Merge pull request #3270 from betagouv/fix_3269_multiple_login_emails

[fix #3269] bufferize login token email
This commit is contained in:
LeSim 2019-01-10 13:23:33 +01:00 committed by GitHub
commit c8560d4c3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 81 additions and 19 deletions

View file

@ -30,8 +30,8 @@ class Users::SessionsController < Sessions::SessionsController
redirect_to after_sign_in_path_for(:user)
else
gestionnaire = current_gestionnaire
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
send_login_token_or_bufferize(gestionnaire)
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
@ -103,6 +103,13 @@ class Users::SessionsController < Sessions::SessionsController
private
def send_login_token_or_bufferize(gestionnaire)
if !gestionnaire.young_login_token?
login_token = gestionnaire.login_token!
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
end
end
def error_procedure
session["user_return_to"] = nil
flash.alert = t('errors.messages.procedure_not_found')

View file

@ -3,7 +3,8 @@ class Gestionnaire < ApplicationRecord
include EmailSanitizableConcern
include ActiveRecord::SecureToken
LOGIN_TOKEN_VALIDITY = 30.minutes
LOGIN_TOKEN_VALIDITY = 45.minutes
LOGIN_TOKEN_YOUTH = 15.minutes
devise :database_authenticatable, :registerable, :async,
:recoverable, :rememberable, :trackable, :validatable
@ -211,6 +212,11 @@ class Gestionnaire < ApplicationRecord
save
end
def young_login_token?
login_token_created_at.present? &&
LOGIN_TOKEN_YOUTH.ago < login_token_created_at
end
private
def annotations_hash(demande, annotations_privees, avis, messagerie)

View file

@ -9,6 +9,9 @@
%p.mail
Ouvrez votre boite email <b>#{@email}</b> puis cliquez sur le lien d'activation du message <b>Connexion sécurisée à demarches-simplifiees.fr</b>.
%br
%br
<b>Attention</b>, ce message peut mettre jusqu'à <b>15 minutes</b> pour arriver.
%p.help
En cas de difficultés, nous restons joignables sur #{link_to 'contact@demarches-simplifiees.fr', 'mailto:contact@demarches-simplifiees.fr'}.

View file

@ -17,6 +17,10 @@ describe Users::SessionsController, type: :controller do
before do
allow(controller).to receive(:trusted_device?).and_return(trusted_device)
allow(GestionnaireMailer).to receive(:send_login_token).and_return(double(deliver_later: true))
end
subject do
post :create, params: { user: { email: email, password: send_password } }
user.reload
end
@ -25,28 +29,47 @@ describe Users::SessionsController, type: :controller do
let(:trusted_device) { false }
it 'redirects to the confirmation link path' do
expect(subject).to redirect_to link_sent_path(email: email)
subject
expect(controller).to redirect_to link_sent_path(email: email)
# do not know why, should be test related
expect(subject.current_user).to eq(user)
expect(controller.current_user).to eq(user)
expect(subject.current_gestionnaire).to be(nil)
expect(subject.current_administrateur).to be(nil)
expect(user.reload.loged_in_with_france_connect).to be(nil)
expect(controller.current_gestionnaire).to be(nil)
expect(controller.current_administrateur).to be(nil)
expect(user.loged_in_with_france_connect).to be(nil)
expect(GestionnaireMailer).to have_received(:send_login_token)
end
context 'and the user try to connect multiple times in a short period' do
before do
allow_any_instance_of(Gestionnaire).to receive(:young_login_token?).and_return(true)
allow(GestionnaireMailer).to receive(:send_login_token)
end
it 'does not renew nor send a new login token' do
subject
expect(GestionnaireMailer).not_to have_received(:send_login_token)
end
end
end
context 'when the device is trusted' do
it 'signs in as user, gestionnaire and adminstrateur' do
expect(@response.redirect?).to be(true)
expect(subject).not_to redirect_to link_sent_path(email: email)
# TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path
# expect(subject).to redirect_to gestionnaire_procedures_path
subject
expect(subject.current_user).to eq(user)
expect(subject.current_gestionnaire).to eq(gestionnaire)
expect(subject.current_administrateur).to eq(administrateur)
expect(response.redirect?).to be(true)
expect(controller).not_to redirect_to link_sent_path(email: email)
# TODO when signing in as non-administrateur, and not starting a demarche, log in to gestionnaire path
# expect(controller).to redirect_to gestionnaire_procedures_path
expect(controller.current_user).to eq(user)
expect(controller.current_gestionnaire).to eq(gestionnaire)
expect(controller.current_administrateur).to eq(administrateur)
expect(user.loged_in_with_france_connect).to be(nil)
expect(GestionnaireMailer).not_to have_received(:send_login_token)
end
end
@ -54,10 +77,12 @@ describe Users::SessionsController, type: :controller do
let(:send_password) { 'wrong_password' }
it 'fails to sign in with bad credentials' do
expect(@response.unauthorized?).to be(true)
expect(subject.current_user).to be(nil)
expect(subject.current_gestionnaire).to be(nil)
expect(subject.current_administrateur).to be(nil)
subject
expect(response.unauthorized?).to be(true)
expect(controller.current_user).to be(nil)
expect(controller.current_gestionnaire).to be(nil)
expect(controller.current_administrateur).to be(nil)
end
end
end

View file

@ -412,6 +412,27 @@ describe Gestionnaire, type: :model do
end
end
describe '#young_login_token?' do
let!(:gestionnaire) { create(:gestionnaire) }
context 'when there is a token' do
let!(:good_token) { gestionnaire.login_token! }
context 'when the token has just been created' do
it { expect(gestionnaire.young_login_token?).to be true }
end
context 'when the token is a bit old' do
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
it { expect(gestionnaire.young_login_token?).to be false }
end
end
context 'when there are no token' do
it { expect(gestionnaire.young_login_token?).to be false }
end
end
private
def assign(procedure_to_assign)