Merge pull request #6311 from betagouv/expert-sign-in
ETQ Expert, je ne peux plus me connecter après avoir accepté une demande d'avis
This commit is contained in:
Kara Diaby
GitHub
commit
a29e1761f4
3 changed files with 90 additions and 50 deletions
|
|
@ -4,7 +4,7 @@ module Experts
|
||||||
|
|
||||||
before_action :authenticate_expert!, except: [:sign_up, :update_expert]
|
before_action :authenticate_expert!, except: [:sign_up, :update_expert]
|
||||||
before_action :check_if_avis_revoked, only: [:show]
|
before_action :check_if_avis_revoked, only: [:show]
|
||||||
before_action :redirect_if_no_sign_up_needed, only: [:sign_up]
|
before_action :redirect_if_no_sign_up_needed, only: [:sign_up, :update_expert]
|
||||||
before_action :set_avis_and_dossier, only: [:show, :instruction, :messagerie, :create_commentaire, :update]
|
before_action :set_avis_and_dossier, only: [:show, :instruction, :messagerie, :create_commentaire, :update]
|
||||||
|
|
||||||
A_DONNER_STATUS = 'a-donner'
|
A_DONNER_STATUS = 'a-donner'
|
||||||
|
|
@ -82,12 +82,11 @@ module Experts
|
||||||
email = params[:email]
|
email = params[:email]
|
||||||
password = params[:user][:password]
|
password = params[:user][:password]
|
||||||
|
|
||||||
# Not perfect because the password will not be changed if the user already exists
|
|
||||||
user = User.create_or_promote_to_expert(email, password)
|
user = User.create_or_promote_to_expert(email, password)
|
||||||
|
user.reset_password(password, password)
|
||||||
|
|
||||||
if user.valid?
|
if user.valid?
|
||||||
sign_in(user)
|
sign_in(user)
|
||||||
|
|
||||||
redirect_to url_for(expert_all_avis_path)
|
redirect_to url_for(expert_all_avis_path)
|
||||||
else
|
else
|
||||||
flash[:alert] = user.errors.full_messages
|
flash[:alert] = user.errors.full_messages
|
||||||
|
|
@ -128,11 +127,9 @@ module Experts
|
||||||
|
|
||||||
if current_expert.present?
|
if current_expert.present?
|
||||||
# an expert is authenticated ... lets see if it can view the dossier
|
# an expert is authenticated ... lets see if it can view the dossier
|
||||||
|
|
||||||
redirect_to expert_avis_url(avis.procedure, avis)
|
redirect_to expert_avis_url(avis.procedure, avis)
|
||||||
|
|
||||||
elsif avis.expert&.email == params[:email] && avis.expert.user.active?.present?
|
elsif avis.expert&.email == params[:email] && avis.expert.user.active?.present?
|
||||||
|
# The expert already used the sign-in page to change their password: ask them to sign-in instead.
|
||||||
redirect_to new_user_session_url
|
redirect_to new_user_session_url
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -300,54 +300,83 @@ describe Experts::AvisController, type: :controller do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'without an expert signed in' do
|
context 'without an expert signed in' do
|
||||||
|
let(:claimant) { create(:instructeur) }
|
||||||
|
let(:expert) { create(:expert) }
|
||||||
|
let(:experts_procedure) { create(:experts_procedure, expert: expert, procedure: procedure) }
|
||||||
|
let(:dossier) { create(:dossier) }
|
||||||
|
let(:avis) { create(:avis, dossier: dossier, experts_procedure: experts_procedure, claimant: claimant) }
|
||||||
|
let(:procedure) { dossier.procedure }
|
||||||
|
|
||||||
describe '#sign_up' do
|
describe '#sign_up' do
|
||||||
let(:invited_email) { 'invited@avis.com' }
|
subject do
|
||||||
let(:claimant) { create(:instructeur) }
|
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
|
||||||
let(:expert) { create(:expert) }
|
|
||||||
let(:experts_procedure) { create(:experts_procedure, expert: expert, procedure: procedure) }
|
|
||||||
let(:dossier) { create(:dossier) }
|
|
||||||
let(:procedure) { dossier.procedure }
|
|
||||||
let!(:avis) { create(:avis, experts_procedure: experts_procedure, claimant: claimant, dossier: dossier) }
|
|
||||||
let(:invitations_email) { true }
|
|
||||||
|
|
||||||
context 'when the expert has already signed up and belongs to the invitation' do
|
|
||||||
let!(:avis) { create(:avis, dossier: dossier, experts_procedure: experts_procedure, claimant: claimant) }
|
|
||||||
|
|
||||||
context 'when the expert is authenticated' do
|
|
||||||
before do
|
|
||||||
sign_in(expert.user)
|
|
||||||
expert.user.update(last_sign_in_at: Time.zone.now)
|
|
||||||
expert.user.reload
|
|
||||||
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
|
|
||||||
end
|
|
||||||
|
|
||||||
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'when the expert is not authenticated' do
|
|
||||||
before do
|
|
||||||
sign_in(expert.user)
|
|
||||||
expert.user.update(last_sign_in_at: Time.zone.now)
|
|
||||||
expert.user.reload
|
|
||||||
sign_out(expert.user)
|
|
||||||
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
|
|
||||||
end
|
|
||||||
|
|
||||||
it { is_expected.to redirect_to new_user_session_url }
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the expert has already signed up / is authenticated and does not belong to the invitation' do
|
context 'when the expert hasn’t signed up yet' do
|
||||||
let(:expert) { create(:expert) }
|
before { expert.user.update(last_sign_in_at: nil) }
|
||||||
let!(:avis) { create(:avis, email: invited_email, dossier: dossier, experts_procedure: experts_procedure) }
|
|
||||||
|
|
||||||
before do
|
it { is_expected.to have_http_status(:success) }
|
||||||
sign_in(expert.user)
|
end
|
||||||
get :sign_up, params: { id: avis.id, procedure_id: procedure.id, email: avis.expert.email }
|
|
||||||
|
context 'when the expert has already signed up' do
|
||||||
|
before { expert.user.update(last_sign_in_at: Time.zone.now) }
|
||||||
|
|
||||||
|
context 'and the expert belongs to the invitation' do
|
||||||
|
context 'and the expert is authenticated' do
|
||||||
|
before { sign_in(expert.user) }
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'and the expert is not authenticated' do
|
||||||
|
before { sign_out(expert.user) }
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to new_user_session_url }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# redirected to dossier but then the instructeur gonna be banished !
