commit
c96a5a8de7
15 changed files with 138 additions and 21 deletions
BIN
app/assets/images/logo-france-connect.png
Normal file
BIN
app/assets/images/logo-france-connect.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 7.3 KiB |
|
@ -125,12 +125,20 @@ module NewAdministrateur
|
|||
end
|
||||
|
||||
def update_jeton
|
||||
if !@procedure.update(procedure_params)
|
||||
flash.now.alert = @procedure.errors.full_messages
|
||||
token = params[:procedure][:api_entreprise_token]
|
||||
@procedure.api_entreprise_token = token
|
||||
|
||||
if @procedure.valid? &&
|
||||
ApiEntreprise::PrivilegesAdapter.new(token).valid? &&
|
||||
@procedure.save
|
||||
|
||||
redirect_to jeton_admin_procedure_path(procedure_id: params[:procedure_id]),
|
||||
notice: 'Le jeton a bien été mis à jour'
|
||||
else
|
||||
flash.notice = 'Le jeton a bien été mis à jour'
|
||||
|
||||
flash.now.alert = "Mise à jour impossible : le jeton n'est pas valide"
|
||||
render 'jeton'
|
||||
end
|
||||
render 'jeton'
|
||||
end
|
||||
|
||||
def publication
|
||||
|
|
|
@ -63,7 +63,7 @@ class Api::V2::Schema < GraphQL::Schema
|
|||
|
||||
use GraphQL::Execution::Interpreter
|
||||
use GraphQL::Analysis::AST
|
||||
use GraphQL::Schema::Timeout, max_seconds: 5
|
||||
use GraphQL::Schema::Timeout, max_seconds: 10
|
||||
use GraphQL::Batch
|
||||
use GraphQL::Backtrace
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ class ApiEntreprise::API
|
|||
ATTESTATION_SOCIALE_RESOURCE_NAME = "attestations_sociales_acoss"
|
||||
ATTESTATION_FISCALE_RESOURCE_NAME = "attestations_fiscales_dgfip"
|
||||
BILANS_BDF_RESOURCE_NAME = "bilans_entreprises_bdf"
|
||||
PRIVILEGES_RESOURCE_NAME = "privileges"
|
||||
|
||||
TIMEOUT = 15
|
||||
|
||||
|
@ -24,48 +25,64 @@ class ApiEntreprise::API
|
|||
end
|
||||
|
||||
def self.entreprise(siren, procedure_id)
|
||||
call(ENTREPRISE_RESOURCE_NAME, siren, procedure_id)
|
||||
call_with_siret(ENTREPRISE_RESOURCE_NAME, siren, procedure_id)
|
||||
end
|
||||
|
||||
def self.etablissement(siret, procedure_id)
|
||||
call(ETABLISSEMENT_RESOURCE_NAME, siret, procedure_id)
|
||||
call_with_siret(ETABLISSEMENT_RESOURCE_NAME, siret, procedure_id)
|
||||
end
|
||||
|
||||
def self.exercices(siret, procedure_id)
|
||||
call(EXERCICES_RESOURCE_NAME, siret, procedure_id)
|
||||
call_with_siret(EXERCICES_RESOURCE_NAME, siret, procedure_id)
|
||||
end
|
||||
|
||||
def self.rna(siret, procedure_id)
|
||||
call(RNA_RESOURCE_NAME, siret, procedure_id)
|
||||
call_with_siret(RNA_RESOURCE_NAME, siret, procedure_id)
|
||||
end
|
||||
|
||||
def self.effectifs(siren, procedure_id, annee, mois)
|
||||
endpoint = [EFFECTIFS_RESOURCE_NAME, annee, mois, "entreprise"].join('/')
|
||||
call(endpoint, siren, procedure_id)
|
||||
call_with_siret(endpoint, siren, procedure_id)
|
||||
end
|
||||
|
||||
def self.effectifs_annuels(siren, procedure_id)
|
||||
call(EFFECTIFS_ANNUELS_RESOURCE_NAME, siren, procedure_id)
|
||||
call_with_siret(EFFECTIFS_ANNUELS_RESOURCE_NAME, siren, procedure_id)
|
||||
end
|
||||
|
||||
def self.attestation_sociale(siren, procedure_id)
|
||||
procedure = Procedure.find(procedure_id)
|
||||
call(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("attestations_sociales")
|
||||
call_with_siret(ATTESTATION_SOCIALE_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("attestations_sociales")
|
||||
end
|
||||
|
||||
def self.attestation_fiscale(siren, procedure_id, user_id)
|
||||
procedure = Procedure.find(procedure_id)
|
||||
call(ATTESTATION_FISCALE_RESOURCE_NAME, siren, procedure_id, user_id) if procedure.api_entreprise_role?("attestations_fiscales")
|
||||
call_with_siret(ATTESTATION_FISCALE_RESOURCE_NAME, siren, procedure_id, user_id) if procedure.api_entreprise_role?("attestations_fiscales")
|
||||
end
|
||||
|
||||
def self.bilans_bdf(siren, procedure_id)
|
||||
procedure = Procedure.find(procedure_id)
|
||||
call(BILANS_BDF_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("bilans_entreprise_bdf")
|
||||
call_with_siret(BILANS_BDF_RESOURCE_NAME, siren, procedure_id) if procedure.api_entreprise_role?("bilans_entreprise_bdf")
|
||||
end
|
||||
|
||||
def self.privileges(token)
|
||||
call_with_token(PRIVILEGES_RESOURCE_NAME, token)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def self.call(resource_name, siret_or_siren, procedure_id, user_id = nil)
|
||||
def self.call_with_token(resource_name, token)
|
||||
url = "#{API_ENTREPRISE_URL}/privileges?token=#{token}"
|
||||
response = Typhoeus.get(url,
|
||||
timeout: TIMEOUT)
|
||||
|
||||
if response.success?
