Merge branch 'dev' into enforce-rubocop-timezone
This commit is contained in:
commit
cf610bbd91
22 changed files with 284 additions and 157 deletions
|
@ -1,12 +1,13 @@
|
||||||
|
@import "colors";
|
||||||
|
|
||||||
.direct-upload {
|
.direct-upload {
|
||||||
display: inline-block;
|
display: inline-block;
|
||||||
position: relative;
|
position: relative;
|
||||||
padding: 2px 4px;
|
padding: 4px 15px;
|
||||||
margin: 0 3px 3px 0;
|
margin: 0 3px 3px 0;
|
||||||
border: 1px solid rgba(0, 0, 0, 0.3);
|
border: 1px solid $border-grey;
|
||||||
border-radius: 3px;
|
border-radius: 3px;
|
||||||
font-size: 11px;
|
font-size: 14px;
|
||||||
line-height: 13px;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
.direct-upload--pending {
|
.direct-upload--pending {
|
||||||
|
|
|
@ -111,6 +111,10 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.direct-upload {
|
||||||
|
margin-bottom: 2 * $default-padding;
|
||||||
|
}
|
||||||
|
|
||||||
.add-row {
|
.add-row {
|
||||||
margin-bottom: 2 * $default-padding;
|
margin-bottom: 2 * $default-padding;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
|
include TrustedDeviceConcern
|
||||||
|
|
||||||
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
|
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
|
||||||
|
|
||||||
# Prevent CSRF attacks by raising an exception.
|
# Prevent CSRF attacks by raising an exception.
|
||||||
|
@ -6,6 +8,7 @@ class ApplicationController < ActionController::Base
|
||||||
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
|
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
|
||||||
before_action :load_navbar_left_pannel_partial_url
|
before_action :load_navbar_left_pannel_partial_url
|
||||||
before_action :set_raven_context
|
before_action :set_raven_context
|
||||||
|
before_action :redirect_if_untrusted
|
||||||
before_action :authorize_request_for_profiler
|
before_action :authorize_request_for_profiler
|
||||||
before_action :reject, if: -> { Flipflop.maintenance_mode? }
|
before_action :reject, if: -> { Flipflop.maintenance_mode? }
|
||||||
|
|
||||||
|
@ -151,4 +154,34 @@ class ApplicationController < ActionController::Base
|
||||||
redirect_to root_path
|
redirect_to root_path
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def redirect_if_untrusted
|
||||||
|
if gestionnaire_signed_in? &&
|
||||||
|
sensitive_path &&
|
||||||
|
current_gestionnaire.feature_enabled?(:enable_email_login_token) &&
|
||||||
|
!trusted_device?
|
||||||
|
|
||||||
|
# return at this location
|
||||||
|
# after the device is trusted
|
||||||
|
store_location_for(:user, request.fullpath)
|
||||||
|
|
||||||
|
send_login_token_or_bufferize(current_gestionnaire)
|
||||||
|
redirect_to link_sent_path(email: current_gestionnaire.email)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def sensitive_path
|
||||||
|
path = request.path_info
|
||||||
|
|
||||||
|
if path == '/' ||
|
||||||
|
path == '/users/sign_out' ||
|
||||||
|
path.start_with?('/connexion-par-jeton') ||
|
||||||
|
path.start_with?('/api/') ||
|
||||||
|
path.start_with?('/lien-envoye')
|
||||||
|
|
||||||
|
false
|
||||||
|
else
|
||||||
|
true
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -23,20 +23,7 @@ class Users::SessionsController < Sessions::SessionsController
|
||||||
current_user.update(loged_in_with_france_connect: nil)
|
current_user.update(loged_in_with_france_connect: nil)
|
||||||
end
|
end
|
||||||
|
|
||||||
if gestionnaire_signed_in?
|
if gestionnaire_signed_in? || user_signed_in?
|
||||||
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
|
|
||||||
set_flash_message :notice, :signed_in
|
|
||||||
redirect_to after_sign_in_path_for(:user)
|
|
||||||
else
|
|
||||||
gestionnaire = current_gestionnaire
|
|
||||||
|
|
||||||
send_login_token_or_bufferize(gestionnaire)
|
|
||||||
|
|
||||||
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
|
|
||||||
|
|
||||||
redirect_to link_sent_path(email: gestionnaire.email)
|
|
||||||
end
|
|
||||||
elsif user_signed_in?
|
|
||||||
set_flash_message :notice, :signed_in
|
set_flash_message :notice, :signed_in
|
||||||
redirect_to after_sign_in_path_for(:user)
|
redirect_to after_sign_in_path_for(:user)
|
||||||
else
|
else
|
||||||
|
@ -83,32 +70,35 @@ class Users::SessionsController < Sessions::SessionsController
|
||||||
|
|
||||||
def sign_in_by_link
|
def sign_in_by_link
|
||||||
gestionnaire = Gestionnaire.find(params[:id])
|
gestionnaire = Gestionnaire.find(params[:id])
|
||||||
if gestionnaire&.login_token_valid?(params[:jeton])
|
trusted_device_token = gestionnaire
|
||||||
trust_device
|
.trusted_device_tokens
|
||||||
flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
|
.find_by(token: params[:jeton])
|
||||||
|
|
||||||
user = User.find_by(email: gestionnaire.email)
|
if trusted_device_token&.token_valid?
|
||||||
administrateur = Administrateur.find_by(email: gestionnaire.email)
|
trust_device(trusted_device_token.created_at)
|
||||||
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
|
|
||||||
|
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
|
||||||
|
|
||||||
|
flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
|
||||||
|
|
||||||
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
|
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
|
||||||
# redirect to root_path otherwise
|
# redirect to root_path otherwise
|
||||||
|
|
||||||
|
if gestionnaire_signed_in?
|
||||||
redirect_to after_sign_in_path_for(:user)
|
redirect_to after_sign_in_path_for(:user)
|
||||||
else
|
else
|
||||||
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
|
|
||||||
redirect_to new_user_session_path
|
redirect_to new_user_session_path
|
||||||
end
|
end
|
||||||
|
else
|
||||||
|
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
|
||||||
|
|
||||||
|
send_login_token_or_bufferize(gestionnaire)
|
||||||
|
redirect_to link_sent_path(email: gestionnaire.email)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def send_login_token_or_bufferize(gestionnaire)
|
|
||||||
if !gestionnaire.young_login_token?
|
|
||||||
login_token = gestionnaire.login_token!
|
|
||||||
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def try_to_authenticate(klass, remember_me = false)
|
def try_to_authenticate(klass, remember_me = false)
|
||||||
resource = klass.find_for_database_authentication(email: params[:user][:email])
|
resource = klass.find_for_database_authentication(email: params[:user][:email])
|
||||||
|
|
||||||
|
|
|
@ -4,10 +4,10 @@ module TrustedDeviceConcern
|
||||||
TRUSTED_DEVICE_COOKIE_NAME = :trusted_device
|
TRUSTED_DEVICE_COOKIE_NAME = :trusted_device
|
||||||
TRUSTED_DEVICE_PERIOD = 1.month
|
TRUSTED_DEVICE_PERIOD = 1.month
|
||||||
|
|
||||||
def trust_device
|
def trust_device(start_at)
|
||||||
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
||||||
value: JSON.generate({ created_at: Time.zone.now }),
|
value: JSON.generate({ created_at: start_at }),
|
||||||
expires: TRUSTED_DEVICE_PERIOD,
|
expires: start_at + TRUSTED_DEVICE_PERIOD,
|
||||||
httponly: true
|
httponly: true
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
@ -17,6 +17,13 @@ module TrustedDeviceConcern
|
||||||
(Time.zone.now - TRUSTED_DEVICE_PERIOD) < trusted_device_cookie_created_at
|
(Time.zone.now - TRUSTED_DEVICE_PERIOD) < trusted_device_cookie_created_at
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def send_login_token_or_bufferize(gestionnaire)
|
||||||
|
if !gestionnaire.young_login_token?
|
||||||
|
login_token = gestionnaire.create_trusted_device_token
|
||||||
|
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def trusted_device_cookie_created_at
|
def trusted_device_cookie_created_at
|
||||||
|
|
|
@ -1,10 +1,6 @@
|
||||||
class Gestionnaire < ApplicationRecord
|
class Gestionnaire < ApplicationRecord
|
||||||
include CredentialsSyncableConcern
|
include CredentialsSyncableConcern
|
||||||
include EmailSanitizableConcern
|
include EmailSanitizableConcern
|
||||||
include ActiveRecord::SecureToken
|
|
||||||
|
|
||||||
LOGIN_TOKEN_VALIDITY = 45.minutes
|
|
||||||
LOGIN_TOKEN_YOUTH = 15.minutes
|
|
||||||
|
|
||||||
devise :database_authenticatable, :registerable, :async,
|
devise :database_authenticatable, :registerable, :async,
|
||||||
:recoverable, :rememberable, :trackable, :validatable
|
:recoverable, :rememberable, :trackable, :validatable
|
||||||
|
@ -20,6 +16,7 @@ class Gestionnaire < ApplicationRecord
|
||||||
has_many :followed_dossiers, through: :follows, source: :dossier
|
has_many :followed_dossiers, through: :follows, source: :dossier
|
||||||
has_many :avis
|
has_many :avis
|
||||||
has_many :dossiers_from_avis, through: :avis, source: :dossier
|
has_many :dossiers_from_avis, through: :avis, source: :dossier
|
||||||
|
has_many :trusted_device_tokens
|
||||||
|
|
||||||
def visible_procedures
|
def visible_procedures
|
||||||
procedures.merge(Procedure.avec_lien.or(Procedure.archivees))
|
procedures.merge(Procedure.avec_lien.or(Procedure.archivees))
|
||||||
|
@ -135,18 +132,9 @@ class Gestionnaire < ApplicationRecord
|
||||||
Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
|
Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
|
||||||
end
|
end
|
||||||
|
|
||||||
def login_token!
|
def create_trusted_device_token
|
||||||
login_token = Gestionnaire.generate_unique_secure_token
|
trusted_device_token = trusted_device_tokens.create
|
||||||
encrypted_login_token = BCrypt::Password.create(login_token)
|
trusted_device_token.token
|
||||||
update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
|
|
||||||
login_token
|
|
||||||
end
|
|
||||||
|
|
||||||
def login_token_valid?(login_token)
|
|
||||||
BCrypt::Password.new(encrypted_login_token) == login_token &&
|
|
||||||
LOGIN_TOKEN_VALIDITY.ago < login_token_created_at
|
|
||||||
rescue BCrypt::Errors::InvalidHash
|
|
||||||
false
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def dossiers_id_with_notifications(dossiers)
|
def dossiers_id_with_notifications(dossiers)
|
||||||
|
@ -213,8 +201,8 @@ class Gestionnaire < ApplicationRecord
|
||||||
end
|
end
|
||||||
|
|
||||||
def young_login_token?
|
def young_login_token?
|
||||||
login_token_created_at.present? &&
|
trusted_device_token = trusted_device_tokens.order(created_at: :desc).first
|
||||||
LOGIN_TOKEN_YOUTH.ago < login_token_created_at
|
trusted_device_token&.token_young?
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -7,11 +7,10 @@ class Service < ApplicationRecord
|
||||||
enum type_organisme: {
|
enum type_organisme: {
|
||||||
administration_centrale: 'administration_centrale',
|
administration_centrale: 'administration_centrale',
|
||||||
association: 'association',
|
association: 'association',
|
||||||
commune: 'commune',
|
collectivite_territoriale: 'collectivite_territoriale',
|
||||||
departement: 'departement',
|
|
||||||
etablissement_enseignement: 'etablissement_enseignement',
|
etablissement_enseignement: 'etablissement_enseignement',
|
||||||
prefecture: 'prefecture',
|
operateur_d_etat: "operateur_d_etat",
|
||||||
region: 'region',
|
service_deconcentre_de_l_etat: 'service_deconcentre_de_l_etat',
|
||||||
autre: 'autre'
|
autre: 'autre'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
15
app/models/trusted_device_token.rb
Normal file
15
app/models/trusted_device_token.rb
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
class TrustedDeviceToken < ApplicationRecord
|
||||||
|
LOGIN_TOKEN_VALIDITY = 1.week
|
||||||
|
LOGIN_TOKEN_YOUTH = 15.minutes
|
||||||
|
|
||||||
|
belongs_to :gestionnaire
|
||||||
|
has_secure_token
|
||||||
|
|
||||||
|
def token_valid?
|
||||||
|
LOGIN_TOKEN_VALIDITY.ago < created_at
|
||||||
|
end
|
||||||
|
|
||||||
|
def token_young?
|
||||||
|
LOGIN_TOKEN_YOUTH.ago < created_at
|
||||||
|
end
|
||||||
|
end
|
|
@ -75,18 +75,18 @@
|
||||||
name: :save_draft,
|
name: :save_draft,
|
||||||
value: true,
|
value: true,
|
||||||
class: 'button send secondary',
|
class: 'button send secondary',
|
||||||
data: { disable: true }
|
data: { 'disable-with': "Envoi en cours…" }
|
||||||
|
|
||||||
- if dossier.can_transition_to_en_construction?
|
- if dossier.can_transition_to_en_construction?
|
||||||
= f.button 'Soumettre le dossier',
|
= f.button 'Soumettre le dossier',
|
||||||
class: 'button send primary',
|
class: 'button send primary',
|
||||||
disabled: !current_user.owns?(dossier),
|
disabled: !current_user.owns?(dossier),
|
||||||
data: { disable: true }
|
data: { 'disable-with': "Envoi en cours…" }
|
||||||
|
|
||||||
- else
|
- else
|
||||||
= f.button 'Enregistrer les modifications du dossier',
|
= f.button 'Enregistrer les modifications du dossier',
|
||||||
class: 'button send primary',
|
class: 'button send primary',
|
||||||
data: { disable: true }
|
data: { 'disable-with': "Envoi en cours…" }
|
||||||
|
|
||||||
- if dossier.brouillon? && !current_user.owns?(dossier)
|
- if dossier.brouillon? && !current_user.owns?(dossier)
|
||||||
.send-notice.invite-cannot-submit
|
.send-notice.invite-cannot-submit
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
= form.select :value,
|
= form.select :value,
|
||||||
Champs::DepartementChamp.departements,
|
Champs::DepartementChamp.departements,
|
||||||
|
include_blank: true,
|
||||||
required: champ.mandatory?
|
required: champ.mandatory?
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
fr:
|
fr:
|
||||||
type_organisme:
|
type_organisme:
|
||||||
administration_centrale: 'administration centrale'
|
administration_centrale: 'Administration centrale'
|
||||||
association: 'association'
|
association: 'Association'
|
||||||
commune: 'commune'
|
collectivite_territoriale: 'Collectivité territoriale'
|
||||||
departement: 'département'
|
etablissement_enseignement: 'Établissement d’enseignement'
|
||||||
etablissement_enseignement: 'établissement d’enseignement'
|
operateur_d_etat: "Opérateur d'État"
|
||||||
prefecture: 'préfecture'
|
service_deconcentre_de_l_etat: "Service déconcentré de l'État"
|
||||||
region: 'région'
|
autre: 'Autre'
|
||||||
autre: 'autre'
|
|
||||||
|
|
11
db/migrate/20190201164951_create_trusted_device_tokens.rb
Normal file
11
db/migrate/20190201164951_create_trusted_device_tokens.rb
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
class CreateTrustedDeviceTokens < ActiveRecord::Migration[5.2]
|
||||||
|
def change
|
||||||
|
create_table :trusted_device_tokens do |t|
|
||||||
|
t.string :token, null: false
|
||||||
|
t.references :gestionnaire, foreign_key: true
|
||||||
|
|
||||||
|
t.timestamps
|
||||||
|
end
|
||||||
|
add_index :trusted_device_tokens, :token, unique: true
|
||||||
|
end
|
||||||
|
end
|
10
db/schema.rb
10
db/schema.rb
|
@ -520,6 +520,15 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
|
||||||
t.string "version", null: false
|
t.string "version", null: false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
create_table "trusted_device_tokens", force: :cascade do |t|
|
||||||
|
t.string "token", null: false
|
||||||
|
t.bigint "gestionnaire_id"
|
||||||
|
t.datetime "created_at", null: false
|
||||||
|
t.datetime "updated_at", null: false
|
||||||
|
t.index ["gestionnaire_id"], name: "index_trusted_device_tokens_on_gestionnaire_id"
|
||||||
|
t.index ["token"], name: "index_trusted_device_tokens_on_token", unique: true
|
||||||
|
end
|
||||||
|
|
||||||
create_table "types_de_champ", id: :serial, force: :cascade do |t|
|
create_table "types_de_champ", id: :serial, force: :cascade do |t|
|
||||||
t.string "libelle"
|
t.string "libelle"
|
||||||
t.string "type_champ"
|
t.string "type_champ"
|
||||||
|
@ -611,6 +620,7 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
|
||||||
add_foreign_key "received_mails", "procedures"
|
add_foreign_key "received_mails", "procedures"
|
||||||
add_foreign_key "refused_mails", "procedures"
|
add_foreign_key "refused_mails", "procedures"
|
||||||
add_foreign_key "services", "administrateurs"
|
add_foreign_key "services", "administrateurs"
|
||||||
|
add_foreign_key "trusted_device_tokens", "gestionnaires"
|
||||||
add_foreign_key "types_de_champ", "types_de_champ", column: "parent_id"
|
add_foreign_key "types_de_champ", "types_de_champ", column: "parent_id"
|
||||||
add_foreign_key "without_continuation_mails", "procedures"
|
add_foreign_key "without_continuation_mails", "procedures"
|
||||||
end
|
end
|
||||||
|
|
17
lib/tasks/2019_02_18_migrate_service_organisme.rake
Normal file
17
lib/tasks/2019_02_18_migrate_service_organisme.rake
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
namespace :after_party do
|
||||||
|
desc 'Deployment task: migrate service organisme'
|
||||||
|
task migrate_service_organisme: :environment do
|
||||||
|
table = {
|
||||||
|
'commune': 'collectivite_territoriale',
|
||||||
|
'departement': 'collectivite_territoriale',
|
||||||
|
'region': 'collectivite_territoriale',
|
||||||
|
'prefecture': 'service_deconcentre_de_l_etat'
|
||||||
|
}
|
||||||
|
|
||||||
|
table.each do |(old_name, new_name)|
|
||||||
|
Service.where(type_organisme: old_name).update_all(type_organisme: new_name)
|
||||||
|
end
|
||||||
|
|
||||||
|
AfterParty::TaskRecord.create version: '20190201121252'
|
||||||
|
end
|
||||||
|
end
|
|
@ -9,6 +9,7 @@ describe ApplicationController, type: :controller do
|
||||||
.map(&:filter)
|
.map(&:filter)
|
||||||
|
|
||||||
expect(before_actions).to include(:set_raven_context)
|
expect(before_actions).to include(:set_raven_context)
|
||||||
|
expect(before_actions).to include(:redirect_if_untrusted)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -145,4 +146,56 @@ describe ApplicationController, type: :controller do
|
||||||
it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
|
it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#redirect_if_unstrusted' do
|
||||||
|
let(:current_gestionnaire) { create(:gestionnaire) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
allow(current_gestionnaire).to receive(:feature_enabled?).and_return(feature_enabled)
|
||||||
|
allow(@controller).to receive(:current_gestionnaire).and_return(current_gestionnaire)
|
||||||
|
|
||||||
|
allow(@controller).to receive(:redirect_to)
|
||||||
|
allow(@controller).to receive(:trusted_device?).and_return(trusted_device)
|
||||||
|
allow(@controller).to receive(:gestionnaire_signed_in?).and_return(gestionnaire_signed_in)
|
||||||
|
allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
|
||||||
|
allow(@controller).to receive(:send_login_token_or_bufferize)
|
||||||
|
allow(@controller).to receive(:store_location_for)
|
||||||
|
end
|
||||||
|
|
||||||
|
subject { @controller.send(:redirect_if_untrusted) }
|
||||||
|
|
||||||
|
context 'when the path is sensitive' do
|
||||||
|
let(:sensitive_path) { true }
|
||||||
|
|
||||||
|
context 'when the gestionnaire is signed_in' do
|
||||||
|
let(:gestionnaire_signed_in) { true }
|
||||||
|
|
||||||
|
context 'when the feature is activated' do
|
||||||
|
let(:feature_enabled) { true }
|
||||||
|
|
||||||
|
context 'when the device is trusted' do
|
||||||
|
let(:trusted_device) { true }
|
||||||
|
|
||||||
|
before { subject }
|
||||||
|
|
||||||
|
it { expect(@controller).not_to have_received(:redirect_to) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the feature is activated' do
|
||||||
|
let(:feature_enabled) { true }
|
||||||
|
|
||||||
|
context 'when the device is not trusted' do
|
||||||
|
let(:trusted_device) { false }
|
||||||
|
|
||||||
|
before { subject }
|
||||||
|
|
||||||
|
it { expect(@controller).to have_received(:redirect_to) }
|
||||||
|
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
|
||||||
|
it { expect(@controller).to have_received(:store_location_for) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -15,7 +15,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
||||||
nom: 'super service',
|
nom: 'super service',
|
||||||
organisme: 'organisme',
|
organisme: 'organisme',
|
||||||
siret: '01234567891234',
|
siret: '01234567891234',
|
||||||
type_organisme: 'region',
|
type_organisme: 'association',
|
||||||
email: 'email@toto.com',
|
email: 'email@toto.com',
|
||||||
telephone: '1234',
|
telephone: '1234',
|
||||||
horaires: 'horaires',
|
horaires: 'horaires',
|
||||||
|
@ -30,7 +30,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
||||||
it { expect(Service.last.nom).to eq('super service') }
|
it { expect(Service.last.nom).to eq('super service') }
|
||||||
it { expect(Service.last.organisme).to eq('organisme') }
|
it { expect(Service.last.organisme).to eq('organisme') }
|
||||||
it { expect(Service.last.siret).to eq('01234567891234') }
|
it { expect(Service.last.siret).to eq('01234567891234') }
|
||||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
|
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
|
||||||
it { expect(Service.last.email).to eq('email@toto.com') }
|
it { expect(Service.last.email).to eq('email@toto.com') }
|
||||||
it { expect(Service.last.telephone).to eq('1234') }
|
it { expect(Service.last.telephone).to eq('1234') }
|
||||||
it { expect(Service.last.horaires).to eq('horaires') }
|
it { expect(Service.last.horaires).to eq('horaires') }
|
||||||
|
@ -49,7 +49,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
||||||
|
|
||||||
describe '#update' do
|
describe '#update' do
|
||||||
let!(:service) { create(:service, administrateur: admin) }
|
let!(:service) { create(:service, administrateur: admin) }
|
||||||
let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:region) } }
|
let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:association) } }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
sign_in admin
|
sign_in admin
|
||||||
|
@ -65,12 +65,12 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
||||||
it { expect(flash.alert).to be_nil }
|
it { expect(flash.alert).to be_nil }
|
||||||
it { expect(flash.notice).to eq('nom modifié') }
|
it { expect(flash.notice).to eq('nom modifié') }
|
||||||
it { expect(Service.last.nom).to eq('nom') }
|
it { expect(Service.last.nom).to eq('nom') }
|
||||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
|
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
|
||||||
it { expect(response).to redirect_to(services_path(procedure_id: procedure.id)) }
|
it { expect(response).to redirect_to(services_path(procedure_id: procedure.id)) }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when updating a service with invalid data' do
|
context 'when updating a service with invalid data' do
|
||||||
let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:region) } }
|
let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:association) } }
|
||||||
|
|
||||||
it { expect(flash.alert).not_to be_nil }
|
it { expect(flash.alert).not_to be_nil }
|
||||||
it { expect(response).to render_template(:edit) }
|
it { expect(response).to render_template(:edit) }
|
||||||
|
|
|
@ -40,6 +40,7 @@ describe Sessions::SessionsController, type: :controller do
|
||||||
@request.env["devise.mapping"] = Devise.mappings[:gestionnaire]
|
@request.env["devise.mapping"] = Devise.mappings[:gestionnaire]
|
||||||
|
|
||||||
allow_any_instance_of(described_class).to receive(:gestionnaire_signed_in?).and_return(true)
|
allow_any_instance_of(described_class).to receive(:gestionnaire_signed_in?).and_return(true)
|
||||||
|
allow_any_instance_of(described_class).to receive(:current_gestionnaire).and_return(gestionnaire)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'calls sign out for gestionnaire' do
|
it 'calls sign out for gestionnaire' do
|
||||||
|
|
|
@ -28,31 +28,15 @@ describe Users::SessionsController, type: :controller do
|
||||||
context 'when the device is not trusted' do
|
context 'when the device is not trusted' do
|
||||||
let(:trusted_device) { false }
|
let(:trusted_device) { false }
|
||||||
|
|
||||||
it 'redirects to the confirmation link path' do
|
it 'redirects to the root path' do
|
||||||
subject
|
subject
|
||||||
|
|
||||||
expect(controller).to redirect_to link_sent_path(email: email)
|
expect(controller).to redirect_to(root_path)
|
||||||
|
|
||||||
# do not know why, should be test related
|
|
||||||
expect(controller.current_user).to eq(user)
|
expect(controller.current_user).to eq(user)
|
||||||
|
expect(controller.current_gestionnaire).to eq(gestionnaire)
|
||||||
expect(controller.current_gestionnaire).to be(nil)
|
expect(controller.current_administrateur).to eq(administrateur)
|
||||||
expect(controller.current_administrateur).to be(nil)
|
expect(user.loged_in_with_france_connect).to eq(nil)
|
||||||
expect(user.loged_in_with_france_connect).to be(nil)
|
|
||||||
expect(GestionnaireMailer).to have_received(:send_login_token)
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'and the user try to connect multiple times in a short period' do
|
|
||||||
before do
|
|
||||||
allow_any_instance_of(Gestionnaire).to receive(:young_login_token?).and_return(true)
|
|
||||||
allow(GestionnaireMailer).to receive(:send_login_token)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'does not renew nor send a new login token' do
|
|
||||||
subject
|
|
||||||
|
|
||||||
expect(GestionnaireMailer).not_to have_received(:send_login_token)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -69,7 +53,6 @@ describe Users::SessionsController, type: :controller do
|
||||||
expect(controller.current_gestionnaire).to eq(gestionnaire)
|
expect(controller.current_gestionnaire).to eq(gestionnaire)
|
||||||
expect(controller.current_administrateur).to eq(administrateur)
|
expect(controller.current_administrateur).to eq(administrateur)
|
||||||
expect(user.loged_in_with_france_connect).to be(nil)
|
expect(user.loged_in_with_france_connect).to be(nil)
|
||||||
expect(GestionnaireMailer).not_to have_received(:send_login_token)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -192,17 +175,43 @@ describe Users::SessionsController, type: :controller do
|
||||||
describe '#sign_in_by_link' do
|
describe '#sign_in_by_link' do
|
||||||
context 'when the gestionnaire has non other account' do
|
context 'when the gestionnaire has non other account' do
|
||||||
let(:gestionnaire) { create(:gestionnaire) }
|
let(:gestionnaire) { create(:gestionnaire) }
|
||||||
let!(:good_jeton) { gestionnaire.login_token! }
|
let!(:good_jeton) { gestionnaire.create_trusted_device_token }
|
||||||
|
let(:logged) { false }
|
||||||
|
|
||||||
before do
|
before do
|
||||||
|
if logged
|
||||||
|
sign_in gestionnaire
|
||||||
|
end
|
||||||
allow(controller).to receive(:trust_device)
|
allow(controller).to receive(:trust_device)
|
||||||
|
allow(controller).to receive(:send_login_token_or_bufferize)
|
||||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when the gestionnaire is not logged in' do
|
||||||
|
context 'when the token is valid' do
|
||||||
|
let(:jeton) { good_jeton }
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to new_user_session_path }
|
||||||
|
it { expect(controller.current_gestionnaire).to be_nil }
|
||||||
|
it { expect(controller).to have_received(:trust_device) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the token is invalid' do
|
||||||
|
let(:jeton) { 'invalid_token' }
|
||||||
|
|
||||||
|
it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
|
||||||
|
it { expect(controller.current_gestionnaire).to be_nil }
|
||||||
|
it { expect(controller).not_to have_received(:trust_device) }
|
||||||
|
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the gestionnaire is logged in' do
|
||||||
|
let(:logged) { true }
|
||||||
|
|
||||||
context 'when the token is valid' do
|
context 'when the token is valid' do
|
||||||
let(:jeton) { good_jeton }
|
let(:jeton) { good_jeton }
|
||||||
|
|
||||||
# TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
|
|
||||||
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
||||||
it { is_expected.to redirect_to root_path }
|
it { is_expected.to redirect_to root_path }
|
||||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||||
|
@ -212,30 +221,11 @@ describe Users::SessionsController, type: :controller do
|
||||||
context 'when the token is invalid' do
|
context 'when the token is invalid' do
|
||||||
let(:jeton) { 'invalid_token' }
|
let(:jeton) { 'invalid_token' }
|
||||||
|
|
||||||
it { is_expected.to redirect_to new_user_session_path }
|
it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
|
||||||
it { expect(controller.current_gestionnaire).to be_nil }
|
|
||||||
it { expect(controller).not_to have_received(:trust_device) }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'when the gestionnaire has an user and admin account' do
|
|
||||||
let(:email) { 'unique@plop.com' }
|
|
||||||
let(:password) { 'un super mot de passe' }
|
|
||||||
|
|
||||||
let!(:user) { create(:user, email: email, password: password) }
|
|
||||||
let!(:administrateur) { create(:administrateur, email: email, password: password) }
|
|
||||||
let(:gestionnaire) { administrateur.gestionnaire }
|
|
||||||
|
|
||||||
before do
|
|
||||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'when the token is valid' do
|
|
||||||
let(:jeton) { gestionnaire.login_token! }
|
|
||||||
|
|
||||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||||
it { expect(controller.current_administrateur).to eq(administrateur) }
|
it { expect(controller).not_to have_received(:trust_device) }
|
||||||
it { expect(controller.current_user).to eq(user) }
|
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -249,16 +239,15 @@ describe Users::SessionsController, type: :controller do
|
||||||
|
|
||||||
context 'when the cookie is outdated' do
|
context 'when the cookie is outdated' do
|
||||||
before do
|
before do
|
||||||
Timecop.freeze(Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute)
|
emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
|
||||||
controller.trust_device
|
controller.trust_device(emission_date)
|
||||||
Timecop.return
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it { is_expected.to be false }
|
it { is_expected.to be false }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the cookie is ok' do
|
context 'when the cookie is ok' do
|
||||||
before { controller.trust_device }
|
before { controller.trust_device(Time.zone.now) }
|
||||||
|
|
||||||
it { is_expected.to be true }
|
it { is_expected.to be true }
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,7 +2,7 @@ FactoryBot.define do
|
||||||
factory :service do
|
factory :service do
|
||||||
nom { 'service' }
|
nom { 'service' }
|
||||||
organisme { 'organisme' }
|
organisme { 'organisme' }
|
||||||
type_organisme { Service.type_organismes.fetch(:commune) }
|
type_organisme { Service.type_organismes.fetch(:association) }
|
||||||
administrateur { create(:administrateur) }
|
administrateur { create(:administrateur) }
|
||||||
email { 'email@toto.com' }
|
email { 'email@toto.com' }
|
||||||
telephone { '1234' }
|
telephone { '1234' }
|
||||||
|
|
|
@ -392,44 +392,24 @@ describe Gestionnaire, type: :model do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#login_token_valid?' do
|
|
||||||
let!(:gestionnaire) { create(:gestionnaire) }
|
|
||||||
let!(:good_token) { gestionnaire.login_token! }
|
|
||||||
|
|
||||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be true }
|
|
||||||
it { expect(gestionnaire.login_token_valid?('bad_token')).to be false }
|
|
||||||
|
|
||||||
context 'when the token as expired' do
|
|
||||||
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
|
|
||||||
|
|
||||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be false }
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'when the gestionnaire does not have a token' do
|
|
||||||
before { gestionnaire.update(encrypted_login_token: nil) }
|
|
||||||
|
|
||||||
it { expect(gestionnaire.login_token_valid?(nil)).to be false }
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe '#young_login_token?' do
|
describe '#young_login_token?' do
|
||||||
let!(:gestionnaire) { create(:gestionnaire) }
|
let!(:gestionnaire) { create(:gestionnaire) }
|
||||||
|
|
||||||
context 'when there is a token' do
|
context 'when there is a token' do
|
||||||
let!(:good_token) { gestionnaire.login_token! }
|
let!(:good_token) { gestionnaire.create_trusted_device_token }
|
||||||
|
|
||||||
context 'when the token has just been created' do
|
context 'when the token has just been created' do
|
||||||
it { expect(gestionnaire.young_login_token?).to be true }
|
it { expect(gestionnaire.young_login_token?).to be true }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when the token is a bit old' do
|
context 'when the token is a bit old' do
|
||||||
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
before { gestionnaire.trusted_device_tokens.first.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
||||||
it { expect(gestionnaire.young_login_token?).to be false }
|
it { expect(gestionnaire.young_login_token?).to be false }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when there are no token' do
|
context 'when there are no token' do
|
||||||
it { expect(gestionnaire.young_login_token?).to be false }
|
it { expect(gestionnaire.young_login_token?).to be_falsey }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ describe Service, type: :model do
|
||||||
{
|
{
|
||||||
nom: 'service des jardins',
|
nom: 'service des jardins',
|
||||||
organisme: 'mairie des iles',
|
organisme: 'mairie des iles',
|
||||||
type_organisme: Service.type_organismes.fetch(:commune),
|
type_organisme: Service.type_organismes.fetch(:association),
|
||||||
email: 'super@email.com',
|
email: 'super@email.com',
|
||||||
telephone: '1212202',
|
telephone: '1212202',
|
||||||
horaires: 'du lundi au vendredi',
|
horaires: 'du lundi au vendredi',
|
||||||
|
|
29
spec/models/trusted_device_token_spec.rb
Normal file
29
spec/models/trusted_device_token_spec.rb
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
RSpec.describe TrustedDeviceToken, type: :model do
|
||||||
|
describe '#token_valid?' do
|
||||||
|
let(:token) { TrustedDeviceToken.create }
|
||||||
|
|
||||||
|
context 'when the token is create after login_token_validity' do
|
||||||
|
it { expect(token.token_valid?).to be true }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the token is create before login_token_validity' do
|
||||||
|
before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
|
||||||
|
|
||||||
|
it { expect(token.token_valid?).to be false }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe '#token_young?' do
|
||||||
|
let(:token) { TrustedDeviceToken.create }
|
||||||
|
|
||||||
|
context 'when the token is create after login_token_youth' do
|
||||||
|
it { expect(token.token_young?).to be true }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when the token is create before login_token_youth' do
|
||||||
|
before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
||||||
|
|
||||||
|
it { expect(token.token_young?).to be false }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue