feat(user): add certification routes

.github/workflows/end-to-end.yml

@@ -7,20 +7,11 @@ on:
       - "!master"
 
 env:
-  PGUSER: moncomptepro
-  PGPASSWORD: moncomptepro
-  PGDATABASE: moncomptepro
-  PGHOST: 127.0.0.1
-  PGPORT: 5432
   BREVO_API_KEY: ${{ secrets.BREVO_API_KEY }}
-  CYPRESS_BASE_URL: http://172.18.0.1:3000
-  CYPRESS_MAILSLURP_API_KEY: ${{ secrets.MAILSLURP_API_KEY }}
-  DATABASE_URL: postgres://moncomptepro:[email protected]:5432/moncomptepro
+  DATABASE_URL: postgres://moncomptepro:moncomptepro@localhost:5432/moncomptepro
   DEBOUNCE_API_KEY: ${{ secrets.DEBOUNCE_API_KEY }}
-  FEATURE_SEND_MAIL: "True"
   INSEE_CONSUMER_KEY: ${{ secrets.INSEE_CONSUMER_KEY }}
   INSEE_CONSUMER_SECRET: ${{ secrets.INSEE_CONSUMER_SECRET }}
-  HOST: http://172.18.0.1:3000
   ZAMMAD_TOKEN: ${{ secrets.ZAMMAD_TOKEN }}
 jobs:
   test:
@@ -47,6 +38,7 @@ jobs:
           - set_info_after_account_provisioning
           - signin_from_proconnect_federation_client
           - signin_from_standard_client
+          - signin_with_certification_dirigeant
           - signin_with_email_verification
           - signin_with_email_verification_renewal
           - signin_with_legacy_scope
@@ -56,52 +48,10 @@ jobs:
           - signup_entreprise_unipersonnelle
           - update_personal_information
     runs-on: ubuntu-22.04
-    services:
-      standard-client:
-        image: ghcr.io/numerique-gouv/proconnect-test-client
-        ports:
-          - 4000:3000
-        env:
-          SITE_TITLE: standard-client
-          HOST: http://localhost:4000
-          PC_CLIENT_ID: standard_client_id
-          PC_CLIENT_SECRET: standard_client_secret
-          PC_PROVIDER: ${{ env.HOST }}
-          PC_SCOPES: openid email profile organization
-          ACR_VALUE_FOR_2FA: https://proconnect.gouv.fr/assurance/consistency-checked-2fa
-          STYLESHEET_URL: ""
-      proconnect-federation-client:
-        image: ghcr.io/numerique-gouv/proconnect-test-client
-        ports:
-          - 4001:3000
-        env:
-          SITE_TITLE: proconnect-federation-client
-          HOST: http://localhost:4001
-          PC_CLIENT_ID: proconnect_federation_client_id
-          PC_CLIENT_SECRET: proconnect_federation_client_secret
-          PC_PROVIDER: ${{ env.HOST }}
-          PC_SCOPES: openid uid given_name usual_name email siren siret organizational_unit belonging_population phone chorusdt is_service_public is_public_service
-          PC_ID_TOKEN_SIGNED_RESPONSE_ALG: ES256
-          PC_USERINFO_SIGNED_RESPONSE_ALG: ES256
-          STYLESHEET_URL: ""
-          LOGIN_HINT: [email protected]
-          ACR_VALUES: eidas1
-      redis:
-        image: redis:7.2
-        ports:
-          - 6379:6379
-      postgres:
-        image: postgres:15.10
-        env:
-          POSTGRES_USER: ${{ env.PGUSER }}
-          POSTGRES_PASSWORD: ${{ env.PGPASSWORD }}
-          POSTGRES_DB: ${{ env.PGDATABASE }}
-        ports:
-          - 5432:5432
     steps:
       - uses: actions/checkout@v4
 
-      - run: docker compose up --build --detach maildev
+      - run: docker compose up --build --detach
 
       - run: corepack enable
       - uses: actions/setup-node@v4
@@ -116,7 +66,7 @@ jobs:
       - name: Cypress run
         uses: cypress-io/[email protected]
         with:
-          wait-on: ${{ env.HOST }}/users/start-sign-in
+          wait-on: http://localhost:3000/users/start-sign-in
           build: npm run build:assets
           start: npx dotenvx run -f cypress/e2e/${{ matrix.e2e_test }}/env.conf --overload -- npm start
           install: false

cypress/e2e/signin_with_certification_dirigeant/env.conf

@@ -0,0 +1 @@
+DO_NOT_SEND_MAIL="True"

cypress/e2e/signin_with_certification_dirigeant/fixtures.sql

@@ -0,0 +1,36 @@
+INSERT INTO users
+(id, email, email_verified, email_verified_at, encrypted_password, created_at, updated_at,
+ given_name, family_name, phone_number, job, encrypted_totp_key, totp_key_verified_at, force_2fa)
+VALUES
+  (1, '[email protected]', true, CURRENT_TIMESTAMP,
+   '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP,
+   'Jean', 'Certification', '0123456789', 'Dirigeant',
+   null, null, false);
+
+INSERT INTO organizations
+  (id, siret, created_at, updated_at)
+VALUES
+  (1, '21340126800130', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
+
+INSERT INTO users_organizations
+  (user_id, organization_id, is_external, verification_type, has_been_greeted)
+VALUES
+  (1, 1, false, 'domain', true);
+
+INSERT INTO oidc_clients
+(client_name, client_id, client_secret, redirect_uris,
+ post_logout_redirect_uris, scope, client_uri, client_description,
+ userinfo_signed_response_alg, id_token_signed_response_alg,
+ authorization_signed_response_alg, introspection_signed_response_alg)
+VALUES
+  ('Oidc Test Client',
+   'standard_client_id',
+   'standard_client_secret',
+   ARRAY [
+     'http://localhost:4000/login-callback'
+     ],
+   ARRAY []::varchar[],
+   'openid email profile organization',
+   'http://localhost:4000/',
+   'ProConnect test client. More info: https://github.com/numerique-gouv/proconnect-test-client.',
+   null, null, null, null);

cypress/e2e/signin_with_certification_dirigeant/index.cy.ts

@@ -0,0 +1,40 @@
+describe("sign-in with a client requiring certification dirigeant", () => {
+  beforeEach(() => {
+    cy.visit("http://localhost:4000");
+    cy.setRequestedAcrs([
+      "https://proconnect.gouv.fr/assurance/certification-dirigeant",
+    ]);
+  });
+
+  it("should sign-in an return the right acr value", function () {
+    cy.get("button#custom-connection").click({ force: true });
+    cy.login("[email protected]");
+
+    cy.contains("Authentifier votre statut");
+    cy.contains("S’identifier avec").click();
+
+    cy.origin("https://fcp.integ01.dev-franceconnect.fr", () => {
+      cy.contains("FIP1-LOW - eIDAS LOW").click();
+    });
+    cy.origin("https://fip1-low.integ01.fcp.fournisseur-d-identite.fr", () => {
+      cy.contains("Mot de passe").click();
+      cy.focused().type("123");
+      cy.contains("Valider").click();
+    });
+    cy.origin("https://fcp.integ01.dev-franceconnect.fr", () => {
+      cy.contains("Continuer sur FSPublic").click();
+    });
+
+    cy.contains("Vous allez vous connecter en tant que ");
+    cy.contains("Angela Claire Louise DUBOIS");
+
+    cy.contains(
+      "J'accepte que FranceConnect transmette mes données au service pour me connecter",
+    ).click();
+    cy.contains("Continuer").click();
+
+    cy.contains(
+      '"acr": "https://proconnect.gouv.fr/assurance/certification-dirigeant"',
+    );
+  });
+});

cypress/e2e/signin_with_right_acr/env.conf

@@ -1 +1,2 @@
 DO_NOT_SEND_MAIL="True"
+FEATURE_CONSIDER_ALL_USERS_AS_CERTIFIED="True"

cypress/e2e/signin_with_right_acr/index.cy.ts

@@ -154,7 +154,7 @@ describe("sign-in with a client requiring certification dirigeant and 2fa identi
   });
 });
 
-describe("qign-in with a the requiring certification dirigeant and consistency-checked", () => {
+describe("sign-in with a client requiring certification dirigeant and consistency-checked", () => {
   beforeEach(() => {
     cy.visit("http://localhost:4000");
     cy.setRequestedAcrs([

cypress/e2e/update_personal_information/fixtures.sql

@@ -2,7 +2,8 @@ INSERT INTO users
   (id, email, email_verified, email_verified_at, encrypted_password, created_at, updated_at, given_name, family_name,
    phone_number, job)
 VALUES
-  (1, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Konrad', 'Curze', '0404040404', 'Primarque');
+  (1, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'God', 'Empire', '0999999999', 'God Empire'),
+  (2, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Konrad', 'Curze', '0404040404', 'Primarque');
 
 INSERT INTO organizations
   (id, siret, created_at, updated_at)
@@ -12,4 +13,10 @@ VALUES
 INSERT INTO users_organizations
   (user_id, organization_id, is_external, verification_type, has_been_greeted)
 VALUES
-  (1, 1, false, 'verified_email_domain', true);
+  (1, 1, false, 'verified_email_domain', true),
+  (2, 1, false, 'verified_email_domain', true);
+
+INSERT INTO users_verification
+  (user_id, verification_type, verified_at)
+VALUES
+  (1, 'franceconnect', CURRENT_TIMESTAMP);

cypress/e2e/update_personal_information/index.cy.ts

@@ -19,12 +19,12 @@ describe("Signup into new entreprise unipersonnelle", () => {
       "Mise à jour de vos données personnelles",
     ).then((email) => {
       cy.maildevVisitMessageById(email.id);
+      cy.maildevDeleteMessageById(email.id);
       cy.contains(
         "Nous vous informons que vos données personnelles ont été mises à jour avec succès.",
       );
       cy.contains("Prénom : Night");
       cy.contains("Nom de famille : Haunter");
-      cy.maildevDeleteMessageById(email.id);
     });
   });
 
@@ -43,4 +43,27 @@ describe("Signup into new entreprise unipersonnelle", () => {
       );
     });
   });
+
+  it("should no allow verified user to update given and family name", () => {
+    cy.visit("/personal-information");
+
+    cy.login("[email protected]");
+
+    ["given_name", "family_name"].forEach((inputName) => {
+      cy.get(`input[name="${inputName}"]`).should(
+        "have.attr",
+        "readonly",
+        "readonly",
+      );
+    });
+
+    cy.contains("Issue de votre vérification par FranceConnect");
+    cy.contains("Profession").click();
+    cy.focused().clear().type("Guide GPS Warp");
+
+    cy.get('[type="submit"]').contains("Mettre à jour").click();
+
+    cy.contains("Vos informations ont été mises à jour.");
+    cy.contains("Guide GPS Warp");
+  });
 });

docker-compose.yml

@@ -57,10 +57,8 @@ services:
     network_mode: "host"
 
   maildev:
-    ports:
-      - "1080:1080"
-      - "1025:1025"
     image: soulteary/maildev
+    network_mode: "host"
 
 volumes:
   db-data:

migrations/1739189148263_create-verification-user-table.cjs

@@ -0,0 +1,18 @@
+exports.shorthands = undefined;
+
+exports.up = async (pgm) => {
+  await pgm.db.query(`
+  CREATE TABLE users_verification (
+    user_id           INTEGER UNIQUE PRIMARY KEY REFERENCES users (id) ON DELETE CASCADE,
+    verification_type VARCHAR(255),
+    verified_at       TIMESTAMP WITH TIME ZONE,
+
+    created_at  TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at  TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP
+  );
+  `);
+};
+
+exports.down = async (pgm) => {
+  await pgm.db.query(`DROP TABLE users_verification;`);
+};

package.json

@@ -9,10 +9,10 @@
   },
   "main": "src/index.js",
   "workspaces": [
-    "packages/devtools/typescript",
     "packages/core",
     "packages/crisp",
     "packages/debounce",
+    "packages/devtools/typescript",
     "packages/email",
     "packages/insee",
     "packages/identite"

packages/identite/package.json

@@ -46,6 +46,7 @@
     "spec": "src/**/*.test.ts"
   },
   "dependencies": {
+    "openid-client": "^6.1.7",
     "sql-template-tag": "^5.2.1"
   },
   "devDependencies": {