Merge branch 'devpf' into masterpf

govpf · Nov 22, 2021 · dda6e4d · dda6e4d
2 parents 269755f + 2869842
commit dda6e4d
Show file tree

Hide file tree

Showing 128 changed files with 2,041 additions and 215 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -515,7 +515,7 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.13.0)
     public_suffix (4.0.6)
-    puma (5.4.0)
+    puma (5.5.1)
       nio4r (~> 2.0)
     pundit (2.1.0)
       activesupport (>= 3.0.0)

diff --git a/app/assets/images/header/logo-md-wide.png b/app/assets/images/header/logo-md-wide.png
diff --git a/app/assets/stylesheets/cnaf.scss b/app/assets/stylesheets/cnaf.scss
@@ -0,0 +1,30 @@
+@import "constants";
+@import "colors";
+
+table.cnaf {
+  margin: 2 * $default-padding 0 $default-padding $default-padding;
+  width: 100%;
+
+  caption {
+    font-weight: bold;
+    margin-left: - $default-padding;
+    margin-bottom: $default-spacer;
+    text-align: left;
+  }
+
+  th,
+  td {
+    font-weight: normal;
+    padding: $default-spacer;
+  }
+
+  th.text-right {
+    text-align: right;
+  }
+
+  &.horizontal {
+    th {
+      border-bottom: 1px solid $grey;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/forms.scss b/app/assets/stylesheets/forms.scss
@@ -340,6 +340,7 @@
   }
 
   input[type=email],
+  input[type=password],
   input[type=number],
   input[type=tel], {
     max-width: 500px;
@@ -493,6 +494,17 @@
     }
   }
 
+  .cnaf-inputs {
+    display: flex;
+    flex-wrap: wrap;
+    justify-content: space-between;
+    max-width: 700px;
+
+    input {
+      width: inherit;
+    }
+  }
+
   input.aa-input,
   input.aa-hint {
     border-radius: 4px;

diff --git a/app/assets/stylesheets/france-connect-informations.scss b/app/assets/stylesheets/france-connect-informations.scss
@@ -0,0 +1,12 @@
+@import "constants";
+
+.france-connect-informations.card {
+  width: 100%;
+  padding-top: $default-spacer;
+  padding-bottom: $default-spacer;
+}
+
+.france-connect-informations-logo img {
+  width: 100px;
+  margin-right: $default-padding;
+}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -85,6 +85,10 @@ def set_locale(locale)
     end
   end
 
+  def ajax_redirect(path)
+    "window.location.href='#{path}'"
+  end
+
   protected
 
   def feature_enabled?(feature_name)

diff --git a/app/controllers/france_connect/particulier_controller.rb b/app/controllers/france_connect/particulier_controller.rb
@@ -1,5 +1,6 @@
 class FranceConnect::ParticulierController < ApplicationController
   before_action :redirect_to_login_if_fc_aborted, only: [:callback]
+  before_action :securely_retrieve_fci, only: [:merge, :merge_with_existing_account, :merge_with_new_account]
 
   def login
     if FranceConnectService.enabled?
@@ -11,23 +12,88 @@ def login
 
   def callback
     fci = FranceConnectService.find_or_retrieve_france_connect_information(params[:code])
-    fci.associate_user!
 
-    if fci.user && !fci.user.can_france_connect?
-      fci.destroy
-      redirect_to new_user_session_path, alert: t('errors.messages.france_connect.forbidden_html', reset_link: new_user_password_path)
-      return
-    end
+    if fci.user.nil?
+      preexisting_unlinked_user = User.find_by(email: fci.email_france_connect.downcase)
 
-    connect_france_connect_particulier(fci.user)
+      if preexisting_unlinked_user.nil?
+        fci.associate_user!(fci.email_france_connect)
+        connect_france_connect_particulier(fci.user)
+      else
+        redirect_to france_connect_particulier_merge_path(fci.create_merge_token!)
+      end
+    else
+      user = fci.user
+
+      if user.can_france_connect?
+        fci.update(updated_at: Time.zone.now)
+        connect_france_connect_particulier(user)
+      else
+        fci.destroy
+        redirect_to new_user_session_path, alert: t('errors.messages.france_connect.forbidden_html', reset_link: new_user_password_path)
+      end
+    end
 
   rescue Rack::OAuth2::Client::Error => e
     Rails.logger.error e.message
     redirect_france_connect_error_connection
   end
 
+  def merge
+  end
+
+  def merge_with_existing_account
+    user = User.find_by(email: sanitized_email_params)
+
+    if user.valid_for_authentication? { user.valid_password?(password_params) }
+      if !user.can_france_connect?
+        flash.alert = "#{user.email} ne peut utiliser FranceConnect"
+
+        render js: ajax_redirect(root_path)
+      else
+        @fci.update(user: user)
+        @fci.delete_merge_token!
+
+        flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+        connect_france_connect_particulier(user)
+      end
+    else
+      flash.alert = 'Mauvais mot de passe'
+
+      render js: helpers.render_flash
+    end
+  end
+
+  def merge_with_new_account
+    user = User.find_by(email: sanitized_email_params)
+
+    if user.nil?
+      @fci.associate_user!(sanitized_email_params)
+      @fci.delete_merge_token!
+
+      flash.notice = "Les comptes FranceConnect et #{APPLICATION_NAME} sont à présent fusionnés"
+      connect_france_connect_particulier(@fci.user)
+    else
+      @email = sanitized_email_params
+      @merge_token = merge_token_params
+    end
+  end
+
   private
 
