feat(user): add certification routes

.github/workflows/end-to-end.yml

@@ -13,14 +13,15 @@ env:
   PGHOST: 127.0.0.1
   PGPORT: 5432
   BREVO_API_KEY: ${{ secrets.BREVO_API_KEY }}
-  CYPRESS_BASE_URL: http://172.18.0.1:3000
+  CYPRESS_BASE_URL: http://localhost:3000
   CYPRESS_MAILSLURP_API_KEY: ${{ secrets.MAILSLURP_API_KEY }}
   DATABASE_URL: postgres://moncomptepro:[email protected]:5432/moncomptepro
   DEBOUNCE_API_KEY: ${{ secrets.DEBOUNCE_API_KEY }}
+  FRANCECONNECT_CALLBACK_URL: ${{ secrets.DEBOUNCE_API_KEY }}
   FEATURE_SEND_MAIL: "True"
   INSEE_CONSUMER_KEY: ${{ secrets.INSEE_CONSUMER_KEY }}
   INSEE_CONSUMER_SECRET: ${{ secrets.INSEE_CONSUMER_SECRET }}
-  HOST: http://172.18.0.1:3000
+  HOST: http://localhost:3000
   ZAMMAD_TOKEN: ${{ secrets.ZAMMAD_TOKEN }}
 jobs:
   test:
@@ -47,6 +48,7 @@ jobs:
           - set_info_after_account_provisioning
           - signin_from_proconnect_federation_client
           - signin_from_standard_client
+          - signin_with_certification_dirigeant
           - signin_with_email_verification
           - signin_with_email_verification_renewal
           - signin_with_legacy_scope
@@ -56,52 +58,10 @@ jobs:
           - signup_entreprise_unipersonnelle
           - update_personal_information
     runs-on: ubuntu-22.04
-    services:
-      standard-client:
-        image: ghcr.io/numerique-gouv/proconnect-test-client
-        ports:
-          - 4000:3000
-        env:
-          SITE_TITLE: standard-client
-          HOST: http://localhost:4000
-          PC_CLIENT_ID: standard_client_id
-          PC_CLIENT_SECRET: standard_client_secret
-          PC_PROVIDER: ${{ env.HOST }}
-          PC_SCOPES: openid email profile organization
-          ACR_VALUE_FOR_2FA: https://proconnect.gouv.fr/assurance/consistency-checked-2fa
-          STYLESHEET_URL: ""
-      proconnect-federation-client:
-        image: ghcr.io/numerique-gouv/proconnect-test-client
-        ports:
-          - 4001:3000
-        env:
-          SITE_TITLE: proconnect-federation-client
-          HOST: http://localhost:4001
-          PC_CLIENT_ID: proconnect_federation_client_id
-          PC_CLIENT_SECRET: proconnect_federation_client_secret
-          PC_PROVIDER: ${{ env.HOST }}
-          PC_SCOPES: openid uid given_name usual_name email siren siret organizational_unit belonging_population phone chorusdt is_service_public is_public_service
-          PC_ID_TOKEN_SIGNED_RESPONSE_ALG: ES256
-          PC_USERINFO_SIGNED_RESPONSE_ALG: ES256
-          STYLESHEET_URL: ""
-          LOGIN_HINT: [email protected]
-          ACR_VALUES: eidas1
-      redis:
-        image: redis:7.2
-        ports:
-          - 6379:6379
-      postgres:
-        image: postgres:15.10
-        env:
-          POSTGRES_USER: ${{ env.PGUSER }}
-          POSTGRES_PASSWORD: ${{ env.PGPASSWORD }}
-          POSTGRES_DB: ${{ env.PGDATABASE }}
-        ports:
-          - 5432:5432
     steps:
       - uses: actions/checkout@v4
 
-      - run: docker compose up --build --detach maildev
+      - run: docker compose up --build --detach
 
       - run: corepack enable
       - uses: actions/setup-node@v4

cypress/e2e/signin_with_certification_dirigeant/env.conf

@@ -0,0 +1 @@
+DO_NOT_SEND_MAIL="True"

cypress/e2e/signin_with_certification_dirigeant/fixtures.sql

@@ -0,0 +1,36 @@
+INSERT INTO users
+(id, email, email_verified, email_verified_at, encrypted_password, created_at, updated_at,
+ given_name, family_name, phone_number, job, encrypted_totp_key, totp_key_verified_at, force_2fa)
+VALUES
+  (1, '[email protected]', true, CURRENT_TIMESTAMP,
+   '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP,
+   'Jean', 'Certification', '0123456789', 'Dirigeant',
+   null, null, false);
+
+INSERT INTO organizations
+  (id, siret, created_at, updated_at)
+VALUES
+  (1, '21340126800130', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
+
+INSERT INTO users_organizations
+  (user_id, organization_id, is_external, verification_type, has_been_greeted)
+VALUES
+  (1, 1, false, 'domain', true);
+
+INSERT INTO oidc_clients
+(client_name, client_id, client_secret, redirect_uris,
+ post_logout_redirect_uris, scope, client_uri, client_description,
+ userinfo_signed_response_alg, id_token_signed_response_alg,
+ authorization_signed_response_alg, introspection_signed_response_alg)
+VALUES
+  ('Oidc Test Client',
+   'standard_client_id',
+   'standard_client_secret',
+   ARRAY [
+     'http://localhost:4000/login-callback'
+     ],
+   ARRAY []::varchar[],
+   'openid email profile organization',
+   'http://localhost:4000/',
+   'ProConnect test client. More info: https://github.com/numerique-gouv/proconnect-test-client.',
+   null, null, null, null);

cypress/e2e/signin_with_certification_dirigeant/index.cy.ts

@@ -0,0 +1,40 @@
+describe("sign-in with a client requiring certification dirigeant", () => {
+  beforeEach(() => {
+    cy.visit("http://localhost:4000");
+    cy.setRequestedAcrs([
+      "https://proconnect.gouv.fr/assurance/certification-dirigeant",
+    ]);
+  });
+
+  it("should sign-in an return the right acr value", function () {
+    cy.get("button#custom-connection").click({ force: true });
+    cy.login("[email protected]");
+
+    cy.contains("Authentifier votre statut");
+    cy.contains("S’identifier avec").click();
+
+    cy.origin("https://fcp.integ01.dev-franceconnect.fr", () => {
+      cy.contains("FIP1-LOW - eIDAS LOW").click();
+    });
+    cy.origin("https://fip1-low.integ01.fcp.fournisseur-d-identite.fr", () => {
+      cy.contains("Mot de passe").click();
+      cy.focused().type("123");
+      cy.contains("Valider").click();
+    });
+    cy.origin("https://fcp.integ01.dev-franceconnect.fr", () => {
+      cy.contains("Continuer sur FSPublic").click();
+    });
+
+    cy.contains("Vous allez vous connecter en tant que ");
+    cy.contains("Angela Claire Louise DUBOIS");
+
+    cy.contains(
+      "J'accepte que FranceConnect transmette mes données au service pour me connecter",
+    ).click();
+    cy.contains("Continuer").click();
+
+    cy.contains(
+      '"acr": "https://proconnect.gouv.fr/assurance/certification-dirigeant"',
+    );
+  });
+});

cypress/e2e/signin_with_right_acr/index.cy.ts

@@ -117,6 +117,12 @@ describe("sign-in with a client requiring certification dirigeant identity", ()
     cy.get("button#custom-connection").click({ force: true });
 
     cy.login("[email protected]");
+    cy.contains("S’identifier avec").click();
+    cy.contains(
+      "J'accepte que FranceConnect transmette mes données au service pour me connecter",
+    ).click();
+    cy.contains("Continuer").click();
+    cy.contains("Continuer").click();
 
     cy.contains(
       '"acr": "https://proconnect.gouv.fr/assurance/certification-dirigeant"',
@@ -154,7 +160,7 @@ describe("sign-in with a client requiring certification dirigeant and 2fa identi
   });
 });
 
-describe("qign-in with a the requiring certification dirigeant and consistency-checked", () => {
+describe("sign-in with a client requiring certification dirigeant and consistency-checked", () => {
   beforeEach(() => {
     cy.visit("http://localhost:4000");
     cy.setRequestedAcrs([

docker-compose.yml

@@ -57,10 +57,8 @@ services:
     network_mode: "host"
 
   maildev:
-    ports:
-      - "1080:1080"
-      - "1025:1025"
     image: soulteary/maildev
+    network_mode: "host"
 
 volumes:
   db-data:

package.json

@@ -9,10 +9,10 @@
   },
   "main": "src/index.js",
   "workspaces": [
-    "packages/devtools/typescript",
     "packages/core",
     "packages/crisp",
     "packages/debounce",
+    "packages/devtools/typescript",
     "packages/email",
     "packages/insee",
     "packages/identite"

packages/identite/package.json

@@ -46,6 +46,7 @@
     "spec": "src/**/*.test.ts"
   },
   "dependencies": {
+    "openid-client": "^6.1.7",
     "sql-template-tag": "^5.2.1"
   },
   "devDependencies": {