Merge pull request #2755 from betagouv/fix_2703_login_link
Send login link by mail
This commit is contained in:
commit
8b1428ddac
29 changed files with 446 additions and 39 deletions
30
app/assets/stylesheets/new_design/link-sent.scss
Normal file
30
app/assets/stylesheets/new_design/link-sent.scss
Normal file
|
@ -0,0 +1,30 @@
|
|||
@import "constants";
|
||||
@import "colors";
|
||||
|
||||
#link-sent {
|
||||
padding-top: 2 * $default-padding;
|
||||
padding-bottom: 2 * $default-padding;
|
||||
text-align: center;
|
||||
max-width: 600px;
|
||||
|
||||
b {
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
p {
|
||||
text-align: left;
|
||||
margin: 6 * $default-spacer auto;
|
||||
}
|
||||
|
||||
p.mail {
|
||||
color: #000000;
|
||||
background-color: $yellow;
|
||||
padding: $default-padding;
|
||||
}
|
||||
|
||||
p.help {
|
||||
border-top: 1px solid $grey;
|
||||
padding-top: 6 * $default-spacer;
|
||||
margin-bottom: 2 * $default-spacer;
|
||||
}
|
||||
}
|
|
@ -1,12 +1,17 @@
|
|||
require 'zxcvbn'
|
||||
|
||||
class Administrateurs::ActivateController < ApplicationController
|
||||
include TrustedDeviceConcern
|
||||
|
||||
layout "new_application"
|
||||
|
||||
def new
|
||||
@administrateur = Administrateur.find_inactive_by_token(params[:token])
|
||||
|
||||
if !@administrateur
|
||||
if @administrateur
|
||||
# the administrateur activates its account from an email
|
||||
trust_device
|
||||
else
|
||||
flash.alert = "Le lien de validation d'administrateur a expiré, #{helpers.contact_link('contactez-nous', tags: 'lien expiré')} pour obtenir un nouveau lien."
|
||||
redirect_to root_path
|
||||
end
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
class Gestionnaires::ActivateController < ApplicationController
|
||||
include TrustedDeviceConcern
|
||||
|
||||
layout "new_application"
|
||||
|
||||
def new
|
||||
@gestionnaire = Gestionnaire.with_reset_password_token(params[:token])
|
||||
|
||||
if !@gestionnaire
|
||||
if @gestionnaire
|
||||
# the gestionnaire activates its account from an email
|
||||
trust_device
|
||||
else
|
||||
flash.alert = "Le lien de validation du compte instructeur a expiré, #{helpers.contact_link('contactez-nous', tags: 'lien expiré')} pour obtenir un nouveau lien."
|
||||
redirect_to root_path
|
||||
end
|
||||
|
|
|
@ -6,5 +6,19 @@ module Manager
|
|||
flash[:notice] = "Instructeur réinvité."
|
||||
redirect_to manager_gestionnaire_path(gestionnaire)
|
||||
end
|
||||
|
||||
def enable_feature
|
||||
gestionnaire = Gestionnaire.find(params[:id])
|
||||
|
||||
params[:features].each do |key, enable|
|
||||
if enable
|
||||
gestionnaire.enable_feature(key.to_sym)
|
||||
else
|
||||
gestionnaire.disable_feature(key.to_sym)
|
||||
end
|
||||
end
|
||||
|
||||
head :ok
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
class Users::SessionsController < Sessions::SessionsController
|
||||
include TrustedDeviceConcern
|
||||
include ActionView::Helpers::DateHelper
|
||||
|
||||
layout "new_application"
|
||||
|
||||
# GET /resource/sign_in
|
||||
|
@ -23,13 +26,22 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
current_user.update(loged_in_with_france_connect: '')
|
||||
end
|
||||
|
||||
if user_signed_in?
|
||||
if gestionnaire_signed_in?
|
||||
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
|
||||
set_flash_message :notice, :signed_in
|
||||
redirect_to gestionnaire_procedures_path
|
||||
else
|
||||
gestionnaire = current_gestionnaire
|
||||
login_token = gestionnaire.login_token!
|
||||
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
|
||||
|
||||
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
|
||||
|
||||
redirect_to link_sent_path(email: gestionnaire.email)
|
||||
end
|
||||
elsif user_signed_in?
|
||||
set_flash_message :notice, :signed_in
|
||||
redirect_to after_sign_in_path_for(:user)
|
||||
elsif gestionnaire_signed_in?
|
||||
location = stored_location_for(:gestionnaire) || gestionnaire_procedures_path
|
||||
redirect_to location
|
||||
elsif administrateur_signed_in?
|
||||
redirect_to admin_path
|
||||
else
|
||||
flash.alert = 'Mauvais couple login / mot de passe'
|
||||
new
|
||||
|
@ -37,6 +49,10 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
end
|
||||
end
|
||||
|
||||
def link_sent
|
||||
@email = params[:email]
|
||||
end
|
||||
|
||||
# DELETE /resource/sign_out
|
||||
def destroy
|
||||
if gestionnaire_signed_in?
|
||||
|
@ -68,6 +84,27 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
redirect_to new_user_session_path
|
||||
end
|
||||
|
||||
def sign_in_by_link
|
||||
gestionnaire = Gestionnaire.find(params[:id])
|
||||
if gestionnaire&.login_token_valid?(params[:jeton])
|
||||
trust_device
|
||||
flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
|
||||
|
||||
user = User.find_by(email: gestionnaire.email)
|
||||
administrateur = Administrateur.find_by(email: gestionnaire.email)
|
||||
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
|
||||
|
||||
if administrateur.present?
|
||||
redirect_to admin_procedures_path
|
||||
else
|
||||
redirect_to gestionnaire_procedures_path
|
||||
end
|
||||
else
|
||||
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
|
||||
redirect_to new_user_session_path
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def error_procedure
|
||||
|
@ -92,7 +129,6 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
resource.remember_me = remember_me
|
||||
sign_in resource
|
||||
resource.force_sync_credentials
|
||||
set_flash_message :notice, :signed_in
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -14,7 +14,8 @@ class GestionnaireDashboard < Administrate::BaseDashboard
|
|||
updated_at: Field::DateTime,
|
||||
current_sign_in_at: Field::DateTime,
|
||||
dossiers: Field::HasMany,
|
||||
procedures: Field::HasMany
|
||||
procedures: Field::HasMany,
|
||||
features: FeaturesField
|
||||
}.freeze
|
||||
|
||||
# COLLECTION_ATTRIBUTES
|
||||
|
@ -35,7 +36,8 @@ class GestionnaireDashboard < Administrate::BaseDashboard
|
|||
:id,
|
||||
:email,
|
||||
:current_sign_in_at,
|
||||
:created_at
|
||||
:created_at,
|
||||
:features
|
||||
].freeze
|
||||
|
||||
# FORM_ATTRIBUTES
|
||||
|
|
|
@ -34,4 +34,12 @@ class GestionnaireMailer < ApplicationMailer
|
|||
|
||||
mail(to: recipient.email, subject: subject)
|
||||
end
|
||||
|
||||
def send_login_token(gestionnaire, login_token)
|
||||
@gestionnaire_id = gestionnaire.id
|
||||
@login_token = login_token
|
||||
subject = "Connexion sécurisée à demarches-simplifiees.fr"
|
||||
|
||||
mail(to: gestionnaire.email, subject: subject)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -19,11 +19,17 @@ class Administration < ApplicationRecord
|
|||
if administrateur.save
|
||||
AdministrationMailer.new_admin_email(administrateur, self).deliver_later
|
||||
administrateur.invite!(id)
|
||||
|
||||
User.create({
|
||||
email: email,
|
||||
password: password,
|
||||
confirmed_at: Time.zone.now
|
||||
})
|
||||
|
||||
Gestionnaire.create({
|
||||
email: email,
|
||||
password: password
|
||||
})
|
||||
end
|
||||
|
||||
administrateur
|
||||
|
|
25
app/models/concerns/trusted_device_concern.rb
Normal file
25
app/models/concerns/trusted_device_concern.rb
Normal file
|
@ -0,0 +1,25 @@
|
|||
module TrustedDeviceConcern
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
TRUSTED_DEVICE_COOKIE_NAME = :trusted_device
|
||||
TRUSTED_DEVICE_PERIOD = 1.month
|
||||
|
||||
def trust_device
|
||||
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
||||
value: JSON.generate({ created_at: Time.zone.now }),
|
||||
expires: TRUSTED_DEVICE_PERIOD,
|
||||
httponly: true
|
||||
}
|
||||
end
|
||||
|
||||
def trusted_device?
