Merge pull request #1230 from noesya/test-access-token

Invalidation des jetons d'accès

app/mailers/notification_mailer.rb

@@ -21,4 +21,13 @@ def emergency_message(emergency_message, user, lang)
     mail(from: user.university.mail_from[:full], to: user.email, subject: subject)
   end
 
+  def website_invalid_access_token(website, user)
+    @website = website
+    merge_with_university_infos(@website.university, {})
+    @url = edit_admin_communication_website_url(@website)
+    I18n.locale = user.language.iso_code
+    subject = t('mailers.notifications.website_invalid_access_token.subject', website: website)
+    mail(from: user.university.mail_from[:full], to: user.email, subject: subject)
+  end
+
 end

app/models/communication/website.rb

@@ -49,6 +49,7 @@ class Communication::Website < ApplicationRecord
   include WithGitRepository
   include WithImport
   include WithLanguages
+  include WithManagers
   include WithProgramCategories
   include WithReferences
   include WithSpecialPages

app/models/communication/website/with_git_repository.rb

@@ -38,6 +38,16 @@ def destroy_obsolete_git_files
   end
   handle_asynchronously :destroy_obsolete_git_files, queue: :default
 
+  def invalidate_access_token!
+    # Nullify the expired token
+    update_column :access_token, nil
+    # Notify admins and website managers managing this website.
+    users_to_notify = university.users.admin + university.users.website_manager.where(id: manager_ids)
+    users_to_notify.each do |user|
+      NotificationMailer.website_invalid_access_token(self, user).deliver_later
+    end
+  end
+
   # Le website devient data/website.yml
   # Les configs héritent du modèle website et s'exportent en différents fichiers
   def exportable_to_git?

app/models/communication/website/with_managers.rb

@@ -0,0 +1,11 @@
+module Communication::Website::WithManagers
+  extend ActiveSupport::Concern
+
+  included do
+    has_and_belongs_to_many :managers,
+                            class_name: 'User',
+                            join_table: :communication_websites_users,
+                            foreign_key: :communication_website_id,
+                            association_foreign_key: :user_id
+  end
+end

app/services/git/providers/abstract.rb

@@ -1,11 +1,12 @@
 class Git::Providers::Abstract
-  attr_reader :endpoint, :branch, :access_token, :repository
-
-  def initialize(endpoint, branch, access_token, repository)
-    @endpoint = endpoint
-    @branch = branch
-    @access_token = access_token
-    @repository = repository
+  attr_reader :git_repository, :endpoint, :branch, :access_token, :repository
+
+  def initialize(git_repository)
+    @git_repository = git_repository
+    @endpoint = git_repository.website.git_endpoint
+    @branch = git_repository.website.git_branch
+    @access_token = git_repository.website.access_token
+    @repository = git_repository.website.repository
   end
 
   def valid?

app/services/git/providers/github.rb

@@ -86,6 +86,17 @@ def git_sha(path)
     nil
   end
 
+  def valid?
+    return false unless super
+    begin
+      client.repository(repository)
+      true
+    rescue Octokit::Unauthorized
+      git_repository.website.invalidate_access_token!
+      false
+    end
+  end
+
   protected
 
   def client

app/services/git/providers/gitlab.rb

@@ -63,6 +63,17 @@ def git_sha(path)
     sha
   end
 
+  def valid?
+    return false unless super
+    begin
+      client.project(repository)
+      true
+    rescue Gitlab::Error::Unauthorized
+      git_repository.website.invalidate_access_token!
+      false
+    end
+  end
+
   def branch
     super.present?  ? super
                     : 'main'
@@ -76,7 +87,7 @@ def endpoint
   end
 
   def client
-    @client ||= Gitlab.client(
+    @client ||= Gitlab.client(
       endpoint: endpoint,
       private_token: access_token
     )

app/services/git/repository.rb

@@ -48,10 +48,7 @@ def valid?
   protected
 
   def provider
-    @provider ||= provider_class.new  website&.git_endpoint,
-                                      website&.git_branch,
-                                      website&.access_token,
-                                      website&.repository
+    @provider ||= provider_class.new self
   end
 
   def provider_class

app/views/mailers/notifications/website_invalid_access_token.html.erb

@@ -0,0 +1,3 @@
+<p><%= t('mailers.notifications.website_invalid_access_token.text_line_1_html', website: @website) %></p>
+<p><%= t('mailers.notifications.website_invalid_access_token.text_line_2_html', url: @url) %></p>
+<p><%= t('mailers.yours') %></p>

config/locales/en.yml

@@ -141,7 +141,7 @@ en:
     successfully_quit_html: "<i>%{model}</i> successfully quit <i>%{target}</i>."
     successfully_removed_html: "<i>%{model}</i> was successfully removed."
     successfully_updated_html: "<i>%{model}</i> was successfully updated."
-    summary: 
+    summary:
       label: Summary
       hint: A short text, like a heading for an article. Don't write all the content here, there are blocks for that.
     users_alerts:
@@ -269,6 +269,10 @@ en:
         text_line_3_html: "Number of lines in the file: %{number}."
         text_error_msg: "Line %{line}: %{error}"
         text_errors_title: "Some errors have occured:"
+      website_invalid_access_token:
+        subject: "Expired access token for \"%{website}\""
+        text_line_1_html: "The access token used for the website \"%{website}\" has expired and does not allow the website to be updated anymore."
+        text_line_2_html: "To solve this issue, please fill in a new access token by clicking <a href=\"%{url}\">here</a>."
     yours: Yours.
   menu:
     admin: Admin
@@ -307,7 +311,7 @@ en:
       delivered: Your message has been sent
       filters: Filters
       target: Target
-      users: 
+      users:
         one: "%{count} user"
         other: "%{count} users"
     websites:

config/locales/fr.yml

@@ -141,7 +141,7 @@ fr:
     successfully_quit_html: "<i>%{model}</i> a bien quitté <i>%{target}</i>."
     successfully_removed_html: "<i>%{model}</i> a bien été retiré(e)."
     successfully_updated_html: "<i>%{model}</i> a bien été mis(e) à jour."
-    summary: 
+    summary:
       label: Résumé
       hint: Un texte court, comme un chapô pour un article. Ne mettez pas tout le contenu ici, pour ça, il y a les blocs !
     users_alerts:
@@ -269,6 +269,10 @@ fr:
         text_line_3_html: "Nombre de lignes traitées : %{number}."
         text_error_msg: "Ligne %{line} : %{error}"
         text_errors_title: "Des erreurs sont survenues :"
+      website_invalid_access_token:
+        subject: Jeton d'accès expiré pour « %{website} »
+        text_line_1_html: Le jeton d'accès utilisé pour le site « %{website} » a expiré et ne permet plus la mise à jour du site.
+        text_line_2_html: Pour résoudre ce problème, veuillez renseigner un nouveau jeton d'accès en cliquant <a href=\"%{url}\">ici</a>.
     yours: Cordialement.
   menu:
     admin: Admin
@@ -307,7 +311,7 @@ fr:
       delivered: Votre message a bien été envoyé
       filters: Filtres
       target: Cible
-      users: 
+      users:
         one: "%{count} utilisateur"
         other: "%{count} utilisateurs"
     websites:

test/fixtures/communication/websites.yml

@@ -41,16 +41,20 @@ website_with_github:
   university: default_university
   name: Site de test
   git_provider: github
-  access_token: confidentialdata
-  repository: noesya/bordeauxmontaigne-test
+  git_endpoint: <%= ENV['TEST_GITHUB_ENDPOINT'] %>
+  git_branch: <%= ENV['TEST_GITHUB_BRANCH'] %>
+  access_token: <%= ENV['TEST_GITHUB_TOKEN'] %>
+  repository: <%= ENV['TEST_GITHUB_REPOSITORY'] %>
   languages: [fr]
   default_language: fr
 
 website_with_gitlab:
   university: default_university
   name: Site with gitlab
   git_provider: gitlab
-  access_token: test
-  repository: test
+  git_endpoint: <%= ENV['TEST_GITLAB_ENDPOINT'] %>
+  git_branch: <%= ENV['TEST_GITLAB_BRANCH'] %>
+  access_token: <%= ENV['TEST_GITLAB_TOKEN'] %>
+  repository: <%= ENV['TEST_GITLAB_REPOSITORY'] %>
   languages: [fr, en]
   default_language: fr