demarches-normaliennes/app/controllers/users/confirmations_controller.rb
Sébastien Carceles 20136b7ac8
feat(demarche): create and prefill a dossier with POST request (#8233)
* add base controller for public api

* add dossiers controller with basic checks

* create the dossier

* ensure content-type is json

* prefill dossier with given values

* mark a dossier as prefilled

When a dossier is prefilled, it's allowed not to have a user.

Plus, we add a secure token to the dossier, which we will need later to set a
user after sign in / sign up.

* set user as owner of an orphan prefilled dossier

When a visitor comes from the dossier_url answered by the public api,
the dossier is orphan:
- when the user is already authenticated: they become the owner
- when the user is not authenticated: they can sign in / sign up / france_connect
and then they become the owner

So here is the procedure:
- allow to sign in / sign up / france connect when user is unauthenticated
- set dossier ownership when the dossier is orphan
- check dossier ownership when the dossier is not
- redirect to brouillon path when user is signed in and owner

* mark the dossier as prefilled when it's prefilled
(even with a GET request, because it will be useful later on, for
exmample in order to cleanup the unused prefilled dossiers)

* system spec: prefilling dossier with post request
2023-01-03 14:46:10 +01:00

60 lines
1.7 KiB
Ruby

# frozen_string_literal: true
class Users::ConfirmationsController < Devise::ConfirmationsController
# GET /resource/confirmation/new
def new
# Allow displaying the user email in the message
self.resource = resource_class.new(email: user_email_param)
end
# POST /resource/confirmation
# def create
# super
# end
# GET /resource/confirmation?confirmation_token=abcdef
# def show
# super
# end
# protected
def user_email_param
params.permit(user: :email).dig(:user, :email)
end
# The path used after resending confirmation instructions.
# def after_resending_confirmation_instructions_path_for(resource_name)
# super(resource_name)
# end
# If the user clicks the confirmation link before the maximum delay,
# they will be signed in directly.
def sign_in_after_confirmation?(resource)
# Avoid keeping auto-sign-in links in users inboxes for too long.
# 95% of users confirm their account within two hours.
auto_sign_in_timeout = 2.hours
resource.confirmation_sent_at + auto_sign_in_timeout > Time.zone.now
end
# The path used after confirmation.
def after_confirmation_path_for(resource_name, resource)
if sign_in_after_confirmation?(resource)
resource.remember_me = true
sign_in(resource)
end
if procedure_from_params
commencer_path(path: procedure_from_params.path, prefill_token: params[:prefill_token])
elsif signed_in?
# Will try to use `stored_location_for` to find a path
after_sign_in_path_for(resource_name)
else
super(resource_name, resource)
end
end
def procedure_from_params
params[:procedure_id] && Procedure.find_by(id: params[:procedure_id])
end
end