Refactor ID card sign-in

- Extract to Devise custom strategy
- Use `SSL_CLIENT_S_DN_CN` env variable instead of `SSL_CLIENT_S_DN` to
get ID card data
- Remove `database_authenticatable` strategy from `RegistrantUser`

Closes #1047

app/models/api_user.rb

@@ -2,7 +2,8 @@ require 'open3'
 
 class ApiUser < User
   include EppErrors
-  devise :database_authenticatable, :trackable, :timeoutable, authentication_keys: [:username]
+  devise :database_authenticatable, :trackable, :timeoutable, :id_card_authenticatable,
+         authentication_keys: [:username]
 
   def epp_code_map
     {
@@ -47,19 +48,9 @@ class ApiUser < User
   end
 
   class << self
-    def find_by_idc_data_and_allowed(idc_data, ip)
-      return false if idc_data.blank?
-      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
-
-      return false if ip.blank?
-      possible_users = where(identity_code: identity_code)
-      possible_users.each do |selected_user|
-        if selected_user.registrar.white_ips.registrar_area.include_ip?(ip)
-          return selected_user
-        end
-      end
+    def find_by_id_card(id_card)
+      find_by(identity_code: id_card.personal_code)
     end
-
   end
 
   def registrar_typeahead

app/models/id_card.rb

@@ -0,0 +1,6 @@
+class IdCard
+  attr_accessor :first_name
+  attr_accessor :last_name
+  attr_accessor :personal_code
+  attr_accessor :country_code
+end

app/models/registrant_user.rb

@@ -1,8 +1,7 @@
 class RegistrantUser < User
-  ACCEPTED_ISSUER = 'AS Sertifitseerimiskeskus'.freeze
   attr_accessor :idc_data
 
-  devise :database_authenticatable, :trackable, :timeoutable
+  devise :trackable, :timeoutable, :id_card_authenticatable
 
   def ability
     @ability ||= Ability.new(self)
@@ -56,30 +55,6 @@ class RegistrantUser < User
   end
 
   class << self
-    def find_or_create_by_idc_data(idc_data, issuer_organization)
-      return false if idc_data.blank?
-      return false if issuer_organization != ACCEPTED_ISSUER
-
-      idc_data.force_encoding('UTF-8')
-      user_data = {}
-
-      # handling here new and old mode
-      if idc_data.starts_with?('/')
-        user_data[:ident] = idc_data.scan(/serialNumber=(\d+)/).flatten.first
-        user_data[:country_code] = idc_data.scan(/^\/C=(.{2})/).flatten.first
-        user_data[:first_name] = idc_data.scan(%r{/GN=(.+)/serialNumber}).flatten.first
-        user_data[:last_name] = idc_data.scan(%r{/SN=(.+)/GN}).flatten.first
-      else
-        parse_str = ',' + idc_data
-        user_data[:ident] = parse_str.scan(/,serialNumber=(\d+)/).flatten.first
-        user_data[:country_code] = parse_str.scan(/,C=(.{2})/).flatten.first
-        user_data[:first_name] = parse_str.scan(/,GN=([^,]+)/).flatten.first
-        user_data[:last_name] = parse_str.scan(/,SN=([^,]+)/).flatten.first
-      end
-
-      find_or_create_by_user_data(user_data)
-    end
-
     def find_or_create_by_api_data(user_data = {})
       return false unless user_data[:ident]
       return false unless user_data[:first_name]
@@ -98,6 +73,16 @@ class RegistrantUser < User
       find_or_create_by_user_data(user_data)
     end
 
+    def find_by_id_card(id_card)
+      registrant_ident = "#{id_card.country_code}-#{id_card.personal_code}"
+      username = [id_card.first_name, id_card.last_name].join("\s")
+
+      user = find_or_initialize_by(registrant_ident: registrant_ident)
+      user.username = username
+      user.save!
+      user
+    end
+
     private
 
     def find_or_create_by_user_data(user_data = {})