From dbf04dd0d8c2faa7f56350d5a50afd388ea77f92 Mon Sep 17 00:00:00 2001 From: Christophe Robillard Date: Tue, 5 May 2020 16:06:18 +0200 Subject: [PATCH] make api entreprise call only if token not expired --- app/lib/api_entreprise/api.rb | 1 + .../users/dossiers_controller_spec.rb | 13 +++++++++++- spec/lib/api_entreprise/api_spec.rb | 21 +++++++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/app/lib/api_entreprise/api.rb b/app/lib/api_entreprise/api.rb index 1b8790d2c..884cb1a3c 100644 --- a/app/lib/api_entreprise/api.rb +++ b/app/lib/api_entreprise/api.rb @@ -60,6 +60,7 @@ class ApiEntreprise::API private def self.call(resource_name, siret_or_siren, procedure_id, user_id = nil) + return if ApiEntrepriseToken.new(token_for_procedure(procedure_id)).expired? url = url(resource_name, siret_or_siren) params = params(siret_or_siren, procedure_id, user_id) diff --git a/spec/controllers/users/dossiers_controller_spec.rb b/spec/controllers/users/dossiers_controller_spec.rb index 5de3592da..ad0bdae98 100644 --- a/spec/controllers/users/dossiers_controller_spec.rb +++ b/spec/controllers/users/dossiers_controller_spec.rb @@ -230,6 +230,8 @@ describe Users::DossiersController, type: :controller do let(:api_entreprise_bilans_bdf_status) { 200 } let(:api_entreprise_bilans_bdf_body) { File.read('spec/fixtures/files/api_entreprise/bilans_entreprise_bdf.json') } + let(:token_expired) { false } + def stub_api_entreprise_requests stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/etablissements\/#{siret}?.*token=/) .to_return(status: api_etablissement_status, body: api_etablissement_body) @@ -258,8 +260,9 @@ describe Users::DossiersController, type: :controller do before do sign_in(user) stub_api_entreprise_requests - allow_any_instance_of(Procedure).to receive(:api_entreprise_roles) + allow_any_instance_of(ApiEntrepriseToken).to receive(:roles) .and_return(["attestations_fiscales", "attestations_sociales", "bilans_entreprise_bdf"]) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(token_expired) end before { Timecop.freeze(Time.zone.local(2020, 3, 14)) } after { Timecop.return } @@ -316,6 +319,14 @@ describe Users::DossiersController, type: :controller do it_behaves_like 'the request fails with an error', I18n.t('errors.messages.siret_unknown') end + context 'when default token has expired' do + let(:api_etablissement_status) { 200 } + let(:api_body_status) { '' } + let(:token_expired) { true } + + it_behaves_like 'the request fails with an error', I18n.t('errors.messages.siret_unknown') + end + context 'when the API returns no Entreprise' do let(:api_entreprise_status) { 404 } let(:api_entreprise_body) { '' } diff --git a/spec/lib/api_entreprise/api_spec.rb b/spec/lib/api_entreprise/api_spec.rb index b1d485d2e..3914fffbd 100644 --- a/spec/lib/api_entreprise/api_spec.rb +++ b/spec/lib/api_entreprise/api_spec.rb @@ -9,6 +9,7 @@ describe ApiEntreprise::API do before do stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/entreprises\/#{siren}?.*token=#{token}/) .to_return(status: status, body: body) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) end context 'when the service is unavailable' do @@ -78,6 +79,7 @@ describe ApiEntreprise::API do before do stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/etablissements\/#{siret}?.*non_diffusables=true&.*token=/) .to_return(status: status, body: body) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) end context 'when siret does not exist' do @@ -105,6 +107,7 @@ describe ApiEntreprise::API do before do stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/exercices\/.*token=/) .to_return(status: status, body: body) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) end context 'when siret does not exist' do @@ -136,6 +139,7 @@ describe ApiEntreprise::API do before do stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/associations\/.*token=/) .to_return(status: status, body: body) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) end subject { described_class.rna(siren, procedure_id) } @@ -167,6 +171,7 @@ describe ApiEntreprise::API do before do allow_any_instance_of(ApiEntrepriseToken).to receive(:roles).and_return(roles) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_sociales_acoss\/#{siren}?.*token=/) .to_return(body: body, status: status) end @@ -195,6 +200,7 @@ describe ApiEntreprise::API do before do allow_any_instance_of(ApiEntrepriseToken).to receive(:roles).and_return(roles) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/attestations_fiscales_dgfip\/#{siren}?.*token=#{token}&user_id=#{user_id}/) .to_return(body: body, status: status) end @@ -222,6 +228,7 @@ describe ApiEntreprise::API do before do allow_any_instance_of(ApiEntrepriseToken).to receive(:roles).and_return(roles) + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(false) stub_request(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/bilans_entreprises_bdf\/#{siren}?.*token=#{token}/) .to_return(body: body, status: status) end @@ -240,4 +247,18 @@ describe ApiEntreprise::API do it { expect(subject).to eq(JSON.parse(body, symbolize_names: true)) } end end + + describe 'with expired token' do + let(:siren) { '111111111' } + subject { described_class.entreprise(siren, procedure_id) } + + before do + allow_any_instance_of(ApiEntrepriseToken).to receive(:expired?).and_return(true) + end + + it 'makes no call to api-entreprise' do + subject + expect(WebMock).not_to have_requested(:get, /https:\/\/entreprise.api.gouv.fr\/v2\/entreprises\/#{siren}?.*token=#{token}/) + end + end end