ca17524559
AC will return two different sub depending of the domain demarches.gouv.fr or ds. Both agent_connect_information are stored and the corresponding instructeur is found by its email. We do not store anymore the agent_connect_id on the instructeur as the are many.
71 lines
2.1 KiB
Ruby
71 lines
2.1 KiB
Ruby
# doc: https://github.com/france-connect/Documentation-AgentConnect
|
|
class AgentConnect::AgentController < ApplicationController
|
|
before_action :redirect_to_login_if_fc_aborted, only: [:callback]
|
|
before_action :check_state, only: [:callback]
|
|
|
|
STATE_COOKIE_NAME = :agentConnect_state
|
|
NONCE_COOKIE_NAME = :agentConnect_nonce
|
|
|
|
def index
|
|
end
|
|
|
|
def login
|
|
uri, state, nonce = AgentConnectService.authorization_uri
|
|
|
|
cookies.encrypted[STATE_COOKIE_NAME] = state
|
|
cookies.encrypted[NONCE_COOKIE_NAME] = nonce
|
|
|
|
redirect_to uri, allow_other_host: true
|
|
end
|
|
|
|
def callback
|
|
user_info, id_token = AgentConnectService.user_info(params[:code], cookies.encrypted[NONCE_COOKIE_NAME])
|
|
cookies.delete NONCE_COOKIE_NAME
|
|
|
|
instructeur = Instructeur.find_by(users: { email: santized_email(user_info) })
|
|
|
|
if instructeur.nil?
|
|
user = User.create_or_promote_to_instructeur(santized_email(user_info), Devise.friendly_token[0, 20])
|
|
instructeur = user.instructeur
|
|
end
|
|
|
|
instructeur.update(agent_connect_id_token: id_token)
|
|
|
|
aci = AgentConnectInformation.find_or_initialize_by(instructeur:, sub: user_info['sub'])
|
|
aci.update(user_info.slice('given_name', 'usual_name', 'email', 'sub', 'siret', 'organizational_unit', 'belonging_population', 'phone'))
|
|
|
|
sign_in(:user, instructeur.user)
|
|
|
|
redirect_to instructeur_procedures_path
|
|
|
|
rescue Rack::OAuth2::Client::Error => e
|
|
Rails.logger.error e.message
|
|
redirect_france_connect_error_connection
|
|
end
|
|
|
|
private
|
|
|
|
def santized_email(user_info)
|
|
user_info['email'].strip.downcase
|
|
end
|
|
|
|
def redirect_to_login_if_fc_aborted
|
|
if params[:code].blank?
|
|
redirect_to new_user_session_path
|
|
end
|
|
end
|
|
|
|
def redirect_france_connect_error_connection
|
|
flash.alert = t('errors.messages.france_connect.connexion')
|
|
redirect_to(new_user_session_path)
|
|
end
|
|
|
|
def check_state
|
|
if cookies.encrypted[STATE_COOKIE_NAME] != params[:state]
|
|
flash.alert = t('errors.messages.france_connect.connexion')
|
|
redirect_to(new_user_session_path)
|
|
else
|
|
cookies.delete STATE_COOKIE_NAME
|
|
end
|
|
end
|
|
end
|