From ce095479b73ca6f770331bacdb9a9f15b178ebe3 Mon Sep 17 00:00:00 2001
From: simon lehericey <mail@simon.lehericey.net>
Date: Wed, 31 Jul 2024 21:18:23 +0200
Subject: [PATCH] fix password reset with bad password scenario

---
 .../_password_confirmation.html.haml          | 21 ++++++-------------
 .../particulier/merge.html.haml               |  8 +------
 .../merge_using_password.turbo_stream.haml    |  1 +
 ...ge_with_existing_account.turbo_stream.haml |  0
 .../merge_with_new_account.turbo_stream.haml  |  4 ----
 config/locales/en.yml                         |  4 ----
 config/locales/fr.yml                         |  4 ----
 7 files changed, 8 insertions(+), 34 deletions(-)
 create mode 100644 app/views/france_connect/particulier/merge_using_password.turbo_stream.haml
 delete mode 100644 app/views/france_connect/particulier/merge_with_existing_account.turbo_stream.haml
 delete mode 100644 app/views/france_connect/particulier/merge_with_new_account.turbo_stream.haml

diff --git a/app/views/france_connect/particulier/_password_confirmation.html.haml b/app/views/france_connect/particulier/_password_confirmation.html.haml
index 3e23ee608..6a9ce4bbc 100644
--- a/app/views/france_connect/particulier/_password_confirmation.html.haml
+++ b/app/views/france_connect/particulier/_password_confirmation.html.haml
@@ -1,16 +1,7 @@
-%p
-  = t('.already_exists', email: email, application_name: Current.application_name)
-  %br
-  = t('.fill_in_password')
+= form_tag france_connect_particulier_merge_using_password_path, data: { turbo: true }, class: 'mt-2 form fconnect-form', id: 'merge_using_password' do
+  = hidden_field_tag :merge_token, fci.merge_token, id: dom_id(fci, :fusion_merge_token)
+  .fr-input-group{ class: class_names('fr-input-group--error': wrong_password) }
+    = label_tag :password, t('views.registrations.new.password_label', min_length: 8), class: 'fr-label'
+    = password_field_tag :password, nil, autocomplete: 'current-password', class: 'mb-1 fr-input'
 
-= form_tag france_connect_particulier_merge_with_existing_account_path, data: { turbo: true, turbo_force: :server }, class: 'mt-2 form fconnect-form' do
-  = hidden_field_tag :merge_token, merge_token
-  = hidden_field_tag :email, email
-  = label_tag :password, t('views.registrations.new.password_label', min_length: 8)
-  = password_field_tag :password, nil, autocomplete: 'current-password', id: 'password-for-another-account'
-  .mb-2
-    = t('views.users.sessions.new.reset_password')
-    = link_to france_connect_particulier_send_email_merge_path(merge_token: merge_token), method: :post do
-      = t('france_connect.particulier.merge.link_confirm_by_email')
-  = button_tag t('.back'), type: 'button', class: 'button secondary', onclick: 'DS.showNewAccount(event);'
-  = submit_tag t('france_connect.particulier.merge.button_merge'), class: 'button primary'
+  = submit_tag t('france_connect.particulier.merge.button_merge'), class: 'fr-btn'
diff --git a/app/views/france_connect/particulier/merge.html.haml b/app/views/france_connect/particulier/merge.html.haml
index 7f771043f..c96f9b53e 100644
--- a/app/views/france_connect/particulier/merge.html.haml
+++ b/app/views/france_connect/particulier/merge.html.haml
@@ -20,13 +20,7 @@
   .fusion.hidden
     %p= t('.title_fill_in_password')
 
-    = form_tag france_connect_particulier_merge_using_password_path, data: { turbo: true }, class: 'mt-2 form fconnect-form' do
-      = hidden_field_tag :merge_token, @fci.merge_token, id: dom_id(@fci, :fusion_merge_token)
-      .fr-input-group
-        = label_tag :password, t('views.registrations.new.password_label', min_length: 8), class: 'fr-label'
-        = password_field_tag :password, nil, autocomplete: 'current-password', class: 'mb-1 fr-input'
-
-      = submit_tag t('.button_merge'), class: 'fr-btn'
+    = render partial: 'password_confirmation', locals: { fci: @fci, wrong_password: @wrong_password }
 
     .mt-2
       = button_to t('.link_confirm_by_email'),
diff --git a/app/views/france_connect/particulier/merge_using_password.turbo_stream.haml b/app/views/france_connect/particulier/merge_using_password.turbo_stream.haml
new file mode 100644
index 000000000..d3985f5c2
--- /dev/null
+++ b/app/views/france_connect/particulier/merge_using_password.turbo_stream.haml
@@ -0,0 +1 @@
+= turbo_stream.replace('merge_using_password', partial: 'password_confirmation', locals: { fci: @fci, wrong_password: true })
diff --git a/app/views/france_connect/particulier/merge_with_existing_account.turbo_stream.haml b/app/views/france_connect/particulier/merge_with_existing_account.turbo_stream.haml
deleted file mode 100644
index e69de29bb..000000000
diff --git a/app/views/france_connect/particulier/merge_with_new_account.turbo_stream.haml b/app/views/france_connect/particulier/merge_with_new_account.turbo_stream.haml
deleted file mode 100644
index 7d14ef01a..000000000
--- a/app/views/france_connect/particulier/merge_with_new_account.turbo_stream.haml
+++ /dev/null
@@ -1,4 +0,0 @@
-= turbo_stream.update 'new-account-password-confirmation', partial: 'password_confirmation', locals: { email: @email, merge_token: @merge_token }
-= turbo_stream.hide_all '.fusion'
-= turbo_stream.hide_all '.new-account'
-= turbo_stream.show 'new-account-password-confirmation'
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 9b6a17675..e1fe7e4c6 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -897,10 +897,6 @@ en:
         intro: "A confirmation email has been sent to your address %{email}"
         click_the_link_in_the_email: "Please click the link in the email to confirm your account and connect with France Connect in the future."
         continue: "Continue"
-      password_confirmation:
-        back: 'back to previous step'
-        already_exists: An account with %{email} already existis on %{application_name}
-        fill_in_password: fill in your password to merge your accounts
       merge:
         title: "Merge your account FranceConnect and %{application_name}"
         subtitle_html: "Hello,<br /><br />Your account FranceConnect uses <b class='bold'>%{email}</b> as contact email.<br />But there is an existing %{application_name} account using this email."
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 9507716e3..34e1f9bd7 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -952,10 +952,6 @@ fr:
         intro: Un mail de confirmation a été envoyé à votre adresse %{email}
         click_the_link_in_the_email: Vous devez impérativement cliquer sur le lien du mail pour activer votre adresse et recevoir les notifications sur l'avancement de vos dossiers.
         continue: Continuer
-      password_confirmation:
-        back: 'revenir en arrière'
-        already_exists: Le compte %{email} existe déjà sur %{application_name}
-        fill_in_password: entrez votre mot de passe pour fusionner les comptes
       merge:
         title: "Fusion des comptes FranceConnect et %{application_name}"
         subtitle_html: "Bonjour,<br /><br />Votre compte FranceConnect utilise <b class='bold'>%{email}</b> comme email de contact.<br />Or il existe un compte sur %{application_name} avec cet email."