Sign user + gestionnaire in (OpenSimplif)

Hacks into users/sessions to sign in and sign out a gestionnaire
and/or a user at the same time, as long as credentials are
identical (same email, same password).
This commit is contained in:
Julien Portalier 2016-10-11 11:12:45 +02:00
parent c0fd8c7290
commit b87d6a77e1
2 changed files with 113 additions and 16 deletions

View file

@ -22,29 +22,47 @@ class Users::SessionsController < Sessions::SessionsController
#POST /resource/sign_in
def create
super
try_to_authenticate(User)
try_to_authenticate(Gestionnaire)
if user_signed_in?
current_user.update_attributes(loged_in_with_france_connect: '')
end
if gestionnaire_signed_in?
redirect_to backoffice_path
elsif user_signed_in?
redirect_to after_sign_in_path_for(:user)
else
new
render :new, status: 401
end
end
# DELETE /resource/sign_out
def destroy
if gestionnaire_signed_in?
sign_out :gestionnaire
end
if user_signed_in?
connected_with_france_connect = current_user.loged_in_with_france_connect
current_user.update_attributes(loged_in_with_france_connect: '')
signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
yield if block_given?
sign_out :user
if connected_with_france_connect == 'entreprise'
redirect_to FRANCE_CONNECT.entreprise_logout_endpoint
return
elsif connected_with_france_connect == 'particulier'
redirect_to FRANCE_CONNECT.particulier_logout_endpoint
else
respond_to_on_destroy
return
end
end
respond_to_on_destroy
end
def no_procedure
session['user_return_to'] = nil
redirect_to new_user_session_path
@ -62,4 +80,13 @@ class Users::SessionsController < Sessions::SessionsController
NumberService.to_number session["user_return_to"].split("?procedure_id=").second
end
def try_to_authenticate(klass)
if resource = klass.find_for_database_authentication(email: params[:user][:email])
if resource.valid_password?(params[:user][:password])
sign_in resource
set_flash_message :notice, :signed_in
end
end
end
end

View file

@ -33,6 +33,41 @@ describe Users::SessionsController, type: :controller do
it { is_expected.to be_falsey }
end
context "when associated gestionnaire" do
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
it 'signs user in' do
post :create, user: { email: user.email, password: user.password }
expect(@response.redirect?).to be(true)
expect(subject.current_user).to eq(user)
expect(subject.current_gestionnaire).to be(nil)
expect(user.reload.loged_in_with_france_connect).to be(nil)
end
it 'signs gestionnaire in' do
post :create, user: { email: gestionnaire.email, password: gestionnaire.password }
expect(@response.redirect?).to be(true)
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to eq(gestionnaire)
end
it 'signs user + gestionnaire in' do
post :create, user: { email: user.email, password: gestionnaire.password }
expect(@response.redirect?).to be(true)
expect(subject.current_user).to eq(user)
expect(subject.current_gestionnaire).to eq(gestionnaire)
expect(user.reload.loged_in_with_france_connect).to be(nil)
end
it 'fails to sign in with bad credentials' do
post :create, user: { email: user.email, password: 'wrong_password' }
expect(@response.unauthorized?).to be(true)
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil)
end
end
end
describe '.destroy' do
@ -66,6 +101,41 @@ describe Users::SessionsController, type: :controller do
expect(response).to redirect_to(root_path)
end
end
context "when associated gestionnaire" do
let(:user) { create(:user, email: 'unique@plop.com', password: 'password') }
let(:gestionnaire) { create(:gestionnaire, email: 'unique@plop.com', password: 'password') }
it 'signs user out' do
sign_in user
delete :destroy
expect(@response.redirect?).to be(true)
expect(subject.current_user).to be(nil)
end
it 'signs gestionnaire out' do
sign_in gestionnaire
delete :destroy
expect(@response.redirect?).to be(true)
expect(subject.current_gestionnaire).to be(nil)
end
it 'signs user + gestionnaire out' do
sign_in user
sign_in gestionnaire
delete :destroy
expect(@response.redirect?).to be(true)
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil)
end
it 'signs user out from france connect' do
user.update_attributes(loged_in_with_france_connect: 'particulier')
sign_in user
delete :destroy
expect(@response.headers["Location"]).to eq(FRANCE_CONNECT.particulier_logout_endpoint)
end
end
end
describe '.new' do