Merge branch 'dev' into enforce-rubocop-timezone
This commit is contained in:
commit
cf610bbd91
22 changed files with 284 additions and 157 deletions
|
@ -1,12 +1,13 @@
|
|||
@import "colors";
|
||||
|
||||
.direct-upload {
|
||||
display: inline-block;
|
||||
position: relative;
|
||||
padding: 2px 4px;
|
||||
padding: 4px 15px;
|
||||
margin: 0 3px 3px 0;
|
||||
border: 1px solid rgba(0, 0, 0, 0.3);
|
||||
border: 1px solid $border-grey;
|
||||
border-radius: 3px;
|
||||
font-size: 11px;
|
||||
line-height: 13px;
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
.direct-upload--pending {
|
||||
|
|
|
@ -111,6 +111,10 @@
|
|||
}
|
||||
}
|
||||
|
||||
.direct-upload {
|
||||
margin-bottom: 2 * $default-padding;
|
||||
}
|
||||
|
||||
.add-row {
|
||||
margin-bottom: 2 * $default-padding;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
class ApplicationController < ActionController::Base
|
||||
include TrustedDeviceConcern
|
||||
|
||||
MAINTENANCE_MESSAGE = 'Le site est actuellement en maintenance. Il sera à nouveau disponible dans un court instant.'
|
||||
|
||||
# Prevent CSRF attacks by raising an exception.
|
||||
|
@ -6,6 +8,7 @@ class ApplicationController < ActionController::Base
|
|||
protect_from_forgery with: :exception, if: -> { !Rails.env.test? }
|
||||
before_action :load_navbar_left_pannel_partial_url
|
||||
before_action :set_raven_context
|
||||
before_action :redirect_if_untrusted
|
||||
before_action :authorize_request_for_profiler
|
||||
before_action :reject, if: -> { Flipflop.maintenance_mode? }
|
||||
|
||||
|
@ -151,4 +154,34 @@ class ApplicationController < ActionController::Base
|
|||
redirect_to root_path
|
||||
end
|
||||
end
|
||||
|
||||
def redirect_if_untrusted
|
||||
if gestionnaire_signed_in? &&
|
||||
sensitive_path &&
|
||||
current_gestionnaire.feature_enabled?(:enable_email_login_token) &&
|
||||
!trusted_device?
|
||||
|
||||
# return at this location
|
||||
# after the device is trusted
|
||||
store_location_for(:user, request.fullpath)
|
||||
|
||||
send_login_token_or_bufferize(current_gestionnaire)
|
||||
redirect_to link_sent_path(email: current_gestionnaire.email)
|
||||
end
|
||||
end
|
||||
|
||||
def sensitive_path
|
||||
path = request.path_info
|
||||
|
||||
if path == '/' ||
|
||||
path == '/users/sign_out' ||
|
||||
path.start_with?('/connexion-par-jeton') ||
|
||||
path.start_with?('/api/') ||
|
||||
path.start_with?('/lien-envoye')
|
||||
|
||||
false
|
||||
else
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,20 +23,7 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
current_user.update(loged_in_with_france_connect: nil)
|
||||
end
|
||||
|
||||
if gestionnaire_signed_in?
|
||||
if trusted_device? || !current_gestionnaire.feature_enabled?(:enable_email_login_token)
|
||||
set_flash_message :notice, :signed_in
|
||||
redirect_to after_sign_in_path_for(:user)
|
||||
else
|
||||
gestionnaire = current_gestionnaire
|
||||
|
||||
send_login_token_or_bufferize(gestionnaire)
|
||||
|
||||
[:user, :gestionnaire, :administrateur].each { |role| sign_out(role) }
|
||||
|
||||
redirect_to link_sent_path(email: gestionnaire.email)
|
||||
end
|
||||
elsif user_signed_in?
|
||||
if gestionnaire_signed_in? || user_signed_in?
|
||||
set_flash_message :notice, :signed_in
|
||||
redirect_to after_sign_in_path_for(:user)
|
||||
else
|
||||
|
@ -83,32 +70,35 @@ class Users::SessionsController < Sessions::SessionsController
|
|||
|
||||
def sign_in_by_link
|
||||
gestionnaire = Gestionnaire.find(params[:id])
|
||||
if gestionnaire&.login_token_valid?(params[:jeton])
|
||||
trust_device
|
||||
flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{TRUSTED_DEVICE_PERIOD.to_i / ActiveSupport::Duration::SECONDS_PER_DAY} jours."
|
||||
trusted_device_token = gestionnaire
|
||||
.trusted_device_tokens
|
||||
.find_by(token: params[:jeton])
|
||||
|
||||
user = User.find_by(email: gestionnaire.email)
|
||||
administrateur = Administrateur.find_by(email: gestionnaire.email)
|
||||
[user, gestionnaire, administrateur].compact.each { |resource| sign_in(resource) }
|
||||
if trusted_device_token&.token_valid?
|
||||
trust_device(trusted_device_token.created_at)
|
||||
|
||||
period = ((trusted_device_token.created_at + TRUSTED_DEVICE_PERIOD) - Time.zone.now).to_i / ActiveSupport::Duration::SECONDS_PER_DAY
|
||||
|
||||
flash.notice = "Merci d’avoir confirmé votre connexion. Votre navigateur est maintenant authentifié pour #{period} jours."
|
||||
|
||||
# redirect to procedure'url if stored by store_location_for(:user) in dossiers_controller
|
||||
# redirect to root_path otherwise
|
||||
redirect_to after_sign_in_path_for(:user)
|
||||
|
||||
if gestionnaire_signed_in?
|
||||
redirect_to after_sign_in_path_for(:user)
|
||||
else
|
||||
redirect_to new_user_session_path
|
||||
end
|
||||
else
|
||||
flash[:alert] = 'Votre lien est invalide ou expiré, veuillez-vous reconnecter.'
|
||||
redirect_to new_user_session_path
|
||||
flash[:alert] = 'Votre lien est invalide ou expiré, un nouveau vient de vous être envoyé.'
|
||||
|
||||
send_login_token_or_bufferize(gestionnaire)
|
||||
redirect_to link_sent_path(email: gestionnaire.email)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def send_login_token_or_bufferize(gestionnaire)
|
||||
if !gestionnaire.young_login_token?
|
||||
login_token = gestionnaire.login_token!
|
||||
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
|
||||
end
|
||||
end
|
||||
|
||||
def try_to_authenticate(klass, remember_me = false)
|
||||
resource = klass.find_for_database_authentication(email: params[:user][:email])
|
||||
|
||||
|
|
|
@ -4,10 +4,10 @@ module TrustedDeviceConcern
|
|||
TRUSTED_DEVICE_COOKIE_NAME = :trusted_device
|
||||
TRUSTED_DEVICE_PERIOD = 1.month
|
||||
|
||||
def trust_device
|
||||
def trust_device(start_at)
|
||||
cookies.encrypted[TRUSTED_DEVICE_COOKIE_NAME] = {
|
||||
value: JSON.generate({ created_at: Time.zone.now }),
|
||||
expires: TRUSTED_DEVICE_PERIOD,
|
||||
value: JSON.generate({ created_at: start_at }),
|
||||
expires: start_at + TRUSTED_DEVICE_PERIOD,
|
||||
httponly: true
|
||||
}
|
||||
end
|
||||
|
@ -17,6 +17,13 @@ module TrustedDeviceConcern
|
|||
(Time.zone.now - TRUSTED_DEVICE_PERIOD) < trusted_device_cookie_created_at
|
||||
end
|
||||
|
||||
def send_login_token_or_bufferize(gestionnaire)
|
||||
if !gestionnaire.young_login_token?
|
||||
login_token = gestionnaire.create_trusted_device_token
|
||||
GestionnaireMailer.send_login_token(gestionnaire, login_token).deliver_later
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def trusted_device_cookie_created_at
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
class Gestionnaire < ApplicationRecord
|
||||
include CredentialsSyncableConcern
|
||||
include EmailSanitizableConcern
|
||||
include ActiveRecord::SecureToken
|
||||
|
||||
LOGIN_TOKEN_VALIDITY = 45.minutes
|
||||
LOGIN_TOKEN_YOUTH = 15.minutes
|
||||
|
||||
devise :database_authenticatable, :registerable, :async,
|
||||
:recoverable, :rememberable, :trackable, :validatable
|
||||
|
@ -20,6 +16,7 @@ class Gestionnaire < ApplicationRecord
|
|||
has_many :followed_dossiers, through: :follows, source: :dossier
|
||||
has_many :avis
|
||||
has_many :dossiers_from_avis, through: :avis, source: :dossier
|
||||
has_many :trusted_device_tokens
|
||||
|
||||
def visible_procedures
|
||||
procedures.merge(Procedure.avec_lien.or(Procedure.archivees))
|
||||
|
@ -135,18 +132,9 @@ class Gestionnaire < ApplicationRecord
|
|||
Dossier.where(id: dossiers_id_with_notifications(dossiers)).group(:procedure_id).count
|
||||
end
|
||||
|
||||
def login_token!
|
||||
login_token = Gestionnaire.generate_unique_secure_token
|
||||
encrypted_login_token = BCrypt::Password.create(login_token)
|
||||
update(encrypted_login_token: encrypted_login_token, login_token_created_at: Time.zone.now)
|
||||
login_token
|
||||
end
|
||||
|
||||
def login_token_valid?(login_token)
|
||||
BCrypt::Password.new(encrypted_login_token) == login_token &&
|
||||
LOGIN_TOKEN_VALIDITY.ago < login_token_created_at
|
||||
rescue BCrypt::Errors::InvalidHash
|
||||
false
|
||||
def create_trusted_device_token
|
||||
trusted_device_token = trusted_device_tokens.create
|
||||
trusted_device_token.token
|
||||
end
|
||||
|
||||
def dossiers_id_with_notifications(dossiers)
|
||||
|
@ -213,8 +201,8 @@ class Gestionnaire < ApplicationRecord
|
|||
end
|
||||
|
||||
def young_login_token?
|
||||
login_token_created_at.present? &&
|
||||
LOGIN_TOKEN_YOUTH.ago < login_token_created_at
|
||||
trusted_device_token = trusted_device_tokens.order(created_at: :desc).first
|
||||
trusted_device_token&.token_young?
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -7,11 +7,10 @@ class Service < ApplicationRecord
|
|||
enum type_organisme: {
|
||||
administration_centrale: 'administration_centrale',
|
||||
association: 'association',
|
||||
commune: 'commune',
|
||||
departement: 'departement',
|
||||
collectivite_territoriale: 'collectivite_territoriale',
|
||||
etablissement_enseignement: 'etablissement_enseignement',
|
||||
prefecture: 'prefecture',
|
||||
region: 'region',
|
||||
operateur_d_etat: "operateur_d_etat",
|
||||
service_deconcentre_de_l_etat: 'service_deconcentre_de_l_etat',
|
||||
autre: 'autre'
|
||||
}
|
||||
|
||||
|
|
15
app/models/trusted_device_token.rb
Normal file
15
app/models/trusted_device_token.rb
Normal file
|
@ -0,0 +1,15 @@
|
|||
class TrustedDeviceToken < ApplicationRecord
|
||||
LOGIN_TOKEN_VALIDITY = 1.week
|
||||
LOGIN_TOKEN_YOUTH = 15.minutes
|
||||
|
||||
belongs_to :gestionnaire
|
||||
has_secure_token
|
||||
|
||||
def token_valid?
|
||||
LOGIN_TOKEN_VALIDITY.ago < created_at
|
||||
end
|
||||
|
||||
def token_young?
