Merge pull request #3249 from betagouv/add_missing_login_test
Add missing login test
This commit is contained in:
commit
fcc76c1d36
3 changed files with 26 additions and 2 deletions
|
@ -3,6 +3,8 @@ class Gestionnaire < ApplicationRecord
|
|||
include EmailSanitizableConcern
|
||||
include ActiveRecord::SecureToken
|
||||
|
||||
LOGIN_TOKEN_VALIDITY = 30.minutes
|
||||
|
||||
devise :database_authenticatable, :registerable, :async,
|
||||
:recoverable, :rememberable, :trackable, :validatable
|
||||
|
||||
|
@ -141,7 +143,7 @@ class Gestionnaire < ApplicationRecord
|
|||
|
||||
def login_token_valid?(login_token)
|
||||
BCrypt::Password.new(encrypted_login_token) == login_token &&
|
||||
30.minutes.ago < login_token_created_at
|
||||
LOGIN_TOKEN_VALIDITY.ago < login_token_created_at
|
||||
rescue BCrypt::Errors::InvalidHash
|
||||
false
|
||||
end
|
||||
|
|
|
@ -253,13 +253,15 @@ describe Users::SessionsController, type: :controller do
|
|||
describe '#sign_in_by_link' do
|
||||
context 'when the gestionnaire has non other account' do
|
||||
let(:gestionnaire) { create(:gestionnaire) }
|
||||
let!(:good_jeton) { gestionnaire.login_token! }
|
||||
|
||||
before do
|
||||
allow(controller).to receive(:trust_device)
|
||||
post :sign_in_by_link, params: { id: gestionnaire.id, jeton: jeton }
|
||||
end
|
||||
|
||||
context 'when the token is valid' do
|
||||
let(:jeton) { gestionnaire.login_token! }
|
||||
let(:jeton) { good_jeton }
|
||||
|
||||
# TODO when the gestionnaire has no other account, and the token is valid, and the user signing in was not starting a demarche,
|
||||
# redirect to root_path, then redirect to gestionnaire_procedures_path (see root_controller)
|
||||
|
|
|
@ -393,6 +393,26 @@ describe Gestionnaire, type: :model do
|
|||
end
|
||||
end
|
||||
|
||||
describe '#login_token_valid?' do
|
||||
let!(:gestionnaire) { create(:gestionnaire) }
|
||||
let!(:good_token) { gestionnaire.login_token! }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be true }
|
||||
it { expect(gestionnaire.login_token_valid?('bad_token')).to be false }
|
||||
|
||||
context 'when the token as expired' do
|
||||
before { gestionnaire.update(login_token_created_at: (Gestionnaire::LOGIN_TOKEN_VALIDITY + 1.minute).ago) }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(good_token)).to be false }
|
||||
end
|
||||
|
||||
context 'when the gestionnaire does not have a token' do
|
||||
before { gestionnaire.update(encrypted_login_token: nil) }
|
||||
|
||||
it { expect(gestionnaire.login_token_valid?(nil)).to be false }
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def assign(procedure_to_assign)
|
||||
|
|
Loading…
Reference in a new issue