[TECH] Migrer la route POST /api/admin/users/{id}/remove-authenticati…

…on dans src (PIX-15518) #10700
1024pix · Dec 4, 2024 · d28d77d · d28d77d
2 parents e025664 + 0f65454
commit d28d77d
Show file tree

Hide file tree

Showing 12 changed files with 274 additions and 311 deletions.
diff --git a/api/lib/application/users/index.js b/api/lib/application/users/index.js
@@ -129,39 +129,6 @@ const register = async function (server) {
         tags: ['api', 'admin', 'user', 'authentication-method'],
       },
     },
-    {
-      method: 'POST',
-      path: '/api/admin/users/{id}/remove-authentication',
-      config: {
-        pre: [
-          {
-            method: (request, h) =>
-              securityPreHandlers.hasAtLeastOneAccessOf([
-                securityPreHandlers.checkAdminMemberHasRoleSuperAdmin,
-                securityPreHandlers.checkAdminMemberHasRoleSupport,
-              ])(request, h),
-          },
-        ],
-        validate: {
-          params: Joi.object({
-            id: identifiersType.userId,
-          }),
-          payload: Joi.object({
-            data: {
-              attributes: {
-                type: Joi.string().required(),
-              },
-            },
-          }),
-          options: {
-            allowUnknown: true,
-          },
-        },
-        handler: userController.removeAuthenticationMethod,
-        notes: ['- Permet à un administrateur de supprimer une méthode de connexion'],
-        tags: ['api', 'admin', 'user'],
-      },
-    },
   ];
 
   server.route([

diff --git a/api/lib/application/users/user-controller.js b/api/lib/application/users/user-controller.js
@@ -57,13 +57,6 @@ const resetScorecard = function (request, h, dependencies = { scorecardSerialize
     .then(dependencies.scorecardSerializer.serialize);
 };
 
-const removeAuthenticationMethod = async function (request, h) {
-  const userId = request.params.id;
-  const authenticationMethodType = request.payload.data.attributes.type;
-  await usecases.removeAuthenticationMethod({ userId, authenticationMethodType });
-  return h.response().code(204);
-};
-
 const addPixAuthenticationMethodByEmail = async function (
   request,
   h,
@@ -126,7 +119,6 @@ const userController = {
   reassignAuthenticationMethods,
   rememberUserHasSeenAssessmentInstructions,
   rememberUserHasSeenChallengeTooltip,
-  removeAuthenticationMethod,
   resetScorecard,
 };
 

diff --git a/api/src/identity-access-management/application/user/user.admin.controller.js b/api/src/identity-access-management/application/user/user.admin.controller.js
@@ -89,18 +89,27 @@ const anonymizeUser = async function (request, h, dependencies = { userAnonymize
   return h.response(dependencies.userAnonymizedDetailsForAdminSerializer.serialize(anonymizedUser)).code(200);
 };
 
+const removeAuthenticationMethod = async function (request, h) {
+  const userId = request.params.id;
+  const authenticationMethodType = request.payload.data.attributes.type;
+  await usecases.removeAuthenticationMethod({ userId, authenticationMethodType });
+  return h.response().code(204);
+};
+
 /**
  * @typedef {object} UserAdminController
  * @property {function} anonymizeUser
  * @property {function} findPaginatedFilteredUsers
  * @property {function} getUserDetails
+ * @property {function} removeAuthenticationMethod
  * @property {function} unblockUserAccount
  * @property {function} updateUserDetailsByAdmin
  */
 const userAdminController = {
   anonymizeUser,
   findPaginatedFilteredUsers,
   getUserDetails,
+  removeAuthenticationMethod,
   unblockUserAccount,
   updateUserDetailsByAdmin,
 };

diff --git a/api/src/identity-access-management/application/user/user.admin.route.js b/api/src/identity-access-management/application/user/user.admin.route.js
@@ -180,4 +180,37 @@ export const userAdminRoutes = [
       tags: ['api', 'admin', 'identity-access-management', 'user'],
     },
   },
+  {
+    method: 'POST',
+    path: '/api/admin/users/{id}/remove-authentication',
+    config: {
+      pre: [
+        {
+          method: (request, h) =>
+            securityPreHandlers.hasAtLeastOneAccessOf([
+              securityPreHandlers.checkAdminMemberHasRoleSuperAdmin,
+              securityPreHandlers.checkAdminMemberHasRoleSupport,
+            ])(request, h),
+        },
+      ],
+      validate: {
+        params: Joi.object({
+          id: identifiersType.userId,
+        }),
+        payload: Joi.object({
+          data: {
+            attributes: {
+              type: Joi.string().required(),
+            },
+          },
+        }),
+        options: {
+          allowUnknown: true,
+        },
+      },
+      handler: (request, h) => userAdminController.removeAuthenticationMethod(request, h),
+      notes: ['- Permet à un administrateur de supprimer une méthode de connexion'],
+      tags: ['api', 'identity-access-management', 'admin', 'user'],
+    },
+  },
 ];
diff --git a/.../usecases/remove-authentication-method.js → ...s/remove-authentication-method.usecase.js b/.../usecases/remove-authentication-method.js → ...s/remove-authentication-method.usecase.js
@@ -1,7 +1,16 @@
-import { NON_OIDC_IDENTITY_PROVIDERS } from '../../../src/identity-access-management/domain/constants/identity-providers.js';
-import * as OidcIdentityProviders from '../../../src/identity-access-management/domain/constants/oidc-identity-providers.js';
-import { UserNotAuthorizedToRemoveAuthenticationMethod } from '../../../src/shared/domain/errors.js';
+import { UserNotAuthorizedToRemoveAuthenticationMethod } from '../../../shared/domain/errors.js';
+import { NON_OIDC_IDENTITY_PROVIDERS } from '../constants/identity-providers.js';
+import * as OidcIdentityProviders from '../constants/oidc-identity-providers.js';
 
+/**
+ * @param{object} params
+ * @param{string} params.userId
+ * @param{string} params.authenticationMethodType
+ * @param{UserRepository} userRepository
+ * @param{AuthenticationMethodRepository} authenticationMethodRepository
+ * @returns {Promise<void>}
+ * @throws UserNotAuthorizedToRemoveAuthenticationMethod
+ */
 export const removeAuthenticationMethod = async function ({
   userId,
   authenticationMethodType,

diff --git a/api/tests/acceptance/application/users/users-controller-remove-authentication-method_test.js b/api/tests/acceptance/application/users/users-controller-remove-authentication-method_test.js
diff --git a/api/tests/identity-access-management/acceptance/application/user/user.admin.route.test.js b/api/tests/identity-access-management/acceptance/application/user/user.admin.route.test.js
@@ -1,3 +1,4 @@
+import { NON_OIDC_IDENTITY_PROVIDERS } from '../../../../../src/identity-access-management/domain/constants/identity-providers.js';
 import { QUERY_TYPES } from '../../../../../src/identity-access-management/domain/constants/user-query.js';
 import {
   createServer,
@@ -412,4 +413,64 @@ describe('Acceptance | Identity Access Management | Application | Route | Admin
       expect(organizationLearnerMembership.disabledAt).not.to.be.null;
     });
   });
+
+  describe('POST /api/admin/users/{id}/remove-authentication', function () {
+    let server;
+    let user;
+    let options;
+
+    beforeEach(async function () {
+      server = await createServer();
+      user = databaseBuilder.factory.buildUser({ username: 'jhn.doe0101', email: null });
+      databaseBuilder.factory.buildAuthenticationMethod.withPixAsIdentityProviderAndHashedPassword({
+        userId: user.id,
+      });
+      databaseBuilder.factory.buildAuthenticationMethod.withGarAsIdentityProvider({ userId: user.id });
+
+      const superAdmin = await insertUserWithRoleSuperAdmin();
+      options = {
+        method: 'POST',
+        url: `/api/admin/users/${user.id}/remove-authentication`,
+        payload: {
+          data: {
+            attributes: {
+              type: 'USERNAME',
+            },
+          },
+        },
+        headers: { authorization: generateValidRequestAuthorizationHeader(superAdmin.id) },
+      };
+      return databaseBuilder.commit();
+    });
+
+    describe('POST /admin/users/:id/remove-authentication', function () {
+      it('returns a 204 HTTP status code', async function () {
+        // when
+        const response = await server.inject(options);
+
+        // then
+        expect(response.statusCode).to.equal(204);
+      });
+
+      it('sets the username to null', async function () {
+        // when
+        await server.inject(options);
+
+        // then
+        const updatedUser = await knex('users').where({ id: user.id }).first();
+        expect(updatedUser.username).to.be.null;
+      });
+
+      it('removes PIX authenticationMethod', async function () {
+        // when
+        await server.inject(options);
+
+        // then
+        const pixAuthenticationMethod = await knex('authentication-methods')
+          .where({ userId: user.id, identityProvider: NON_OIDC_IDENTITY_PROVIDERS.PIX.code })
+          .first();
+        expect(pixAuthenticationMethod).to.be.undefined;
+      });
+    });
+  });
 });