[FEATURE] Indiquer si l'utilisateur se connecte via SSO sur Pix admin (PIX-14788)

pix-service-auto-merge · web-flow · commit e2eef6bd6333 · 2025-02-07T18:18:39.000+01:00
#11310
diff --git a/admin/app/components/users/user-overview.gjs b/admin/app/components/users/user-overview.gjs
@@ -27,9 +27,11 @@ export default class UserOverview extends Component {
   @service pixToast;
   @service references;
   @service store;
+  @service oidcIdentityProviders;
 
   @tracked displayAnonymizeModal = false;
   @tracked isEditionMode = false;
+  @tracked authenticationMethods = [];
 
   languages = this.references.availableLanguages;
   locales = this.references.availableLocales;
@@ -39,6 +41,9 @@ export default class UserOverview extends Component {
   constructor() {
     super(...arguments);
     this.form = this.store.createRecord('user-form');
+    Promise.resolve(this.args.user.authenticationMethods).then((authenticationMethods) => {
+      this.authenticationMethods = authenticationMethods;
+    });
   }
 
   get externalURL() {
@@ -86,6 +91,15 @@ export default class UserOverview extends Component {
     return this.args.user.username ? null : 'obligatoire';
   }
 
+  get hasSsoAuthentication() {
+    const oidcProvidersCodes = this.oidcIdentityProviders.list.map((provider) => provider.code);
+    return this.authenticationMethods.any(
+      (authenticationMethod) =>
+        oidcProvidersCodes.includes(authenticationMethod.identityProvider) ||
+        authenticationMethod.identityProvider === 'GAR',
+    );
+  }
+
   _initForm() {
     this.form.firstName = this.args.user.firstName;
     this.form.lastName = this.args.user.lastName;
@@ -331,6 +345,13 @@ export default class UserOverview extends Component {
                     {{/if}}
                   </span>
                 </li>
+                <li class="user-detail-personal-information-section__user-informations flex space-between gap-4x">
+                  <span>
+                    {{t "components.users.user-overview.sso"}}
+                    :
+                    {{#if this.hasSsoAuthentication}}{{t "common.words.yes"}}{{else}}{{t "common.words.no"}}{{/if}}
+                  </span>
+                </li>
               </ul>
 
               <ul class="user-detail-personal-information-section__infogroup">
diff --git a/admin/tests/integration/components/users/user-overview-test.gjs b/admin/tests/integration/components/users/user-overview-test.gjs
@@ -83,12 +83,14 @@ module('Integration | Component | users | user-overview', function (hooks) {
 
       test('displays the update button', async function (assert) {
         // given
+        const store = this.owner.lookup('service:store');
         const user = {
           firstName: 'John',
           lastName: 'Harry',
           email: 'john.harry@example.net',
           username: 'john.harry0102',
         };
+        user.authenticationMethods = [await store.createRecord('authentication-method', { identityProvider: 'abc' })];
 
         // when
         const screen = await render(<template><UserOverview @user={{user}} /></template>);
@@ -392,13 +394,15 @@ module('Integration | Component | users | user-overview', function (hooks) {
     module('When the admin member click to update user details', function () {
       test('displays the edit and cancel buttons', async function (assert) {
         // given
+        const store = this.owner.lookup('service:store');
         const user = {
           firstName: 'John',
           lastName: 'Harry',
           email: 'john.harry@example.net',
           username: null,
           lang: null,
         };
+        user.authenticationMethods = [await store.createRecord('authentication-method', { identityProvider: 'abc' })];
 
         // when
         const screen = await render(<template><UserOverview @user={{user}} /></template>);
@@ -416,6 +420,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
           firstName: 'John',
           email: 'john.harry@gmail.com',
           username: null,
+          authenticationMethods: [],
         });
 
         // when
@@ -450,6 +455,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
           firstName: 'John',
           email: 'john.harry@gmail.com',
           username: null,
+          authenticationMethods: [],
         });
 
         // when
@@ -469,6 +475,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
             firstName: 'John',
             email: 'john.harry@gmail.com',
             username: null,
+            authenticationMethods: [],
           });
 
           // when
@@ -486,6 +493,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
             firstName: 'John',
             email: 'john.harry@gmail.com',
             username: null,
+            authenticationMethods: [],
           });
 
           // when
@@ -505,6 +513,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
             firstName: 'John',
             email: null,
             username: 'user.name1212',
+            authenticationMethods: [],
           });
 
           // when
@@ -522,6 +531,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
             firstName: 'John',
             email: null,
             username: 'user.name1212',
+            authenticationMethods: [],
           });
 
           // when
@@ -543,6 +553,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
             firstName: 'John',
             email: null,
             username: undefined,
+            authenticationMethods: [],
           });
 
           // when
@@ -563,6 +574,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
           firstName: 'John',
           email: 'john.harry@gmail.com',
           username: null,
+          authenticationMethods: [],
         });
 
         const screen = await render(<template><UserOverview @user={{user}} /></template>);
@@ -588,6 +600,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
           firstName: 'John',
           email: 'john.harry@gmail.com',
           username: null,
+          authenticationMethods: [],
         });
 
         const screen = await render(<template><UserOverview @user={{user}} /></template>);
@@ -660,6 +673,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
           firstName: 'John',
           email: 'john.harry@gmail.com',
           isPixAgent: true,
+          authenticationMethods: [],
         });
 
         // when
@@ -675,11 +689,85 @@ module('Integration | Component | users | user-overview', function (hooks) {
         assert.dom(anonymizationDisabledTooltip).exists();
       });
     });
+
+    module('Displays SSO information', function (hooks) {
+      class OidcIdentityProvidersStub extends Service {
+        get list() {
+          return [
+            {
+              code: 'SUNLIGHT_NAVIGATIONS',
+              organizationName: 'Sunlight Navigations',
+            },
+          ];
+        }
+      }
+
+      hooks.beforeEach(function () {
+        this.owner.register('service:oidc-identity-providers', OidcIdentityProvidersStub);
+      });
+
+      test('When user has not SSO authentication method', async function (assert) {
+        // given
+        const store = this.owner.lookup('service:store');
+        const user = {
+          firstName: 'John',
+          lastName: 'Harry',
+          email: 'john.harry@example.net',
+          username: 'john.harry0102',
+        };
+        user.authenticationMethods = [await store.createRecord('authentication-method', { identityProvider: 'abc' })];
+
+        // when
+        const screen = await render(<template><UserOverview @user={{user}} /></template>);
+
+        // then
+        assert.dom(screen.getByText('SSO : Non')).exists();
+      });
+
+      test('When user has OIDC authentication method', async function (assert) {
+        // given
+        const store = this.owner.lookup('service:store');
+        const user = {
+          firstName: 'John',
+          lastName: 'Harry',
+          email: 'john.harry@example.net',
+          username: 'john.harry0102',
+        };
+        user.authenticationMethods = [
+          await store.createRecord('authentication-method', { identityProvider: 'SUNLIGHT_NAVIGATIONS' }),
+        ];
+
+        // when
+        const screen = await render(<template><UserOverview @user={{user}} /></template>);
+
+        // then
+        assert.dom(screen.getByText('SSO : Oui')).exists();
+      });
+
+      test('When user has GAR authentication method', async function (assert) {
+        // given
+        const store = this.owner.lookup('service:store');
+        const user = {
+          firstName: 'John',
+          lastName: 'Harry',
+          email: 'john.harry@example.net',
+          username: 'john.harry0102',
+        };
+        user.authenticationMethods = [await store.createRecord('authentication-method', { identityProvider: 'GAR' })];
+
+        // when
+        const screen = await render(<template><UserOverview @user={{user}} /></template>);
+
+        // then
+        assert.dom(screen.getByText('SSO : Oui')).exists();
+      });
+    });
   });
 
   module('When the admin member does not have access to users actions scope', function () {
     test('does not display the action buttons "Modifier" and "Anonymiser cet utilisateur"', async function (assert) {
       // given
+      const store = this.owner.lookup('service:store');
       class AccessControlStub extends Service {
         hasAccessToUsersActionsScope = false;
       }
@@ -690,6 +778,7 @@ module('Integration | Component | users | user-overview', function (hooks) {
         email: 'john.harry@example.net',
         username: 'john.harry0102',
       };
+      user.authenticationMethods = [await store.createRecord('authentication-method', { identityProvider: 'abc' })];
       this.owner.register('service:access-control', AccessControlStub);
 
       // when
diff --git a/admin/tests/unit/components/users/user-overview-test.js b/admin/tests/unit/components/users/user-overview-test.js
@@ -13,18 +13,15 @@ module('Unit | Component | users | user-overview', function (hooks) {
   module('#externalURL', function () {
     test('it should generate dashboard URL based on environment and object', async function (assert) {
       // given
-      const component = createGlimmerComponent('component:users/user-overview');
-
-      const args = {
+      const baseUrl = 'https://metabase.pix.fr/dashboard/132?id=';
+      ENV.APP.USER_DASHBOARD_URL = baseUrl;
+      const component = createGlimmerComponent('component:users/user-overview', {
         user: {
           id: 1,
+          authenticationMethods: [],
         },
-      };
-      const baseUrl = 'https://metabase.pix.fr/dashboard/132?id=';
-      const expectedUrl = baseUrl + args.user.id;
-
-      ENV.APP.USER_DASHBOARD_URL = baseUrl;
-      component.args = args;
+      });
+      const expectedUrl = baseUrl + '1';
 
       // when
       const actualUrl = component.externalURL;
@@ -38,9 +35,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user already has an email', function () {
       test('it should allow email modification', async function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { email: 'lisa@example.net', firstName: 'Lisa', lastName: 'Dupont' };
-        component.args.user = user;
+        const user = { email: 'lisa@example.net', firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
 
         // when & then
         assert.true(component.canModifyEmail);
@@ -50,9 +46,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user has an username', function () {
       test('it should also allow email modification', async function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { username: 'lisa.dupont', firstName: 'Lisa', lastName: 'Dupont' };
-        component.args.user = user;
+        const user = { username: 'lisa.dupont', firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
 
         // when & then
         assert.true(component.canModifyEmail);
@@ -62,9 +57,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user has neither a username nor an email', function () {
       test('it should not allow email modification', async function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { firstName: 'Lisa', lastName: 'Dupont' };
-        component.args.user = user;
+        const user = { firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
 
         // when & then
         assert.false(component.canModifyEmail);
@@ -76,7 +70,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user has no login informations yet', function () {
       test('should not display temporary blocked date', function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
+        const user = { authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
 
         // when && then
         assert.false(component.shouldDisplayTemporaryBlockedDate);
@@ -86,9 +81,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user has login but not temporary blocked', function () {
       test('should not display temporary blocked date', function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { firstName: 'Lisa', lastName: 'Dupont' };
-        component.args.user = user;
+        const user = { firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
         const getTemporaryBlockedUntilProperty = () => null;
         const userLoginProxy = { get: getTemporaryBlockedUntilProperty };
         component.args.user.userLogin = userLoginProxy;
@@ -101,11 +95,10 @@ module('Unit | Component | users | user-overview', function (hooks) {
     module('when user has login and temporary blocked date', function () {
       test('should display temporary blocked date when now date is after temporaty blocked date', function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { firstName: 'Lisa', lastName: 'Dupont' };
+        const user = { firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
         const getTemporaryBlockedUntilProperty = () => new Date(Date.now() + 3600 * 1000);
+        const component = createGlimmerComponent('component:users/user-overview', { user });
         const userLoginProxy = { get: getTemporaryBlockedUntilProperty };
-        component.args.user = user;
         component.args.user.userLogin = userLoginProxy;
 
         // when && then
@@ -114,9 +107,8 @@ module('Unit | Component | users | user-overview', function (hooks) {
 
       test('should not display temporary blocked date when now date is before temporaty blocked date', function (assert) {
         // given
-        const component = createGlimmerComponent('component:users/user-overview');
-        const user = { firstName: 'Lisa', lastName: 'Dupont' };
-        component.args.user = user;
+        const user = { firstName: 'Lisa', lastName: 'Dupont', authenticationMethods: [] };
+        const component = createGlimmerComponent('component:users/user-overview', { user });
         const getTemporaryBlockedUntilProperty = () => new Date(Date.now() - 3600 * 1000);
         const userLoginProxy = { get: getTemporaryBlockedUntilProperty };
         component.args.user.userLogin = userLoginProxy;
@@ -131,7 +123,7 @@ module('Unit | Component | users | user-overview', function (hooks) {
     test('should empty organization learners', async function (assert) {
       // given
       const organizationLearners = [{ firstName: 'fanny', lastName: 'epi' }];
-      const user = { organizationLearners, save: sinon.stub().resolves() };
+      const user = { organizationLearners, save: sinon.stub().resolves(), authenticationMethods: [] };
       const component = createGlimmerComponent('component:users/user-overview', { user });
 
       // when
diff --git a/admin/translations/en.json b/admin/translations/en.json
@@ -411,6 +411,9 @@
           }
         },
         "copied": "Copied!"
+      },
+      "user-overview": {
+        "sso": "SSO"
       }
     }
   },
diff --git a/admin/translations/fr.json b/admin/translations/fr.json
@@ -421,6 +421,9 @@
           }
         },
         "copied": "Copié !"
+      },
+      "user-overview": {
+        "sso": "SSO"
       }
     }
   },
diff --git a/api/db/database-builder/factory/build-authentication-method.js b/api/db/database-builder/factory/build-authentication-method.js
diff --git a/api/db/seeds/data/team-acces/build-users.js b/api/db/seeds/data/team-acces/build-users.js

Original file line number	Diff line number	Diff line change
`@@ -411,6 +411,9 @@`
`411`	`411`	`}`
`412`	`412`	`},`
`413`	`413`	`"copied": "Copied!"`
	`414`	`+ },`
	`415`	`+ "user-overview": {`
	`416`	`+ "sso": "SSO"`
`414`	`417`	`}`
`415`	`418`	`}`
`416`	`419`	`},`
Original file line number	Diff line number	Diff line change
`@@ -421,6 +421,9 @@`
`421`	`421`	`}`
`422`	`422`	`},`
`423`	`423`	`"copied": "Copié !"`
	`424`	`+ },`
	`425`	`+ "user-overview": {`
	`426`	`+ "sso": "SSO"`
`424`	`427`	`}`
`425`	`428`	`}`
`426`	`429`	`},`