DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6311 from betagouv/expert-sign-in

Browse source 
ETQ Expert, je ne peux plus me connecter après avoir accepté une demande d'avis
This commit is contained in:
Kara Diaby 2021-06-30 12:13:52 +02:00 committed by GitHub
commit a29e1761f4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 90 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/experts/avis_controller.rb
View file

@ -4,7 +4,7 @@ module Experts
before_action :authenticate_expert!, except: [:sign_up, :update_expert]
before_action :check_if_avis_revoked, only: [:show]
before_action :redirect_if_no_sign_up_needed, only: [:sign_up]
before_action :redirect_if_no_sign_up_needed, only: [:sign_up, :update_expert]
before_action :set_avis_and_dossier, only: [:show, :instruction, :messagerie, :create_commentaire, :update]
A_DONNER_STATUS = 'a-donner'
@ -82,12 +82,11 @@ module Experts
email = params[:email]
password = params[:user][:password]
# Not perfect because the password will not be changed if the user already exists
user = User.create_or_promote_to_expert(email, password)
user.reset_password(password, password)
if user.valid?
sign_in(user)
redirect_to url_for(expert_all_avis_path)
else
flash[:alert] = user.errors.full_messages
@ -128,11 +127,9 @@ module Experts
if current_expert.present?
# an expert is authenticated ... lets see if it can view the dossier
redirect_to expert_avis_url(avis.procedure, avis)
elsif avis.expert&.email == params[:email] && avis.expert.user.active?.present?
# The expert already used the sign-in page to change their password: ask them to sign-in instead.
redirect_to new_user_session_url
end
end

113
spec/controllers/experts/avis_controller_spec.rb
View file

@ -300,54 +300,83 @@ describe Experts::AvisController, type: :controller do
end
context 'without an expert signed in' do
let(:claimant) { create(:instructeur) }
let(:expert) { create(:expert) }
let(:experts_procedure) { create(:experts_procedure, expert: expert, procedure: procedure) }
let(:dossier) { create(:dossier) }
let(:avis) { create(:avis, dossier: dossier, experts_procedure: experts_procedure, claimant: claimant) }
let(:procedure) { dossier.procedure }
describe '#sign_up' do
let(:invited_email) { 'invited@avis.com' }
let(:claimant) { create(:instructeur) }
let(:expert) { create(:expert) }
let(:experts_procedure) { create(:experts_procedure, expert: expert, procedure: procedure) }
let(:dossier) { create(:dossier) }
let(:procedure) { dossier.procedure }
let!(:avis) { create(:avis, experts_procedure: experts_procedure, claimant: claimant, dossier: dossier) }
let(:invitations_email) { true }
context 'when the expert has already signed up and belongs to the invitation' do
let!(:avis) { create(:avis, dossier: dossier, experts_procedure: experts_procedure, claimant: claimant) }
context 'when the expert is authenticated' do
before do
sign_in(expert.user)
expert.user.update(last_sign_in_at: Time.zone.now)
expert.user.reload
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
end
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
end
context 'when the expert is not authenticated' do
before do
sign_in(expert.user)
expert.user.update(last_sign_in_at: Time.zone.now)
expert.user.reload
sign_out(expert.user)
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
end
it { is_expected.to redirect_to new_user_session_url }
end
subject do
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
end
context 'when the expert has already signed up / is authenticated and does not belong to the invitation' do
let(:expert) { create(:expert) }
let!(:avis) { create(:avis, email: invited_email, dossier: dossier, experts_procedure: experts_procedure) }
context 'when the expert hasnt signed up yet' do
before { expert.user.update(last_sign_in_at: nil) }
before do
sign_in(expert.user)
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
it { is_expected.to have_http_status(:success) }
end
context 'when the expert has already signed up' do
before { expert.user.update(last_sign_in_at: Time.zone.now) }
context 'and the expert belongs to the invitation' do
context 'and the expert is authenticated' do
before { sign_in(expert.user) }
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
end
context 'and the expert is not authenticated' do
before { sign_out(expert.user) }
it { is_expected.to redirect_to new_user_session_url }
end
end
# redirected to dossier but then the instructeur gonna be banished !
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
context 'and the expert does not belong to the invitation' do
let(:avis) { create(:avis, email: 'another_expert@avis.com', dossier: dossier, experts_procedure: experts_procedure) }
before { sign_in(expert.user) }
# redirected to dossier but then the instructeur gonna be banished !
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
end
end
end
describe '#update_expert' do
subject do
post :update_expert, params: {
id: avis.id,
procedure_id: procedure.id,
email: avis.expert.email,
user: {
password: 'my-s3cure-p4ssword'
}
}
end
context 'when the expert hasnt signed up yet' do
before { expert.user.update(last_sign_in_at: nil) }
it 'saves the expert new password' do
subject
expect(expert.user.reload.valid_password?('my-s3cure-p4ssword')).to be true
end
it { is_expected.to redirect_to expert_all_avis_path }
end
context 'when the expert has already signed up' do
before { expert.user.update(last_sign_in_at: Time.zone.now) }
it 'doesnt change the expert password' do
subject
expect(expert.user.reload.valid_password?('my-s3cure-p4ssword')).to be false
end
it { is_expected.to redirect_to new_user_session_url }
end
end
end

18
spec/features/experts/expert_spec.rb
View file

@ -11,16 +11,30 @@ feature 'Inviting an expert:' do
let(:avis) { create(:avis, dossier: dossier, claimant: instructeur, experts_procedure: experts_procedure, confidentiel: true) }
context 'when I dont already have an account' do
scenario 'I can sign up' do
let(:password) { 'This is an expert password' }
before 'Signing up' do
visit sign_up_expert_avis_path(avis.dossier.procedure, avis, email: avis.expert.email)
expect(page).to have_field('Email', with: avis.expert.email, disabled: true)
fill_in 'Mot de passe', with: 'This is a very complicated password !'
fill_in 'Mot de passe', with: password
click_on 'Créer un compte'
end
scenario 'I can see the avis after signing up' do
expect(page).to have_current_path(expert_all_avis_path)
expect(page).to have_text('1 avis à donner')
end
scenario 'I can sign-in again afterwards' do
click_on 'Se déconnecter'
visit new_user_session_path
sign_in_with avis.expert.email, password
expect(page).to have_content('Connecté(e).')
expect(page).to have_current_path(dossiers_path) # Ideally we'd want `expert_all_avis_path` instead
end
end
context 'when I already have an existing account' do