diff --git a/app/controllers/users/profil_controller.rb b/app/controllers/users/profil_controller.rb
index 945718935..ebd75c278 100644
--- a/app/controllers/users/profil_controller.rb
+++ b/app/controllers/users/profil_controller.rb
@@ -4,6 +4,7 @@ module Users
before_action :find_transfers, only: [:show, :renew_api_token]
def show
+ @france_connect_informations = FranceConnectInformation.where(user: current_user)
end
def renew_api_token
@@ -57,6 +58,17 @@ module Users
redirect_to profil_path
end
+ def destroy_fci
+ fci = FranceConnectInformation
+ .where(user: current_user)
+ .find(params[:fci_id])
+
+ fci.destroy!
+ flash.notice = "Le compte FranceConnect de « #{fci.full_name} » ne peut plus accéder à vos dossiers"
+
+ redirect_to profil_path
+ end
+
private
def find_transfers
diff --git a/app/views/users/profil/show.html.haml b/app/views/users/profil/show.html.haml
index 6ed9ed874..28cc0b435 100644
--- a/app/views/users/profil/show.html.haml
+++ b/app/views/users/profil/show.html.haml
@@ -76,3 +76,17 @@
class: "fr-btn fr-btn--secondary",
data: { confirm: "Confirmez-vous la regénération de votre jeton ? Les applications qui l’utilisent actuellement seront bloquées.",
disable: true }
+
+ - if @france_connect_informations.present?
+ .card
+ .card-title= t('.identities', count: @france_connect_informations.count, application_name: APPLICATION_NAME)
+ %p= t('.linked_identities', count: @france_connect_informations.count, application_name: APPLICATION_NAME)
+ %ul
+ - @france_connect_informations.each do |fci|
+ %li
+ #{fci.given_name} #{fci.family_name} (#{fci.email_france_connect})
+ = link_to 'Interdire l’accès',
+ france_connect_information_path(fci_id: fci.id),
+ method: :delete,
+ data: { confirm: t('.unlink_confirmation', full_name: fci.full_name) },
+ class: 'fr-btn fr-btn--secondary fr-ml-2w'
diff --git a/config/locales/views/users/profil/fr.yml b/config/locales/views/users/profil/fr.yml
index 9e6432dcb..89a1fd8e2 100644
--- a/config/locales/views/users/profil/fr.yml
+++ b/config/locales/views/users/profil/fr.yml
@@ -21,6 +21,13 @@ fr:
Si ce n’est pas votre cas, contactez le support :
%{contact_email}
+ identities:
+ one: Identité FranceConnect
+ other: Identités FranceConnect
+ linked_identities:
+ one: 'Votre compte sur %{application_name} est actuellement lié à l’identité suivante :'
+ other: 'Votre compte sur %{application_name} est actuellement lié aux %{count} identité suivantes :'
+ unlink_confirmation: 'le compte FranceConnect « %{full_name} » ne pourra plus accéder à vos dossiers.'
ensure_update_email_is_authorized:
email_not_allowed: "L’email %{requested_email} ne peut être utilisé, contactez le support : %{contact_email}"
transfer_all_dossiers:
diff --git a/config/routes.rb b/config/routes.rb
index b5e57770f..ddc213422 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -311,6 +311,7 @@ Rails.application.routes.draw do
post 'transfer_all_dossiers' => 'profil#transfer_all_dossiers'
post 'accept_merge' => 'profil#accept_merge'
post 'refuse_merge' => 'profil#refuse_merge'
+ delete 'france_connect_information' => 'profil#destroy_fci'
end
#
diff --git a/spec/controllers/users/profil_controller_spec.rb b/spec/controllers/users/profil_controller_spec.rb
index 06e2961c7..8a43e6389 100644
--- a/spec/controllers/users/profil_controller_spec.rb
+++ b/spec/controllers/users/profil_controller_spec.rb
@@ -188,4 +188,17 @@ describe Users::ProfilController, type: :controller do
expect(response).to redirect_to(profil_path)
end
end
+
+ context 'DELETE #destroy_fci' do
+ let!(:fci) { create(:france_connect_information, user: user) }
+
+ subject { delete :destroy_fci, params: { fci_id: fci.id } }
+
+ it do
+ expect(FranceConnectInformation.where(user: user).count).to eq(1)
+ subject
+ expect(FranceConnectInformation.where(user: user).count).to eq(0)
+ expect(response).to redirect_to(profil_path)
+ end
+ end
end