refactor(api): move route

igorissen · igorissen · commit b831eb736a03 · 2024-05-23T17:48:15.000+02:00
to identity-access-management bounded context
diff --git a/api/lib/application/authentication/oidc/index.js b/api/lib/application/authentication/oidc/index.js
@@ -33,32 +33,6 @@ const register = async function (server) {
 
   server.route([
     ...adminRoutes,
-    {
-      method: 'POST',
-      path: '/api/oidc/user/check-reconciliation',
-      config: {
-        auth: false,
-        validate: {
-          payload: Joi.object({
-            data: Joi.object({
-              attributes: Joi.object({
-                email: Joi.string().email().required(),
-                password: Joi.string().required(),
-                'identity-provider': Joi.string().required(),
-                'authentication-key': Joi.string().required(),
-              }),
-              type: Joi.string(),
-            }),
-          }),
-        },
-        handler: oidcController.findUserForReconciliation,
-        notes: [
-          "- Cette route permet d'identifier un utilisateur Pix provenant de la double mire OIDC.\n" +
-            "- Elle renvoie un objet contenant des informations sur l'utilisateur.",
-        ],
-        tags: ['api', 'oidc'],
-      },
-    },
     {
       method: 'POST',
       path: '/api/oidc/user/reconcile',
diff --git a/api/src/identity-access-management/application/oidc-provider/oidc-provider.route.js b/api/src/identity-access-management/application/oidc-provider/oidc-provider.route.js
@@ -106,4 +106,30 @@ export const oidcProviderRoutes = [
       tags: ['identity-access-management', 'api', 'oidc'],
     },
   },
+  {
+    method: 'POST',
+    path: '/api/oidc/user/check-reconciliation',
+    config: {
+      auth: false,
+      validate: {
+        payload: Joi.object({
+          data: Joi.object({
+            attributes: Joi.object({
+              email: Joi.string().email().required(),
+              password: Joi.string().required(),
+              'identity-provider': Joi.string().required(),
+              'authentication-key': Joi.string().required(),
+            }),
+            type: Joi.string(),
+          }),
+        }),
+      },
+      handler: (request, h) => oidcProviderController.findUserForReconciliation(request, h),
+      notes: [
+        "- Cette route permet d'identifier un utilisateur Pix provenant de la double mire OIDC.\n" +
+          "- Elle renvoie un objet contenant des informations sur l'utilisateur.",
+      ],
+      tags: ['identity-access-management', 'api', 'oidc'],
+    },
+  },
 ];
diff --git a/api/tests/acceptance/application/authentication/oidc/check-reconciliation-route-post_test.js b/api/tests/acceptance/application/authentication/oidc/check-reconciliation-route-post_test.js
diff --git a/api/tests/identity-access-management/acceptance/application/oidc-provider.route.test.js b/api/tests/identity-access-management/acceptance/application/oidc-provider.route.test.js
@@ -501,4 +501,57 @@ describe('Acceptance | Identity Access Management | Application | Route | oidc-p
       });
     });
   });
+
+  describe('POST /api/oidc/user/check-reconciliation', function () {
+    context('when user has no oidc authentication method', function () {
+      it('returns 200 HTTP status', async function () {
+        // given
+        const server = await createServer();
+        databaseBuilder.factory.buildUser.withRawPassword({ email: 'eva.poree@example.net', rawPassword: 'pix123' });
+        await databaseBuilder.commit();
+
+        const idToken = jsonwebtoken.sign(
+          {
+            given_name: 'Brice',
+            family_name: 'Glace',
+            nonce: 'nonce',
+            sub: 'some-user-unique-id',
+          },
+          'secret',
+        );
+        const userAuthenticationKey = await authenticationSessionService.save({
+          sessionContent: { idToken },
+          userInfo: {
+            firstName: 'Brice',
+            lastName: 'Glace',
+            nonce: 'nonce',
+            externalIdentityId: 'some-user-unique-id',
+          },
+        });
+
+        // when
+        const response = await server.inject({
+          method: 'POST',
+          url: `/api/oidc/user/check-reconciliation`,
+          payload: {
+            data: {
+              attributes: {
+                email: 'eva.poree@example.net',
+                password: 'pix123',
+                'identity-provider': 'OIDC_EXAMPLE_NET',
+                'authentication-key': userAuthenticationKey,
+              },
+            },
+          },
+        });
+
+        // then
+        expect(response.statusCode).to.equal(200);
+        expect(response.result.data.attributes['full-name-from-pix']).to.exist;
+        expect(response.result.data.attributes['full-name-from-external-identity-provider']).to.exist;
+        expect(response.result.data.attributes['email']).to.exist;
+        expect(response.result.data.attributes['authentication-methods']).to.exist;
+      });
+    });
+  });
 });