|
||||
JSON.parse(response.body, symbolize_names: true)
|
||||
else
|
||||
raise RequestFailed, "HTTP Error Code: #{response.code} for #{url}\nheaders: #{response.headers}\nbody: #{response.body}"
|
||||
end
|
||||
end
|
||||
|
||||
def self.call_with_siret(resource_name, siret_or_siren, procedure_id, user_id = nil)
|
||||
return if ApiEntrepriseToken.new(token_for_procedure(procedure_id)).expired?
|
||||
url = url(resource_name, siret_or_siren)
|
||||
params = params(siret_or_siren, procedure_id, user_id)
|
||||
|
|
20
app/lib/api_entreprise/privileges_adapter.rb
Normal file
20
app/lib/api_entreprise/privileges_adapter.rb
Normal file
|
@ -0,0 +1,20 @@
|
|||
class ApiEntreprise::PrivilegesAdapter < ApiEntreprise::Adapter
|
||||
def initialize(token)
|
||||
@token = token
|
||||
end
|
||||
|
||||
def valid?
|
||||
begin
|
||||
get_resource
|
||||
true
|
||||
rescue
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def get_resource
|
||||
ApiEntreprise::API.privileges(@token)
|
||||
end
|
||||
end
|
|
@ -59,6 +59,7 @@ class Dossier < ApplicationRecord
|
|||
has_one :etablissement, dependent: :destroy
|
||||
has_one :individual, validate: false, dependent: :destroy
|
||||
has_one :attestation, dependent: :destroy
|
||||
has_one :france_connect_information, through: :user
|
||||
|
||||
has_one_attached :justificatif_motivation
|
||||
|
||||
|
|
|
@ -188,6 +188,9 @@ prawn_document(page_size: "A4") do |pdf|
|
|||
|
||||
add_title(pdf, "Identité du demandeur")
|
||||
|
||||
if @dossier.france_connect_information.present?
|
||||
format_in_2_columns(pdf, 'Informations France Connect', "Le dossier a été déposé par le compte de #{@dossier.france_connect_information.given_name} #{@dossier.france_connect_information.family_name}, authentifié par France Connect le #{@dossier.france_connect_information.updated_at.strftime('%d/%m/%Y')}")
|
||||
end
|
||||
format_in_2_columns(pdf, "Email", @dossier.user.email)
|
||||
add_identite_individual(pdf, @dossier) if @dossier.individual.present?
|
||||
render_identite_etablissement(pdf, @dossier.etablissement) if @dossier.etablissement.present?
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
|
||||
.tab-title Identité du demandeur
|
||||
.card
|
||||
- if dossier.france_connect_information.present?
|
||||
= render partial: "shared/dossiers/france_connect_informations", locals: { user_information: dossier.france_connect_information }
|
||||
= render partial: "shared/dossiers/user_infos", locals: { user: dossier.user }
|
||||
|
||||
- if dossier.etablissement.present?
|
||||
|
|
|
@ -21,7 +21,8 @@
|
|||
Votre dossier est enregistré automatiquement après chaque modification. Vous pouvez à tout moment fermer la fenêtre et reprendre plus tard là où vous en étiez.
|
||||
- else
|
||||
Pour enregistrer votre dossier et le reprendre plus tard, cliquez sur le bouton « Enregistrer le brouillon » en bas à gauche du formulaire.
|
||||
|
||||
- if !apercu && dossier.france_connect_information.present?
|
||||
= render partial: "shared/dossiers/france_connect_informations", locals: { user_information: dossier.france_connect_information }
|
||||
- if notice_url(dossier.procedure).present?
|
||||
= link_to notice_url(dossier.procedure), target: '_blank', rel: 'noopener', class: 'button notice', title: "Pour vous aider à remplir votre dossier, vous pouvez consulter le guide de cette démarche." do
|
||||
%span.icon.info>
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
.card.featured
|
||||
.flex.justify-center
|
||||
= image_tag "logo-france-connect.png", alt: "France Connect logo", width: 200, class: "mb-2"
|
||||
.card-title Le dossier a été déposé par le compte de #{user_information.given_name} #{user_information.family_name}, authentifié par France Connect le #{user_information.updated_at.strftime('%d/%m/%Y')}.
|
|
@ -49,7 +49,7 @@ Rails.application.routes.draw do
|
|||
post 'demandes/create_administrateur'
|
||||
post 'demandes/refuse_administrateur'
|
||||
|
||||
authenticate :administration do
|
||||
authenticate :super_admin do
|
||||
mount Flipper::UI.app(-> { Flipper.instance }) => "/features", as: :flipper
|
||||
match "/delayed_job" => DelayedJobWeb, :anchor => false, :via => [:get, :post]
|
||||
end
|
||||
|
|
|
@ -333,11 +333,38 @@ describe NewAdministrateur::ProceduresController, type: :controller do
|
|||
|
||||
describe 'PATCH #jeton' do
|
||||
let(:procedure) { create(:procedure, administrateur: admin) }
|
||||
let(:valid_token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }
|
||||
let(:token) { "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" }
|
||||
|
||||
it "update api_entreprise_token" do
|
||||
patch :update_jeton, params: { id: procedure.id, procedure: { api_entreprise_token: valid_token } }
|
||||
expect(procedure.reload.api_entreprise_token).to eq(valid_token)
|
||||
subject { patch :update_jeton, params: { id: procedure.id, procedure: { api_entreprise_token: token } } }
|
||||
|
||||
before do
|
||||
allow_any_instance_of(ApiEntreprise::PrivilegesAdapter).to receive(:valid?).and_return(token_is_valid)
|
||||
subject
|
||||
end
|
||||
|
||||
context 'when jeton is valid' do
|
||||
let(:token_is_valid) { true }
|
||||
|
||||
it { expect(flash.alert).to be_nil }
|
||||
it { expect(flash.notice).to eq('Le jeton a bien été mis à jour') }
|
||||
it { expect(procedure.reload.api_entreprise_token).to eq(token) }
|
||||
end
|
||||
|
||||
context 'when jeton is invalid' do
|
||||
let(:token_is_valid) { false }
|
||||
|
||||
it { expect(flash.alert).to eq("Mise à jour impossible : le jeton n'est pas valide") }
|
||||
it { expect(flash.notice).to be_nil }
|
||||
it { expect(procedure.reload.api_entreprise_token).not_to eq(token) }
|
||||
end
|
||||
|
||||
context 'when jeton is not a jwt' do
|
||||
let(:token) { "invalid" }
|
||||
let(:token_is_valid) { true } # just to check jwt format by procedure model
|
||||
|
||||
it { expect(flash.alert).to eq("Mise à jour impossible : le jeton n'est pas valide") }
|
||||
it { expect(flash.notice).to be_nil }
|
||||
it { expect(procedure.reload.api_entreprise_token).not_to eq(token) }
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -68,6 +68,10 @@ feature 'France Connect Particulier Connexion' do
|
|||
scenario 'he is redirected to user dossiers page' do
|
||||
expect(page).to have_content('Dossiers')
|
||||
end
|
||||
|
||||
scenario 'the updated_at date is well updated' do
|
||||
expect(france_connect_information.updated_at).not_to eq(france_connect_information.created_at)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -18,4 +18,19 @@ describe 'instructeurs/dossiers/show.html.haml', type: :view do
|
|||
expect(rendered).to have_text('Identité')
|
||||
expect(rendered).to have_text('Demande')
|
||||
end
|
||||
|
||||
context 'when the user is logged in with france connect' do
|
||||
let(:france_connect_information) { build(:france_connect_information) }
|
||||
let(:user) { build(:user, france_connect_information: france_connect_information) }
|
||||
let(:procedure1) { create(:procedure, :with_type_de_champ, for_individual: true) }
|
||||
let(:dossier) { create(:dossier, procedure: procedure1, user: user) }
|
||||
|
||||
before do
|
||||
render
|
||||
end
|
||||
|
||||
it 'fills the individual with the informations from France Connect' do
|
||||
expect(rendered).to have_text("Le dossier a été déposé par le compte de #{france_connect_information.given_name} #{france_connect_information.family_name}, authentifié par France Connect le #{france_connect_information.updated_at.strftime('%d/%m/%Y')}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -33,4 +33,19 @@ describe 'users/dossiers/demande.html.haml', type: :view do
|
|||
|
||||
it { expect(rendered).not_to have_text('Déposé le') }
|
||||
end
|
||||
|
||||
context 'when the user is logged in with france connect' do
|
||||
let(:france_connect_information) { build(:france_connect_information) }
|
||||
let(:user) { build(:user, france_connect_information: france_connect_information) }
|
||||
let(:procedure1) { create(:procedure, :with_type_de_champ, for_individual: true) }
|
||||
let(:dossier) { create(:dossier, procedure: procedure1, user: user) }
|
||||
|
||||
before do
|
||||
render
|
||||
end
|
||||
|
||||
it 'fills the individual with the informations from France Connect' do
|
||||
expect(rendered).to have_text("Le dossier a été déposé par le compte de #{france_connect_information.given_name} #{france_connect_information.family_name}, authentifié par France Connect le #{france_connect_information.updated_at.strftime('%d/%m/%Y')}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue