Création des pages d'authentification pour les utilisateurs 'insiders'

betagouv · Feb 3, 2025 · e30b591 · e30b591
1 parent e83f752
commit e30b591
Show file tree

Hide file tree

Showing 11 changed files with 134 additions and 5 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -7,6 +7,7 @@ class ApplicationController < ActionController::Base
   before_action :authenticate_user!,
                 :log_user,
                 :redirect_asp_users!,
+                :redirect_insider_users!,
                 :check_maintenance,
                 :check_current_establishment
 
@@ -24,6 +25,8 @@ def after_sign_out_path_for(resource_or_scope)
       new_user_session_path
     when :asp_user
       new_asp_user_session_path
+    when :insider_user
+      new_insider_user_session_path
     end
   end
 
@@ -52,6 +55,10 @@ def redirect_asp_users!
     redirect_to asp_schoolings_path and return if asp_user_signed_in?
   end
 
+  def redirect_insider_users!
+    redirect_to insider_home_path and return if insider_user_signed_in?
+  end
+
   private
 
   def check_current_establishment

diff --git a/app/controllers/concerns/page_title.rb b/app/controllers/concerns/page_title.rb
@@ -18,8 +18,8 @@ def infer_page_title(attrs = {})
   private
 
   def page_title_key
-    asp = "asp" if controller_path.include?("asp/")
-    ["pages", "titles", asp, controller_name, action_name].join(".")
+    namespace = controller_path.split("/").first if controller_path.include?("/")
+    ["pages", "titles", namespace, controller_name, action_name].join(".")
   end
 
   def extract_title_data(data)

diff --git a/app/controllers/insider/application_controller.rb b/app/controllers/insider/application_controller.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Insider
+  class ApplicationController < ActionController::Base
+    include UserLogger
+    include PageTitle
+
+    layout "application"
+
+    before_action :authenticate_insider_user!, except: :login
+    before_action :log_user,
+                  :set_overrides,
+                  :infer_page_title
+
+    helper_method :current_user, :current_establishment
+
+    def login; end
+
+    def logout
+      sign_out(current_insider_user)
+
+      redirect_to after_sign_out_path_for(:insider_user)
+    end
+
+    protected
+
+    def after_sign_out_path_for(_resource)
+      new_insider_user_session_path
+    end
+
+    def current_user
+      current_insider_user
+    end
+
+    def current_establishment
+      nil
+    end
+
+    def set_overrides
+      @inhibit_nav = true
+      @logout_path = :destroy_insider_user_session
+    end
+  end
+end
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -18,13 +18,26 @@ def asp
       redirect_to asp_schoolings_path
     end
 
+    def insider
+      @insider_login = true
+      @insider_user = Insider::User.from_oidc(auth_hash).tap(&:save!)
+
+      # Check limited access to this part ?
+
+      sign_in(:insider_user, @insider_user)
+
+      redirect_to insider_home_path
+    end
+
     def developer
       oidcize_dev_hash(auth_hash)
 
       oidc
     end
 
     def oidc
+      return insider if params[:callback].eql?("insider") # TODO: Modifier ou compléter
+
       parse_identity
 
       @user.save!
@@ -63,6 +76,8 @@ def authentication_failure(error)
 
       if defined? @asp_login
         fail_asp_user
+      elsif defined? @insider_login
+        fail_insider_user
       else
         fail_user
       end
@@ -78,6 +93,10 @@ def fail_asp_user
       redirect_to new_asp_user_session_path
     end
 
+    def fail_insider_user
+      redirect_to new_insider_user_session_path
+    end
+
     private
 
     def check_access!

diff --git a/app/models/insider/user.rb b/app/models/insider/user.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Insider
+  class User < ApplicationRecord
+    devise :authenticatable
+
+    validates :uid, :provider, :name, :email, presence: true
+
+    OMNIAUTH_PROVIDERS = if Rails.env.production?
+                           :fim
+                         else
+                           %i[fim developer]
+                         end
+
+    class << self
+      # ideally all these methods would live in some OIDC-factory but I
+      # can't figure out a pattern I like quite yet
+      def from_oidc(attrs)
+        # we can't use find_or_create because a bunch of fields are mandatory
+        User.find_or_initialize_by(uid: attrs["uid"], provider: attrs["provider"]).tap do |user|
+          user.token = attrs["credentials"]["token"]
+          user.secret = "nope"
+          user.name = attrs["info"]["name"]
+          user.email = attrs["info"]["email"]
+          user.oidc_attributes = attrs
+        end
+      end
+    end
+
+    def to_s
+      name
+    end
+  end
+end
diff --git a/app/views/asp/application/login.html.haml b/app/views/asp/application/login.html.haml
@@ -1,6 +1,6 @@
 .fr-grid-row.fr-grid-row--gutters#login-page
   .fr-col-md-6.fr-col-12
-    = render '/home/connection_panel',
+    = render '/shared/connection_panel',
       name: "Agence de Services et Paiements (ASP)",
       description: "Vous êtes un agent de l'ASP",
       button: "Connexion",

diff --git a/app/views/home/login.html.haml b/app/views/home/login.html.haml
@@ -1,14 +1,14 @@
 .fr-grid-row.fr-grid-row--gutters#login-page
   - User::OMNIAUTH_PROVIDERS.each do |provider|
     .fr-col-md-6.fr-col-12
-      = render 'connection_panel',
+      = render 'shared/connection_panel',
         name: t("omniauth.#{provider}.title"),
         description: t("omniauth.#{provider}.description"),
         button: t("omniauth.#{provider}.button"),
         path: "/users/auth/#{provider}"
 
   .fr-col-md-6.fr-col-12
-    = render 'connection_panel',
+    = render 'shared/connection_panel',
       name: t("omniauth.mer.title"),
       description: t("omniauth.mer.description"),
       button: t("omniauth.mer.button"),

diff --git a/app/views/insider/application/login.html.haml b/app/views/insider/application/login.html.haml
@@ -0,0 +1,8 @@
+.fr-grid-row.fr-grid-row--gutters#login-page
+  - User::OMNIAUTH_PROVIDERS.each do |provider|
+    .fr-col-md-6.fr-col-12
+      = render 'shared/connection_panel',
+        name: t("omniauth.#{provider}.title"),
+        description: t("omniauth.#{provider}.description"),
+        button: t("omniauth.#{provider}.button"),
+        path: "/users/auth/#{provider}"
diff --git a/app/views/home/_connection_panel.html.haml → app/views/shared/_connection_panel.html.haml b/app/views/home/_connection_panel.html.haml → app/views/shared/_connection_panel.html.haml
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
@@ -164,6 +164,9 @@ fr:
         schoolings:
           index: Recherche d'un dossier
           show: "Dossier %{attributive_decision_number}"
+      insider:
+        application:
+          login: Connexion à APLyPro
       stats:
         index: Statistiques
       school_years:

diff --git a/config/routes.rb b/config/routes.rb
@@ -20,6 +20,16 @@
 
   delete "asp/logout", to: "asp/application#logout", as: :destroy_asp_user_session
 
+  namespace :insider do
+    get "home"
+
+    devise_for :users, skip: :all, class_name: "Insider::User"
+  end
+
+  get "insider/login", to: "insider/application#login", as: :new_insider_user_session
+
+  delete "insider/logout", to: "insider/application#logout", as: :destroy_insider_user_session
+
   resources :users, only: :update do
     get "select_establishment"
   end
@@ -103,6 +113,10 @@
     get "/auth/asp/callback" => "users/omniauth_callbacks#asp", as: :asp_login
   end
 
+  devise_scope :insider_user do
+    get "/auth/insider/callback" => "users/omniauth_callbacks#insider", as: :insider_login
+  end
+
   devise_for :users
 
   devise_scope :user do