Merge branch 'dev' into enforce-rubocop-timezone

app/assets/stylesheets/new_design/direct_uploads.scss

@@ -1,12 +1,13 @@
+@import "colors";
+
 .direct-upload {
   display: inline-block;
   position: relative;
-  padding: 2px 4px;
+  padding: 4px 15px;
   margin: 0 3px 3px 0;
-  border: 1px solid rgba(0, 0, 0, 0.3);
+  border: 1px solid $border-grey;
   border-radius: 3px;
-  font-size: 11px;
+  font-size: 14px;
-  line-height: 13px;
 }
 
 .direct-upload--pending {

app/assets/stylesheets/new_design/forms.scss

@@ -111,6 +111,10 @@
     }
   }
 
+  .direct-upload {
+    margin-bottom: 2 * $default-padding;
+  }
+
   .add-row {
     margin-bottom: 2 * $default-padding;
   }

app/controllers/application_controller.rb

@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  include TrustedDeviceConcern
+
   MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
 
   # Prevent CSRF attacks by raising an exception.
@@ -6,6 +8,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
   before_action :load_navbar_left_pannel_partial_url
   before_action :set_raven_context
+  before_action :redirect_if_untrusted
   before_action :authorize_request_for_profiler
   before_action :reject, if: -> { Flipflop.maintenance_mode? }
 
@@ -151,4 +154,34 @@ class ApplicationController < ActionController::Base
       redirect_to root_path
     end
   end
+
+  def redirect_if_untrusted
+    if gestionnaire_signed_in? &&
+        sensitive_path &&
+        current_gestionnaire.feature_enabled?(:enable_email_login_token) &&
+        !trusted_device?
+
+      # return at this location
+      # after the device is trusted
+      store_location_for(:user, request.fullpath)
+
+      send_login_token_or_bufferize(current_gestionnaire)
+      redirect_to link_sent_path(email: current_gestionnaire.email)
+    end
+  end
+
+  def sensitive_path
+    path = request.path_info
+
+    if path == '/' ||
+      path == '/users/sign_out' ||
+      path.start_with?('/connexion-par-jeton') ||
+      path.start_with?('/api/') ||
+      path.start_with?('/lien-envoye')
+
+      false
+    else
+      true
+    end
+  end
 end

app/controllers/users/sessions_controller.rb

@@ -23,20 +23,7 @@ class Users::SessionsController < Sessions::SessionsController
       current_user.update(loged_in_with_france_connect: nil)
     end
 
-    if gestionnaire_signed_in?
+    if gestionnaire_signed_in? || user_signed_in?
-      if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
-        set_flash_message :notice, :signed_in
-        redirect_to after_sign_in_path_for(:user)
-      else
-        gestionnaire = current_gestionnaire
-
-        send_login_token_or_bufferize(gestionnaire)
-
-        [:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
-
-        redirect_to link_sent_path(email: gestionnaire.email)
-      end
-    elsif user_signed_in?
       set_flash_message :notice, :signed_in
       redirect_to after_sign_in_path_for(:user)
     else
@@ -83,32 +70,35 @@ class Users::SessionsController < Sessions::SessionsController
 
   def sign_in_by_link
     gestionnaire = Gestionnaire.find(params[:id])
-    if gestionnaire&.login_token_valid?(params[:jeton])
+    trusted_device_token = gestionnaire
-      trust_device
+      .trusted_device_tokens
-      flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
+      .find_by(token: params[:jeton])
 
-      user = User.find_by(email: gestionnaire.email)
+    if trusted_device_token&.token_valid?
-      administrateur = Administrateur.find_by(email: gestionnaire.email)
+      trust_device(trusted_device_token.created_at)
-      [user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
+
+      period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
+
+      flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
 
       # redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
       # redirect to root_path otherwise
+
+      if gestionnaire_signed_in?
         redirect_to after_sign_in_path_for(:user)
       else
-      flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
         redirect_to new_user_session_path
       end
+    else
+      flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
+
+      send_login_token_or_bufferize(gestionnaire)
+      redirect_to link_sent_path(email: gestionnaire.email)
+    end
   end
 
   private
 
-  def send_login_token_or_bufferize(gestionnaire)
-    if !gestionnaire.young_login_token?
-      login_token = gestionnaire.login_token!
-      GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
-    end
-  end
-
   def try_to_authenticate(klass, remember_me = false)
     resource = klass.find_for_database_authentication(email: params[:user][:email])
 

app/models/concerns/trusted_device_concern.rb

@@ -4,10 +4,10 @@ module TrustedDeviceConcern
   TRUSTED_DEVICE_COOKIE_NAME = :trusted_device
   TRUSTED_DEVICE_PERIOD = 1.month
 
-  def trust_device
+  def trust_device(start_at)
     cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
-      value: JSON.generate({ created_at: Time.zone.now }),
+      value: JSON.generate({ created_at: start_at }),
-      expires: TRUSTED_DEVICE_PERIOD,
+      expires: start_at + TRUSTED_DEVICE_PERIOD,
       httponly: true
     }
   end
@@ -17,6 +17,13 @@ module TrustedDeviceConcern
       (Time.zone.now - TRUSTED_DEVICE_PERIOD) < trusted_device_cookie_created_at
   end
 
+  def send_login_token_or_bufferize(gestionnaire)
+    if !gestionnaire.young_login_token?
+      login_token = gestionnaire.create_trusted_device_token
+      GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
+    end
+  end
+
   private
 
   def trusted_device_cookie_created_at

app/models/gestionnaire.rb

@@ -1,10 +1,6 @@
 class Gestionnaire < ApplicationRecord
   include CredentialsSyncableConcern
   include EmailSanitizableConcern
-  include ActiveRecord::SecureToken
-
-  LOGIN_TOKEN_VALIDITY = 45.minutes
-  LOGIN_TOKEN_YOUTH = 15.minutes
 
   devise :database_authenticatable, :registerable, :async,
     :recoverable, :rememberable, :trackable, :validatable
@@ -20,6 +16,7 @@ class Gestionnaire < ApplicationRecord
   has_many :followed_dossiers, through: :follows, source: :dossier
   has_many :avis
   has_many :dossiers_from_avis, through: :avis, source: :dossier
+  has_many :trusted_device_tokens
 
   def visible_procedures
     procedures.merge(Procedure.avec_lien.or(Procedure.archivees))
@@ -135,18 +132,9 @@ class Gestionnaire < ApplicationRecord
     Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
   end
 
-  def login_token!
+  def create_trusted_device_token
-    login_token = Gestionnaire.generate_unique_secure_token
+    trusted_device_token = trusted_device_tokens.create
-    encrypted_login_token = BCrypt::Password.create(login_token)
+    trusted_device_token.token
-    update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
-    login_token
-  end
-
-  def login_token_valid?(login_token)
-    BCrypt::Password.new(encrypted_login_token) == login_token &&
-      LOGIN_TOKEN_VALIDITY.ago < login_token_created_at
-  rescue BCrypt::Errors::InvalidHash
-    false
   end
 
   def dossiers_id_with_notifications(dossiers)
@@ -213,8 +201,8 @@ class Gestionnaire < ApplicationRecord
   end
 
   def young_login_token?
-    login_token_created_at.present? &&
+    trusted_device_token = trusted_device_tokens.order(created_at: :desc).first
-      LOGIN_TOKEN_YOUTH.ago < login_token_created_at
+    trusted_device_token&.token_young?
   end
 
   private

app/models/service.rb

@@ -7,11 +7,10 @@ class Service < ApplicationRecord
   enum type_organisme: {
     administration_centrale: 'administration_centrale',
     association: 'association',
-    commune: 'commune',
+    collectivite_territoriale: 'collectivite_territoriale',
-    departement: 'departement',
     etablissement_enseignement: 'etablissement_enseignement',
-    prefecture: 'prefecture',
+    operateur_d_etat: "operateur_d_etat",
-    region: 'region',
+    service_deconcentre_de_l_etat: 'service_deconcentre_de_l_etat',
     autre: 'autre'
   }
 

app/models/trusted_device_token.rb

@@ -0,0 +1,15 @@
+class TrustedDeviceToken < ApplicationRecord
+  LOGIN_TOKEN_VALIDITY = 1.week
+  LOGIN_TOKEN_YOUTH = 15.minutes
+
+  belongs_to :gestionnaire
+  has_secure_token
+
+  def token_valid?
+    LOGIN_TOKEN_VALIDITY.ago < created_at
+  end
+
+  def token_young?
+    LOGIN_TOKEN_YOUTH.ago < created_at
+  end
+end

app/views/shared/dossiers/_edit.html.haml

@@ -75,18 +75,18 @@
             name: :save_draft,
             value: true,
             class: 'button send secondary',
-            data: { disable: true }
+            data: { 'disable-with': "Envoi en cours…" }
 
           - if dossier.can_transition_to_en_construction?
             = f.button 'Soumettre le dossier',
               class: 'button send primary',
               disabled: !current_user.owns?(dossier),
-              data: { disable: true }
+              data: { 'disable-with': "Envoi en cours…" }
 
         - else
           = f.button 'Enregistrer les modifications du dossier',
             class: 'button send primary',
-            data: { disable: true }
+            data: { 'disable-with': "Envoi en cours…" }
 
       - if dossier.brouillon? && !current_user.owns?(dossier)
         .send-notice.invite-cannot-submit

app/views/shared/dossiers/editable_champs/_departements.html.haml

@@ -1,3 +1,4 @@
 = form.select :value,
   Champs::DepartementChamp.departements,
+  include_blank: true,
   required: champ.mandatory?

config/locales/models/service/fr.yml

@@ -1,10 +1,9 @@
 fr:
   type_organisme:
-    administration_centrale: 'administration centrale'
+    administration_centrale: 'Administration centrale'
-    association: 'association'
+    association: 'Association'
-    commune: 'commune'
+    collectivite_territoriale: 'Collectivité territoriale'
-    departement: 'département'
+    etablissement_enseignement: 'Établissement d’enseignement'
-    etablissement_enseignement: 'établissement d’enseignement'
+    operateur_d_etat: "Opérateur d'État"
-    prefecture: 'préfecture'
+    service_deconcentre_de_l_etat: "Service déconcentré de l'État"
-    region: 'région'
+    autre: 'Autre'
-    autre: 'autre'

db/migrate/20190201164951_create_trusted_device_tokens.rb

@@ -0,0 +1,11 @@
+class CreateTrustedDeviceTokens < ActiveRecord::Migration[5.2]
+  def change
+    create_table :trusted_device_tokens do |t|
+      t.string :token, null: false
+      t.references :gestionnaire, foreign_key: true
+
+      t.timestamps
+    end
+    add_index :trusted_device_tokens, :token, unique: true
+  end
+end

db/schema.rb

@@ -520,6 +520,15 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
     t.string "version", null: false
   end
 
+  create_table "trusted_device_tokens", force: :cascade do |t|
+    t.string "token", null: false
+    t.bigint "gestionnaire_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["gestionnaire_id"], name: "index_trusted_device_tokens_on_gestionnaire_id"
+    t.index ["token"], name: "index_trusted_device_tokens_on_token", unique: true
+  end
+
   create_table "types_de_champ", id: :serial, force: :cascade do |t|
     t.string "libelle"
     t.string "type_champ"
@@ -611,6 +620,7 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
   add_foreign_key "received_mails", "procedures"
   add_foreign_key "refused_mails", "procedures"
   add_foreign_key "services", "administrateurs"
+  add_foreign_key "trusted_device_tokens", "gestionnaires"
   add_foreign_key "types_de_champ", "types_de_champ", column: "parent_id"
   add_foreign_key "without_continuation_mails", "procedures"
 end

lib/tasks/2019_02_18_migrate_service_organisme.rake

@@ -0,0 +1,17 @@
+namespace :after_party do
+  desc 'Deployment task:  migrate service organisme'
+  task migrate_service_organisme: :environment do
+    table = {
+      'commune': 'collectivite_territoriale',
+      'departement': 'collectivite_territoriale',
+      'region': 'collectivite_territoriale',
+      'prefecture': 'service_deconcentre_de_l_etat'
+    }
+
+    table.each do |(old_name, new_name)|
+      Service.where(type_organisme: old_name).update_all(type_organisme: new_name)
+    end
+
+    AfterParty::TaskRecord.create version: '20190201121252'
+  end
+end

spec/controllers/application_controller_spec.rb

@@ -9,6 +9,7 @@ describe ApplicationController, type: :controller do
         .map(&:filter)
 
       expect(before_actions).to include(:set_raven_context)
+      expect(before_actions).to include(:redirect_if_untrusted)
     end
   end
 
@@ -145,4 +146,56 @@ describe ApplicationController, type: :controller do
       it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
     end
   end
+
+  describe '#redirect_if_unstrusted' do
+    let(:current_gestionnaire) { create(:gestionnaire) }
+
+    before do
+      allow(current_gestionnaire).to receive(:feature_enabled?).and_return(feature_enabled)
+      allow(@controller).to receive(:current_gestionnaire).and_return(current_gestionnaire)
+
+      allow(@controller).to receive(:redirect_to)
+      allow(@controller).to receive(:trusted_device?).and_return(trusted_device)
+      allow(@controller).to receive(:gestionnaire_signed_in?).and_return(gestionnaire_signed_in)
+      allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
+      allow(@controller).to receive(:send_login_token_or_bufferize)
+      allow(@controller).to receive(:store_location_for)
+    end
+
+    subject { @controller.send(:redirect_if_untrusted) }
+
+    context 'when the path is sensitive' do
+      let(:sensitive_path) { true }
+
+      context 'when the gestionnaire is signed_in' do
+        let(:gestionnaire_signed_in) { true }
+
+        context 'when the feature is activated' do
+          let(:feature_enabled) { true }
+
+          context 'when the device is trusted' do
+            let(:trusted_device) { true }
+
+            before { subject }
+
+            it { expect(@controller).not_to have_received(:redirect_to) }
+          end
+        end
+
+        context 'when the feature is activated' do
+          let(:feature_enabled) { true }
+
+          context 'when the device is not trusted' do
+            let(:trusted_device) { false }
+
+            before { subject }
+
+            it { expect(@controller).to have_received(:redirect_to) }
+            it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
+            it { expect(@controller).to have_received(:store_location_for) }
+          end
+        end
+      end
+    end
+  end
 end

spec/controllers/new_administrateur/services_controller_spec.rb

@@ -15,7 +15,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
             nom: 'super service',
             organisme: 'organisme',
             siret: '01234567891234',
-            type_organisme: 'region',
+            type_organisme: 'association',
             email: 'email@toto.com',
             telephone: '1234',
             horaires: 'horaires',
@@ -30,7 +30,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
       it { expect(Service.last.nom).to eq('super service') }
       it { expect(Service.last.organisme).to eq('organisme') }
       it { expect(Service.last.siret).to eq('01234567891234') }
-      it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
+      it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
       it { expect(Service.last.email).to eq('email@toto.com') }
       it { expect(Service.last.telephone).to eq('1234') }
       it { expect(Service.last.horaires).to eq('horaires') }
@@ -49,7 +49,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
 
   describe '#update' do
     let!(:service) { create(:service, administrateur: admin) }
-    let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:region) } }
+    let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:association) } }
 
     before do
       sign_in admin
@@ -65,12 +65,12 @@ describe NewAdministrateur::ServicesController, type: :controller do
       it { expect(flash.alert).to be_nil }
       it { expect(flash.notice).to eq('nom modifié') }
       it { expect(Service.last.nom).to eq('nom') }
-      it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
+      it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
       it { expect(response).to redirect_to(services_path(procedure_id: procedure.id)) }
     end
 
     context 'when updating a service with invalid data' do
-      let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:region) } }
+      let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:association) } }
 
       it { expect(flash.alert).not_to be_nil }
       it { expect(response).to render_template(:edit) }

spec/controllers/sessions/sessions_controller_spec.rb

@@ -40,6 +40,7 @@ describe Sessions::SessionsController, type: :controller do
       @request.env["devise.mapping"] = Devise.mappings[:gestionnaire]
 
       allow_any_instance_of(described_class).to receive(:gestionnaire_signed_in?).and_return(true)
+      allow_any_instance_of(described_class).to receive(:current_gestionnaire).and_return(gestionnaire)
     end
 
     it 'calls sign out for gestionnaire' do

spec/controllers/users/sessions_controller_spec.rb

@@ -28,31 +28,15 @@ describe Users::SessionsController, type: :controller do
       context 'when the device is not trusted' do
         let(:trusted_device) { false }
 
-        it 'redirects to the confirmation link path' do
+        it 'redirects to the root path' do
           subject
 
-          expect(controller).to redirect_to link_sent_path(email: email)
+          expect(controller).to redirect_to(root_path)
 
-          # do not know why, should be test related
           expect(controller.current_user).to eq(user)
-
+          expect(controller.current_gestionnaire).to eq(gestionnaire)
-          expect(controller.current_gestionnaire).to be(nil)
+          expect(controller.current_administrateur).to eq(administrateur)
-          expect(controller.current_administrateur).to be(nil)
+          expect(user.loged_in_with_france_connect).to eq(nil)
-          expect(user.loged_in_with_france_connect).to be(nil)
-          expect(GestionnaireMailer).to have_received(:send_login_token)
-        end
-
-        context 'and the user try to connect multiple times in a short period' do
-          before do
-            allow_any_instance_of(Gestionnaire).to receive(:young_login_token?).and_return(true)
-            allow(GestionnaireMailer).to receive(:send_login_token)
-          end
-
-          it 'does not renew nor send a new login token' do
-            subject
-
-            expect(GestionnaireMailer).not_to have_received(:send_login_token)
-          end
         end
       end
 
@@ -69,7 +53,6 @@ describe Users::SessionsController, type: :controller do
           expect(controller.current_gestionnaire).to eq(gestionnaire)
           expect(controller.current_administrateur).to eq(administrateur)
           expect(user.loged_in_with_france_connect).to be(nil)
-          expect(GestionnaireMailer).not_to have_received(:send_login_token)
         end
       end
 
@@ -192,17 +175,43 @@ describe Users::SessionsController, type: :controller do
   describe '#sign_in_by_link' do
     context 'when the gestionnaire has non other account' do
       let(:gestionnaire) { create(:gestionnaire) }
-      let!(:good_jeton) { gestionnaire.login_token! }
+      let!(:good_jeton) { gestionnaire.create_trusted_device_token }
+      let(:logged) { false }
 
       before do
+        if logged
+          sign_in gestionnaire
+        end
         allow(controller).to receive(:trust_device)
+        allow(controller).to receive(:send_login_token_or_bufferize)
         post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
       end
 
+      context 'when the gestionnaire is not logged in' do
+        context 'when the token is valid' do
+          let(:jeton) { good_jeton }
+
+          it { is_expected.to redirect_to new_user_session_path }
+          it { expect(controller.current_gestionnaire).to be_nil }
+          it { expect(controller).to have_received(:trust_device) }
+        end
+
+        context 'when the token is invalid' do
+          let(:jeton) { 'invalid_token' }
+
+          it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
+          it { expect(controller.current_gestionnaire).to be_nil }
+          it { expect(controller).not_to have_received(:trust_device) }
+          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
+        end
+      end
+
+      context 'when the gestionnaire is logged in' do
+        let(:logged) { true }
+
         context 'when the token is valid' do
           let(:jeton) { good_jeton }
 
-        # TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
           # redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
           it { is_expected.to redirect_to root_path }
           it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
@@ -212,30 +221,11 @@ describe Users::SessionsController, type: :controller do
         context 'when the token is invalid' do
           let(:jeton) { 'invalid_token' }
 
-        it { is_expected.to redirect_to new_user_session_path }
+          it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
-        it { expect(controller.current_gestionnaire).to be_nil }
-        it { expect(controller).not_to have_received(:trust_device) }
-      end
-    end
-
-    context 'when the gestionnaire has an user and admin account' do
-      let(:email) { 'unique@plop.com' }
-      let(:password) { 'un super mot de passe' }
-
-      let!(:user) { create(:user, email: email, password: password) }
-      let!(:administrateur) { create(:administrateur, email: email, password: password) }
-      let(:gestionnaire) { administrateur.gestionnaire }
-
-      before do
-        post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
-      end
-
-      context 'when the token is valid' do
-        let(:jeton) { gestionnaire.login_token! }
-
           it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
-        it { expect(controller.current_administrateur).to eq(administrateur) }
+          it { expect(controller).not_to have_received(:trust_device) }
-        it { expect(controller.current_user).to eq(user) }
+          it { expect(controller).to have_received(:send_login_token_or_bufferize) }
+        end
       end
     end
   end
@@ -249,16 +239,15 @@ describe Users::SessionsController, type: :controller do
 
     context 'when the cookie is outdated' do
       before do
-        Timecop.freeze(Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute)
+        emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
-        controller.trust_device
+        controller.trust_device(emission_date)
-        Timecop.return
       end
 
       it { is_expected.to be false }
     end
 
     context 'when the cookie is ok' do
-      before { controller.trust_device }
+      before { controller.trust_device(Time.zone.now) }
 
       it { is_expected.to be true }
     end

spec/factories/service.rb

@@ -2,7 +2,7 @@ FactoryBot.define do
   factory :service do
     nom { 'service' }
     organisme { 'organisme' }
-    type_organisme { Service.type_organismes.fetch(:commune) }
+    type_organisme { Service.type_organismes.fetch(:association) }
     administrateur { create(:administrateur) }
     email { 'email@toto.com' }
     telephone { '1234' }

spec/models/gestionnaire_spec.rb

@@ -392,44 +392,24 @@ describe Gestionnaire, type: :model do
     end
   end
 
-  describe '#login_token_valid?' do
-    let!(:gestionnaire) { create(:gestionnaire) }
-    let!(:good_token) { gestionnaire.login_token! }
-
-    it { expect(gestionnaire.login_token_valid?(good_token)).to be true }
-    it { expect(gestionnaire.login_token_valid?('bad_token')).to be false }
-
-    context 'when the token as expired' do
-      before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
-
-      it { expect(gestionnaire.login_token_valid?(good_token)).to be false }
-    end
-
-    context 'when the gestionnaire does not have a token' do
-      before { gestionnaire.update(encrypted_login_token: nil) }
-
-      it { expect(gestionnaire.login_token_valid?(nil)).to be false }
-    end
-  end
-
   describe '#young_login_token?' do
     let!(:gestionnaire) { create(:gestionnaire) }
 
     context 'when there is a token' do
-      let!(:good_token) { gestionnaire.login_token! }
+      let!(:good_token) { gestionnaire.create_trusted_device_token }
 
       context 'when the token has just been created' do
         it { expect(gestionnaire.young_login_token?).to be true }
       end
 
       context 'when the token is a bit old' do
-        before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
+        before { gestionnaire.trusted_device_tokens.first.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
         it { expect(gestionnaire.young_login_token?).to be false }
       end
     end
 
     context 'when there are no token' do
-      it { expect(gestionnaire.young_login_token?).to be false }
+      it { expect(gestionnaire.young_login_token?).to be_falsey }
     end
   end
 

spec/models/service_spec.rb

@@ -5,7 +5,7 @@ describe Service, type: :model do
       {
         nom: 'service des jardins',
         organisme: 'mairie des iles',
-        type_organisme: Service.type_organismes.fetch(:commune),
+        type_organisme: Service.type_organismes.fetch(:association),
         email: 'super@email.com',
         telephone: '1212202',
         horaires: 'du lundi au vendredi',

spec/models/trusted_device_token_spec.rb

@@ -0,0 +1,29 @@
+RSpec.describe TrustedDeviceToken, type: :model do
+  describe '#token_valid?' do
+    let(:token) { TrustedDeviceToken.create }
+
+    context 'when the token is create after login_token_validity' do
+      it { expect(token.token_valid?).to be true }
+    end
+
+    context 'when the token is create before login_token_validity' do
+      before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
+
+      it { expect(token.token_valid?).to be false }
+    end
+  end
+
+  describe '#token_young?' do
+    let(:token) { TrustedDeviceToken.create }
+
+    context 'when the token is create after login_token_youth' do
+      it { expect(token.token_young?).to be true }
+    end
+
+    context 'when the token is create before login_token_youth' do
+      before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
+
+      it { expect(token.token_young?).to be false }
+    end
+  end
+end