|
context 'and the expert does not belong to the invitation' do
|
||||||
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
|
let(:avis) { create(:avis, email: 'another_expert@avis.com', dossier: dossier, experts_procedure: experts_procedure) }
|
||||||
|
|
||||||
|
before { sign_in(expert.user) }
|
||||||
|
# redirected to dossier but then the instructeur gonna be banished !
|
||||||
|
it { is_expected.to redirect_to expert_avis_url(avis.procedure, avis) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe '#update_expert' do
|
||||||
|
subject do
|
||||||
|
post :update_expert, params: {
|
||||||
|
id: avis.id,
|
||||||
|
procedure_id: procedure.id,
|
||||||
|
email: avis.expert.email,
|
||||||
|
user: {
|
||||||
|
password: 'my-s3cure-p4ssword'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the expert hasn’t signed up yet' do
|
||||||
|
before { expert.user.update(last_sign_in_at: nil) }
|
||||||
|
|
||||||
|
it 'saves the expert new password' do
|
||||||
|
subject
|
||||||
|
expect(expert.user.reload.valid_password?('my-s3cure-p4ssword')).to be true
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to expert_all_avis_path }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the expert has already signed up' do
|
||||||
|
before { expert.user.update(last_sign_in_at: Time.zone.now) }
|
||||||
|
|
||||||
|
it 'doesn’t change the expert password' do
|
||||||
|
subject
|
||||||
|
expect(expert.user.reload.valid_password?('my-s3cure-p4ssword')).to be false
|
||||||
|
end
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to new_user_session_url }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -11,16 +11,30 @@ feature 'Inviting an expert:' do
|
||||||
let(:avis) { create(:avis, dossier: dossier, claimant: instructeur, experts_procedure: experts_procedure, confidentiel: true) }
|
let(:avis) { create(:avis, dossier: dossier, claimant: instructeur, experts_procedure: experts_procedure, confidentiel: true) }
|
||||||
|
|
||||||
context 'when I don’t already have an account' do
|
context 'when I don’t already have an account' do
|
||||||
scenario 'I can sign up' do
|
let(:password) { 'This is an expert password' }
|
||||||
|
|
||||||
|
before 'Signing up' do
|
||||||
visit sign_up_expert_avis_path(avis.dossier.procedure, avis, email: avis.expert.email)
|
visit sign_up_expert_avis_path(avis.dossier.procedure, avis, email: avis.expert.email)
|
||||||
|
|
||||||
expect(page).to have_field('Email', with: avis.expert.email, disabled: true)
|
expect(page).to have_field('Email', with: avis.expert.email, disabled: true)
|
||||||
fill_in 'Mot de passe', with: 'This is a very complicated password !'
|
fill_in 'Mot de passe', with: password
|
||||||
click_on 'Créer un compte'
|
click_on 'Créer un compte'
|
||||||
|
end
|
||||||
|
|
||||||
|
scenario 'I can see the avis after signing up' do
|
||||||
expect(page).to have_current_path(expert_all_avis_path)
|
expect(page).to have_current_path(expert_all_avis_path)
|
||||||
expect(page).to have_text('1 avis à donner')
|
expect(page).to have_text('1 avis à donner')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
scenario 'I can sign-in again afterwards' do
|
||||||
|
click_on 'Se déconnecter'
|
||||||
|
|
||||||
|
visit new_user_session_path
|
||||||
|
sign_in_with avis.expert.email, password
|
||||||
|
|
||||||
|
expect(page).to have_content('Connecté(e).')
|
||||||
|
expect(page).to have_current_path(dossiers_path) # Ideally we'd want `expert_all_avis_path` instead
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when I already have an existing account' do
|
context 'when I already have an existing account' do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue