Return oidc membership_verifier_url only for former or active members (#1316)

app/domain/sac_cas/oidc_claim_setup.rb

@@ -58,7 +58,7 @@ def picture_url(owner)
   end
 
   def membership_verify_url(owner)
-    People::Membership::VerificationQrCode.new(owner).verify_url
+    People::Membership::VerificationQrCode.new(owner).verify_url if owner.sac_membership_anytime?
   end
 
   def phone(owner)

app/views/people/_show_right_z_sac_cas.html.haml

@@ -9,9 +9,9 @@
 - if can?(:update, entry) && entry.sac_membership_anytime?
   %section.sac-membership.row
     %h2.col-md-8
-      = t('.section_sac_membership') 
+      = t('.section_sac_membership')
     .col-sm-4.d-flex.justify-content-end
-      = action_button(t('.download_pdf'), membership_path(entry, format: :pdf), 
+      = action_button(t('.download_pdf'), membership_path(entry, format: :pdf),
         :download, class: 'membership-download', target: '_blank')
 
     .d-flex.justify-content-center.w-100

spec/controllers/oauth/userinfo_controller_spec.rb

@@ -42,9 +42,27 @@
           country: user.country,
           phone: nil,
           picture_url: /\/packs(-test)?\/media\/images\/profile-.*\.svg/,
-          membership_verify_url: "http://localhost:3000/verify_membership/aSuperSweetToken42"
+          membership_verify_url: nil
         }.deep_stringify_keys)
       end
+
+      context "with membership" do
+        let(:user) { mitglied.person }
+        let(:mitglied) { roles(:mitglied) }
+
+        it "includes membership_verify_url" do
+          get :show, params: {access_token: token.token}
+          expect(response.status).to eq 200
+          expect(data["membership_verify_url"]).to eq "http://localhost:3000/verify_membership/aSuperSweetToken42"
+        end
+
+        it "includes membership_verify_url even if expired" do
+          mitglied.update!(end_on: 1.year.ago)
+          get :show, params: {access_token: token.token}
+          expect(response.status).to eq 200
+          expect(data["membership_verify_url"]).to eq "http://localhost:3000/verify_membership/aSuperSweetToken42"
+        end
+      end
     end
 
     context "with with_roles scope" do
@@ -80,7 +98,7 @@
           phone: nil,
           membership_years: "0.0",
           picture_url: %r{packs(-test)?/media/images/profile-.*\.svg},
-          membership_verify_url: "http://localhost:3000/verify_membership/aSuperSweetToken42",
+          membership_verify_url: nil,
           roles: [
             {
               group_id: user.roles.first.group_id,

spec/domain/oidc_claim_setup_spec.rb

@@ -18,8 +18,6 @@
   before do
     allow(ENV).to receive(:fetch).and_call_original
     allow(ENV).to receive(:fetch).with("RAILS_HOST_NAME", "localhost:3000").and_return("hitobito.example.com")
-    allow(ENV).to receive(:fetch).with("RAILS_HOST_NAME").and_return("hitobito.example.com")
-    allow_any_instance_of(People::Membership::VerificationQrCode).to receive(:membership_verify_token).and_return("aSuperSweetToken42")
   end
 
   shared_examples "shared claims" do
@@ -49,8 +47,18 @@
       expect(claims[:picture_url]).to start_with "http://test.host/rails/active_storage/blobs/redirect"
     end
 
-    it "membership_verify_url is present" do
-      expect(claims[:membership_verify_url]).to eq "http://hitobito.example.com/verify_membership/aSuperSweetToken42"
+    it "membership_verify_url is nil" do
+      expect(claims[:membership_verify_url]).to be_nil
+    end
+
+    context "mitglied" do
+      let(:owner) { people(:mitglied) }
+
+      before { allow_any_instance_of(People::Membership::VerificationQrCode).to receive(:membership_verify_token).and_return("aSuperSweetToken42") }
+
+      it "membership_verify_url is present" do
+        expect(claims[:membership_verify_url]).to eq "http://hitobito.example.com/verify_membership/aSuperSweetToken42"
+      end
     end
 
     it_behaves_like "shared claims"