Session: send a mail to confirm gestionnaire login

This commit is contained in:
simon lehericey 2018-10-03 11:11:02 +02:00
parent 2613d05a4f
commit 5690599289
14 changed files with 215 additions and 30 deletions

View file

@ -0,0 +1,30 @@
@import "constants";
@import "colors";
#link-sent {
padding-top: 2 * $default-padding;
padding-bottom: 2 * $default-padding;
text-align: center;
max-width: 600px;
b {
font-weight: bold;
}
p {
text-align: left;
margin: 6 * $default-spacer auto;
}
p.mail {
color: #000000;
background-color: $yellow;
padding: $default-padding;
}
p.help {
border-top: 1px solid $grey;
padding-top: 6 * $default-spacer;
margin-bottom: 2 * $default-spacer;
}
}

View file

@ -23,13 +23,17 @@ class Users::SessionsController < Sessions::SessionsController
current_user.update(loged_in_with_france_connect: '') current_user.update(loged_in_with_france_connect: '')
end end
if user_signed_in? if gestionnaire_signed_in?
gestionnaire = current_gestionnaire
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
redirect_to link_sent_path(email: gestionnaire.email)
elsif user_signed_in?
redirect_to after_sign_in_path_for(:user) redirect_to after_sign_in_path_for(:user)
elsif gestionnaire_signed_in?
location = stored_location_for(:gestionnaire) || gestionnaire_procedures_path
redirect_to location
elsif administrateur_signed_in?
redirect_to admin_path
else else
flash.alert = 'Mauvais couple login / mot de passe' flash.alert = 'Mauvais couple login / mot de passe'
new new
@ -37,6 +41,10 @@ class Users::SessionsController < Sessions::SessionsController
end end
end end
def link_sent
@email = params[:email]
end
# DELETE /resource/sign_out # DELETE /resource/sign_out
def destroy def destroy
if gestionnaire_signed_in? if gestionnaire_signed_in?
@ -68,6 +76,20 @@ class Users::SessionsController < Sessions::SessionsController
redirect_to new_user_session_path redirect_to new_user_session_path
end end
def sign_in_by_link
gestionnaire = Gestionnaire.find(params[:id])
if gestionnaire&.login_token_valid?(params[:jeton])
user = User.find_by(email: gestionnaire.email)
administrateur = Administrateur.find_by(email: gestionnaire.email)
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
redirect_to gestionnaire_procedures_path
else
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
redirect_to new_user_session_path
end
end
private private
def error_procedure def error_procedure

View file

@ -34,4 +34,12 @@ class GestionnaireMailer < ApplicationMailer
mail(to: recipient.email, subject: subject) mail(to: recipient.email, subject: subject)
end end
def send_login_token(gestionnaire, login_token)
@gestionnaire_id = gestionnaire.id
@login_token = login_token
subject = "Connexion sécurisée à demarches-simplifiees.fr"
mail(to: gestionnaire.email, subject: subject)
end
end end

View file

@ -1,6 +1,7 @@
class Gestionnaire < ApplicationRecord class Gestionnaire < ApplicationRecord
include CredentialsSyncableConcern include CredentialsSyncableConcern
include EmailSanitizableConcern include EmailSanitizableConcern
include ActiveRecord::SecureToken
devise :database_authenticatable, :registerable, :async, devise :database_authenticatable, :registerable, :async,
:recoverable, :rememberable, :trackable, :validatable :recoverable, :rememberable, :trackable, :validatable
@ -144,6 +145,20 @@ class Gestionnaire < ApplicationRecord
Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
end end
def login_token!
login_token = Gestionnaire.generate_unique_secure_token
encrypted_login_token = BCrypt::Password.create(login_token)
update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
login_token
end
def login_token_valid?(login_token)
BCrypt::Password.new(encrypted_login_token) == login_token
30.minutes.ago < login_token_created_at
rescue BCrypt::Errors::InvalidHash
false
end
def dossiers_id_with_notifications(dossiers) def dossiers_id_with_notifications(dossiers)
dossiers = dossiers.followed_by(self) dossiers = dossiers.followed_by(self)

View file

@ -0,0 +1,12 @@
%p
Bonjour,
%p
Veuillez cliquer sur le lien suivant pour vous connecter sur le site demarches-simplifiees.fr : 
= link_to(sign_in_by_link_url(@gestionnaire_id, jeton: @login_token), sign_in_by_link_url(@gestionnaire_id, jeton: @login_token))
%p
Bonne journée,
%p
L'équipe demarches-simplifiees.fr

View file

@ -0,0 +1,14 @@
- content_for(:title, 'Lien de connexion par email')
- content_for :footer do
= render partial: 'root/footer'
#link-sent.container
= image_tag('user/confirmation-email.svg')
%h1 Encore une petite étape :)
%p.mail
Ouvrez votre boite email <b>#{@email}</b> puis cliquez sur le lien d'activation du message <b>Connexion sécurisée à demarches-simplifiees.fr</b>.
%p.help
En cas de difficultés, nous restons joignables sur #{link_to 'contact@demarches-simplifiees.fr', 'mailto:contact@demarches-simplifiees.fr'}.

View file

@ -88,6 +88,8 @@ Rails.application.routes.draw do
devise_scope :user do devise_scope :user do
get '/users/sign_in/demo' => redirect("/users/sign_in") get '/users/sign_in/demo' => redirect("/users/sign_in")
get '/users/no_procedure' => 'users/sessions#no_procedure' get '/users/no_procedure' => 'users/sessions#no_procedure'
get 'connexion-par-jeton/:id' => 'users/sessions#sign_in_by_link', as: 'sign_in_by_link'
get 'lien-envoye/:email' => 'users/sessions#link_sent', constraints: { email: /.*/ }, as: 'link_sent'
end end
devise_scope :gestionnaire do devise_scope :gestionnaire do

View file

@ -0,0 +1,6 @@
class AddEncryptedLoginTokenColumnToGestionnaire < ActiveRecord::Migration[5.2]
def change
add_column :gestionnaires, :encrypted_login_token, :text
add_column :gestionnaires, :login_token_created_at, :datetime
end
end

View file

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2018_10_30_141238) do ActiveRecord::Schema.define(version: 2018_11_08_091339) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
@ -365,6 +365,8 @@ ActiveRecord::Schema.define(version: 2018_10_30_141238) do
t.string "last_sign_in_ip" t.string "last_sign_in_ip"
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.text "encrypted_login_token"
t.datetime "login_token_created_at"
t.index ["email"], name: "index_gestionnaires_on_email", unique: true t.index ["email"], name: "index_gestionnaires_on_email", unique: true
t.index ["reset_password_token"], name: "index_gestionnaires_on_reset_password_token", unique: true t.index ["reset_password_token"], name: "index_gestionnaires_on_reset_password_token", unique: true
end end

View file

@ -41,18 +41,25 @@ describe Users::SessionsController, type: :controller do
it 'signs gestionnaire in' do it 'signs gestionnaire in' do
post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } } post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
expect(@response.redirect?).to be(true)
expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
expect(subject.current_user).to be(nil) expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to eq(gestionnaire) expect(subject.current_gestionnaire).to be(nil)
expect(subject.current_administrateur).to be(nil) expect(subject.current_administrateur).to be(nil)
end end
it 'signs administrateur in' do context 'signs administrateur in' do
post :create, params: { user: { email: administrateur.email, password: administrateur.password } } # an admin has always an gestionnaire role
expect(@response.redirect?).to be(true) before { gestionnaire }
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil) it 'signs administrateur in' do
expect(subject.current_administrateur).to eq(administrateur) post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil)
expect(subject.current_administrateur).to eq(nil)
end
end end
context { context {
@ -63,10 +70,16 @@ describe Users::SessionsController, type: :controller do
it 'signs user + gestionnaire + administrateur in' do it 'signs user + gestionnaire + administrateur in' do
post :create, params: { user: { email: administrateur.email, password: administrateur.password } } post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
expect(@response.redirect?).to be(true)
expect(subject.current_user).to eq(user) expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
expect(subject.current_gestionnaire).to eq(gestionnaire)
expect(subject.current_administrateur).to eq(administrateur) # TODO: fix me
# Strange behaviour: sign_out(:user) does not work in spec
# but seems to work in live
# expect(controller.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil)
expect(subject.current_administrateur).to be(nil)
expect(user.reload.loged_in_with_france_connect).to be(nil) expect(user.reload.loged_in_with_france_connect).to be(nil)
end end
} }
@ -219,4 +232,48 @@ describe Users::SessionsController, type: :controller do
end end
end end
end end
describe '#sign_in_by_link' do
context 'when the gestionnaire has non other account' do
let(:gestionnaire) { create(:gestionnaire) }
before do
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
end
context 'when the token is valid' do
let(:login_token) { gestionnaire.login_token! }
it { is_expected.to redirect_to gestionnaire_procedures_path }
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
end
context 'when the token is invalid' do
let(:login_token) { 'invalid_token' }
it { is_expected.to redirect_to new_user_session_path }
it { expect(controller.current_gestionnaire).to be_nil }
end
end
context 'when the gestionnaire has an user and admin account' do
let(:email) { 'unique@plop.com' }
let(:password) { 'un super mot de passe' }
let!(:user) { create(:user, email: email, password: password) }
let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
let!(:administrateur) { create(:administrateur, email: email, password: password) }
before do
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
end
context 'when the token is valid' do
let(:login_token) { gestionnaire.login_token! }
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
it { expect(controller.current_administrateur).to eq(administrateur) }
it { expect(controller.current_user).to eq(user) }
end
end
end
end end

View file

@ -1,23 +1,26 @@
require 'spec_helper' require 'spec_helper'
feature 'Administrator connection' do feature 'Administrator connection' do
include ActiveJob::TestHelper
let(:email) { 'admin1@admin.com' } let(:email) { 'admin1@admin.com' }
let(:password) { 'mon chien aime les bananes' } let(:password) { 'mon chien aime les bananes' }
let!(:admin) { create(:administrateur, email: email, password: password) } let!(:admin) { create(:administrateur, email: email, password: password) }
let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) } let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
before do before do
visit new_administrateur_session_path visit new_administrateur_session_path
end end
scenario 'administrator is on sign in page' do scenario 'administrator is on sign in page' do
expect(page).to have_css('#new_user') expect(page).to have_css('#new_user')
end end
context "admin fills form and log in" do context "admin fills form and log in" do
before do before do
page.find_by_id('user_email').set admin.email sign_in_with(email, password, true)
page.find_by_id('user_password').set admin.password
page.click_on 'Se connecter'
end end
scenario 'a menu button is available' do scenario 'a menu button is available' do
expect(page).to have_css('#admin_menu') expect(page).to have_css('#admin_menu')
end end

View file

@ -116,7 +116,7 @@ feature 'The gestionnaire part' do
log_out log_out
log_in(gestionnaire.email, password) log_in(gestionnaire.email, password, check_email: false)
click_on procedure.libelle click_on procedure.libelle
click_on dossier.user.email click_on dossier.user.email
@ -173,14 +173,13 @@ feature 'The gestionnaire part' do
expect(page).to have_text("Dossier envoyé") expect(page).to have_text("Dossier envoyé")
end end
def log_in(email, password) def log_in(email, password, check_email: true)
visit '/' visit '/'
click_on 'Connexion' click_on 'Connexion'
expect(page).to have_current_path(new_user_session_path) expect(page).to have_current_path(new_user_session_path)
fill_in 'user_email', with: email sign_in_with(email, password, check_email)
fill_in 'user_password', with: password
click_on 'Se connecter'
expect(page).to have_current_path(gestionnaire_procedures_path) expect(page).to have_current_path(gestionnaire_procedures_path)
end end
@ -196,7 +195,7 @@ feature 'The gestionnaire part' do
end end
def test_mail(to, content) def test_mail(to, content)
mail = ActionMailer::Base.deliveries.first mail = ActionMailer::Base.deliveries.last
expect(mail.to).to match([to]) expect(mail.to).to match([to])
expect(mail.body.parts.map(&:to_s)).to all(include(content)) expect(mail.body.parts.map(&:to_s)).to all(include(content))
end end

View file

@ -7,4 +7,8 @@ class GestionnaireMailerPreview < ActionMailer::Preview
def send_dossier def send_dossier
GestionnaireMailer.send_dossier(Gestionnaire.first, Dossier.first, Gestionnaire.last) GestionnaireMailer.send_dossier(Gestionnaire.first, Dossier.first, Gestionnaire.last)
end end
def send_login_token
GestionnaireMailer.send_login_token(Gestionnaire.first, "token")
end
end end

View file

@ -17,10 +17,21 @@ module FeatureHelpers
dossier dossier
end end
def sign_in_with(email, password) def sign_in_with(email, password, sign_in_by_link = false)
fill_in :user_email, with: email fill_in :user_email, with: email
fill_in :user_password, with: password fill_in :user_password, with: password
click_on 'Se connecter'
perform_enqueued_jobs do
click_on 'Se connecter'
end
if sign_in_by_link
mail = ActionMailer::Base.deliveries.last
message = mail.body.parts.join(&:to_s)
login_token = message[/connexion-par-jeton\/(.*)/, 1]
visit sign_in_by_link_path(login_token)
end
end end
def sign_up_with(email, password = 'testpassword') def sign_up_with(email, password = 'testpassword')