add logic to detect empty scopes
This commit is contained in:
parent
745e19bb8e
commit
7ee360df30
3 changed files with 63 additions and 7 deletions
|
@ -11,15 +11,19 @@ module NewAdministrateur
|
|||
def update
|
||||
@procedure.api_particulier_token = token
|
||||
|
||||
if @procedure.valid? && fetch_scopes(token).any?
|
||||
if @procedure.invalid?
|
||||
flash.now.alert = @procedure.errors.full_messages
|
||||
render :show
|
||||
elsif scopes.empty?
|
||||
flash.now.alert = t('.no_scopes_token')
|
||||
render :show
|
||||
else
|
||||
@procedure.save
|
||||
|
||||
redirect_to admin_procedure_api_particulier_jeton_path(procedure_id: @procedure.id),
|
||||
notice: t('.token_ok')
|
||||
else
|
||||
flash.now.alert = t('.invalid_token')
|
||||
render :show
|
||||
end
|
||||
|
||||
rescue APIParticulier::Error::Unauthorized
|
||||
flash.now.alert = t('.not_found_token')
|
||||
render :show
|
||||
|
@ -30,7 +34,7 @@ module NewAdministrateur
|
|||
|
||||
private
|
||||
|
||||
def fetch_scopes(token)
|
||||
def scopes
|
||||
@scopes ||= APIParticulier::API.new(token).scopes
|
||||
end
|
||||
|
||||
|
|
|
@ -46,6 +46,14 @@ describe NewAdministrateur::JetonParticulierController, type: :controller do
|
|||
it { expect(procedure.reload.api_particulier_token).to eql(token) }
|
||||
end
|
||||
|
||||
context "and the api response is a success but with an empty scopes" do
|
||||
let(:cassette) { "api_particulier/success/introspect_empty_scopes" }
|
||||
|
||||
it { expect(flash.alert).to include("le jeton n'a pas acces aux données") }
|
||||
it { expect(flash.notice).to be_nil }
|
||||
it { expect(procedure.reload.api_particulier_token).not_to eql(token) }
|
||||
end
|
||||
|
||||
context "and the api response is not unauthorized" do
|
||||
let(:cassette) { "api_particulier/unauthorized/introspect" }
|
||||
|
||||
|
@ -55,12 +63,12 @@ describe NewAdministrateur::JetonParticulierController, type: :controller do
|
|||
end
|
||||
end
|
||||
|
||||
context "when jeton is invalid and no call is made" do
|
||||
context "when jeton is invalid and no network call is made" do
|
||||
let(:token) { "jet0n 1nvalide" }
|
||||
|
||||
before { subject }
|
||||
|
||||
it { expect(flash.alert).to include("Mise à jour impossible : le jeton n'est pas valide") }
|
||||
it { expect(flash.alert.first).to include("pas le bon format") }
|
||||
it { expect(flash.notice).to be_nil }
|
||||
it { expect(procedure.reload.api_particulier_token).not_to eql(token) }
|
||||
end
|
||||
|
|
44
spec/fixtures/cassettes/api_particulier/success/introspect_empty_scopes.yml
vendored
Normal file
44
spec/fixtures/cassettes/api_particulier/success/introspect_empty_scopes.yml
vendored
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
http_interactions:
|
||||
- request:
|
||||
method: get
|
||||
uri: https://particulier.api.gouv.fr/api/introspect
|
||||
body:
|
||||
encoding: US-ASCII
|
||||
string: ''
|
||||
headers:
|
||||
User-Agent:
|
||||
- demarches-simplifiees.fr
|
||||
Accept:
|
||||
- application/json
|
||||
X-Api-Key:
|
||||
- d7e9c9f4c3ca00caadde31f50fd4521a
|
||||
Expect:
|
||||
- ''
|
||||
response:
|
||||
status:
|
||||
code: 200
|
||||
message: OK
|
||||
headers:
|
||||
Date:
|
||||
- Tue, 16 Mar 2021 15:25:24 GMT
|
||||
Content-Type:
|
||||
- application/json
|
||||
Content-Length:
|
||||
- '228'
|
||||
Connection:
|
||||
- keep-alive
|
||||
Keep-Alive:
|
||||
- timeout=5
|
||||
X-Gravitee-Request-Id:
|
||||
- 0e4dd327-de40-4052-8dd3-27de401052c4
|
||||
X-Gravitee-Transaction-Id:
|
||||
- cc30bb74-6516-46d9-b0bb-746516d6d904
|
||||
Strict-Transport-Security:
|
||||
- max-age=15552000
|
||||
body:
|
||||
encoding: UTF-8
|
||||
string: '{"_id":"1d99db5a-a099-4314-ad2f-2707c6b505a6","name":"Application de
|
||||
sandbox","scopes":[]}'
|
||||
recorded_at: Tue, 16 Mar 2021 15:25:24 GMT
|
||||
recorded_with: VCR 6.0.0
|
Loading…
Reference in a new issue