Use IPService to remove secure connexion from trusted networks
This commit is contained in:
parent
52e6632175
commit
65370b20a9
2 changed files with 32 additions and 10 deletions
|
@ -175,6 +175,7 @@ class ApplicationController < ActionController::Base
|
|||
if gestionnaire_signed_in? &&
|
||||
sensitive_path &&
|
||||
Flipflop.enable_email_login_token? &&
|
||||
!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
|
||||
!trusted_device?
|
||||
|
||||
# return at this location
|
||||
|
|
|
@ -158,6 +158,7 @@ describe ApplicationController, type: :controller do
|
|||
allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
|
||||
allow(@controller).to receive(:send_login_token_or_bufferize)
|
||||
allow(@controller).to receive(:store_location_for)
|
||||
allow(IPService).to receive(:ip_trusted?).and_return(ip_trusted)
|
||||
end
|
||||
|
||||
subject { @controller.send(:redirect_if_untrusted) }
|
||||
|
@ -173,12 +174,16 @@ describe ApplicationController, type: :controller do
|
|||
Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)
|
||||
end
|
||||
|
||||
context 'when the device is trusted' do
|
||||
let(:trusted_device) { true }
|
||||
context 'when the ip is not trusted' do
|
||||
let(:ip_trusted) { false }
|
||||
|
||||
before { subject }
|
||||
context 'when the device is trusted' do
|
||||
let(:trusted_device) { true }
|
||||
|
||||
it { expect(@controller).not_to have_received(:redirect_to) }
|
||||
before { subject }
|
||||
|
||||
it { expect(@controller).not_to have_received(:redirect_to) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -187,14 +192,30 @@ describe ApplicationController, type: :controller do
|
|||
Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)
|
||||
end
|
||||
|
||||
context 'when the device is not trusted' do
|
||||
let(:trusted_device) { false }
|
||||
context 'when the ip is untrusted' do
|
||||
let(:ip_trusted) { false }
|
||||
|
||||
before { subject }
|
||||
context 'when the device is not trusted' do
|
||||
let(:trusted_device) { false }
|
||||
|
||||
it { expect(@controller).to have_received(:redirect_to) }
|
||||
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
|
||||
it { expect(@controller).to have_received(:store_location_for) }
|
||||
before { subject }
|
||||
|
||||
it { expect(@controller).to have_received(:redirect_to) }
|
||||
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
|
||||
it { expect(@controller).to have_received(:store_location_for) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the ip is trusted' do
|
||||
let(:ip_trusted) { true }
|
||||
|
||||
context 'when the device is not trusted' do
|
||||
let(:trusted_device) { false }
|
||||
|
||||
before { subject }
|
||||
|
||||
it { expect(@controller).not_to have_received(:redirect_to) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue