[#10952] If email is in mandatory list redirect to ProConnect

app/controllers/users/sessions_controller.rb

@@ -7,6 +7,7 @@ class Users::SessionsController < Devise::SessionsController
 
   layout 'login', only: [:new, :create]
 
+  before_action :redirect_to_agent_connect_if_mandatory, only: [:create]
   before_action :restore_procedure_context, only: [:new, :create]
   skip_before_action :redirect_if_untrusted, only: [:reset_link_sent]
   # POST /resource/sign_in
@@ -117,4 +118,13 @@ class Users::SessionsController < Devise::SessionsController
 
     redirect_to root_path, notice: I18n.t('devise.sessions.signed_out')
   end
+
+  def redirect_to_agent_connect_if_mandatory
+    return if !AgentConnectService.enabled?
+
+    return if !AgentConnectService.email_domain_is_in_mandatory_list?(params[:user][:email])
+
+    flash[:alert] = "La connexion des agents passe à présent systématiquement par AgentConnect"
+    redirect_to agent_connect_path(force_agent_connect: true)
+  end
 end

app/services/agent_connect_service.rb

@@ -3,6 +3,8 @@
 class AgentConnectService
   include OpenIDConnect
 
+  MANDATORY_EMAIL_DOMAINS = ['beta.gouv.fr', 'modernisation.gouv.fr']
+
   def self.enabled?
     ENV['AGENT_CONNECT_BASE_URL'].present?
   end
@@ -45,6 +47,10 @@ class AgentConnectService
     "#{AGENT_CONNECT[:end_session_endpoint]}?#{h.to_query}"
   end
 
+  def self.email_domain_is_in_mandatory_list?(email)
+    email.strip.split('@').last.in?(MANDATORY_EMAIL_DOMAINS)
+  end
+
   private
 
   # TODO: remove this block when migration to new domain is done

app/views/agent_connect/agent/index.html.haml

@@ -26,7 +26,7 @@
                   %p
                     = link_to t('.whats_agentconnect'), 'https://agentconnect.gouv.fr/', target: '_blank', rel: "noopener"
 
-
+            - if !params[:force_agent_connect]
               %p.fr-hr-or= t('views.shared.france_connect_login.separator')
 
               %fieldset.fr-mb-0.fr-fieldset{ aria: { labelledby: 'new-account-legend' } }