Remove ID card logic from codebase

app/models/api_user.rb

@@ -47,12 +47,6 @@ class ApiUser < User
     self.active = true unless saved_change_to_active?
   end
 
-  class << self
-    def find_by_id_card(id_card)
-      find_by(identity_code: id_card.personal_code)
-    end
-  end
-
   def to_s
     username
   end

app/models/id_card.rb

@@ -1,6 +0,0 @@
-class IdCard
-  attr_accessor :first_name
-  attr_accessor :last_name
-  attr_accessor :personal_code
-  attr_accessor :country_code
-end

app/models/registrant_user.rb

@@ -1,7 +1,7 @@
 class RegistrantUser < User
   attr_accessor :idc_data
 
-  devise :trackable, :timeoutable, :id_card_authenticatable
+  devise :trackable, :timeoutable
 
   def ability
     @ability ||= Ability.new(self)
@@ -74,7 +74,7 @@ class RegistrantUser < User
       last_name = omniauth_hash.dig('info', 'last_name')
 
       user_data = { first_name: first_name, last_name: last_name,
-        ident: identity_code, country_code: country_code }
+                    ident: identity_code, country_code: country_code }
 
       find_or_create_by_user_data(user_data)
     end

config/initializers/devise.rb

@@ -281,9 +281,5 @@ Devise.setup do |config|
   # so you need to do it manually. For the users scope, it would be:
   # config.omniauth_path_prefix = '/my_engine/users/auth'
 
-  require 'devise/models/id_card_authenticatable'
-  require 'devise/strategies/id_card_authenticatable'
-
   routes = [nil, :new, :destroy]
-  config.add_module :id_card_authenticatable, strategy: true, route: { session: routes }
 end

config/routes.rb

@@ -172,10 +172,6 @@ Rails.application.routes.draw do
       post 'login/mid_status' => 'sessions#mid_status'
       post 'mid' => 'sessions#mid'
 
-      # /registrant/id path is hardcoded in Apache config for authentication with Estonian ID-card
-      # Client certificate is asked only on login form submission, therefore the path must be different from the one in
-      # `new_registrant_user_session_path` route, in case some other auth type will be implemented
-      post 'id' => 'sessions#create', as: :id_card_sign_in
       match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_registrant_callback
       match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel',
             as: :tara_registrant_cancel

lib/devise/models/id_card_authenticatable.rb

@@ -1,7 +0,0 @@
-module Devise
-  module Models
-    # Devise fails without this module (and model: false does not help)
-    module IdCardAuthenticatable
-    end
-  end
-end

lib/devise/strategies/id_card_authenticatable.rb

@@ -1,49 +0,0 @@
-module Devise
-  module Strategies
-    class IdCardAuthenticatable < Devise::Strategies::Authenticatable
-      def valid?
-        env['SSL_CLIENT_S_DN_CN'].present?
-      end
-
-      def authenticate!
-        resource = mapping.to
-        user = resource.find_by_id_card(id_card)
-
-        if user
-          success!(user)
-        else
-          fail
-        end
-      end
-
-      private
-
-      def id_card
-        id_card = IdCard.new
-        id_card.first_name = first_name
-        id_card.last_name = last_name
-        id_card.personal_code = personal_code
-        id_card.country_code = country_code
-        id_card
-      end
-
-      def first_name
-        env['SSL_CLIENT_S_DN_CN'].split(',').second.force_encoding('utf-8')
-      end
-
-      def last_name
-        env['SSL_CLIENT_S_DN_CN'].split(',').first.force_encoding('utf-8')
-      end
-
-      def personal_code
-        env['SSL_CLIENT_S_DN_CN'].split(',').last
-      end
-
-      def country_code
-        env['SSL_CLIENT_I_DN_C']
-      end
-    end
-  end
-end
-
-Warden::Strategies.add(:id_card_authenticatable, Devise::Strategies::IdCardAuthenticatable)

test/integration/registrant_area/sign_in/id_card_test.rb

@@ -1,31 +0,0 @@
-require 'test_helper'
-
-class RegistrantAreaIdCardSignInTest < ApplicationIntegrationTest
-  setup do
-    allow_business_registry_component_reach_server
-  end
-
-  def test_succeeds
-    post registrant_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234',
-                                                     'SSL_CLIENT_I_DN_C' => 'US' }
-    follow_redirect!
-
-    assert_response :ok
-    assert_equal registrant_root_path, path
-    assert_not_nil controller.current_registrant_user
-  end
-
-  def test_fails_when_certificate_is_absent
-    post registrant_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => '' }
-
-    assert_response :ok
-    assert_equal registrant_id_card_sign_in_path, path
-    assert_nil controller.current_registrant_user
-  end
-
-  private
-
-  def allow_business_registry_component_reach_server
-    WebMock.allow_net_connect!
-  end
-end

test/lib/devise/strategies/id_card_authenticatable_test.rb

@@ -1,13 +0,0 @@
-require 'test_helper'
-
-class IdCardAuthenticatableTest < ActiveSupport::TestCase
-  def test_valid_when_id_card_data_is_present_in_env
-    strategy = Devise::Strategies::IdCardAuthenticatable.new({ 'SSL_CLIENT_S_DN_CN' => 'some' })
-    assert strategy.valid?
-  end
-
-  def test_not_valid_when_id_card_data_is_absent_in_env
-    strategy = Devise::Strategies::IdCardAuthenticatable.new({})
-    assert_not strategy.valid?
-  end
-end

test/models/api_user_test.rb

@@ -52,17 +52,6 @@ class ApiUserTest < ActiveSupport::TestCase
     assert ApiUser.new.active?
   end
 
-  def test_finds_user_by_id_card
-    id_card = IdCard.new
-    id_card.personal_code = 'one'
-
-    @user.update!(identity_code: 'one')
-    assert_equal @user, ApiUser.find_by_id_card(id_card)
-
-    @user.update!(identity_code: 'another')
-    assert_nil ApiUser.find_by_id_card(id_card)
-  end
-
   def test_verifies_pki_status
     certificate = certificates(:api)
 

test/models/registrant_user_test.rb

@@ -30,34 +30,6 @@ class RegistrantUserTest < ActiveSupport::TestCase
     assert_equal Country.new('US'), user.country
   end
 
-  def test_finding_by_id_card_creates_new_user_upon_first_sign_in
-    assert_not_equal 'US-5555', @user.registrant_ident
-    id_card = IdCard.new
-    id_card.first_name = 'John'
-    id_card.last_name = 'Doe'
-    id_card.personal_code = '5555'
-    id_card.country_code = 'US'
-
-    assert_difference 'RegistrantUser.count' do
-      RegistrantUser.find_by_id_card(id_card)
-    end
-
-    user = RegistrantUser.last
-    assert_equal 'US-5555', user.registrant_ident
-    assert_equal 'John Doe', user.username
-  end
-
-  def test_finding_by_id_card_reuses_existing_user_upon_subsequent_id_card_sign_ins
-    @user.update!(registrant_ident: 'US-5555')
-    id_card = IdCard.new
-    id_card.personal_code = '5555'
-    id_card.country_code = 'US'
-
-    assert_no_difference 'RegistrantUser.count' do
-      RegistrantUser.find_by_id_card(id_card)
-    end
-  end
-
   def test_queries_company_register_for_associated_companies
     assert_equal 'US-1234', @user.registrant_ident
 
@@ -92,4 +64,4 @@ class RegistrantUserTest < ActiveSupport::TestCase
       assert_equal %w(shop airport), @user.administered_domains
     end
   end
-end
+end