Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirection depuis navigateur #12

Merged
merged 2 commits into from
Jun 6, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions src/routes/routesAuth.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const express = require('express');

const { redirigeDepuisNavigateur } = require('./utils');
const connexionFCPlus = require('../api/connexionFCPlus');
const deconnexionFCPlus = require('../api/deconnexionFCPlus');
const creationSessionFCPlus = require('../api/creationSessionFCPlus');
Expand Down Expand Up @@ -35,21 +36,31 @@ const routesAuth = (config) => {
.send(clePubliqueDansJWKSet);
});

routes.get('/fcplus/connexion', (...args) => middleware.verifieTamponUnique(...args), (requete, reponse) => {
routes.get('/fcplus/connexion', (requete, reponse) => {
const { code, state } = requete.query;
if (typeof state === 'undefined' || state === '') {
reponse.status(400).json({ erreur: "Paramètre 'state' absent de la requête" });
} else if (typeof code === 'undefined' || code === '') {
reponse.status(400).json({ erreur: "Paramètre 'code' absent de la requête" });
} else {
const paramsRequete = new URLSearchParams(requete.query).toString();
redirigeDepuisNavigateur(`/auth/fcplus/connexion_apres_redirection?${paramsRequete}`, reponse);
}
});

routes.get(
'/fcplus/connexion_apres_redirection',
(...args) => middleware.verifieTamponUnique(...args),
(requete, reponse) => {
const { code } = requete.query;
connexionFCPlus(
{ adaptateurChiffrement, fabriqueSessionFCPlus },
code,
requete,
reponse,
);
}
});
},
);

routes.get('/fcplus/deconnexion', (requete, reponse) => (
deconnexionFCPlus(requete, reponse)
Expand Down
62 changes: 38 additions & 24 deletions test/routes/routesAuth.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,54 @@ describe('Le serveur des routes `/auth`', () => {
});

describe('sur GET /auth/fcplus/connexion', () => {
it("sert une erreur HTTP 400 (Bad Request) si le paramètre 'code' est manquant", () => {
expect.assertions(2);

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState`)
.catch(({ response }) => {
expect(response.status).toBe(400);
expect(response.data).toEqual({ erreur: "Paramètre 'code' absent de la requête" });
});
});

it("sert une erreur HTTP 400 (Bad Request) si le paramètre 'state' est manquant", () => {
expect.assertions(2);

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?code=unCode`)
.catch(({ response }) => {
expect(response.status).toBe(400);
expect(response.data).toEqual({ erreur: "Paramètre 'state' absent de la requête" });
});
});

describe('lorsque les paramètres `code` et `state` sont présents', () => {
it('redirige vers `/auth/fcplus/connexion_apres_redirection', () => axios
.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState&code=unCode`)
.then((reponse) => expect(reponse.data).toContain('<meta http-equiv="refresh" content="0; url=\'/auth/fcplus/connexion_apres_redirection'))
.catch(leveErreur));

it('transmets les paramètres reçus dans la requête', () => axios
.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState&code=unCode`)
.then((reponse) => expect(reponse.data).toContain('?state=unState&code=unCode'))
.catch(leveErreur));
});
});

describe('sur GET /auth/fcplus/connexion_apres_redirection', () => {
describe('lorsque les paramètres `code` et `state` sont présents', () => {
it('appelle le middleware pour vérifier le tampon communiqué par FC+', () => {
let middlewareAppele = false;
serveur.middleware().verifieTamponUnique = (_requete, _reponse, suite) => Promise.resolve()
.then(() => { middlewareAppele = true; })
.then(suite);

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState&code=unCode`)
return axios.get(`http://localhost:${port}/auth/fcplus/connexion_apres_redirection?state=unState&code=unCode`)
.then(() => expect(middlewareAppele).toBe(true))
.catch(leveErreur);
});

it('redirige vers page accueil depuis navigateur', () => (
axios.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState&code=unCode`)
axios.get(`http://localhost:${port}/auth/fcplus/connexion_apres_redirection?state=unState&code=unCode`)
.then((reponse) => expect(reponse.data).toContain('<meta http-equiv="refresh" content="0; url=\'/\'">'))
.catch(leveErreur)
));
Expand All @@ -59,7 +93,7 @@ describe('Le serveur des routes `/auth`', () => {
serveur.adaptateurEnvironnement().avecEnvoiCookieSurHTTP = () => true;
return axios({
method: 'get',
url: `http://localhost:${port}/auth/fcplus/connexion?state=unState&code=unCode`,
url: `http://localhost:${port}/auth/fcplus/connexion_apres_redirection?state=unState&code=unCode`,
maxRedirects: 0,
})
.catch(({ response }) => {
Expand All @@ -80,33 +114,13 @@ describe('Le serveur des routes `/auth`', () => {
enJSON: () => Promise.reject(new Error('Oups')),
});

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?code=unCode&state=unState`)
return axios.get(`http://localhost:${port}/auth/fcplus/connexion_apres_redirection?code=unCode&state=unState`)
.catch(({ response }) => {
expect(response.status).toBe(502);
expect(response.data).toEqual({ erreur: 'Échec authentification (Oups)' });
});
});
});

it("sert une erreur HTTP 400 (Bad Request) si le paramètre 'code' est manquant", () => {
expect.assertions(2);

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?state=unState`)
.catch(({ response }) => {
expect(response.status).toBe(400);
expect(response.data).toEqual({ erreur: "Paramètre 'code' absent de la requête" });
});
});

it("sert une erreur HTTP 400 (Bad Request) si le paramètre 'state' est manquant", () => {
expect.assertions(2);

return axios.get(`http://localhost:${port}/auth/fcplus/connexion?code=unCode`)
.catch(({ response }) => {
expect(response.status).toBe(400);
expect(response.data).toEqual({ erreur: "Paramètre 'state' absent de la requête" });
});
});
});

describe('sur GET /auth/fcplus/deconnexion', () => {
Expand Down
Loading