|
||||
trusted_device_cookie.present? &&
|
||||
Time.zone.now - TRUSTED_DEVICE_PERIOD < JSON.parse(trusted_device_cookie)['created_at']
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def trusted_device_cookie
|
||||
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME]
|
||||
end
|
||||
end
|
|
@ -1,6 +1,7 @@
|
|||
class Gestionnaire < ApplicationRecord
|
||||
include CredentialsSyncableConcern
|
||||
include EmailSanitizableConcern
|
||||
include ActiveRecord::SecureToken
|
||||
|
||||
devise :database_authenticatable, :registerable, :async,
|
||||
:recoverable, :rememberable, :trackable, :validatable
|
||||
|
@ -144,6 +145,20 @@ class Gestionnaire < ApplicationRecord
|
|||
Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
|
||||
end
|
||||
|
||||
def login_token!
|
||||
login_token = Gestionnaire.generate_unique_secure_token
|
||||
encrypted_login_token = BCrypt::Password.create(login_token)
|
||||
update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
|
||||
login_token
|
||||
end
|
||||
|
||||
def login_token_valid?(login_token)
|
||||
BCrypt::Password.new(encrypted_login_token) == login_token
|
||||
30.minutes.ago < login_token_created_at
|
||||
rescue BCrypt::Errors::InvalidHash
|
||||
false
|
||||
end
|
||||
|
||||
def dossiers_id_with_notifications(dossiers)
|
||||
dossiers = dossiers.followed_by(self)
|
||||
|
||||
|
@ -190,6 +205,23 @@ class Gestionnaire < ApplicationRecord
|
|||
GestionnaireMailer.invite_gestionnaire(self, reset_password_token).deliver_later
|
||||
end
|
||||
|
||||
def feature_enabled?(feature)
|
||||
Flipflop.feature_set.feature(feature)
|
||||
features[feature.to_s]
|
||||
end
|
||||
|
||||
def disable_feature(feature)
|
||||
Flipflop.feature_set.feature(feature)
|
||||
features.delete(feature.to_s)
|
||||
save
|
||||
end
|
||||
|
||||
def enable_feature(feature)
|
||||
Flipflop.feature_set.feature(feature)
|
||||
features[feature.to_s] = true
|
||||
save
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def annotations_hash(demande, annotations_privees, avis, messagerie)
|
||||
|
|
|
@ -1,7 +1,14 @@
|
|||
:ruby
|
||||
url = if field.resource.class.name == 'Gestionnaire'
|
||||
enable_feature_manager_gestionnaire_path(field.resource.id)
|
||||
else
|
||||
enable_feature_manager_administrateur_path(field.resource.id)
|
||||
end
|
||||
|
||||
%table#features
|
||||
- Flipflop.feature_set.features.each do |feature|
|
||||
- if !feature.group || feature.group.key != :production
|
||||
%tr
|
||||
%td= feature.title
|
||||
%td
|
||||
= check_box_tag "enable-feature", "enable", field.data[feature.name], data: { url: enable_feature_manager_administrateur_path(field.resource.id), key: feature.key }
|
||||
= check_box_tag "enable-feature", "enable", field.data[feature.name], data: { url: url, key: feature.key }
|
||||
|
|
12
app/views/gestionnaire_mailer/send_login_token.html.haml
Normal file
12
app/views/gestionnaire_mailer/send_login_token.html.haml
Normal file
|
@ -0,0 +1,12 @@
|
|||
%p
|
||||
Bonjour,
|
||||
|
||||
%p
|
||||
Veuillez cliquer sur le lien suivant pour vous connecter sur le site demarches-simplifiees.fr :
|
||||
= link_to(sign_in_by_link_url(@gestionnaire_id, jeton: @login_token), sign_in_by_link_url(@gestionnaire_id, jeton: @login_token))
|
||||
|
||||
%p
|
||||
Bonne journée,
|
||||
|
||||
%p
|
||||
L'équipe demarches-simplifiees.fr
|
14
app/views/users/sessions/link_sent.html.haml
Normal file
14
app/views/users/sessions/link_sent.html.haml
Normal file
|
@ -0,0 +1,14 @@
|
|||
- content_for(:title, 'Lien de connexion par email')
|
||||
|
||||
- content_for :footer do
|
||||
= render partial: 'root/footer'
|
||||
|
||||
#link-sent.container
|
||||
= image_tag('user/confirmation-email.svg')
|
||||
%h1 Encore une petite étape :)
|
||||
|
||||
%p.mail
|
||||
Ouvrez votre boite email <b>#{@email}</b> puis cliquez sur le lien d'activation du message <b>Connexion sécurisée à demarches-simplifiees.fr</b>.
|
||||
|
||||
%p.help
|
||||
En cas de difficultés, nous restons joignables sur #{link_to 'contact@demarches-simplifiees.fr', 'mailto:contact@demarches-simplifiees.fr'}.
|
|
@ -20,6 +20,7 @@ Flipflop.configure do
|
|||
feature :web_hook
|
||||
feature :publish_draft
|
||||
feature :support_form
|
||||
feature :enable_email_login_token
|
||||
|
||||
group :production do
|
||||
feature :remote_storage,
|
||||
|
|
|
@ -26,6 +26,7 @@ Rails.application.routes.draw do
|
|||
|
||||
resources :gestionnaires, only: [:index, :show] do
|
||||
post 'reinvite', on: :member
|
||||
put 'enable_feature', on: :member
|
||||
end
|
||||
|
||||
resources :dossiers, only: [:show]
|
||||
|
@ -88,6 +89,8 @@ Rails.application.routes.draw do
|
|||
devise_scope :user do
|
||||
get '/users/sign_in/demo' => redirect("/users/sign_in")
|
||||
get '/users/no_procedure' => 'users/sessions#no_procedure'
|
||||
get 'connexion-par-jeton/:id' => 'users/sessions#sign_in_by_link', as: 'sign_in_by_link'
|
||||
get 'lien-envoye/:email' => 'users/sessions#link_sent', constraints: { email: /.*/ }, as: 'link_sent'
|
||||
end
|
||||
|
||||
devise_scope :gestionnaire do
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
class AddEncryptedLoginTokenColumnToGestionnaire < ActiveRecord::Migration[5.2]
|
||||
def change
|
||||
add_column :gestionnaires, :encrypted_login_token, :text
|
||||
add_column :gestionnaires, :login_token_created_at, :datetime
|
||||
end
|
||||
end
|
|
@ -0,0 +1,5 @@
|
|||
class AddFeaturesColumnToGestionnaires < ActiveRecord::Migration[5.2]
|
||||
def change
|
||||
add_column :gestionnaires, :features, :jsonb, null: false, default: {}
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 2018_10_30_141238) do
|
||||
ActiveRecord::Schema.define(version: 2018_11_08_151929) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
@ -365,6 +365,9 @@ ActiveRecord::Schema.define(version: 2018_10_30_141238) do
|
|||
t.string "last_sign_in_ip"
|
||||
t.datetime "created_at"
|
||||
t.datetime "updated_at"
|
||||
t.text "encrypted_login_token"
|
||||
t.datetime "login_token_created_at"
|
||||
t.jsonb "features", default: {}, null: false
|
||||
t.index ["email"], name: "index_gestionnaires_on_email", unique: true
|
||||
t.index ["reset_password_token"], name: "index_gestionnaires_on_reset_password_token", unique: true
|
||||
end
|
||||
|
|
15
lib/tasks/2018_10_30_admin_has_gestionnaire.rake
Normal file
15
lib/tasks/2018_10_30_admin_has_gestionnaire.rake
Normal file
|
@ -0,0 +1,15 @@
|
|||
namespace :'2018_10_30_admin_has_gestionnaire' do
|
||||
task run: :environment do
|
||||
admin_without_gestionnaire_ids = Administrateur
|
||||
.find_by_sql('SELECT administrateurs.id FROM administrateurs LEFT OUTER JOIN gestionnaires ON gestionnaires.email = administrateurs.email WHERE gestionnaires.email IS NULL')
|
||||
.pluck(:id)
|
||||
|
||||
admin_without_gestionnaire_ids.each do |admin_id|
|
||||
admin = Administrateur.find(admin_id)
|
||||
g = Gestionnaire.new
|
||||
g.email = admin.email
|
||||
g.encrypted_password = admin.encrypted_password
|
||||
g.save(validate: false)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,8 @@
|
|||
namespace :'activate_trusted_device_for_a-f' do
|
||||
task run: :environment do
|
||||
letters_a_to_f = ('a'..'f').to_a
|
||||
Gestionnaire
|
||||
.where("substr(email, 1, 1) IN (?)", letters_a_to_f)
|
||||
.update_all(features: { "enable_email_login_token" => true })
|
||||
end
|
||||
end
|
20
spec/controllers/administrateur/activate_controller_spec.rb
Normal file
20
spec/controllers/administrateur/activate_controller_spec.rb
Normal file
|
@ -0,0 +1,20 @@
|
|||
describe Administrateurs::ActivateController, type: :controller do
|
||||
describe '#new' do
|
||||
let(:admin) { create(:administrateur) }
|
||||
let(:token) { admin.send(:set_reset_password_token) }
|
||||
|
||||
before { allow(controller).to receive(:trust_device) }
|
||||
|
||||
context 'when the token is ok' do
|
||||
before { get :new, params: { token: token } }
|
||||
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
end
|
||||
|
||||
context 'when the token is bad' do
|
||||
before { get :new, params: { token: 'bad' } }
|
||||
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
end
|
||||
end
|
||||
end
|
20
spec/controllers/gestionnaires/activate_controller_spec.rb
Normal file
20
spec/controllers/gestionnaires/activate_controller_spec.rb
Normal file
|
@ -0,0 +1,20 @@
|
|||
describe Gestionnaires::ActivateController, type: :controller do
|
||||
describe '#new' do
|
||||
let(:gestionnaire) { create(:gestionnaire) }
|
||||
let(:token) { gestionnaire.send(:set_reset_password_token) }
|
||||
|
||||
before { allow(controller).to receive(:trust_device) }
|
||||
|
||||
context 'when the token is ok' do
|
||||
before { get :new, params: { token: token } }
|
||||
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
end
|
||||
|
||||
context 'when the token is bad' do
|
||||
before { get :new, params: { token: 'bad' } }
|
||||
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
end
|
||||
end
|
||||
end
|
|
@ -27,7 +27,7 @@ describe Users::SessionsController, type: :controller do
|
|||
let(:password) { 'un super mot de passe' }
|
||||
|
||||
let(:user) { create(:user, email: email, password: password) }
|
||||
let(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
|
||||
let(:gestionnaire) { create(:gestionnaire, :with_trusted_device, email: email, password: password) }
|
||||
let(:administrateur) { create(:administrateur, email: email, password: password) }
|
||||
|
||||
it 'signs user in' do
|
||||
|
@ -41,18 +41,39 @@ describe Users::SessionsController, type: :controller do
|
|||
|
||||
it 'signs gestionnaire in' do
|
||||
post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
|
||||
expect(@response.redirect?).to be(true)
|
||||
|
||||
expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
|
||||
expect(subject.current_user).to be(nil)
|
||||
expect(subject.current_gestionnaire).to eq(gestionnaire)
|
||||
expect(subject.current_gestionnaire).to be(nil)
|
||||
expect(subject.current_administrateur).to be(nil)
|
||||
end
|
||||
|
||||
it 'signs administrateur in' do
|
||||
post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
|
||||
expect(@response.redirect?).to be(true)
|
||||
expect(subject.current_user).to be(nil)
|
||||
expect(subject.current_gestionnaire).to be(nil)
|
||||
expect(subject.current_administrateur).to eq(administrateur)
|
||||
context 'when the device is trusted' do
|
||||
before do
|
||||
allow(controller).to receive(:trusted_device?).and_return(true)
|
||||
post :create, params: { user: { email: gestionnaire.email, password: gestionnaire.password } }
|
||||
end
|
||||
|
||||
it 'directly log the gestionnaire' do
|
||||
expect(subject).to redirect_to gestionnaire_procedures_path
|
||||
expect(subject.current_user).to be(nil)
|
||||
expect(subject.current_gestionnaire).to eq(gestionnaire)
|
||||
expect(subject.current_administrateur).to be(nil)
|
||||
end
|
||||
end
|
||||
|
||||
context 'signs administrateur in' do
|
||||
# an admin has always an gestionnaire role
|
||||
before { gestionnaire }
|
||||
|
||||
it 'signs administrateur in' do
|
||||
post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
|
||||
|
||||
expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
|
||||
expect(subject.current_user).to be(nil)
|
||||
expect(subject.current_gestionnaire).to be(nil)
|
||||
expect(subject.current_administrateur).to eq(nil)
|
||||
end
|
||||
end
|
||||
|
||||
context {
|
||||
|
@ -63,10 +84,16 @@ describe Users::SessionsController, type: :controller do
|
|||
|
||||
it 'signs user + gestionnaire + administrateur in' do
|
||||
post :create, params: { user: { email: administrateur.email, password: administrateur.password } }
|
||||
expect(@response.redirect?).to be(true)
|
||||
expect(subject.current_user).to eq(user)
|
||||
expect(subject.current_gestionnaire).to eq(gestionnaire)
|
||||
expect(subject.current_administrateur).to eq(administrateur)
|
||||
|
||||
expect(subject).to redirect_to link_sent_path(email: gestionnaire.email)
|
||||
|
||||
# TODO: fix me
|
||||
# Strange behaviour: sign_out(:user) does not work in spec
|
||||
# but seems to work in live
|
||||
# expect(controller.current_user).to be(nil)
|
||||
|
||||
expect(subject.current_gestionnaire).to be(nil)
|
||||
expect(subject.current_administrateur).to be(nil)
|
||||
expect(user.reload.loged_in_with_france_connect).to be(nil)
|
||||
end
|
||||
}
|
||||
|
@ -219,4 +246,75 @@ describe Users::SessionsController, type: :controller do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#sign_in_by_link' do
|
||||
context 'when the gestionnaire has non other account' do
|
||||
let(:gestionnaire) { create(:gestionnaire) }
|
||||
before do
|
||||
allow(controller).to receive(:trust_device)
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:login_token) { gestionnaire.login_token! }
|
||||
|
||||
it { is_expected.to redirect_to gestionnaire_procedures_path }
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
end
|
||||
|
||||
context 'when the token is invalid' do
|
||||
let(:login_token) { 'invalid_token' }
|
||||
|
||||
it { is_expected.to redirect_to new_user_session_path }
|
||||
it { expect(controller.current_gestionnaire).to be_nil }
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the gestionnaire has an user and admin account' do
|
||||
let(:email) { 'unique@plop.com' }
|
||||
let(:password) { 'un super mot de passe' }
|
||||
|
||||
let!(:user) { create(:user, email: email, password: password) }
|
||||
let!(:gestionnaire) { create(:gestionnaire, email: email, password: password) }
|
||||
let!(:administrateur) { create(:administrateur, email: email, password: password) }
|
||||
|
||||
before do
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, login_token: login_token }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:login_token) { gestionnaire.login_token! }
|
||||
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller.current_administrateur).to eq(administrateur) }
|
||||
it { expect(controller.current_user).to eq(user) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#trust_device and #trusted_device?' do
|
||||
subject { controller.trusted_device? }
|
||||
|
||||
context 'when the trusted cookie is not present' do
|
||||
it { is_expected.to be false }
|
||||
end
|
||||
|
||||
context 'when the cookie is outdated' do
|
||||
before do
|
||||
Timecop.freeze(Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute)
|
||||
controller.trust_device
|
||||
Timecop.return
|
||||
end
|
||||
|
||||
it { is_expected.to be false }
|
||||
end
|
||||
|
||||
context 'when the cookie is ok' do
|
||||
before { controller.trust_device }
|
||||
|
||||
it { is_expected.to be true }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,4 +4,10 @@ FactoryBot.define do
|
|||
email { generate(:gestionnaire_email) }
|
||||
password { 'password' }
|
||||
end
|
||||
|
||||
trait :with_trusted_device do
|
||||
after(:create) do |gestionnaire|
|
||||
gestionnaire.update(features: { "enable_email_login_token" => true })
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,20 +1,26 @@
|
|||
require 'spec_helper'
|
||||
|
||||
feature 'Administrator connection' do
|
||||
let(:admin) { create(:administrateur) }
|
||||
include ActiveJob::TestHelper
|
||||
|
||||
let(:email) { 'admin1@admin.com' }
|
||||
let(:password) { 'mon chien aime les bananes' }
|
||||
let!(:admin) { create(:administrateur, email: email, password: password) }
|
||||
let!(:gestionnaire) { create(:gestionnaire, :with_trusted_device, email: email, password: password) }
|
||||
|
||||
before do
|
||||
visit new_administrateur_session_path
|
||||
end
|
||||
|
||||
scenario 'administrator is on sign in page' do
|
||||
expect(page).to have_css('#new_user')
|
||||
end
|
||||
|
||||
context "admin fills form and log in" do
|
||||
before do
|
||||
page.find_by_id('user_email').set admin.email
|
||||
page.find_by_id('user_password').set admin.password
|
||||
page.click_on 'Se connecter'
|
||||
sign_in_with(email, password, true)
|
||||
end
|
||||
|
||||
scenario 'a menu button is available' do
|
||||
expect(page).to have_css('#admin_menu')
|
||||
end
|
||||
|
|
|
@ -4,7 +4,7 @@ feature 'The gestionnaire part' do
|
|||
include ActiveJob::TestHelper
|
||||
|
||||
let(:password) { 'secret_password' }
|
||||
let!(:gestionnaire) { create(:gestionnaire, password: password) }
|
||||
let!(:gestionnaire) { create(:gestionnaire, :with_trusted_device, password: password) }
|
||||
|
||||
let!(:procedure) { create(:procedure, :published, gestionnaires: [gestionnaire]) }
|
||||
let!(:dossier) { create(:dossier, state: Dossier.states.fetch(:en_construction), procedure: procedure) }
|
||||
|
@ -116,7 +116,7 @@ feature 'The gestionnaire part' do
|
|||
|
||||
log_out
|
||||
|
||||
log_in(gestionnaire.email, password)
|
||||
log_in(gestionnaire.email, password, check_email: false)
|
||||
|
||||
click_on procedure.libelle
|
||||
click_on dossier.user.email
|
||||
|
@ -173,14 +173,13 @@ feature 'The gestionnaire part' do
|
|||
expect(page).to have_text("Dossier envoyé")
|
||||
end
|
||||
|
||||
def log_in(email, password)
|
||||
def log_in(email, password, check_email: true)
|
||||
visit '/'
|
||||
click_on 'Connexion'
|
||||
expect(page).to have_current_path(new_user_session_path)
|
||||
|
||||
fill_in 'user_email', with: email
|
||||
fill_in 'user_password', with: password
|
||||
click_on 'Se connecter'
|
||||
sign_in_with(email, password, check_email)
|
||||
|
||||
expect(page).to have_current_path(gestionnaire_procedures_path)
|
||||
end
|
||||
|
||||
|
@ -196,7 +195,7 @@ feature 'The gestionnaire part' do
|
|||
end
|
||||
|
||||
def test_mail(to, content)
|
||||
mail = ActionMailer::Base.deliveries.first
|
||||
mail = ActionMailer::Base.deliveries.last
|
||||
expect(mail.to).to match([to])
|
||||
expect(mail.body.parts.map(&:to_s)).to all(include(content))
|
||||
end
|
||||
|
|
|
@ -7,4 +7,8 @@ class GestionnaireMailerPreview < ActionMailer::Preview
|
|||
def send_dossier
|
||||
GestionnaireMailer.send_dossier(Gestionnaire.first, Dossier.first, Gestionnaire.last)
|
||||
end
|
||||
|
||||
def send_login_token
|
||||
GestionnaireMailer.send_login_token(Gestionnaire.first, "token")
|
||||
end
|
||||
end
|
||||
|
|
|
@ -20,6 +20,12 @@ describe Administration, type: :model do
|
|||
expect(user).to be_present
|
||||
end
|
||||
|
||||
it 'creates a corresponding gestionnaire account for the email' do
|
||||
subject
|
||||
gestionnaire = Gestionnaire.find_by(email: valid_email)
|
||||
expect(gestionnaire).to be_present
|
||||
end
|
||||
|
||||
context 'when there already is a user account with the same email' do
|
||||
before { create(:user, email: valid_email) }
|
||||
it 'still creates an admin account' do
|
||||
|
|
|
@ -17,10 +17,21 @@ module FeatureHelpers
|
|||
dossier
|
||||
end
|
||||
|
||||
def sign_in_with(email, password)
|
||||
def sign_in_with(email, password, sign_in_by_link = false)
|
||||
fill_in :user_email, with: email
|
||||
fill_in :user_password, with: password
|
||||
click_on 'Se connecter'
|
||||
|
||||
perform_enqueued_jobs do
|
||||
click_on 'Se connecter'
|
||||
end
|
||||
|
||||
if sign_in_by_link
|
||||
mail = ActionMailer::Base.deliveries.last
|
||||
message = mail.body.parts.join(&:to_s)
|
||||
login_token = message[/connexion-par-jeton\/(.*)/, 1]
|
||||
|
||||
visit sign_in_by_link_path(login_token)
|
||||
end
|
||||
end
|
||||
|
||||
def sign_up_with(email, password = 'testpassword')
|
||||
|
|
Loading…
Reference in a new issue