DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

- Add FranceConnectInformation table to make safe FranceConnect pivot identity.

Browse source 
- Adapt source code with the new table
This commit is contained in:
Xavier J 2016-01-21 17:06:09 +01:00
parent d6e795df02
commit 4d812220fd
18 changed files with 454 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

126
app/controllers/france_connect/particulier_controller.rb
View file

@ -13,74 +13,86 @@ class FranceConnect::ParticulierController < ApplicationController
redirect_to authorization_uri
end
def new
return redirect_to root_path if france_connect_particulier_id_blank?
@user = (User.new create_user_params).decorate
end
def create
user = User.new create_user_params
user.password = Devise.friendly_token[0, 20]
unless user.valid?
flash.alert = 'Email non valide'
return redirect_to france_connect_particulier_new_path user: params[:user]
end
user.save
connect_france_connect_particulier user
end
def check_email
user = User.find_by_email(params[:user][:email])
return create if user.nil?
return redirect_to root_path if france_connect_particulier_id_blank?
unless params[:user][:password].nil?
if user.valid_password?(params[:user][:password])
user.update_attributes create_user_params
return connect_france_connect_particulier user
else
flash.now.alert = 'Mot de passe invalide'
end
end
@user = (User.new create_user_params).decorate
end
def callback
return redirect_to new_user_session_path unless params.has_key?(:code)
user_infos = FranceConnectService.retrieve_user_informations_particulier(params[:code])
unless user_infos.nil?
user = User.find_for_france_connect_particulier user_infos
france_connect_information = FranceConnectInformation.find_by_france_connect_particulier user_infos
if user.nil?
return redirect_to france_connect_particulier_new_path(user: user_infos)
end
france_connect_information = FranceConnectInformation.create(
{gender: user_infos[:gender],
given_name: user_infos[:given_name],
family_name: user_infos[:family_name],
email_france_connect: user_infos[:email],
birthdate: user_infos[:birthdate],
birthplace: user_infos[:birthplace],
france_connect_particulier_id: user_infos[:france_connect_particulier_id]}
) if france_connect_information.nil?
user = france_connect_information.user
salt = FranceConnectSaltService.new(france_connect_information).salt
return redirect_to france_connect_particulier_new_path(fci_id: france_connect_information.id, salt: salt) if user.nil?
connect_france_connect_particulier user
end
rescue Rack::OAuth2::Client::Error => e
Rails.logger.error e.message
flash.alert = t('errors.messages.france_connect.connexion')
redirect_to(new_user_session_path)
redirect_france_connect_error_connection
end
def new
return redirect_france_connect_error_connection unless valid_salt_and_fci_id_params?
france_connect_information = FranceConnectInformation.find(params[:fci_id])
@user = User.new(france_connect_information: france_connect_information).decorate
rescue ActiveRecord::RecordNotFound
redirect_france_connect_error_connection
end
def check_email
return redirect_france_connect_error_connection unless valid_salt_and_fci_id_params?
user = User.find_by_email(params[:user][:email_france_connect])
return create if user.nil?
unless params[:user][:password].nil?
if user.valid_password?(params[:user][:password])
user.france_connect_information = FranceConnectInformation.find(params[:fci_id])
return connect_france_connect_particulier user
else
flash.now.alert = 'Mot de passe invalide'
end
end
france_connect_information = FranceConnectInformation.find(params[:fci_id])
france_connect_information.update_attribute(:email_france_connect, params[:user][:email_france_connect])
@user = User.new(france_connect_information: france_connect_information).decorate
end
def create
user = User.new email: params[:user][:email_france_connect]
user.password = Devise.friendly_token[0, 20]
unless user.valid?
flash.alert = 'Email non valide'
return redirect_to france_connect_particulier_new_path fci_id: params[:fci_id], salt: params[:salt], user: params[:user]
end
user.save
FranceConnectInformation.find(params[:fci_id]).update_attribute(:user, user)
connect_france_connect_particulier user
end
private
def create_user_params
params.require(:user).permit(:france_connect_particulier_id, :gender, :given_name, :family_name, :birthdate, :birthplace, :email)
end
def france_connect_particulier_id_blank?
redirect_to root_path if params[:user][:france_connect_particulier_id].blank?
end
def connect_france_connect_particulier user
sign_in user
@ -89,4 +101,14 @@ class FranceConnect::ParticulierController < ApplicationController
redirect_to stored_location_for(current_user) || signed_in_root_path(current_user)
end
def redirect_france_connect_error_connection
flash.alert = t('errors.messages.france_connect.connexion')
redirect_to(new_user_session_path)
end
def valid_salt_and_fci_id_params?
france_connect_information = FranceConnectInformation.find(params[:fci_id])
FranceConnectSaltService.new(france_connect_information).valid? params[:salt]
end
end

11
app/controllers/users/dossiers_controller.rb
View file

@ -157,11 +157,12 @@ class Users::DossiersController < UsersController
end
def mandataire_social? mandataires_list
mandataires_list.each do |mandataire|
return true if !current_user.france_connect_particulier_id.nil? &&
mandataire[:nom].upcase == current_user.family_name.upcase &&
mandataire[:prenom].upcase == current_user.given_name.upcase &&
mandataire[:date_naissance_timestamp] == current_user.birthdate.to_time.to_i
unless current_user.france_connect_information.nil?
mandataires_list.each do |mandataire|
return true if mandataire[:nom].upcase == current_user.family_name.upcase &&
mandataire[:prenom].upcase == current_user.given_name.upcase &&
mandataire[:date_naissance_timestamp] == current_user.birthdate.to_time.to_i
end
end
false