DGNum/demarches-normaliennes
13
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feature(agent_connect_2fa): add intermediate pages to improve UX

Browse source
This commit is contained in:
simon lehericey 2024-09-16 12:14:46 +02:00
parent 6f5135a6b2
commit cd2d772cd0
No known key found for this signature in database
GPG key ID: CDE670D827C7B3C5
8 changed files with 120 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

34
app/controllers/agent_connect/agent_controller.rb
View file

@ -10,6 +10,9 @@ class AgentConnect::AgentController < ApplicationController
STATE_COOKIE_NAME = :agentConnect_state
NONCE_COOKIE_NAME = :agentConnect_nonce
AC_ID_TOKEN_COOKIE_NAME = :agentConnect_id_token
REDIRECT_TO_AC_LOGIN_COOKIE_NAME = :redirect_to_ac_login
def index
end
@ -27,7 +30,11 @@ class AgentConnect::AgentController < ApplicationController
cookies.delete NONCE_COOKIE_NAME
if user_info['idp_id'] == MON_COMPTE_PRO_IDP_ID && !amr.include?('mfa')
return redirect_to ENV['MON_COMPTE_PRO_2FA_NOT_CONFIGURED_URL'], allow_other_host: true
# we need the id_token to disconnect the agent connect session later.
# we cannot store it in the instructeur model because the user is not yet created
# so we store it in a encrypted cookie
cookies.encrypted[AC_ID_TOKEN_COOKIE_NAME] = id_token
return redirect_to agent_connect_explanation_2fa_path
end
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })
@ -52,6 +59,31 @@ class AgentConnect::AgentController < ApplicationController
redirect_france_connect_error_connection
end
def explanation_2fa
end
# Special callback from MonComptePro juste after 2FA configuration
# then:
# - the current user is disconnected from the AgentConnect session by redirecting to the AgentConnect logout endpoint
# - the user is redirected to User::SessionsController#logout by agent connect (no choice)
# - the cookie redirect_to_ac_login is detected and the controller redirects to the relogin_after_2fa_config page
# - finally, the user clicks on the button to reconnect to the AgentConnect session
def logout_from_mcp
sign_out(:user) if user_signed_in?
id_token = cookies.encrypted[AC_ID_TOKEN_COOKIE_NAME]
cookies.delete(AC_ID_TOKEN_COOKIE_NAME)
return redirect_to root_path if id_token.blank?
cookies.encrypted[REDIRECT_TO_AC_LOGIN_COOKIE_NAME] = true
redirect_to AgentConnectService.logout_url(id_token, host_with_port: request.host_with_port), allow_other_host: true
end
def relogin_after_2fa_config
end
private
def santized_email(user_info)