Add tests

app/controllers/registrar/sessions_controller.rb

@@ -49,102 +49,6 @@ class Registrar
       end
     end
 
-    def id_card
-      self.resource = warden.authenticate!(auth_options)
-
-      restricted_ip = Authorization::RestrictedIP.new(request.ip)
-      ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
-
-      unless ip_allowed
-        render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
-        warden.logout(:registrar_user)
-        return
-      end
-
-      set_flash_message!(:notice, :signed_in)
-      sign_in(resource_name, resource)
-      yield resource if block_given?
-      respond_with resource, location: after_sign_in_path_for(resource)
-    end
-
-    def login_mid
-      @user = User.new
-    end
-
-    def mid
-      phone = params[:user][:phone]
-      endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
-      client = Digidoc::Client.new(endpoint)
-      client.logger = Rails.application.config.logger unless Rails.env.test?
-
-      # country_codes = {'+372' => 'EST'}
-      phone.gsub!('+372', '')
-      response = client.authenticate(
-        phone: "+372#{phone}",
-        message_to_display: 'Authenticating',
-        service_name: ENV['sk_digi_doc_service_name'] || 'Testing'
-      )
-
-      if response.faultcode
-        render json: { message: response.detail.message }, status: :unauthorized
-        return
-      end
-
-      if Setting.registrar_ip_whitelist_enabled
-        @user = find_user_by_idc_and_allowed(response.user_id_code)
-      else
-        @user = find_user_by_idc(response.user_id_code)
-      end
-
-      if @user.persisted?
-        session[:user_id_code] = response.user_id_code
-        session[:mid_session_code] = client.session_code
-
-        render json: {
-          message: t(:confirmation_sms_was_sent_to_your_phone_verification_code_is, { code: response.challenge_id })
-        }, status: :ok
-      else
-        render json: { message: t(:no_such_user) }, status: :unauthorized
-      end
-    end
-
-    def mid_status
-      endpoint = "#{ENV['sk_digi_doc_service_endpoint']}"
-      client = Digidoc::Client.new(endpoint)
-      client.logger = Rails.application.config.logger unless Rails.env.test?
-      client.session_code = session[:mid_session_code]
-      auth_status = client.authentication_status
-
-      case auth_status.status
-        when 'OUTSTANDING_TRANSACTION'
-          render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
-        when 'USER_AUTHENTICATED'
-          @user = find_user_by_idc_and_allowed(session[:user_id_code])
-          sign_in(:registrar_user, @user)
-          flash[:notice] = t(:welcome)
-          flash.keep(:notice)
-          render js: "window.location = '#{after_sign_in_path_for(@user)}'"
-        when 'NOT_VALID'
-          render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
-        when 'EXPIRED_TRANSACTION'
-          render json: { message: t(:session_timeout) }, status: :bad_request
-        when 'USER_CANCEL'
-          render json: { message: t(:user_cancelled) }, status: :bad_request
-        when 'MID_NOT_READY'
-          render json: { message: t(:mid_not_ready) }, status: :bad_request
-        when 'PHONE_ABSENT'
-          render json: { message: t(:phone_absent) }, status: :bad_request
-        when 'SENDING_ERROR'
-          render json: { message: t(:sending_error) }, status: :bad_request
-        when 'SIM_ERROR'
-          render json: { message: t(:sim_error) }, status: :bad_request
-        when 'INTERNAL_ERROR'
-          render json: { message: t(:internal_error) }, status: :bad_request
-        else
-          render json: { message: t(:internal_error) }, status: :bad_request
-      end
-    end
-
     private
 
     def depp_controller?

app/controllers/registrar/tara_controller.rb

@@ -8,6 +8,7 @@ class Registrar
       @api_user = ApiUser.from_omniauth(user_hash)
 
       if @api_user
+        flash[:notice] = t(:signed_in_successfully)
         sign_in_and_redirect(:registrar_user, @api_user)
       else
         show_error and return

app/errors/tampering_detected.rb

@@ -1,3 +0,0 @@
-module Errors
-  class TamperingDetected < ActionController::BadRequest; end
-end

app/models/user.rb

@@ -1,9 +1,6 @@
 class User < ApplicationRecord
   include Versions # version/user_version.rb
 
-  ESTONIAN_COUNTRY_CODE = 'EE'.freeze
-  TARA_PROVIDER = 'tara'.freeze
-
   has_many :actions, dependent: :restrict_with_exception
 
   attr_accessor :phone

config/locales/en.yml

@@ -660,3 +660,5 @@ en:
     ipv6: IPv6
     reference_no: Reference number
     iban: IBAN
+  sign_in: "Sign in"
+  signed_in_successfully: "Signed in successfully"

config/routes.rb

@@ -77,15 +77,6 @@ Rails.application.routes.draw do
     devise_for :users, path: '', class_name: 'ApiUser', skip: %i[sessions]
 
     devise_scope :registrar_user do
-      get 'login/mid' => 'sessions#login_mid'
-      post 'login/mid' => 'sessions#mid'
-      post 'login/mid_status' => 'sessions#mid_status'
-
-      # /registrar/id path is hardcoded in Apache config for authentication with Estonian ID-card
-      post 'id' => 'sessions#id_card', as: :id_card_sign_in
-
-      post 'mid' => 'sessions#mid'
-
       match '/open_id/callback', via: %i[get post], to: 'tara#callback', as: :tara_callback
       match '/open_id/cancel', via: %i[get post delete], to: 'tara#cancel',
             as: :tara_cancel

