gip-inclusion · vincentporte · Dec 9, 2024 · Dec 5, 2024 · Dec 5, 2024 · Dec 9, 2024
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -102,6 +102,7 @@
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "lacommunaute.utils.middleware.ParkingPageMiddleware",
+    "lacommunaute.openid_connect.middleware.ProConnectLoginMiddleware",
 ]
 
 THIRD_PARTIES_MIDDLEWARE = [

diff --git a/lacommunaute/openid_connect/middleware.py b/lacommunaute/openid_connect/middleware.py
@@ -0,0 +1,24 @@
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+from django.utils.deprecation import MiddlewareMixin
+from django.utils.http import urlencode
+
+
+class ProConnectLoginMiddleware(MiddlewareMixin):
+    def process_request(self, request):
+        query_params = request.GET.copy()
+
+        if "proconnect_login" not in query_params:
+            return
+
+        query_params.pop("proconnect_login")
+        new_url = (
+            f"{request.path}?{urlencode({k: v for k, v in query_params.items() if v})}"
+            if query_params
+            else request.path
+        )
+
+        if not request.user.is_authenticated:
+            return HttpResponseRedirect(reverse("openid_connect:authorize") + f"?next={new_url}")
+
+        return HttpResponseRedirect(new_url)
diff --git a/lacommunaute/openid_connect/tests/test_middleware.py b/lacommunaute/openid_connect/tests/test_middleware.py
@@ -0,0 +1,51 @@
+import pytest
+from django.urls import reverse
+
+from lacommunaute.users.factories import UserFactory
+
+
+@pytest.mark.parametrize(
+    "params,expected",
+    [
+        ("?proconnect_login=true", ""),
+        ("?proconnect_login=true&param=1", "?param=1"),
+        ("?param=1&proconnect_login=true", "?param=1"),
+    ],
+)
+def test_redirect_for_authenticated_user(client, db, params, expected):
+    client.force_login(UserFactory())
+    response = client.get(f"/{params}")
+    assert response.url == f"/{expected}"
+    assert response.status_code == 302
-    assert response.url == f"/{expected}"
-    assert response.status_code == 302
+    from pytest_django.asserts import assertRedirects
+    assertRedirects(response, f"/{expected}")
-    assert response.url == f"/{expected}"
-    assert response.status_code == 302
+    from pytest_django.asserts import assertRedirects
+    assertRedirects(response, f"/{expected}")
+
+
+@pytest.mark.parametrize(
+    "params,expected",
+    [
+        ("?proconnect_login=true", "/"),
+        ("?proconnect_login=true&param=1", "/?param=1"),
+        ("?param=1&proconnect_login=true", "/?param=1"),
+    ],
+)
+def test_redirect_for_anonymous_user(client, db, params, expected):
+    response = client.get(f"/{params}")
+    assert response.url == f"{reverse('openid_connect:authorize')}?next={expected}"
+    assert response.status_code == 302
+
+
+@pytest.mark.parametrize(
+    "params, logged",
+    [
+        ("", True),
+        ("?param=1", True),
+        ("?param=1&key=2", True),
+        ("", False),
+        ("?param=1", False),
+        ("?param=1&key=2", False),
+    ],
+)
+def test_wo_proconnect_login_param(client, db, logged, params):
+    if logged:
+        client.force_login(UserFactory())
+    response = client.get(f"/{params}")
+    assert response.status_code == 200