Merge pull request #5732 from betagouv/dev

2020-11-11-01
This commit is contained in:
Keirua 2020-11-11 10:27:15 +01:00 committed by GitHub
commit c96a5a8de7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 138 additions and 21 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.3 KiB

View file

@ -125,13 +125,21 @@ module NewAdministrateur
end end
def update_jeton def update_jeton
if !@procedure.update(procedure_params) token = params[:procedure][:api_entreprise_token]
flash.now.alert = @procedure.errors.full_messages @procedure.api_entreprise_token = token
if @procedure.valid? &&
ApiEntreprise::PrivilegesAdapter.new(token).valid? &&
@procedure.save
redirect_to jeton_admin_procedure_path(procedure_id: params[:procedure_id]),
notice: 'Le jeton a bien été mis à jour'
else else
flash.notice = 'Le jeton a bien été mis à jour'
end flash.now.alert = "Mise à jour impossible : le jeton n'est pas valide"
render 'jeton' render 'jeton'
end end
end
def publication def publication
if @procedure.brouillon? if @procedure.brouillon?

View file

@ -63,7 +63,7 @@ class Api::V2::Schema < GraphQL::Schema
use GraphQL::Execution::Interpreter use GraphQL::Execution::Interpreter
use GraphQL::Analysis::AST use GraphQL::Analysis::AST
use GraphQL::Schema::Timeout, max_seconds: 5 use GraphQL::Schema::Timeout, max_seconds: 10
use GraphQL::Batch use GraphQL::Batch
use GraphQL::Backtrace use GraphQL::Backtrace

View file

@ -8,6 +8,7 @@ class ApiEntreprise::API
ATTESTATION_SOCIALE_RESOURCE_NAME = "attestations_sociales_acoss" ATTESTATION_SOCIALE_RESOURCE_NAME = "attestations_sociales_acoss"
ATTESTATION_FISCALE_RESOURCE_NAME = "attestations_fiscales_dgfip" ATTESTATION_FISCALE_RESOURCE_NAME = "attestations_fiscales_dgfip"
BILANS_BDF_RESOURCE_NAME = "bilans_entreprises_bdf" BILANS_BDF_RESOURCE_NAME = "bilans_entreprises_bdf"
PRIVILEGES_RESOURCE_NAME = "privileges"
TIMEOUT = 15 TIMEOUT = 15
@ -24,48 +25,64 @@ class ApiEntreprise::API
end end
def self.entreprise(siren, procedure_id) def self.entreprise(siren, procedure_id)
call(ENTREPRISE_RESOURCE_NAME, siren, procedure_id) call_with_siret(ENTREPRISE_RESOURCE_NAME, siren, procedure_id)
end end
def self.etablissement(siret, procedure_id) def self.etablissement(siret, procedure_id)
call(ETABLISSEMENT_RESOURCE_NAME, siret, procedure_id) call_with_siret(ETABLISSEMENT_RESOURCE_NAME, siret, procedure_id)
end end
def self.exercices(siret, procedure_id) def self.exercices(siret, procedure_id)
call(EXERCICES_RESOURCE_NAME, siret, procedure_id) call_with_siret(EXERCICES_RESOURCE_NAME, siret, procedure_id)
end end
def self.rna(siret, procedure_id) def self.rna(siret, procedure_id)
call(RNA_RESOURCE_NAME, siret, procedure_id) call_with_siret(RNA_RESOURCE_NAME, siret, procedure_id)
end end
def self.effectifs(siren, procedure_id, annee, mois) def self.effectifs(siren, procedure_id, annee, mois)
endpoint = [EFFECTIFS_RESOURCE_NAME, annee, mois, "entreprise"].join('/') endpoint = [EFFECTIFS_RESOURCE_NAME, annee, mois, "entreprise"].join('/')
call(endpoint, siren, procedure_id) call_with_siret(endpoint, siren, procedure_id)
end end
def self.effectifs_annuels(siren, procedure_id) def self.effectifs_annuels(siren, procedure_id)
call(EFFECTIFS_ANNUELS_RESOURCE_NAME, siren, procedure_id) call_with_siret(EFFECTIFS_ANNUELS_RESOURCE_NAME, siren, procedure_id)
end end
def self.attestation_sociale(siren, procedure_id) def self.attestation_sociale(siren, procedure_id)
procedure = Procedure.find(procedure_id) procedure = Procedure.find(procedure_id)
call(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("attestations_sociales") call_with_siret(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("attestations_sociales")
end end
def self.attestation_fiscale(siren, procedure_id, user_id) def self.attestation_fiscale(siren, procedure_id, user_id)
procedure = Procedure.find(procedure_id) procedure = Procedure.find(procedure_id)
call(ATTESTATION_FISCALE_RESOURCE_NAME, siren, procedure_id, user_id) if procedure.api_entreprise_role?("attestations_fiscales") call_with_siret(ATTESTATION_FISCALE_RESOURCE_NAME, siren, procedure_id, user_id) if procedure.api_entreprise_role?("attestations_fiscales")
end end
def self.bilans_bdf(siren, procedure_id) def self.bilans_bdf(siren, procedure_id)
procedure = Procedure.find(procedure_id) procedure = Procedure.find(procedure_id)
call(BILANS_BDF_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("bilans_entreprise_bdf") call_with_siret(BILANS_BDF_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("bilans_entreprise_bdf")
end
def self.privileges(token)
call_with_token(PRIVILEGES_RESOURCE_NAME, token)
end end
private private
def self.call(resource_name, siret_or_siren, procedure_id, user_id = nil) def self.call_with_token(resource_name, token)
url = "#{API_ENTREPRISE_URL}/privileges?token=#{token}"
response = Typhoeus.get(url,
timeout: TIMEOUT)
if response.success?
JSON.parse(response.body, symbolize_names: true)
else
raise RequestFailed, "HTTP Error Code: #{response.code} for #{url}\nheaders: #{response.headers}\nbody: #{response.body}"
end
end
def self.call_with_siret(resource_name, siret_or_siren, procedure_id, user_id = nil)
return if ApiEntrepriseToken.new(token_for_procedure(procedure_id)).expired? return if ApiEntrepriseToken.new(token_for_procedure(procedure_id)).expired?
url = url(resource_name, siret_or_siren) url = url(resource_name, siret_or_siren)
params = params(siret_or_siren, procedure_id, user_id) params = params(siret_or_siren, procedure_id, user_id)

View file

@ -0,0 +1,20 @@
class ApiEntreprise::PrivilegesAdapter < ApiEntreprise::Adapter
def initialize(token)
@token = token
end
def valid?
begin
get_resource
true
rescue
false
end
end
private
def get_resource
ApiEntreprise::API.privileges(@token)
end
end

View file

@ -59,6 +59,7 @@ class Dossier < ApplicationRecord
has_one :etablissement, dependent: :destroy has_one :etablissement, dependent: :destroy
has_one :individual, validate: false, dependent: :destroy has_one :individual, validate: false, dependent: :destroy
has_one :attestation, dependent: :destroy has_one :attestation, dependent: :destroy
has_one :france_connect_information, through: :user
has_one_attached :justificatif_motivation has_one_attached :justificatif_motivation

View file

@ -188,6 +188,9 @@ prawn_document(page_size: "A4") do |pdf|
add_title(pdf, "Identité du demandeur") add_title(pdf, "Identité du demandeur")
if @dossier.france_connect_information.present?
format_in_2_columns(pdf, 'Informations France Connect', "Le dossier a été déposé par le compte de #{@dossier.france_connect_information.given_name} #{@dossier.france_connect_information.family_name}, authentifié par France Connect le #{@dossier.france_connect_information.updated_at.strftime('%d/%m/%Y')}")
end
format_in_2_columns(pdf, "Email", @dossier.user.email) format_in_2_columns(pdf, "Email", @dossier.user.email)
add_identite_individual(pdf, @dossier) if @dossier.individual.present? add_identite_individual(pdf, @dossier) if @dossier.individual.present?
render_identite_etablissement(pdf, @dossier.etablissement) if @dossier.etablissement.present? render_identite_etablissement(pdf, @dossier.etablissement) if @dossier.etablissement.present?

View file

@ -5,6 +5,8 @@
.tab-title Identité du demandeur .tab-title Identité du demandeur
.card .card
- if dossier.france_connect_information.present?
= render partial: "shared/dossiers/france_connect_informations", locals: { user_information: dossier.france_connect_information }
= render partial: "shared/dossiers/user_infos", locals: { user: dossier.user } = render partial: "shared/dossiers/user_infos", locals: { user: dossier.user }
- if dossier.etablissement.present? - if dossier.etablissement.present?

View file

@ -21,7 +21,8 @@
Votre dossier est enregistré automatiquement après chaque modification. Vous pouvez à tout moment fermer la fenêtre et reprendre plus tard là où vous en étiez. Votre dossier est enregistré automatiquement après chaque modification. Vous pouvez à tout moment fermer la fenêtre et reprendre plus tard là où vous en étiez.
- else - else
Pour enregistrer votre dossier et le reprendre plus tard, cliquez sur le bouton « Enregistrer le brouillon » en bas à gauche du formulaire. Pour enregistrer votre dossier et le reprendre plus tard, cliquez sur le bouton « Enregistrer le brouillon » en bas à gauche du formulaire.
- if !apercu && dossier.france_connect_information.present?
= render partial: "shared/dossiers/france_connect_informations", locals: { user_information: dossier.france_connect_information }
- if notice_url(dossier.procedure).present? - if notice_url(dossier.procedure).present?
= link_to notice_url(dossier.procedure), target: '_blank', rel: 'noopener', class: 'button notice', title: "Pour vous aider à remplir votre dossier, vous pouvez consulter le guide de cette démarche." do = link_to notice_url(dossier.procedure), target: '_blank', rel: 'noopener', class: 'button notice', title: "Pour vous aider à remplir votre dossier, vous pouvez consulter le guide de cette démarche." do
%span.icon.info> %span.icon.info>

View file

@ -0,0 +1,4 @@
.card.featured
.flex.justify-center
= image_tag "logo-france-connect.png", alt: "France Connect logo", width: 200, class: "mb-2"
.card-title Le dossier a été déposé par le compte de #{user_information.given_name} #{user_information.family_name}, authentifié par France Connect le #{user_information.updated_at.strftime('%d/%m/%Y')}.

View file

@ -49,7 +49,7 @@ Rails.application.routes.draw do
post 'demandes/create_administrateur' post 'demandes/create_administrateur'
post 'demandes/refuse_administrateur' post 'demandes/refuse_administrateur'
authenticate :administration do authenticate :super_admin do
mount Flipper::UI.app(-> { Flipper.instance }) => "/features", as: :flipper mount Flipper::UI.app(-> { Flipper.instance }) => "/features", as: :flipper
match "/delayed_job" => DelayedJobWeb, :anchor => false, :via => [:get, :post] match "/delayed_job" => DelayedJobWeb, :anchor => false, :via => [:get, :post]
end end

View file

@ -333,11 +333,38 @@ describe NewAdministrateur::ProceduresController, type: :controller do
describe 'PATCH #jeton' do describe 'PATCH #jeton' do
let(:procedure) { create(:procedure, administrateur: admin) } let(:procedure) { create(:procedure, administrateur: admin) }
let(:valid_token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" } let(:token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }
it "update api_entreprise_token" do subject { patch :update_jeton, params: { id: procedure.id, procedure: { api_entreprise_token: token } } }
patch :update_jeton, params: { id: procedure.id, procedure: { api_entreprise_token: valid_token } }
expect(procedure.reload.api_entreprise_token).to eq(valid_token) before do
allow_any_instance_of(ApiEntreprise::PrivilegesAdapter).to receive(:valid?).and_return(token_is_valid)
subject
end
context 'when jeton is valid' do
let(:token_is_valid) { true }
it { expect(flash.alert).to be_nil }
it { expect(flash.notice).to eq('Le jeton a bien été mis à jour') }
it { expect(procedure.reload.api_entreprise_token).to eq(token) }
end
context 'when jeton is invalid' do
let(:token_is_valid) { false }
it { expect(flash.alert).to eq("Mise à jour impossible : le jeton n'est pas valide") }
it { expect(flash.notice).to be_nil }
it { expect(procedure.reload.api_entreprise_token).not_to eq(token) }
end
context 'when jeton is not a jwt' do
let(:token) { "invalid" }
let(:token_is_valid) { true } # just to check jwt format by procedure model
it { expect(flash.alert).to eq("Mise à jour impossible : le jeton n'est pas valide") }
it { expect(flash.notice).to be_nil }
it { expect(procedure.reload.api_entreprise_token).not_to eq(token) }
end end
end end

View file

@ -68,6 +68,10 @@ feature 'France Connect Particulier Connexion' do
scenario 'he is redirected to user dossiers page' do scenario 'he is redirected to user dossiers page' do
expect(page).to have_content('Dossiers') expect(page).to have_content('Dossiers')
end end
scenario 'the updated_at date is well updated' do
expect(france_connect_information.updated_at).not_to eq(france_connect_information.created_at)
end
end end
end end

View file

@ -18,4 +18,19 @@ describe 'instructeurs/dossiers/show.html.haml', type: :view do
expect(rendered).to have_text('Identité') expect(rendered).to have_text('Identité')
expect(rendered).to have_text('Demande') expect(rendered).to have_text('Demande')
end end
context 'when the user is logged in with france connect' do
let(:france_connect_information) { build(:france_connect_information) }
let(:user) { build(:user, france_connect_information: france_connect_information) }
let(:procedure1) { create(:procedure, :with_type_de_champ, for_individual: true) }
let(:dossier) { create(:dossier, procedure: procedure1, user: user) }
before do
render
end
it 'fills the individual with the informations from France Connect' do
expect(rendered).to have_text("Le dossier a été déposé par le compte de #{france_connect_information.given_name} #{france_connect_information.family_name}, authentifié par France Connect le #{france_connect_information.updated_at.strftime('%d/%m/%Y')}")
end
end
end end

View file

@ -33,4 +33,19 @@ describe 'users/dossiers/demande.html.haml', type: :view do
it { expect(rendered).not_to have_text('Déposé le') } it { expect(rendered).not_to have_text('Déposé le') }
end end
context 'when the user is logged in with france connect' do
let(:france_connect_information) { build(:france_connect_information) }
let(:user) { build(:user, france_connect_information: france_connect_information) }
let(:procedure1) { create(:procedure, :with_type_de_champ, for_individual: true) }
let(:dossier) { create(:dossier, procedure: procedure1, user: user) }
before do
render
end
it 'fills the individual with the informations from France Connect' do
expect(rendered).to have_text("Le dossier a été déposé par le compte de #{france_connect_information.given_name} #{france_connect_information.family_name}, authentifié par France Connect le #{france_connect_information.updated_at.strftime('%d/%m/%Y')}")
end
end
end end