|
||||
LOGIN_TOKEN_YOUTH.ago < created_at
|
||||
end
|
||||
end
|
|
@ -75,18 +75,18 @@
|
|||
name: :save_draft,
|
||||
value: true,
|
||||
class: 'button send secondary',
|
||||
data: { disable: true }
|
||||
data: { 'disable-with': "Envoi en cours…" }
|
||||
|
||||
- if dossier.can_transition_to_en_construction?
|
||||
= f.button 'Soumettre le dossier',
|
||||
class: 'button send primary',
|
||||
disabled: !current_user.owns?(dossier),
|
||||
data: { disable: true }
|
||||
data: { 'disable-with': "Envoi en cours…" }
|
||||
|
||||
- else
|
||||
= f.button 'Enregistrer les modifications du dossier',
|
||||
class: 'button send primary',
|
||||
data: { disable: true }
|
||||
data: { 'disable-with': "Envoi en cours…" }
|
||||
|
||||
- if dossier.brouillon? && !current_user.owns?(dossier)
|
||||
.send-notice.invite-cannot-submit
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
= form.select :value,
|
||||
Champs::DepartementChamp.departements,
|
||||
include_blank: true,
|
||||
required: champ.mandatory?
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
fr:
|
||||
type_organisme:
|
||||
administration_centrale: 'administration centrale'
|
||||
association: 'association'
|
||||
commune: 'commune'
|
||||
departement: 'département'
|
||||
etablissement_enseignement: 'établissement d’enseignement'
|
||||
prefecture: 'préfecture'
|
||||
region: 'région'
|
||||
autre: 'autre'
|
||||
administration_centrale: 'Administration centrale'
|
||||
association: 'Association'
|
||||
collectivite_territoriale: 'Collectivité territoriale'
|
||||
etablissement_enseignement: 'Établissement d’enseignement'
|
||||
operateur_d_etat: "Opérateur d'État"
|
||||
service_deconcentre_de_l_etat: "Service déconcentré de l'État"
|
||||
autre: 'Autre'
|
||||
|
|
11
db/migrate/20190201164951_create_trusted_device_tokens.rb
Normal file
11
db/migrate/20190201164951_create_trusted_device_tokens.rb
Normal file
|
@ -0,0 +1,11 @@
|
|||
class CreateTrustedDeviceTokens < ActiveRecord::Migration[5.2]
|
||||
def change
|
||||
create_table :trusted_device_tokens do |t|
|
||||
t.string :token, null: false
|
||||
t.references :gestionnaire, foreign_key: true
|
||||
|
||||
t.timestamps
|
||||
end
|
||||
add_index :trusted_device_tokens, :token, unique: true
|
||||
end
|
||||
end
|
10
db/schema.rb
10
db/schema.rb
|
@ -520,6 +520,15 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
|
|||
t.string "version", null: false
|
||||
end
|
||||
|
||||
create_table "trusted_device_tokens", force: :cascade do |t|
|
||||
t.string "token", null: false
|
||||
t.bigint "gestionnaire_id"
|
||||
t.datetime "created_at", null: false
|
||||
t.datetime "updated_at", null: false
|
||||
t.index ["gestionnaire_id"], name: "index_trusted_device_tokens_on_gestionnaire_id"
|
||||
t.index ["token"], name: "index_trusted_device_tokens_on_token", unique: true
|
||||
end
|
||||
|
||||
create_table "types_de_champ", id: :serial, force: :cascade do |t|
|
||||
t.string "libelle"
|
||||
t.string "type_champ"
|
||||
|
@ -611,6 +620,7 @@ ActiveRecord::Schema.define(version: 2019_02_13_144145) do
|
|||
add_foreign_key "received_mails", "procedures"
|
||||
add_foreign_key "refused_mails", "procedures"
|
||||
add_foreign_key "services", "administrateurs"
|
||||
add_foreign_key "trusted_device_tokens", "gestionnaires"
|
||||
add_foreign_key "types_de_champ", "types_de_champ", column: "parent_id"
|
||||
add_foreign_key "without_continuation_mails", "procedures"
|
||||
end
|
||||
|
|
17
lib/tasks/2019_02_18_migrate_service_organisme.rake
Normal file
17
lib/tasks/2019_02_18_migrate_service_organisme.rake
Normal file
|
@ -0,0 +1,17 @@
|
|||
namespace :after_party do
|
||||
desc 'Deployment task: migrate service organisme'
|
||||
