Session: send a mail to confirm gestionnaire login

2018-10-03 11:11:02 +02:00 · 2018-10-03 11:11:02 +02:00 · 5690599289
commit 5690599289
parent 2613d05a4f
14 changed files with 215 additions and 30 deletions
--- a/app/assets/stylesheets/new_design/link-sent.scss
+++ b/app/assets/stylesheets/new_design/link-sent.scss
@ -0,0 +1,30 @@
@import "constants";
@import "colors";
 #link-sent {
  padding-top: 2 * $default-padding;
  padding-bottom: 2 * $default-padding;
  text-align: center;
  max-width: 600px;
  b {
    font-weight: bold;
  }
  p {
    text-align: left;
    margin: 6 * $default-spacer auto;
  }
  p.mail {
    color: #000000;
    background-color: $yellow;
    padding: $default-padding;
  }
  p.help {
    border-top: 1px solid $grey;
    padding-top: 6 * $default-spacer;
    margin-bottom: 2 * $default-spacer;
  }
 }
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -23,13 +23,17 @@ class Users::SessionsController < Sessions::SessionsController
      current_user.update(loged_in_with_france_connect: '')
    end
-    if user_signed_in?
+    if gestionnaire_signed_in?
      gestionnaire = current_gestionnaire
      login_token = gestionnaire.login_token!
      GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
      [:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
      redirect_to link_sent_path(email: gestionnaire.email)
    elsif user_signed_in?
      redirect_to after_sign_in_path_for(:user)
    elsif gestionnaire_signed_in?
      location = stored_location_for(:gestionnaire) || gestionnaire_procedures_path
      redirect_to location
    elsif administrateur_signed_in?
      redirect_to admin_path
    else
      flash.alert = 'Mauvais couple login / mot de passe'
      new
@ -37,6 +41,10 @@ class Users::SessionsController < Sessions::SessionsController
    end
  end
  def link_sent
    @email = params[:email]
  end
  # DELETE /resource/sign_out
  def destroy
    if gestionnaire_signed_in?
@ -68,6 +76,20 @@ class Users::SessionsController < Sessions::SessionsController
    redirect_to new_user_session_path
  end
  def sign_in_by_link
    gestionnaire = Gestionnaire.find(params[:id])
    if gestionnaire&.login_token_valid?(params[:jeton])
      user = User.find_by(email: gestionnaire.email)
      administrateur = Administrateur.find_by(email: gestionnaire.email)
      [user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
      redirect_to gestionnaire_procedures_path
    else
      flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
      redirect_to new_user_session_path
    end
  end
  private
  def error_procedure
--- a/app/mailers/gestionnaire_mailer.rb
+++ b/app/mailers/gestionnaire_mailer.rb
@ -34,4 +34,12 @@ class GestionnaireMailer < ApplicationMailer
    mail(to: recipient.email, subject: subject)
  end
  def send_login_token(gestionnaire, login_token)
    @gestionnaire_id = gestionnaire.id
    @login_token = login_token
    subject = "Connexion sécurisée à demarches-simplifiees.fr"
    mail(to: gestionnaire.email, subject: subject)
  end
 end
--- a/app/models/gestionnaire.rb
+++ b/app/models/gestionnaire.rb
@ -1,6 +1,7 @@
 class Gestionnaire < ApplicationRecord
  include CredentialsSyncableConcern
  include EmailSanitizableConcern
  include ActiveRecord::SecureToken
  devise :database_authenticatable, :registerable, :async,
    :recoverable, :rememberable, :trackable, :validatable
@ -144,6 +145,20 @@ class Gestionnaire < ApplicationRecord
    Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
  end
  def login_token!
    login_token = Gestionnaire.generate_unique_secure_token
    encrypted_login_token = BCrypt::Password.create(login_token)
    update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
    login_token
  end
  def login_token_valid?(login_token)
    BCrypt::Password.new(encrypted_login_token) == login_token
    30.minutes.ago < login_token_created_at
  rescue BCrypt::Errors::InvalidHash
    false
  end
  def dossiers_id_with_notifications(dossiers)
    dossiers = dossiers.followed_by(self)
--- a/app/views/gestionnaire_mailer/send_login_token.html.haml
+++ b/app/views/gestionnaire_mailer/send_login_token.html.haml
@ -0,0 +1,12 @@
 %p
  Bonjour,
 %p
  Veuillez cliquer sur le lien suivant pour vous connecter sur le site demarches-simplifiees.fr : 
  = link_to(sign_in_by_link_url(@gestionnaire_id, jeton: @login_token), sign_in_by_link_url(@gestionnaire_id, jeton: @login_token))
 %p
  Bonne journée,
 %p
  L'équipe demarches-simplifiees.fr
--- a/app/views/users/sessions/link_sent.html.haml
+++ b/app/views/users/sessions/link_sent.html.haml
@ -0,0 +1,14 @@
 - content_for(:title, 'Lien de connexion par email')
 - content_for :footer do
  = render partial: 'root/footer'
 #link-sent.container
  = image_tag('user/confirmation-email.svg')
  %h1 Encore une petite étape :)
  %p.mail
    Ouvrez votre boite email <b>#{@email}</b> puis cliquez sur le lien d'activation du message <b>Connexion sécurisée à demarches-simplifiees.fr</b>.
  %p.help
    En cas de difficultés, nous restons joignables sur #{link_to 'contact@demarches-simplifiees.fr', 'mailto:contact@demarches-simplifiees.fr'}.
--- a/config/routes.rb
+++ b/config/routes.rb
@ -88,6 +88,8 @@ Rails.application.routes.draw do
  devise_scope :user do
    get '/users/sign_in/demo' => redirect("/users/sign_in")
    get '/users/no_procedure' => 'users/sessions#no_procedure'
    get 'connexion-par-jeton/:id' => 'users/sessions#sign_in_by_link', as: 'sign_in_by_link'
    get 'lien-envoye/:email' => 'users/sessions#link_sent', constraints: { email: /.*/ }, as: 'link_sent'
  end
  devise_scope :gestionnaire do
--- a/db/migrate/20181108091339_add_encrypted_login_token_column_to_gestionnaire.rb
+++ b/db/migrate/20181108091339_add_encrypted_login_token_column_to_gestionnaire.rb
@ -0,0 +1,6 @@
 class AddEncryptedLoginTokenColumnToGestionnaire < ActiveRecord::Migration[5.2]
  def change
    add_column :gestionnaires, :encrypted_login_token, :text
    add_column :gestionnaires, :login_token_created_at, :datetime
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 2018_10_30_141238) do
+ActiveRecord::Schema.define(version: 2018_11_08_091339) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -365,6 +365,8 @@ ActiveRecord::Schema.define(version: 2018_10_30_141238) do
    t.string "last_sign_in_ip"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.text "encrypted_login_token"
    t.datetime "login_token_created_at"
    t.index ["email"], name: "index_gestionnaires_on_email", unique: true
    t.index ["reset_password_token"], name: "index_gestionnaires_on_reset_password_token", unique: true
  end
--- a/spec/controllers/users/sessions_controller_spec.rb
+++ b/spec/controllers/users/sessions_controller_spec.rb
@ -41,18 +41,25 @@ describe Users::SessionsController, type: :controller do
      it 'signs gestionnaire in' do
        post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
-        expect(@response.redirect?).to be(true)
+
        expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
        expect(subject.current_user).to be(nil)
-        expect(subject.current_gestionnaire).to eq(gestionnaire)
+        expect(subject.current_gestionnaire).to be(nil)
        expect(subject.current_administrateur).to be(nil)
      end
      context 'signs administrateur in' do
        # an admin has always an gestionnaire role
        before { gestionnaire }
        it 'signs administrateur in' do
          post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
-        expect(@response.redirect?).to be(true)
+
          expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
          expect(subject.current_user).to be(nil)
          expect(subject.current_gestionnaire).to be(nil)
-        expect(subject.current_administrateur).to eq(administrateur)
+          expect(subject.current_administrateur).to eq(nil)
        end
      end
      context {
@ -63,10 +70,16 @@ describe Users::SessionsController, type: :controller do
        it 'signs user + gestionnaire + administrateur in' do
          post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
-          expect(@response.redirect?).to be(true)
+
-          expect(subject.current_user).to eq(user)
+          expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
-          expect(subject.current_gestionnaire).to eq(gestionnaire)
+
-          expect(subject.current_administrateur).to eq(administrateur)
+          # TODO: fix me
          # Strange behaviour: sign_out(:user) does not work in spec
          # but seems to work in live
          # expect(controller.current_user).to be(nil)
          expect(subject.current_gestionnaire).to be(nil)
          expect(subject.current_administrateur).to be(nil)
          expect(user.reload.loged_in_with_france_connect).to be(nil)
        end
      }
@ -219,4 +232,48 @@ describe Users::SessionsController, type: :controller do
      end
    end
  end
  describe '#sign_in_by_link' do
    context 'when the gestionnaire has non other account' do
      let(:gestionnaire) { create(:gestionnaire) }
      before do
        post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
      end
      context 'when the token is valid' do
        let(:login_token) { gestionnaire.login_token! }
        it { is_expected.to redirect_to gestionnaire_procedures_path }
