disable france connect authentication for admin and instructeurs

app/controllers/france_connect/particulier_controller.rb

@@ -10,22 +10,17 @@ class FranceConnect::ParticulierController < ApplicationController
   end
 
   def callback
-    fetched_fci = FranceConnectService.retrieve_user_informations_particulier(params[:code])
+    fci = FranceConnectService.find_or_retrieve_france_connect_information(params[:code])
+    fci.associate_user!
 
-    fci = FranceConnectInformation
-      .find_by(france_connect_particulier_id: fetched_fci[:france_connect_particulier_id]) ||
-        fetched_fci.tap(&:save)
-
-    if fci.user.nil?
-      user = User.find_or_create_by!(email: fci.email_france_connect.downcase) do |new_user|
-        new_user.password = Devise.friendly_token[0, 20]
-        new_user.confirmed_at = Time.zone.now
-      end
-
-      fci.update_attribute('user_id', user.id)
+    if fci.user && !fci.user.can_france_connect?
+      fci.destroy
+      redirect_to new_user_session_path, alert: t('errors.messages.france_connect.forbidden_html', reset_link: new_user_password_path)
+      return
     end
 
     connect_france_connect_particulier(fci.user)
+
   rescue Rack::OAuth2::Client::Error => e
     Rails.logger.error e.message
     redirect_france_connect_error_connection

app/models/france_connect_information.rb

@@ -18,4 +18,18 @@ class FranceConnectInformation < ApplicationRecord
   belongs_to :user, optional: true
 
   validates :france_connect_particulier_id, presence: true, allow_blank: false, allow_nil: false
+
+  def associate_user!
+    user = User.find_by(email: email_france_connect.downcase)
+
+    if user.nil?
+      user = User.create!(
+        email: email_france_connect.downcase,
+        password: Devise.friendly_token[0, 20],
+        confirmed_at: Time.zone.now
+      )
+    end
+
+    update_attribute('user_id', user.id)
+  end
 end

app/models/user.rb

@@ -112,6 +112,7 @@ class User < ApplicationRecord
     if user.valid?
       if user.instructeur_id.nil?
         user.create_instructeur!
+        user.update(france_connect_information: nil)
       end
 
       user.instructeur.administrateurs << administrateurs
@@ -125,6 +126,7 @@ class User < ApplicationRecord
 
     if user.valid? && user.administrateur_id.nil?
       user.create_administrateur!
+      user.update(france_connect_information: nil)
     end
 
     user
@@ -152,6 +154,18 @@ class User < ApplicationRecord
     last_sign_in_at.present?
   end
 
+  def administrateur?
+    administrateur_id.present?
+  end
+
+  def instructeur?
+    instructeur_id.present?
+  end
+
+  def can_france_connect?
+    !administrateur? && !instructeur?
+  end
+
   def can_be_deleted?
     administrateur.nil? && instructeur.nil? && dossiers.with_discarded.state_instruction_commencee.empty?
   end

app/services/france_connect_service.rb

@@ -14,6 +14,13 @@ class FranceConnectService
     )
   end
 
+  def self.find_or_retrieve_france_connect_information(code)
+    fetched_fci = FranceConnectService.retrieve_user_informations_particulier(code)
+    FranceConnectInformation.find_by(france_connect_particulier_id: fetched_fci[:france_connect_particulier_id]) || fetched_fci
+  end
+
+  private
+
   def self.retrieve_user_informations_particulier(code)
     client = FranceConnectParticulierClient.new(code)