at rescue BCrypt::Errors::InvalidHash false end diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb index b6601b4b9..d34e3f280 100644 --- a/spec/controllers/users/sessions_controller_spec.rb +++ b/spec/controllers/users/sessions_controller_spec.rb @@ -255,11 +255,11 @@ describe Users::SessionsController, type: :controller do let(:gestionnaire) { create(:gestionnaire) } before do allow(controller).to receive(:trust_device) - post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token } + post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton } end context 'when the token is valid' do - let(:login_token) { gestionnaire.login_token! } + let(:jeton) { gestionnaire.login_token! } # TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche, # redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller) @@ -269,7 +269,7 @@ describe Users::SessionsController, type: :controller do end context 'when the token is invalid' do - let(:login_token) { 'invalid_token' } + let(:jeton) { 'invalid_token' } it { is_expected.to redirect_to new_user_session_path } it { expect(controller.current_gestionnaire).to be_nil } @@ -286,11 +286,11 @@ describe Users::SessionsController, type: :controller do let!(:administrateur) { create(:administrateur, email: email, password: password) } before do - post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token } + post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton } end context 'when the token is valid' do - let(:login_token) { gestionnaire.login_token! } + let(:jeton) { gestionnaire.login_token! } it { expect(controller.current_gestionnaire).to eq(gestionnaire) } it { expect(controller.current_administrateur).to eq(administrateur) } diff --git a/spec/support/feature_helpers.rb b/spec/support/feature_helpers.rb index f0d0f6447..3db3a5c56 100644 --- a/spec/support/feature_helpers.rb +++ b/spec/support/feature_helpers.rb @@ -27,10 +27,11 @@ module FeatureHelpers if sign_in_by_link mail = ActionMailer::Base.deliveries.last - message = mail.body.parts.join(&:to_s) - login_token = message[/connexion-par-jeton\/(.*)/, 1] + message = mail.html_part.body.raw_source + gestionnaire_id = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 1] + jeton = message[/\".+\/connexion-par-jeton\/(.+)\?jeton=(.*)\"/, 2] - visit sign_in_by_link_path(login_token) + visit sign_in_by_link_path(gestionnaire_id, jeton: jeton) end end