        it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
      end
      context 'when the token is invalid' do
        let(:login_token) { 'invalid_token' }
        it { is_expected.to redirect_to new_user_session_path }
        it { expect(controller.current_gestionnaire).to be_nil }
      end
    end
    context 'when the gestionnaire has an user and admin account' do
      let(:email) { 'unique@plop.com' }
      let(:password) { 'un super mot de passe' }
      let!(:user) { create(:user, email: email, password: password) }
      let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
      let!(:administrateur) { create(:administrateur, email: email, password: password) }
      before do
        post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
      end
      context 'when the token is valid' do
        let(:login_token) { gestionnaire.login_token! }
        it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
        it { expect(controller.current_administrateur).to eq(administrateur) }
        it { expect(controller.current_user).to eq(user) }
      end
    end
  end
 end
--- a/spec/features/admin/connection_spec.rb
+++ b/spec/features/admin/connection_spec.rb
@ -1,23 +1,26 @@
 require 'spec_helper'
 feature 'Administrator connection' do
  include ActiveJob::TestHelper
  let(:email) { 'admin1@admin.com' }
  let(:password) { 'mon chien aime les bananes' }
  let!(:admin) { create(:administrateur, email: email, password: password) }
  let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
  before do
    visit new_administrateur_session_path
  end
  scenario 'administrator is on sign in page' do
    expect(page).to have_css('#new_user')
  end
  context "admin fills form and log in" do
    before do
-      page.find_by_id('user_email').set admin.email
+      sign_in_with(email, password, true)
      page.find_by_id('user_password').set admin.password
      page.click_on 'Se connecter'
    end
    scenario 'a menu button is available' do
      expect(page).to have_css('#admin_menu')
    end
--- a/spec/features/new_gestionnaire/gestionnaire_spec.rb
+++ b/spec/features/new_gestionnaire/gestionnaire_spec.rb
@ -116,7 +116,7 @@ feature 'The gestionnaire part' do
    log_out
-    log_in(gestionnaire.email, password)
+    log_in(gestionnaire.email, password, check_email: false)
    click_on procedure.libelle
    click_on dossier.user.email
@ -173,14 +173,13 @@ feature 'The gestionnaire part' do
    expect(page).to have_text("Dossier envoyé")
  end
-  def log_in(email, password)
+  def log_in(email, password, check_email: true)
    visit '/'
    click_on 'Connexion'
    expect(page).to have_current_path(new_user_session_path)
-    fill_in 'user_email', with: email
+    sign_in_with(email, password, check_email)
-    fill_in 'user_password', with: password
+
    click_on 'Se connecter'
    expect(page).to have_current_path(gestionnaire_procedures_path)
  end
@ -196,7 +195,7 @@ feature 'The gestionnaire part' do
  end
  def test_mail(to, content)
-    mail = ActionMailer::Base.deliveries.first
+    mail = ActionMailer::Base.deliveries.last
    expect(mail.to).to match([to])
    expect(mail.body.parts.map(&:to_s)).to all(include(content))
  end
--- a/spec/mailers/previews/gestionnaire_mailer_preview.rb
+++ b/spec/mailers/previews/gestionnaire_mailer_preview.rb
@ -7,4 +7,8 @@ class GestionnaireMailerPreview < ActionMailer::Preview
  def send_dossier
    GestionnaireMailer.send_dossier(Gestionnaire.first, Dossier.first, Gestionnaire.last)
  end
  def send_login_token
    GestionnaireMailer.send_login_token(Gestionnaire.first, "token")
  end
 end
--- a/spec/support/feature_helpers.rb
+++ b/spec/support/feature_helpers.rb
@ -17,12 +17,23 @@ module FeatureHelpers
    dossier
  end
-  def sign_in_with(email, password)
+  def sign_in_with(email, password, sign_in_by_link = false)
    fill_in :user_email, with: email
    fill_in :user_password, with: password
    perform_enqueued_jobs do
      click_on 'Se connecter'
    end
    if sign_in_by_link
      mail = ActionMailer::Base.deliveries.last
      message = mail.body.parts.join(&:to_s)
      login_token = message[/connexion-par-jeton\/(.*)/, 1]
      visit sign_in_by_link_path(login_token)
    end
  end
  def sign_up_with(email, password = 'testpassword')
    fill_in :user_email, with: email
    fill_in :user_password, with: password