task migrate_service_organisme: :environment do
|
||||
table = {
|
||||
'commune': 'collectivite_territoriale',
|
||||
'departement': 'collectivite_territoriale',
|
||||
'region': 'collectivite_territoriale',
|
||||
'prefecture': 'service_deconcentre_de_l_etat'
|
||||
}
|
||||
|
||||
table.each do |(old_name, new_name)|
|
||||
Service.where(type_organisme: old_name).update_all(type_organisme: new_name)
|
||||
end
|
||||
|
||||
AfterParty::TaskRecord.create version: '20190201121252'
|
||||
end
|
||||
end
|
|
@ -9,6 +9,7 @@ describe ApplicationController, type: :controller do
|
|||
.map(&:filter)
|
||||
|
||||
expect(before_actions).to include(:set_raven_context)
|
||||
expect(before_actions).to include(:redirect_if_untrusted)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -145,4 +146,56 @@ describe ApplicationController, type: :controller do
|
|||
it { expect(flash[:alert]).to eq(ApplicationController::MAINTENANCE_MESSAGE) }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#redirect_if_unstrusted' do
|
||||
let(:current_gestionnaire) { create(:gestionnaire) }
|
||||
|
||||
before do
|
||||
allow(current_gestionnaire).to receive(:feature_enabled?).and_return(feature_enabled)
|
||||
allow(@controller).to receive(:current_gestionnaire).and_return(current_gestionnaire)
|
||||
|
||||
allow(@controller).to receive(:redirect_to)
|
||||
allow(@controller).to receive(:trusted_device?).and_return(trusted_device)
|
||||
allow(@controller).to receive(:gestionnaire_signed_in?).and_return(gestionnaire_signed_in)
|
||||
allow(@controller).to receive(:sensitive_path).and_return(sensitive_path)
|
||||
allow(@controller).to receive(:send_login_token_or_bufferize)
|
||||
allow(@controller).to receive(:store_location_for)
|
||||
end
|
||||
|
||||
subject { @controller.send(:redirect_if_untrusted) }
|
||||
|
||||
context 'when the path is sensitive' do
|
||||
let(:sensitive_path) { true }
|
||||
|
||||
context 'when the gestionnaire is signed_in' do
|
||||
let(:gestionnaire_signed_in) { true }
|
||||
|
||||
context 'when the feature is activated' do
|
||||
let(:feature_enabled) { true }
|
||||
|
||||
context 'when the device is trusted' do
|
||||
let(:trusted_device) { true }
|
||||
|
||||
before { subject }
|
||||
|
||||
it { expect(@controller).not_to have_received(:redirect_to) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the feature is activated' do
|
||||
let(:feature_enabled) { true }
|
||||
|
||||
context 'when the device is not trusted' do
|
||||
let(:trusted_device) { false }
|
||||
|
||||
before { subject }
|
||||
|
||||
it { expect(@controller).to have_received(:redirect_to) }
|
||||
it { expect(@controller).to have_received(:send_login_token_or_bufferize) }
|
||||
it { expect(@controller).to have_received(:store_location_for) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -15,7 +15,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
|||
nom: 'super service',
|
||||
organisme: 'organisme',
|
||||
siret: '01234567891234',
|
||||
type_organisme: 'region',
|
||||
type_organisme: 'association',
|
||||
email: 'email@toto.com',
|
||||
telephone: '1234',
|
||||
horaires: 'horaires',
|
||||
|
@ -30,7 +30,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
|||
it { expect(Service.last.nom).to eq('super service') }
|
||||
it { expect(Service.last.organisme).to eq('organisme') }
|
||||
it { expect(Service.last.siret).to eq('01234567891234') }
|
||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
|
||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
|
||||
it { expect(Service.last.email).to eq('email@toto.com') }
|
||||
it { expect(Service.last.telephone).to eq('1234') }
|
||||
it { expect(Service.last.horaires).to eq('horaires') }
|
||||
|
