Skip to content

Commit 805090b

Browse files
Steph0Steph0
committedDec 4, 2024
♻️ api: removal of FT_ENABLE_CERTIF_TOKEN_SCOPE
1 parent 91e2445 commit 805090b

File tree

4 files changed

+66
-144
lines changed

4 files changed

+66
-144
lines changed
 

Diff for: ‎api/sample.env

-7
Original file line numberDiff line numberDiff line change
@@ -776,13 +776,6 @@ TEST_REDIS_URL=redis://localhost:6379
776776
# default: false
777777
# FT_PIX_1D_ENABLED=false
778778

779-
# Enable the verification of the scope in certification tokens
780-
#
781-
# presence: optional
782-
# type: boolean
783-
# default: false
784-
# FT_ENABLE_CERTIF_TOKEN_SCOPE=false
785-
786779
# Control the scope of certification result tokens
787780
#
788781
# presence: optional

Diff for: ‎api/src/shared/config.js

-2
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,6 @@ const configuration = (function () {
211211
process.env.FT_ALWAYS_OK_VALIDATE_NEXT_CHALLENGE_ENDPOINT,
212212
),
213213
isAsyncQuestRewardingCalculationEnabled: toBoolean(process.env.FT_ENABLE_ASYNC_QUESTS_REWARDS_CALCULATION),
214-
isCertificationTokenScopeEnabled: toBoolean(process.env.FT_ENABLE_CERTIF_TOKEN_SCOPE),
215214
isNeedToAdjustCertificationAccessibilityEnabled: toBoolean(
216215
process.env.FT_ENABLE_NEED_TO_ADJUST_CERTIFICATION_ACCESSIBILITY,
217216
),
@@ -438,7 +437,6 @@ const configuration = (function () {
438437

439438
config.featureToggles.deprecatePoleEmploiPushNotification = false;
440439
config.featureToggles.isAlwaysOkValidateNextChallengeEndpointEnabled = false;
441-
config.featureToggles.isCertificationTokenScopeEnabled = false;
442440
config.featureToggles.isNeedToAdjustCertificationAccessibilityEnabled = false;
443441
config.featureToggles.isPix1dEnabled = true;
444442
config.featureToggles.isPixCompanionEnabled = false;

Diff for: ‎api/src/shared/domain/services/token-service.js

+4-8
Original file line numberDiff line numberDiff line change
@@ -152,10 +152,8 @@ function extractCertificationResultsByRecipientEmailLink(token) {
152152
throw new InvalidResultRecipientTokenError();
153153
}
154154

155-
if (config.featureToggles.isCertificationTokenScopeEnabled) {
156-
if (decoded.scope !== CERTIFICATION_RESULTS_BY_RECIPIENT_EMAIL_LINK_SCOPE) {
157-
throw new InvalidResultRecipientTokenError();
158-
}
155+
if (decoded.scope !== CERTIFICATION_RESULTS_BY_RECIPIENT_EMAIL_LINK_SCOPE) {
156+
throw new InvalidResultRecipientTokenError();
159157
}
160158

161159
return {
@@ -170,10 +168,8 @@ function extractCertificationResultsLink(token) {
170168
throw new InvalidSessionResultTokenError();
171169
}
172170

173-
if (config.featureToggles.isCertificationTokenScopeEnabled) {
174-
if (decoded.scope !== config.jwtConfig.certificationResults.scope) {
175-
throw new InvalidSessionResultTokenError();
176-
}
171+
if (decoded.scope !== config.jwtConfig.certificationResults.scope) {
172+
throw new InvalidSessionResultTokenError();
177173
}
178174

179175
return {

Diff for: ‎api/tests/shared/unit/domain/services/token-service_test.js

+62-127
Original file line numberDiff line numberDiff line change
@@ -215,77 +215,44 @@ describe('Unit | Shared | Domain | Services | Token Service', function () {
215215
});
216216

217217
describe('#extractCertificationResultsLink', function () {
218-
context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is true', function () {
219-
beforeEach(function () {
220-
sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(true);
221-
});
218+
context('when the scope is valid', function () {
219+
it('should return the session id', function () {
220+
// given
221+
const token = jsonwebtoken.sign(
222+
{
223+
session_id: 12345,
224+
scope: 'certificationResultsLink',
225+
},
226+
settings.authentication.secret,
227+
{ expiresIn: config.jwtConfig.certificationResults.tokenLifespan },
228+
);
222229

223-
context('when the scope is valid', function () {
224-
it('should return the session id', function () {
225-
// given
226-
const token = jsonwebtoken.sign(
227-
{
228-
session_id: 12345,
229-
scope: 'certificationResultsLink',
230-
},
231-
settings.authentication.secret,
232-
{ expiresIn: config.jwtConfig.certificationResults.tokenLifespan },
233-
);
234-
235-
// when
236-
const tokenData = tokenService.extractCertificationResultsLink(token);
237-
238-
// then
239-
expect(tokenData).to.deep.equal({
240-
sessionId: 12345,
241-
});
242-
});
243-
});
230+
// when
231+
const tokenData = tokenService.extractCertificationResultsLink(token);
244232

245-
context('when the scope is invalid', function () {
246-
it('should throw an InvalidSessionResultTokenError', async function () {
247-
// given
248-
const invalidToken = jsonwebtoken.sign(
249-
{
250-
session_id: 12345,
251-
},
252-
settings.authentication.secret,
253-
{ expiresIn: '30d' },
254-
);
255-
256-
// when
257-
const error = await catchErr(tokenService.extractCertificationResultsLink)(invalidToken);
258-
259-
// then
260-
expect(error).to.be.an.instanceof(InvalidSessionResultTokenError);
233+
// then
234+
expect(tokenData).to.deep.equal({
235+
sessionId: 12345,
261236
});
262237
});
263238
});
264239

265-
context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is false', function () {
266-
beforeEach(function () {
267-
sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(false);
268-
});
240+
context('when the scope is invalid', function () {
241+
it('should throw an InvalidSessionResultTokenError', async function () {
242+
// given
243+
const invalidToken = jsonwebtoken.sign(
244+
{
245+
session_id: 12345,
246+
},
247+
settings.authentication.secret,
248+
{ expiresIn: '30d' },
249+
);
269250

270-
context('when there is no scope', function () {
271-
it('should return the session id', function () {
272-
// given
273-
const token = jsonwebtoken.sign(
274-
{
275-
session_id: 12345,
276-
},
277-
settings.authentication.secret,
278-
{ expiresIn: '30d' },
279-
);
280-
281-
// when
282-
const tokenData = tokenService.extractCertificationResultsLink(token);
283-
284-
// then
285-
expect(tokenData).to.deep.equal({
286-
sessionId: 12345,
287-
});
288-
});
251+
// when
252+
const error = await catchErr(tokenService.extractCertificationResultsLink)(invalidToken);
253+
254+
// then
255+
expect(error).to.be.an.instanceof(InvalidSessionResultTokenError);
289256
});
290257
});
291258

@@ -322,76 +289,44 @@ describe('Unit | Shared | Domain | Services | Token Service', function () {
322289
});
323290

324291
describe('#extractCertificationResultsByRecipientEmailLink', function () {
325-
context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is true', function () {
326-
beforeEach(function () {
327-
sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(true);
328-
});
329-
330-
context('when the scope is valid', function () {
331-
it('should return the session id and result recipient email if the token is valid', function () {
332-
// given
333-
const token = jsonwebtoken.sign(
334-
{
335-
result_recipient_email: 'recipientEmail@example.net',
336-
session_id: 12345,
337-
scope: 'certificationResultsByRecipientEmailLink',
338-
},
339-
settings.authentication.secret,
340-
{ expiresIn: '30d' },
341-
);
342-
343-
// when
344-
const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
345-
346-
// then
347-
expect(tokenData).to.deep.equal({
348-
resultRecipientEmail: 'recipientEmail@example.net',
349-
sessionId: 12345,
350-
});
351-
});
352-
});
353-
354-
context('when the scope is invalid', function () {
355-
it('should throw an InvalidResultRecipientTokenError', async function () {
356-
// given
357-
const invalidToken = jsonwebtoken.sign(
358-
{ result_recipient_email: 'recipientEmail@example.net', session_id: 12345 },
359-
settings.authentication.secret,
360-
{ expiresIn: '30d' },
361-
);
292+
context('when the scope is valid', function () {
293+
it('should return the session id and result recipient email if the token is valid', function () {
294+
// given
295+
const token = jsonwebtoken.sign(
296+
{
297+
result_recipient_email: 'recipientEmail@example.net',
298+
session_id: 12345,
299+
scope: 'certificationResultsByRecipientEmailLink',
300+
},
301+
settings.authentication.secret,
302+
{ expiresIn: '30d' },
303+
);
362304

363-
// when
364-
const error = await catchErr(tokenService.extractCertificationResultsByRecipientEmailLink)(invalidToken);
305+
// when
306+
const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
365307

366-
// then
367-
expect(error).to.be.an.instanceof(InvalidResultRecipientTokenError);
308+
// then
309+
expect(tokenData).to.deep.equal({
310+
resultRecipientEmail: 'recipientEmail@example.net',
311+
sessionId: 12345,
368312
});
369313
});
370314
});
371315

372-
context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is false', function () {
373-
beforeEach(function () {
374-
sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(false);
375-
});
316+
context('when the scope is invalid', function () {
317+
it('should throw an InvalidResultRecipientTokenError', async function () {
318+
// given
319+
const invalidToken = jsonwebtoken.sign(
320+
{ result_recipient_email: 'recipientEmail@example.net', session_id: 12345 },
321+
settings.authentication.secret,
322+
{ expiresIn: '30d' },
323+
);
376324

377-
context('when there is no scope', function () {
378-
it('should return the session id', function () {
379-
// given
380-
const token = jsonwebtoken.sign(
381-
{ result_recipient_email: 'recipientEmail@example.net', session_id: 12345 },
382-
settings.authentication.secret,
383-
{ expiresIn: '30d' },
384-
);
385-
386-
// when
387-
const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
388-
389-
// then
390-
expect(tokenData).to.deep.equal({
391-
resultRecipientEmail: 'recipientEmail@example.net',
392-
sessionId: 12345,
393-
});
394-
});
325+
// when
326+
const error = await catchErr(tokenService.extractCertificationResultsByRecipientEmailLink)(invalidToken);
327+
328+
// then
329+
expect(error).to.be.an.instanceof(InvalidResultRecipientTokenError);
395330
});
396331
});
397332

0 commit comments

Comments
 (0)