+  def securely_retrieve_fci
+    @fci = FranceConnectInformation.find_by(merge_token: merge_token_params)
+
+    if @fci.nil? || !@fci.valid_for_merge?
+      flash.alert = 'Votre compte FranceConnect a expiré, veuillez recommencer.'
+
+      respond_to do |format|
+        format.html { redirect_to root_path }
+        format.js { render js: ajax_redirect(root_path) }
+      end
+    end
+  end
+
   def redirect_to_login_if_fc_aborted
     if params[:code].blank?
       redirect_to new_user_session_path
@@ -39,23 +105,32 @@ def connect_france_connect_particulier(user)
       sign_out :user
     end
 
-    if instructeur_signed_in?
-      sign_out :instructeur
-    end
-
-    if administrateur_signed_in?
-      sign_out :administrateur
-    end
-
     sign_in user
 
     user.update_attribute('loged_in_with_france_connect', User.loged_in_with_france_connects.fetch(:particulier))
 
-    redirect_to stored_location_for(current_user) || root_path(current_user)
+    redirection_location = stored_location_for(current_user) || root_path(current_user)
+
+    respond_to do |format|
+      format.html { redirect_to redirection_location }
+      format.js { render js: ajax_redirect(root_path) }
+    end
   end
 
   def redirect_france_connect_error_connection
     flash.alert = t('errors.messages.france_connect.connexion')
     redirect_to(new_user_session_path)
   end
+
+  def merge_token_params
+    params[:merge_token]
+  end
+
+  def password_params
+    params[:password]
+  end
+
+  def sanitized_email_params
+    params[:email]&.gsub(/[[:space:]]/, ' ')&.strip&.downcase
+  end
 end
diff --git a/app/controllers/manager/procedures_controller.rb b/app/controllers/manager/procedures_controller.rb
@@ -47,12 +47,12 @@ def export_mail_brouillons
     end
 
     def add_administrateur
-      administrateur = Administrateur.by_email(params[:email])
+      administrateur = Administrateur.by_email(current_super_admin.email)
       if administrateur
-        procedure.administrateurs << administrateur
-        flash[:notice] = "L'administrateur \"#{params[:email]}\" est ajouté à la démarche."
+        AdministrateursProcedure.create(procedure: procedure, administrateur: administrateur, manager: true)
+        flash[:notice] = "L’administrateur \"#{administrateur.email}\" est ajouté à la démarche pour la journée."
       else
-        flash[:alert] = "L'administrateur \"#{params[:email]}\" est introuvable."
+        flash[:alert] = "Vous n’êtes pas connecté en tant qu’administrateur."
       end
       redirect_to manager_procedure_path(procedure)
     end

diff --git a/app/controllers/manager/users_controller.rb b/app/controllers/manager/users_controller.rb
@@ -2,14 +2,37 @@ module Manager
   class UsersController < Manager::ApplicationController
     def update
       user = User.find(params[:id])
-      new_email = params[:user][:email]
-      user.skip_reconfirmation!
-      user.update(email: new_email)
-      if (user.valid?)
-        flash[:notice] = "L'email a été modifié en « #{new_email} » sans notification ni validation par email."
+      preexisting_user = User.find_by(email: targeted_email)
+
+      if user.administrateur.present?
+        flash[:error] = "« #{targeted_email} » est un administrateur. On ne sait pas encore faire."
+      elsif preexisting_user.nil?
+        user.skip_reconfirmation!
+        user.update(email: targeted_email)
+
+        if (user.valid?)
+          flash[:notice] = "L'email a été modifié en « #{targeted_email} » sans notification ni validation par email."
+        else
+          flash[:error] = user.errors.full_messages.to_sentence
+        end
       else
-        flash[:error] = "« #{new_email} » n’est pas une adresse valide."
+        user.dossiers.update_all(user_id: preexisting_user.id)
+
+        if preexisting_user.instructeur.nil?
+          user.instructeur&.update(user: preexisting_user)
+        else
+          preexisting_user.instructeur.merge(user.instructeur)
+        end
+
+        if preexisting_user.expert.nil?
+          user.expert&.update(user: preexisting_user)
+        else
+          preexisting_user.expert.merge(user.expert)
+        end
+
+        flash[:notice] = "Le compte « #{targeted_email} » a absorbé le compte « #{user.email} »."
       end
+
       redirect_to edit_manager_user_path(user)
     end
 
@@ -72,5 +95,11 @@ def unblock_email
       end
       redirect_to emails_manager_user_path(@user)
     end
+
+    private
+
+    def targeted_email
+      params[:user][:email]
+    end
   end
 end