test/integration/registrar_area/sign_in/id_card_test.rb

@@ -1,65 +0,0 @@
-require 'test_helper'
-
-class RegistrarAreaIdCardSignInTest < ApplicationIntegrationTest
-  # setup do
-  #   @user = users(:api_bestnames)
-  #   @original_registrar_area_ip_whitelist = Setting.registrar_ip_whitelist_enabled
-  # end
-  #
-  # teardown do
-  #   Setting.registrar_ip_whitelist_enabled = @original_registrar_area_ip_whitelist
-  # end
-  #
-  # def test_signs_in_a_user_when_id_card_owner_is_found
-  #   assert_equal '1234', @user.identity_code
-  #
-  #   post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234' }
-  #   follow_redirect!
-  #
-  #   assert_response :ok
-  #   assert_equal registrar_root_path, path
-  #   assert_not_nil controller.current_registrar_user
-  # end
-  #
-  # def test_does_not_sign_in_a_user_when_id_card_owner_is_not_found
-  #   post registrar_id_card_sign_in_path,
-  #        headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,unacceptable-personal-code' }
-  #
-  #   assert_nil controller.current_registrar_user
-  #   assert_equal registrar_id_card_sign_in_path, path
-  #   assert_includes response.body, 'Failed to Login'
-  # end
-  #
-  # def test_does_not_sign_in_a_user_when_id_card_owner_is_found_but_ip_is_not_allowed
-  #   allow_access_to_sign_in_page
-  #   assert_equal '127.0.0.1', white_ips(:one).ipv4
-  #   assert_equal '1234', @user.identity_code
-  #
-  #   Setting.registrar_ip_whitelist_enabled = true
-  #
-  #   post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => 'DOE,JOHN,1234',
-  #                                                   'REMOTE_ADDR' => '127.0.0.2' }
-  #
-  #   assert_equal registrar_id_card_sign_in_path, path
-  #   assert_equal 'Access denied from IP 127.0.0.2', response.body
-  #
-  #   get registrar_root_path
-  #   assert_redirected_to new_registrar_user_session_path
-  # end
-  #
-  # def test_does_not_sign_in_a_user_when_certificate_is_absent
-  #   post registrar_id_card_sign_in_path, headers: { 'SSL_CLIENT_S_DN_CN' => '' }
-  #
-  #   assert_nil controller.current_registrar_user
-  #   assert_equal registrar_id_card_sign_in_path, path
-  # end
-  #
-  # private
-  #
-  # def allow_access_to_sign_in_page
-  #   another_registrar_white_ip = white_ips(:one).dup
-  #   another_registrar_white_ip.ipv4 = '127.0.0.2'
-  #   another_registrar_white_ip.registrar = registrars(:goodnames)
-  #   another_registrar_white_ip.save!
-  # end
-end

test/system/registrar_area/sign_in/mobile_id_test.rb

@@ -1,35 +0,0 @@
-require 'application_system_test_case'
-
-class RegistrarAreaMobileIDSignInTest < JavaScriptApplicationSystemTestCase
-  # def setup
-  #   super
-  #   WebMock.allow_net_connect!
-  #
-  #   @user = users(:api_bestnames)
-  #   @user.identity_code = '1234'
-  #   @user.save
-  # end
-  #
-  # def test_valid_phone_number
-  #   mock_client = Minitest::Mock.new
-  #   mock_client.expect(:authenticate,
-  #                      OpenStruct.new(user_id_code: '1234', challenge_id: '1234'),
-  #                      [{ phone: "+3721234",
-  #                        message_to_display: "Authenticating",
-  #                        service_name: "Testimine" }])
-  #   mock_client.expect(:session_code, 1234)
-  #
-  #   Digidoc::Client.stub(:new, mock_client) do
-  #     visit new_registrar_user_session_path
-  #
-  #     click_on 'login-with-mobile-id-btn'
-  #
-  #     fill_in 'user[phone]', with: '1234'
-  #     click_button 'Login'
-  #
-  #     flash_message = page.find('div.bg-success')
-  #     assert_equal('Confirmation sms was sent to your phone. Verification code is 1234.',
-  #                  flash_message.text)
-  #   end
-  # end
-end

test/system/registrar_area/tara/tara_users_test.rb

@@ -0,0 +1,45 @@
+require 'application_system_test_case'
+
+class TaraUsersTest < ApplicationSystemTestCase
+  def setup
+    super
+
+    OmniAuth.config.test_mode = true
+    @user = users(:api_bestnames)
+
+    @existing_user_hash = {
+        'provider' => 'tara',
+        'uid' => "EE" + @user.identity_code
+    }
+
+    @new_user_hash = {
+        'provider' => 'tara',
+        'uid' => 'EE51007050604'
+    }
+  end
+
+  def teardown
+    super
+
+    OmniAuth.config.test_mode = false
+    OmniAuth.config.mock_auth['tara'] = nil
+  end
+
+  def test_existing_user_gets_signed_in
+    OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@existing_user_hash)
+
+    visit new_registrar_user_session_path
+    click_link('Sign in')
+
+    assert_text('Signed in successfully')
+  end
+
+  def test_nonexisting_user_gets_error_message
+    OmniAuth.config.mock_auth[:tara] = OmniAuth::AuthHash.new(@new_user_hash)
+
+    visit new_registrar_user_session_path
+    click_link('Sign in')
+
+    assert_text('No such user')
+  end
+end