@ -49,7 +49,7 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
|||
|
||||
describe '#update' do
|
||||
let!(:service) { create(:service, administrateur: admin) }
|
||||
let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:region) } }
|
||||
let(:service_params) { { nom: 'nom', type_organisme: Service.type_organismes.fetch(:association) } }
|
||||
|
||||
before do
|
||||
sign_in admin
|
||||
|
@ -65,12 +65,12 @@ describe NewAdministrateur::ServicesController, type: :controller do
|
|||
it { expect(flash.alert).to be_nil }
|
||||
it { expect(flash.notice).to eq('nom modifié') }
|
||||
it { expect(Service.last.nom).to eq('nom') }
|
||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:region)) }
|
||||
it { expect(Service.last.type_organisme).to eq(Service.type_organismes.fetch(:association)) }
|
||||
it { expect(response).to redirect_to(services_path(procedure_id: procedure.id)) }
|
||||
end
|
||||
|
||||
context 'when updating a service with invalid data' do
|
||||
let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:region) } }
|
||||
let(:service_params) { { nom: '', type_organisme: Service.type_organismes.fetch(:association) } }
|
||||
|
||||
it { expect(flash.alert).not_to be_nil }
|
||||
it { expect(response).to render_template(:edit) }
|
||||
|
|
|
@ -40,6 +40,7 @@ describe Sessions::SessionsController, type: :controller do
|
|||
@request.env["devise.mapping"] = Devise.mappings[:gestionnaire]
|
||||
|
||||
allow_any_instance_of(described_class).to receive(:gestionnaire_signed_in?).and_return(true)
|
||||
allow_any_instance_of(described_class).to receive(:current_gestionnaire).and_return(gestionnaire)
|
||||
end
|
||||
|
||||
it 'calls sign out for gestionnaire' do
|
||||
|
|
|
@ -28,31 +28,15 @@ describe Users::SessionsController, type: :controller do
|
|||
context 'when the device is not trusted' do
|
||||
let(:trusted_device) { false }
|
||||
|
||||
it 'redirects to the confirmation link path' do
|
||||
it 'redirects to the root path' do
|
||||
subject
|
||||
|
||||
expect(controller).to redirect_to link_sent_path(email: email)
|
||||
expect(controller).to redirect_to(root_path)
|
||||
|
||||
# do not know why, should be test related
|
||||
expect(controller.current_user).to eq(user)
|
||||
|
||||
expect(controller.current_gestionnaire).to be(nil)
|
||||
expect(controller.current_administrateur).to be(nil)
|
||||
expect(user.loged_in_with_france_connect).to be(nil)
|
||||
expect(GestionnaireMailer).to have_received(:send_login_token)
|
||||
end
|
||||
|
||||
context 'and the user try to connect multiple times in a short period' do
|
||||
before do
|
||||
allow_any_instance_of(Gestionnaire).to receive(:young_login_token?).and_return(true)
|
||||
allow(GestionnaireMailer).to receive(:send_login_token)
|
||||
end
|
||||
|
||||
it 'does not renew nor send a new login token' do
|
||||
subject
|
||||
|
||||
expect(GestionnaireMailer).not_to have_received(:send_login_token)
|
||||
end
|
||||
expect(controller.current_gestionnaire).to eq(gestionnaire)
|
||||
expect(controller.current_administrateur).to eq(administrateur)
|
||||
expect(user.loged_in_with_france_connect).to eq(nil)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -69,7 +53,6 @@ describe Users::SessionsController, type: :controller do
|
|||
expect(controller.current_gestionnaire).to eq(gestionnaire)
|
||||
expect(controller.current_administrateur).to eq(administrateur)
|
||||
expect(user.loged_in_with_france_connect).to be(nil)
|
||||
expect(GestionnaireMailer).not_to have_received(:send_login_token)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -192,50 +175,57 @@ describe Users::SessionsController, type: :controller do
|
|||
describe '#sign_in_by_link' do
|
||||
