From 65370b20a902a751518503cfc987f842755479fe Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Wed, 3 Apr 2019 14:27:28 +0200 Subject: [PATCH] Use IPService to remove secure connexion from trusted networks --- app/controllers/application_controller.rb | 1 + .../application_controller_spec.rb | 41 ++++++++++++++----- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 46a6d155e..259fa6447 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -175,6 +175,7 @@ class ApplicationController < ActionController::Base if gestionnaire_signed_in? && sensitive_path && Flipflop.enable_email_login_token? && + !IPService.ip_trusted?(request.headers['X-Forwarded-For']) && !trusted_device? # return at this location diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 8a9b5ead9..71a72f483 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -158,6 +158,7 @@ describe ApplicationController, type: :controller do allow(@controller).to receive(:sensitive_path).and_return(sensitive_path) allow(@controller).to receive(:send_login_token_or_bufferize) allow(@controller).to receive(:store_location_for) + allow(IPService).to receive(:ip_trusted?).and_return(ip_trusted) end subject { @controller.send(:redirect_if_untrusted) } @@ -173,12 +174,16 @@ describe ApplicationController, type: :controller do Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true) end - context 'when the device is trusted' do - let(:trusted_device) { true } + context 'when the ip is not trusted' do + let(:ip_trusted) { false } - before { subject } + context 'when the device is trusted' do + let(:trusted_device) { true } - it { expect(@controller).not_to have_received(:redirect_to) } + before { subject } + + it { expect(@controller).not_to have_received(:redirect_to) } + end end end @@ -187,14 +192,30 @@ describe ApplicationController, type: :controller do Flipflop::FeatureSet.current.test!.switch!(:enable_email_login_token, true) end - context 'when the device is not trusted' do - let(:trusted_device) { false } + context 'when the ip is untrusted' do + let(:ip_trusted) { false } - before { subject } + context 'when the device is not trusted' do + let(:trusted_device) { false } - it { expect(@controller).to have_received(:redirect_to) } - it { expect(@controller).to have_received(:send_login_token_or_bufferize) } - it { expect(@controller).to have_received(:store_location_for) } + before { subject } + + it { expect(@controller).to have_received(:redirect_to) } + it { expect(@controller).to have_received(:send_login_token_or_bufferize) } + it { expect(@controller).to have_received(:store_location_for) } + end + end + + context 'when the ip is trusted' do + let(:ip_trusted) { true } + + context 'when the device is not trusted' do + let(:trusted_device) { false } + + before { subject } + + it { expect(@controller).not_to have_received(:redirect_to) } + end end end end