From 6c47c2082182715c0e9f6d0b6ee8c9f6cb3b1590 Mon Sep 17 00:00:00 2001 From: Andreas Maierhofer Date: Mon, 2 Dec 2024 12:56:46 +0100 Subject: [PATCH] Return oidc membership_verifier_url only for former or active members (#1316) --- app/domain/sac_cas/oidc_claim_setup.rb | 2 +- .../people/_show_right_z_sac_cas.html.haml | 4 ++-- .../oauth/userinfo_controller_spec.rb | 22 +++++++++++++++++-- spec/domain/oidc_claim_setup_spec.rb | 16 ++++++++++---- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/app/domain/sac_cas/oidc_claim_setup.rb b/app/domain/sac_cas/oidc_claim_setup.rb index 7c8b6015a..b6ca3677e 100644 --- a/app/domain/sac_cas/oidc_claim_setup.rb +++ b/app/domain/sac_cas/oidc_claim_setup.rb @@ -58,7 +58,7 @@ def picture_url(owner) end def membership_verify_url(owner) - People::Membership::VerificationQrCode.new(owner).verify_url + People::Membership::VerificationQrCode.new(owner).verify_url if owner.sac_membership_anytime? end def phone(owner) diff --git a/app/views/people/_show_right_z_sac_cas.html.haml b/app/views/people/_show_right_z_sac_cas.html.haml index 7c90ddd79..12063006d 100644 --- a/app/views/people/_show_right_z_sac_cas.html.haml +++ b/app/views/people/_show_right_z_sac_cas.html.haml @@ -9,9 +9,9 @@ - if can?(:update, entry) && entry.sac_membership_anytime? %section.sac-membership.row %h2.col-md-8 - = t('.section_sac_membership') + = t('.section_sac_membership') .col-sm-4.d-flex.justify-content-end - = action_button(t('.download_pdf'), membership_path(entry, format: :pdf), + = action_button(t('.download_pdf'), membership_path(entry, format: :pdf), :download, class: 'membership-download', target: '_blank') .d-flex.justify-content-center.w-100 diff --git a/spec/controllers/oauth/userinfo_controller_spec.rb b/spec/controllers/oauth/userinfo_controller_spec.rb index ef03d6c05..771be9fb8 100644 --- a/spec/controllers/oauth/userinfo_controller_spec.rb +++ b/spec/controllers/oauth/userinfo_controller_spec.rb @@ -42,9 +42,27 @@ country: user.country, phone: nil, picture_url: /\/packs(-test)?\/media\/images\/profile-.*\.svg/, - membership_verify_url: "http://localhost:3000/verify_membership/aSuperSweetToken42" + membership_verify_url: nil }.deep_stringify_keys) end + + context "with membership" do + let(:user) { mitglied.person } + let(:mitglied) { roles(:mitglied) } + + it "includes membership_verify_url" do + get :show, params: {access_token: token.token} + expect(response.status).to eq 200 + expect(data["membership_verify_url"]).to eq "http://localhost:3000/verify_membership/aSuperSweetToken42" + end + + it "includes membership_verify_url even if expired" do + mitglied.update!(end_on: 1.year.ago) + get :show, params: {access_token: token.token} + expect(response.status).to eq 200 + expect(data["membership_verify_url"]).to eq "http://localhost:3000/verify_membership/aSuperSweetToken42" + end + end end context "with with_roles scope" do @@ -80,7 +98,7 @@ phone: nil, membership_years: "0.0", picture_url: %r{packs(-test)?/media/images/profile-.*\.svg}, - membership_verify_url: "http://localhost:3000/verify_membership/aSuperSweetToken42", + membership_verify_url: nil, roles: [ { group_id: user.roles.first.group_id, diff --git a/spec/domain/oidc_claim_setup_spec.rb b/spec/domain/oidc_claim_setup_spec.rb index 0500c8e21..0b6b01b70 100644 --- a/spec/domain/oidc_claim_setup_spec.rb +++ b/spec/domain/oidc_claim_setup_spec.rb @@ -18,8 +18,6 @@ before do allow(ENV).to receive(:fetch).and_call_original allow(ENV).to receive(:fetch).with("RAILS_HOST_NAME", "localhost:3000").and_return("hitobito.example.com") - allow(ENV).to receive(:fetch).with("RAILS_HOST_NAME").and_return("hitobito.example.com") - allow_any_instance_of(People::Membership::VerificationQrCode).to receive(:membership_verify_token).and_return("aSuperSweetToken42") end shared_examples "shared claims" do @@ -49,8 +47,18 @@ expect(claims[:picture_url]).to start_with "http://test.host/rails/active_storage/blobs/redirect" end - it "membership_verify_url is present" do - expect(claims[:membership_verify_url]).to eq "http://hitobito.example.com/verify_membership/aSuperSweetToken42" + it "membership_verify_url is nil" do + expect(claims[:membership_verify_url]).to be_nil + end + + context "mitglied" do + let(:owner) { people(:mitglied) } + + before { allow_any_instance_of(People::Membership::VerificationQrCode).to receive(:membership_verify_token).and_return("aSuperSweetToken42") } + + it "membership_verify_url is present" do + expect(claims[:membership_verify_url]).to eq "http://hitobito.example.com/verify_membership/aSuperSweetToken42" + end end it_behaves_like "shared claims"