context 'when the gestionnaire has non other account' do
|
||||
let(:gestionnaire) { create(:gestionnaire) }
|
||||
let!(:good_jeton) { gestionnaire.login_token! }
|
||||
let!(:good_jeton) { gestionnaire.create_trusted_device_token }
|
||||
let(:logged) { false }
|
||||
|
||||
before do
|
||||
if logged
|
||||
sign_in gestionnaire
|
||||
end
|
||||
allow(controller).to receive(:trust_device)
|
||||
allow(controller).to receive(:send_login_token_or_bufferize)
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:jeton) { good_jeton }
|
||||
context 'when the gestionnaire is not logged in' do
|
||||
context 'when the token is valid' do
|
||||
let(:jeton) { good_jeton }
|
||||
|
||||
# TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
|
||||
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
||||
it { is_expected.to redirect_to root_path }
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
it { is_expected.to redirect_to new_user_session_path }
|
||||
it { expect(controller.current_gestionnaire).to be_nil }
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
end
|
||||
|
||||
context 'when the token is invalid' do
|
||||
let(:jeton) { 'invalid_token' }
|
||||
|
||||
it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
|
||||
it { expect(controller.current_gestionnaire).to be_nil }
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the token is invalid' do
|
||||
let(:jeton) { 'invalid_token' }
|
||||
context 'when the gestionnaire is logged in' do
|
||||
let(:logged) { true }
|
||||
|
||||
it { is_expected.to redirect_to new_user_session_path }
|
||||
it { expect(controller.current_gestionnaire).to be_nil }
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
end
|
||||
end
|
||||
context 'when the token is valid' do
|
||||
let(:jeton) { good_jeton }
|
||||
|
||||
context 'when the gestionnaire has an user and admin account' do
|
||||
let(:email) { 'unique@plop.com' }
|
||||
let(:password) { 'un super mot de passe' }
|
||||
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
||||
it { is_expected.to redirect_to root_path }
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller).to have_received(:trust_device) }
|
||||
end
|
||||
|
||||
let!(:user) { create(:user, email: email, password: password) }
|
||||
let!(:administrateur) { create(:administrateur, email: email, password: password) }
|
||||
let(:gestionnaire) { administrateur.gestionnaire }
|
||||
context 'when the token is invalid' do
|
||||
let(:jeton) { 'invalid_token' }
|
||||
|
||||
before do
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:jeton) { gestionnaire.login_token! }
|
||||
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller.current_administrateur).to eq(administrateur) }
|
||||
it { expect(controller.current_user).to eq(user) }
|
||||
it { is_expected.to redirect_to link_sent_path(email: gestionnaire.email) }
|
||||
it { expect(controller.current_gestionnaire).to eq(gestionnaire) }
|
||||
it { expect(controller).not_to have_received(:trust_device) }
|
||||
it { expect(controller).to have_received(:send_login_token_or_bufferize) }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -249,16 +239,15 @@ describe Users::SessionsController, type: :controller do
|
|||
|
||||
context 'when the cookie is outdated' do
|
||||
before do
|
||||
Timecop.freeze(Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute)
|
||||
controller.trust_device
|
||||
Timecop.return
|
||||
emission_date = Time.zone.now - TrustedDeviceConcern::TRUSTED_DEVICE_PERIOD - 1.minute
|
||||
controller.trust_device(emission_date)
|
||||
end
|
||||
|
||||
it { is_expected.to be false }
|
||||
end
|
||||
|
||||
context 'when the cookie is ok' do
|
||||
before { controller.trust_device }
|
||||
before { controller.trust_device(Time.zone.now) }
|
||||
|
||||
it { is_expected.to be true }
|
||||
end
|
||||
|
|
|
@ -2,7 +2,7 @@ FactoryBot.define do
|
|||
factory :service do
|
||||
nom { 'service' }
|
||||
organisme { 'organisme' }
|
||||
type_organisme { Service.type_organismes.fetch(:commune) }
|
||||
type_organisme { Service.type_organismes.fetch(:association) }
|
||||
administrateur { create(:administrateur) }
|
||||
email { 'email@toto.com' }
|
||||
telephone { '1234' }
|
||||
|
|
|
@ -392,44 +392,24 @@ describe Gestionnaire, type: :model do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#login_token_valid?' do
|
||||
let!(:gestionnaire) { create(:gestionnaire) }
|
||||
let!(:good_token) { gestionnaire.login_token! }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be true }
|
||||
it { expect(gestionnaire.login_token_valid?('bad_token')).to be false }
|
||||
|
||||
context 'when the token as expired' do
|
||||
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be false }
|
||||
end
|
||||
|
||||
context 'when the gestionnaire does not have a token' do
|
||||
before { gestionnaire.update(encrypted_login_token: nil) }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(nil)).to be false }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#young_login_token?' do
|
||||
let!(:gestionnaire) { create(:gestionnaire) }
|
||||
|
||||
context 'when there is a token' do
|
||||
let!(:good_token) { gestionnaire.login_token! }
|
||||
let!(:good_token) { gestionnaire.create_trusted_device_token }
|
||||
|
||||
context 'when the token has just been created' do
|
||||
it { expect(gestionnaire.young_login_token?).to be true }
|
||||
end
|
||||
|
||||
context 'when the token is a bit old' do
|
||||
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
||||
before { gestionnaire.trusted_device_tokens.first.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
||||
it { expect(gestionnaire.young_login_token?).to be false }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when there are no token' do
|
||||
it { expect(gestionnaire.young_login_token?).to be false }
|
||||
it { expect(gestionnaire.young_login_token?).to be_falsey }
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ describe Service, type: :model do
|
|||
{
|
||||
nom: 'service des jardins',
|
||||
organisme: 'mairie des iles',
|
||||
type_organisme: Service.type_organismes.fetch(:commune),
|
||||
type_organisme: Service.type_organismes.fetch(:association),
|
||||
email: 'super@email.com',
|
||||
telephone: '1212202',
|
||||
horaires: 'du lundi au vendredi',
|
||||
|
|
29
spec/models/trusted_device_token_spec.rb
Normal file
29
spec/models/trusted_device_token_spec.rb
Normal file
|
@ -0,0 +1,29 @@
|
|||
RSpec.describe TrustedDeviceToken, type: :model do
|
||||
describe '#token_valid?' do
|
||||
let(:token) { TrustedDeviceToken.create }
|
||||
|
||||
context 'when the token is create after login_token_validity' do
|
||||
it { expect(token.token_valid?).to be true }
|
||||
end
|
||||
|
||||
context 'when the token is create before login_token_validity' do
|
||||
before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
|
||||
|
||||
it { expect(token.token_valid?).to be false }
|
||||
end
|
||||
end
|
||||
|
||||
describe '#token_young?' do
|
||||
let(:token) { TrustedDeviceToken.create }
|
||||
|
||||
context 'when the token is create after login_token_youth' do
|
||||
it { expect(token.token_young?).to be true }
|
||||
end
|
||||
|
||||
context 'when the token is create before login_token_youth' do
|
||||
before { token.update(created_at: (TrustedDeviceToken::LOGIN_TOKEN_YOUTH + 1.minute).ago) }
|
||||
|
||||
it { expect(token.token_young?).to be false }
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue