From e133a019f8efb4eab36a3dfb7e4b1d5d0ad5a3f6 Mon Sep 17 00:00:00 2001
From: Hugo SUBTIL <ext.sopra.husubtil@grandlyon.com>
Date: Fri, 12 Aug 2022 16:53:07 +0200
Subject: [PATCH] fix: consent verification
---
src/core/types/types.js | 1 +
src/core/verifyUserIdentity.js | 10 +++-
src/index.js | 91 ++++++++++++++++++++++++++--------
3 files changed, 78 insertions(+), 24 deletions(-)
diff --git a/src/core/types/types.js b/src/core/types/types.js
index 6c5804f..c32a10c 100644
--- a/src/core/types/types.js
+++ b/src/core/types/types.js
@@ -37,6 +37,7 @@
* @property {string} address
* @property {string} postalCode
* @property {string} inseeCode
+ * @property {string} endDate
* @property {number} [serviceId]
* @property {number} [ID]
*/
diff --git a/src/core/verifyUserIdentity.js b/src/core/verifyUserIdentity.js
index 973adc7..22a13c3 100644
--- a/src/core/verifyUserIdentity.js
+++ b/src/core/verifyUserIdentity.js
@@ -9,13 +9,15 @@ const { getInseeCode } = require('../requests/insee')
* @param {string} baseUrl
* @param {string} apiAuthKey
* @param {string} loginUtilisateur
+ * @param {boolean} isAlternateStart
* @returns {Promise<User>}
*/
async function verifyUserIdentity(
fields,
baseUrl,
apiAuthKey,
- loginUtilisateur
+ loginUtilisateur,
+ isAlternateStart = false
) {
const inseeCode = await getInseeCode(fields.postalCode, fields.city)
@@ -31,7 +33,11 @@ async function verifyUserIdentity(
if (fields.pointId != pdl) {
log('error', 'PointId does not match')
- throw errors.LOGIN_FAILED
+ if (isAlternateStart) {
+ throw errors.TERMS_VERSION_MISMATCH
+ } else {
+ throw errors.LOGIN_FAILED
+ }
}
return {
diff --git a/src/index.js b/src/index.js
index b4ff9b8..b28010b 100644
--- a/src/index.js
+++ b/src/index.js
@@ -175,33 +175,37 @@ async function start(fields, cozyParameters) {
boToken,
accountData.data.consentId
)
- const user = await verifyUserIdentity(fields, baseUrl, apiAuthKey, sgeLogin)
+ const user = await verifyUserIdentity(
+ fields,
+ baseUrl,
+ apiAuthKey,
+ sgeLogin,
+ true
+ )
+ if (!userConsent) {
+ log('error', 'No user consent found')
+ throw errors.VENDOR_DOWN
+ }
+
+ const consentEndDate = Date.parse(userConsent.endDate)
+ const today = Date.now()
if (
user.lastname.toLocaleUpperCase() !==
userConsent.lastname.toLocaleUpperCase() ||
- !user
+ !user ||
+ consentEndDate < today
) {
- log('error', `Invalid or not found consent for user`)
- if (userConsent.serviceId) {
- await terminateContract(
- baseUrl,
- apiAuthKey,
- sgeLogin,
- contractId,
- pointId,
- userConsent.serviceId
- )
- await deleteBoConsent(
- boBaseUrl,
- boToken,
- userConsent.ID ? userConsent.ID : 0
- )
- } else {
- log('error', `No service id retrieved from BO`)
- throw errors.VENDOR_DOWN
- }
- throw errors.TERMS_VERSION_MISMATCH
+ await deleteConsent(
+ userConsent,
+ baseUrl,
+ apiAuthKey,
+ sgeLogin,
+ contractId,
+ pointId,
+ boBaseUrl,
+ boToken
+ )
}
}
log('info', 'Successfully logged in')
@@ -209,6 +213,49 @@ async function start(fields, cozyParameters) {
await gatherData(baseUrl, apiAuthKey, sgeLogin, pointId)
}
+/**
+ * Delete User Consent
+ * @param {Consent} userConsent
+ * @param {string} baseUrl
+ * @param {string} apiAuthKey
+ * @param {string} sgeLogin
+ * @param {string} contractId
+ * @param {number} pointId
+ * @param {string} boBaseUrl
+ * @param {string} boToken
+ */
+async function deleteConsent(
+ userConsent,
+ baseUrl,
+ apiAuthKey,
+ sgeLogin,
+ contractId,
+ pointId,
+ boBaseUrl,
+ boToken
+) {
+ log('error', `Invalid or not found consent for user`)
+ if (userConsent.serviceId) {
+ await terminateContract(
+ baseUrl,
+ apiAuthKey,
+ sgeLogin,
+ contractId,
+ pointId,
+ userConsent.serviceId
+ )
+ await deleteBoConsent(
+ boBaseUrl,
+ boToken,
+ userConsent.ID ? userConsent.ID : 0
+ )
+ } else {
+ log('error', `No service id retrieved from BO`)
+ throw errors.VENDOR_DOWN
+ }
+ throw errors.TERMS_VERSION_MISMATCH
+}
+
/**
* Main method for gathering data
* @param {string} baseUrl
--
GitLab