feat(FranceConnect): list and allow to unlink FC identities

2022-11-07 17:18:42 +01:00 · 2022-11-07 17:18:42 +01:00 · db3ebfa6d2
commit db3ebfa6d2
parent 840e913f50
5 changed files with 47 additions and 0 deletions
--- a/app/controllers/users/profil_controller.rb
+++ b/app/controllers/users/profil_controller.rb
@ -4,6 +4,7 @@ module Users
    before_action :find_transfers, only: [:show, :renew_api_token]

    def show
+      @france_connect_informations = FranceConnectInformation.where(user: current_user)
    end

    def renew_api_token
@ -57,6 +58,17 @@ module Users
      redirect_to profil_path
    end

+    def destroy_fci
+      fci = FranceConnectInformation
+        .where(user: current_user)
+        .find(params[:fci_id])
+
+      fci.destroy!
+      flash.notice = "Le compte FranceConnect de « #{fci.full_name} » ne peut plus accéder à vos dossiers"
+
+      redirect_to profil_path
+    end
+
    private

    def find_transfers
--- a/app/views/users/profil/show.html.haml
+++ b/app/views/users/profil/show.html.haml
@ -76,3 +76,17 @@
        class: "fr-btn fr-btn--secondary",
        data: { confirm: "Confirmez-vous la regénération de votre jeton ? Les applications qui l’utilisent actuellement seront bloquées.",
                disable: true }
+
+  - if @france_connect_informations.present?
+    .card
+      .card-title= t('.identities', count: @france_connect_informations.count, application_name: APPLICATION_NAME)
+      %p= t('.linked_identities', count: @france_connect_informations.count, application_name: APPLICATION_NAME)
+      %ul
+        - @france_connect_informations.each do |fci|
+          %li
+            #{fci.given_name} #{fci.family_name} (#{fci.email_france_connect})
+            = link_to 'Interdire l’accès',
+              france_connect_information_path(fci_id: fci.id),
+              method: :delete,
+              data: { confirm: t('.unlink_confirmation', full_name: fci.full_name) },
+              class: 'fr-btn fr-btn--secondary fr-ml-2w'
--- a/config/locales/views/users/profil/fr.yml
+++ b/config/locales/views/users/profil/fr.yml
@ -21,6 +21,13 @@ fr:
          <br>
          Si ce n’est pas votre cas, contactez le support&nbsp;:
          <a href="mailto:%{contact_email}">%{contact_email}</a>
+        identities:
+          one: Identité FranceConnect
+          other: Identités FranceConnect
+        linked_identities:
+          one: 'Votre compte sur %{application_name} est actuellement lié à l’identité suivante :'
+          other: 'Votre compte sur %{application_name} est actuellement lié aux %{count} identité suivantes :'
+        unlink_confirmation: 'le compte FranceConnect « %{full_name} » ne pourra plus accéder à vos dossiers.'
      ensure_update_email_is_authorized:
        email_not_allowed: "L’email %{requested_email} ne peut être utilisé, contactez le support : <a href='mailto:%{contact_email}'>%{contact_email}</a>"
      transfer_all_dossiers:
--- a/config/routes.rb
+++ b/config/routes.rb
@ -311,6 +311,7 @@ Rails.application.routes.draw do
    post 'transfer_all_dossiers' => 'profil#transfer_all_dossiers'
    post 'accept_merge' => 'profil#accept_merge'
    post 'refuse_merge' => 'profil#refuse_merge'
+    delete 'france_connect_information' => 'profil#destroy_fci'
  end

  #
--- a/spec/controllers/users/profil_controller_spec.rb
+++ b/spec/controllers/users/profil_controller_spec.rb
@ -188,4 +188,17 @@ describe Users::ProfilController, type: :controller do
      expect(response).to redirect_to(profil_path)
    end
  end
+
+  context 'DELETE #destroy_fci' do
+    let!(:fci) { create(:france_connect_information, user: user) }
+
+    subject { delete :destroy_fci, params: { fci_id: fci.id } }
+
+    it do
+      expect(FranceConnectInformation.where(user: user).count).to eq(1)
+      subject
+      expect(FranceConnectInformation.where(user: user).count).to eq(0)
+      expect(response).to redirect_to(profil_path)
+    end
+  end
 end