Use IPService to remove secure connexion from trusted networks

This commit is contained in:
simon lehericey 2019-04-03 14:27:28 +02:00
parent 52e6632175
commit 65370b20a9
2 changed files with 32 additions and 10 deletions

View file

@ -175,6 +175,7 @@ class ApplicationController < ActionController::Base
if gestionnaire_signed_in? &&
sensitive_path &&
Flipflop.enable_email_login_token? &&
!IPService.ip_trusted?(request.headers['X-Forwarded-For']) &&
!trusted_device?
# return at this location

View file

@ -158,6 +158,7 @@ describe ApplicationController, type: :controller do
allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
allow(@controller).to receive(:send_login_token_or_bufferize)
allow(@controller).to receive(:store_location_for)
allow(IPService).to receive(:ip_trusted?).and_return(ip_trusted)
end
subject { @controller.send(:redirect_if_untrusted) }
@ -173,12 +174,16 @@ describe ApplicationController, type: :controller do
Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)
end
context 'when the device is trusted' do
let(:trusted_device) { true }
context 'when the ip is not trusted' do
let(:ip_trusted) { false }
before { subject }
context 'when the device is trusted' do
let(:trusted_device) { true }
it { expect(@controller).not_to have_received(:redirect_to) }
before { subject }
it { expect(@controller).not_to have_received(:redirect_to) }
end
end
end
@ -187,14 +192,30 @@ describe ApplicationController, type: :controller do
Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true)
end
context 'when the device is not trusted' do
let(:trusted_device) { false }
context 'when the ip is untrusted' do
let(:ip_trusted) { false }
before { subject }
context 'when the device is not trusted' do
let(:trusted_device) { false }
it { expect(@controller).to have_received(:redirect_to) }
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
it { expect(@controller).to have_received(:store_location_for) }
before { subject }
it { expect(@controller).to have_received(:redirect_to) }
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
it { expect(@controller).to have_received(:store_location_for) }
end
end
context 'when the ip is trusted' do
let(:ip_trusted) { true }
context 'when the device is not trusted' do
let(:trusted_device) { false }
before { subject }
it { expect(@controller).not_to have_received(:redirect_to) }
end
end
end
end