From e12dbe7aad60be66a6adcfc42c6747cb4be74dae Mon Sep 17 00:00:00 2001 From: simon lehericey Date: Thu, 11 Jan 2024 10:44:19 +0100 Subject: [PATCH] use email_merge_token in email merge --- .../france_connect/particulier_controller.rb | 24 +++++++++++++++++-- .../particulier_controller_spec.rb | 2 ++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/app/controllers/france_connect/particulier_controller.rb b/app/controllers/france_connect/particulier_controller.rb index ffe24c883..99829f90c 100644 --- a/app/controllers/france_connect/particulier_controller.rb +++ b/app/controllers/france_connect/particulier_controller.rb @@ -1,6 +1,7 @@ class FranceConnect::ParticulierController < ApplicationController before_action :redirect_to_login_if_fc_aborted, only: [:callback] - before_action :securely_retrieve_fci, only: [:merge, :merge_with_existing_account, :merge_with_new_account, :mail_merge_with_existing_account, :resend_and_renew_merge_confirmation] + before_action :securely_retrieve_fci, only: [:merge, :merge_with_existing_account, :merge_with_new_account, :resend_and_renew_merge_confirmation] + before_action :securely_retrieve_fci_from_email_merge_token, only: [:mail_merge_with_existing_account] def login if FranceConnectService.enabled? @@ -96,14 +97,33 @@ class FranceConnect::ParticulierController < ApplicationController end def resend_and_renew_merge_confirmation + @fci.create_email_merge_token! + UserMailer.france_connect_merge_confirmation( + @fci.email_france_connect, + @fci.email_merge_token, + @fci.email_merge_token_created_at + ) + .deliver_later + merge_token = @fci.create_merge_token! - UserMailer.france_connect_merge_confirmation(@fci.email_france_connect, merge_token, @fci.merge_token_created_at).deliver_later redirect_to france_connect_particulier_merge_path(merge_token), notice: t('france_connect.particulier.flash.confirmation_mail_sent') end private + def securely_retrieve_fci_from_email_merge_token + @fci = FranceConnectInformation.find_by(email_merge_token: email_merge_token_params) + + if @fci.nil? || !@fci.valid_for_email_merge? + flash.alert = t('france_connect.particulier.flash.merger_token_expired', application_name: APPLICATION_NAME) + + redirect_to root_path + else + @fci.delete_email_merge_token! + end + end + def securely_retrieve_fci @fci = FranceConnectInformation.find_by(merge_token: merge_token_params) diff --git a/spec/controllers/france_connect/particulier_controller_spec.rb b/spec/controllers/france_connect/particulier_controller_spec.rb index d09d24ac9..8383e259a 100644 --- a/spec/controllers/france_connect/particulier_controller_spec.rb +++ b/spec/controllers/france_connect/particulier_controller_spec.rb @@ -281,6 +281,7 @@ describe FranceConnect::ParticulierController, type: :controller do expect(fci.user).to eq(user) expect(fci.merge_token).to be_nil + expect(fci.email_merge_token).to be_nil expect(controller.current_user).to eq(user) expect(flash[:notice]).to eq("Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés") end @@ -371,6 +372,7 @@ describe FranceConnect::ParticulierController, type: :controller do let(:merge_token) { fci.create_merge_token! } it 'renew token' do expect { post :resend_and_renew_merge_confirmation, params: { merge_token: merge_token } }.to change { fci.reload.merge_token } + expect(fci.email_merge_token).to be_present expect(response).to redirect_to(france_connect_particulier_merge_path(fci.reload.merge_token)) end end