From b29bae47076575c89c8f1de0e88cda23ca53404c Mon Sep 17 00:00:00 2001
From: simon lehericey <mail@simon.lehericey.net>
Date: Fri, 16 Jul 2021 17:03:58 +0200
Subject: [PATCH] a procedure has an encrypted api_particulier_token
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: François VANTOMME <akarzim@gmail.com>
---
 app/models/procedure.rb                       |  7 ++++++
 ...ted_api_particulier_token_to_procedures.rb |  5 ++++
 db/schema.rb                                  |  1 +
 spec/models/procedure_spec.rb                 | 23 ++++++++++++-------
 4 files changed, 28 insertions(+), 8 deletions(-)
 create mode 100644 db/migrate/20210317094648_add_encrypted_api_particulier_token_to_procedures.rb

diff --git a/app/models/procedure.rb b/app/models/procedure.rb
index 823badc02..2e67d599f 100644
--- a/app/models/procedure.rb
+++ b/app/models/procedure.rb
@@ -18,6 +18,7 @@
 #  duree_conservation_dossiers_dans_ds       :integer
 #  duree_conservation_dossiers_hors_ds       :integer
 #  durees_conservation_required              :boolean          default(TRUE)
+#  encrypted_api_particulier_token           :string
 #  euro_flag                                 :boolean          default(FALSE)
 #  experts_require_administrateur_invitation :boolean          default(FALSE)
 #  for_individual                            :boolean          default(FALSE)
@@ -47,6 +48,7 @@
 
 class Procedure < ApplicationRecord
   include ProcedureStatsConcern
+  include EncryptableConcern
 
   include Discard::Model
   self.discard_column = :hidden_at
@@ -56,6 +58,9 @@ class Procedure < ApplicationRecord
   MAX_DUREE_CONSERVATION_EXPORT = 3.hours
 
   MIN_WEIGHT = 350000
+
+  attr_encrypted :api_particulier_token
+
   has_many :revisions, -> { order(:id) }, class_name: 'ProcedureRevision', inverse_of: :procedure
   belongs_to :draft_revision, class_name: 'ProcedureRevision', optional: false
   belongs_to :published_revision, class_name: 'ProcedureRevision', optional: true
@@ -262,6 +267,7 @@ class Procedure < ApplicationRecord
     if: -> { new_record? || created_at > Date.new(2020, 11, 13) }
 
   validates :api_entreprise_token, jwt_token: true, allow_blank: true
+  validates :api_particulier_token, format: { with: /\A[A-Za-z0-9\-_=.]{15,}\z/, message: "n'est pas un jeton valide" }, allow_blank: true
 
   before_save :update_juridique_required
   after_initialize :ensure_path_exists
@@ -440,6 +446,7 @@ class Procedure < ApplicationRecord
     if is_different_admin
       procedure.administrateurs = [admin]
       procedure.api_entreprise_token = nil
+      procedure.encrypted_api_particulier_token = nil
     else
       procedure.administrateurs = administrateurs
     end
diff --git a/db/migrate/20210317094648_add_encrypted_api_particulier_token_to_procedures.rb b/db/migrate/20210317094648_add_encrypted_api_particulier_token_to_procedures.rb
new file mode 100644
index 000000000..f9f8ac6ca
--- /dev/null
+++ b/db/migrate/20210317094648_add_encrypted_api_particulier_token_to_procedures.rb
@@ -0,0 +1,5 @@
+class AddEncryptedAPIParticulierTokenToProcedures < ActiveRecord::Migration[6.0]
+  def change
+    add_column :procedures, :encrypted_api_particulier_token, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 34629685e..e3c349b3e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -599,6 +599,7 @@ ActiveRecord::Schema.define(version: 2021_07_27_172504) do
     t.bigint "draft_revision_id"
     t.bigint "published_revision_id"
     t.boolean "allow_expert_review", default: true, null: false
+    t.string "encrypted_api_particulier_token"
     t.boolean "experts_require_administrateur_invitation", default: false
     t.index ["declarative_with_state"], name: "index_procedures_on_declarative_with_state"
     t.index ["draft_revision_id"], name: "index_procedures_on_draft_revision_id"
diff --git a/spec/models/procedure_spec.rb b/spec/models/procedure_spec.rb
index a24ad648a..dcba7b2a2 100644
--- a/spec/models/procedure_spec.rb
+++ b/spec/models/procedure_spec.rb
@@ -206,18 +206,25 @@ describe Procedure do
         end
       end
 
-      context 'api_entreprise_token' do
-        let(:valid_token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }
-        let(:invalid_token) { 'plouf' }
-        it { is_expected.to allow_value(valid_token).for(:api_entreprise_token) }
-        it { is_expected.not_to allow_value(invalid_token).for(:api_entreprise_token) }
+      context 'when juridique_required is false' do
+        let(:procedure) { build(:procedure, juridique_required: false, cadre_juridique: nil) }
+
+        it { expect(procedure.valid?).to eq(true) }
       end
     end
 
-    context 'when juridique_required is false' do
-      let(:procedure) { build(:procedure, juridique_required: false, cadre_juridique: nil) }
+    context 'api_entreprise_token' do
+      let(:valid_token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }
+      let(:invalid_token) { 'plouf' }
+      it { is_expected.to allow_value(valid_token).for(:api_entreprise_token) }
+      it { is_expected.not_to allow_value(invalid_token).for(:api_entreprise_token) }
+    end
 
-      it { expect(procedure.valid?).to eq(true) }
+    context 'api_particulier_token' do
+      let(:valid_token) { "3841b13fa8032ed3c31d160d3437a76a" }
+      let(:invalid_token) { 'jet0n 1nvalide' }
+      it { is_expected.to allow_value(valid_token).for(:api_particulier_token) }
+      it { is_expected.not_to allow_value(invalid_token).for(:api_particulier_token) }
     end
 
     context 'monavis' do