hooks: un-verify user attributes in FC unlink user action (#66577)

2022-06-24 13:04:39 +02:00 · 2022-06-24 13:04:39 +02:00 · 46918eaec0
parent b2a58241d1
commit 46918eaec0
2 changed files with 47 additions and 1 deletions
--- a/src/authentic2_cut/apps.py
+++ b/src/authentic2_cut/apps.py
@ -747,6 +747,14 @@ class AppConfig(django.apps.AppConfig):
        self.perform_fc_validation(user, request)

    def cut_event_fc_unlink(self, user, **kwargs):
+        if user.attributes.validated and user.attributes.validation_context in (
+            'FC',
+            'fc',
+        ):
+            user.attributes.validation_context = None
+            user.attributes.validation_date = None
+            user.attributes.validation_partner = None
+            user.attributes.validated = False
        self.log_action(user, 'déliaison de FranceConnect')

    def get_authentication_how(self):
--- a/tests/test_hooks.py
+++ b/tests/test_hooks.py
@ -2,8 +2,9 @@ from authentic2.custom_user.models import Profile, ProfileType
 from authentic2.manager.tables import UserTable
 from authentic2.manager.user_views import UsersView
 from authentic2.models import Attribute, AttributeValue
-from authentic2_auth_fc.models import FcAccount
+from authentic2_auth_fc.models import FcAccount, FcAuthenticator
 from django.contrib.auth import get_user_model
+from django.urls import reverse
 from django.utils.timezone import now
 from utils import login

@ -134,3 +135,40 @@ def test_a2_hook_manager_modify_other_actions_remove_fc(db, rf, app, admin):
    assert not user.attributes.validation_date
    assert not user.attributes.validation_partner
    assert not user.attributes.validated
+
+
+def test_cut_event_fc_unlink(db, rf, app):
+    class DummyModule:
+        __path__ = [
+            './dummy',
+        ]
+
+    dummy = DummyModule()
+    title = Attribute.objects.get(name='title')
+    app_config = AppConfig('authentic2_cut', dummy)
+
+    FcAuthenticator.objects.create(enabled=True)
+    User = get_user_model()
+    user = User.objects.create(
+        email='john.doe@example.org', first_name='John', last_name='Doe', username='jdoe'
+    )
+    user.set_password('jdoe')
+    AttributeValue.objects.create(owner=user, attribute=title, content='Mr')
+    FcAccount.objects.create(user=user, sub='sub1')
+    user.attributes.validation_context = 'FC'
+    user.attributes.validation_date = now().date()
+    user.attributes.validation_partner = 'lambda'
+    user.attributes.validated = True
+    user.save()
+
+    login(app, user)
+    response = app.get(reverse('fc-unlink'))
+    response = response.form.submit('unlink')
+
+    user = User.objects.get(email='john.doe@example.org')
+    assert FcAccount.objects.filter(user=user).count() == 0
+    assert AttributeValue.objects.with_owner(user).filter(verified=True).count() == 0
+    assert not user.attributes.validation_context
+    assert not user.attributes.validation_date
+    assert not user.attributes.validation_partner
+    assert not user.attributes.validated