Merge pull request #11156 from demarches-simplifiees/fix-current-user…

…-triggers-authentication Tech : Correction d'un comportement étrange sur la connexion par email / mot de passe
demarches-simplifiees · Dec 19, 2024 · 5c45754 · 5c45754
2 parents 151c050 + cfb7dcb
commit 5c45754
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -98,6 +98,14 @@ def expert_signed_in?
     current_expert.present?
   end
 
+  # calling current_user in a before_action will trigger the warden authentication (devise behavior)
+  # which is not what we want in a before_action of a sign_in action (current_user should be nil before explicit sign_in)
+  # so we need to override current_user to avoid this
+  # https://github.com/heartcombo/devise/issues/5602#issuecomment-1876164084
+  def current_user
+    super if warden.authenticated?(scope: :user)
+  end
+
   def current_account
     {
       gestionnaire: current_gestionnaire,

diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb
@@ -99,11 +99,12 @@
 
     context 'when email domain is in mandatory list' do
       let(:email) { '[email protected]' }
-      it 'redirects to agent connect with force parameter' do
+      it 'redirects to agent connect with force parameter and is not logged in' do
         expect(AgentConnectService).to receive(:enabled?).and_return(true)
         subject
         expect(response).to redirect_to(agent_connect_path(force_agent_connect: true))
         expect(flash[:alert]).to eq("La connexion des agents passe à présent systématiquement par AgentConnect")
+        expect(controller.current_user).to be_nil
       end
     end
   end