zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-07 21:25:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove ID card logic from codebase

Browse source
This commit is contained in:
Karl Erik Õunapuu 2020-10-01 17:07:33 +03:00
parent 04f0ef9a93
commit 11ee1f9f1e
No known key found for this signature in database
GPG key ID: C9DD647298A34764
11 changed files with 3 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/models/api_user.rb
View file

@ -47,12 +47,6 @@ class ApiUser < User
self.active = true unless saved_change_to_active? self.active = true unless saved_change_to_active?
end end
class << self
def find_by_id_card(id_card)
find_by(identity_code: id_card.personal_code)
end
end
def to_s def to_s
username username
end end

6
app/models/id_card.rb
View file

@ -1,6 +0,0 @@
class IdCard
attr_accessor :first_name
attr_accessor :last_name
attr_accessor :personal_code
attr_accessor :country_code
end

2
app/models/registrant_user.rb
View file

@ -1,7 +1,7 @@
class RegistrantUser < User class RegistrantUser < User
attr_accessor :idc_data attr_accessor :idc_data
devise :trackable, :timeoutable, :id_card_authenticatable devise :trackable, :timeoutable
def ability def ability
@ability ||= Ability.new(self) @ability ||= Ability.new(self)

4
config/initializers/devise.rb
View file

@ -281,9 +281,5 @@ Devise.setup do |config|
# so you need to do it manually. For the users scope, it would be: # so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth' # config.omniauth_path_prefix = '/my_engine/users/auth'
require 'devise/models/id_card_authenticatable'
require 'devise/strategies/id_card_authenticatable'
routes = [nil, :new, :destroy] routes = [nil, :new, :destroy]
config.add_module :id_card_authenticatable, strategy: true, route: { session: routes }
end end

4
config/routes.rb
View file

@ -172,10 +172,6 @@ Rails.application.routes.draw do
post 'login/mid_status' => 'sessions#mid_status' post 'login/mid_status' => 'sessions#mid_status'
post 'mid' => 'sessions#mid' post 'mid' => 'sessions#mid'
# /registrant/id path is hardcoded in Apache config for authentication with Estonian ID-card
# Client certificate is asked only on login form submission, therefore the path must be different from the one in
# `new_registrant_user_session_path` route, in case some other auth type will be implemented
post 'id' => 'sessions#create', as: :id_card_sign_in
match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_registrant_callback match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_registrant_callback
match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel', match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel',
as: :tara_registrant_cancel as: :tara_registrant_cancel

7
lib/devise/models/id_card_authenticatable.rb
View file

@ -1,7 +0,0 @@
module Devise
module Models
# Devise fails without this module (and model: false does not help)
module IdCardAuthenticatable
end
end
end

49
lib/devise/strategies/id_card_authenticatable.rb
View file

@ -1,49 +0,0 @@
module Devise
module Strategies
class IdCardAuthenticatable < Devise::Strategies::Authenticatable
def valid?
env['SSL_CLIENT_S_DN_CN'].present?
end
def authenticate!
resource = mapping.to
user = resource.find_by_id_card(id_card)
if user
success!(user)
else
fail
end
end
private
def id_card
id_card = IdCard.new
id_card.first_name = first_name
id_card.last_name = last_name
id_card.personal_code = personal_code
id_card.country_code = country_code
id_card
end
def first_name
env['SSL_CLIENT_S_DN_CN'].split(',').second.force_encoding('utf-8')
end
def last_name
env['SSL_CLIENT_S_DN_CN'].split(',').first.force_encoding('utf-8')
end
def personal_code
env['SSL_CLIENT_S_DN_CN'].split(',').last
end
def country_code
env['SSL_CLIENT_I_DN_C']
end
end
end
end
Warden::Strategies.add(:id_card_authenticatable, Devise::Strategies::IdCardAuthenticatable)

31
test/integration/registrant_area/sign_in/id_card_test.rb
View file

@ -1,31 +0,0 @@
require 'test_helper'
class RegistrantAreaIdCardSignInTest < ApplicationIntegrationTest
setup do
allow_business_registry_component_reach_server
end
def test_succeeds
post registrant_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234',
'SSL_CLIENT_I_DN_C' => 'US' }
follow_redirect!
assert_response :ok
assert_equal registrant_root_path, path
assert_not_nil controller.current_registrant_user
end
def test_fails_when_certificate_is_absent
post registrant_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => '' }
assert_response :ok
assert_equal registrant_id_card_sign_in_path, path
assert_nil controller.current_registrant_user
end
private
def allow_business_registry_component_reach_server
WebMock.allow_net_connect!
end
end

13
test/lib/devise/strategies/id_card_authenticatable_test.rb
View file

@ -1,13 +0,0 @@
require 'test_helper'
class IdCardAuthenticatableTest < ActiveSupport::TestCase
def test_valid_when_id_card_data_is_present_in_env
strategy = Devise::Strategies::IdCardAuthenticatable.new({ 'SSL_CLIENT_S_DN_CN' => 'some' })
assert strategy.valid?
end
def test_not_valid_when_id_card_data_is_absent_in_env
strategy = Devise::Strategies::IdCardAuthenticatable.new({})
assert_not strategy.valid?
end
end

11
test/models/api_user_test.rb
View file

@ -52,17 +52,6 @@ class ApiUserTest < ActiveSupport::TestCase
assert ApiUser.new.active? assert ApiUser.new.active?
end end
def test_finds_user_by_id_card
id_card = IdCard.new
id_card.personal_code = 'one'
@user.update!(identity_code: 'one')
assert_equal @user, ApiUser.find_by_id_card(id_card)
@user.update!(identity_code: 'another')
assert_nil ApiUser.find_by_id_card(id_card)
end
def test_verifies_pki_status def test_verifies_pki_status
certificate = certificates(:api) certificate = certificates(:api)

28
test/models/registrant_user_test.rb
View file

@ -30,34 +30,6 @@ class RegistrantUserTest < ActiveSupport::TestCase
assert_equal Country.new('US'), user.country assert_equal Country.new('US'), user.country
end end
def test_finding_by_id_card_creates_new_user_upon_first_sign_in
assert_not_equal 'US-5555', @user.registrant_ident
id_card = IdCard.new
id_card.first_name = 'John'
id_card.last_name = 'Doe'
id_card.personal_code = '5555'
id_card.country_code = 'US'
assert_difference 'RegistrantUser.count' do
RegistrantUser.find_by_id_card(id_card)
end
user = RegistrantUser.last
assert_equal 'US-5555', user.registrant_ident
assert_equal 'John Doe', user.username
end
def test_finding_by_id_card_reuses_existing_user_upon_subsequent_id_card_sign_ins
@user.update!(registrant_ident: 'US-5555')
id_card = IdCard.new
id_card.personal_code = '5555'
id_card.country_code = 'US'
assert_no_difference 'RegistrantUser.count' do
RegistrantUser.find_by_id_card(id_card)
end
end
def test_queries_company_register_for_associated_companies def test_queries_company_register_for_associated_companies
assert_equal 'US-1234', @user.registrant_ident assert_equal 'US-1234', @user.registrant_ident