diff --git a/api/tests/identity-access-management/integration/application/oidc-provider.route.test.js b/api/tests/identity-access-management/integration/application/oidc-provider.route.test.js
@@ -0,0 +1,97 @@
+import {
+  AuthenticationKeyExpired,
+  DifferentExternalIdentifierError,
+  UserNotFoundError,
+} from '../../../../lib/domain/errors.js';
+import { oidcProviderController } from '../../../../src/identity-access-management/application/oidc-provider/oidc-provider.controller.js';
+import { identityAccessManagementRoutes } from '../../../../src/identity-access-management/application/routes.js';
+import { expect, HttpTestServer, sinon } from '../../../test-helper.js';
+
+const routesUnderTest = identityAccessManagementRoutes[0];
+
+describe('Integration | Identity Access Management | Application | Route | oidc-provider', function () {
+  let httpTestServer;
+
+  beforeEach(async function () {
+    httpTestServer = new HttpTestServer();
+    httpTestServer.setupDeserialization();
+    await httpTestServer.register(routesUnderTest);
+  });
+
+  describe('POST /api/oidc/user/check-reconciliation', function () {
+    context('error cases', function () {
+      context('when user is not found', function () {
+        it('returns a response with HTTP status code 404', async function () {
+          // given
+          sinon.stub(oidcProviderController, 'findUserForReconciliation').rejects(new UserNotFoundError());
+
+          // when
+          const response = await httpTestServer.request('POST', '/api/oidc/user/check-reconciliation', {
+            data: {
+              attributes: {
+                email: 'eva.poree@example.net',
+                password: 'pix123',
+                'identity-provider': 'POLE_EMPLOI',
+                'authentication-key': '123abc',
+              },
+            },
+          });
+
+          // then
+          expect(response.statusCode).to.equal(404);
+          expect(response.result.errors[0].detail).to.equal('Ce compte est introuvable.');
+        });
+      });
+
+      context('when authentication key expired', function () {
+        it('returns a response with HTTP status code 401', async function () {
+          // given
+          sinon.stub(oidcProviderController, 'findUserForReconciliation').rejects(new AuthenticationKeyExpired());
+
+          // when
+          const response = await httpTestServer.request('POST', '/api/oidc/user/check-reconciliation', {
+            data: {
+              attributes: {
+                email: 'eva.poree@example.net',
+                password: 'pix123',
+                'identity-provider': 'POLE_EMPLOI',
+                'authentication-key': '123abc',
+              },
+            },
+          });
+
+          // then
+          expect(response.statusCode).to.equal(401);
+          expect(response.result.errors[0].detail).to.equal('This authentication key has expired.');
+        });
+      });
+
+      context('when external identity id and external identifier are different', function () {
+        it('returns a response with HTTP status code 412', async function () {
+          // given
+          sinon
+            .stub(oidcProviderController, 'findUserForReconciliation')
+            .rejects(new DifferentExternalIdentifierError());
+
+          // when
+          const response = await httpTestServer.request('POST', '/api/oidc/user/check-reconciliation', {
+            data: {
+              attributes: {
+                email: 'eva.poree@example.net',
+                password: 'pix123',
+                'identity-provider': 'POLE_EMPLOI',
+                'authentication-key': '123abc',
+              },
+            },
+          });
+
+          // then
+          expect(response.statusCode).to.equal(409);
+          expect(response.result.errors[0].detail).to.equal(
+            "La valeur de l'externalIdentifier de la méthode de connexion ne correspond pas à celui reçu par le partenaire.",
+          );
+        });
+      });
+    });
+  });
+});
diff --git a/api/tests/integration/application/authentication/oidc/index_test.js b/api/tests/integration/application/authentication/oidc/index_test.js
diff --git a/api/tests/tooling/server/http-test-server.js b/api/tests/tooling/server/http-test-server.js
@@ -3,6 +3,7 @@ import Hapi from '@hapi/hapi';
 import { setupErrorHandling } from '../../../config/server-setup-error-handling.js';
 import { authentication } from '../../../lib/infrastructure/authentication.js';
 import { handleFailAction } from '../../../lib/validate.js';
+import { deserializer } from '../../../src/shared/infrastructure/serializers/jsonapi/deserializer.js';
 
 const routesConfig = {
   routes: {
@@ -56,6 +57,15 @@ class HttpTestServer {
     );
     this.hapiServer.auth.default(authentication.defaultStrategy);
   }
+
+  setupDeserialization() {
+    this.hapiServer.ext('onPreHandler', async (request, h) => {
+      if (request.payload?.data) {
+        request.deserializedPayload = await deserializer.deserialize(request.payload);
+      }
+      return h.continue;
+    });
+  }
 }
 
 export { HttpTestServer };
