feat(FranceConnect): add instance-wide scopes configuration

adullact · Jan 31, 2022 · 62ac122 · 62ac122
1 parent 36b49f2
commit 62ac122
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 2 deletions.
diff --git a/app/services/france_connect_service.rb b/app/services/france_connect_service.rb
@@ -11,7 +11,7 @@ def self.enabled?
 
   def authorization_uri
     client.authorization_uri(
-      scope: [:profile, :email],
+      scope: Rails.configuration.x.fcp.scopes,
       state: SecureRandom.hex(16),
       nonce: SecureRandom.hex(16),
       acr_values: Rails.configuration.x.fcp.acr_values

diff --git a/config/application.rb b/config/application.rb
@@ -81,6 +81,7 @@ class Application < Rails::Application
     # @see https://guides.rubyonrails.org/configuring.html#custom-configuration
     config.x.france_connect.enabled = ENV.fetch("FRANCE_CONNECT_ENABLED", "enabled") == "enabled"
     config.x.france_connect.particulier = config_for(:france_connect)
+    config.x.france_connect.particulier.scopes = config.x.france_connect.particulier.scopes.split(',').map(&:to_sym)
     config.x.fcp = config.x.france_connect.particulier
   end
 end
diff --git a/config/france_connect.yml b/config/france_connect.yml
@@ -4,6 +4,7 @@ defaults: &defaults
   integration_base_url: <%= ENV.fetch('FC_PARTICULIER_INTEGRATION_BASE_URL', 'https://fcp.integ01.dev-franceconnect.fr') %>
   logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
   redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
+  scopes: <%= ENV.fetch('FC_PARTICULIER_SCOPES', 'profile,email') %>
   token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
   userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
 

diff --git a/spec/services/france_connect_service_spec.rb b/spec/services/france_connect_service_spec.rb
@@ -20,9 +20,31 @@
   end
 
   describe '#authorization_uri' do
-    subject { FranceConnectParticulierClient.new.authorization_uri }
+    subject { described_class.new.authorization_uri }
 
     it { expect { Rack::OAuth2::Util.parse_uri(subject) }.not_to raise_exception }
+
+    context 'with default scopes' do
+      it 'must contain profile & email scopes' do
+        expect(Rails.configuration.x.fcp.scopes).to contain_exactly(:profile, :email)
+        expect(subject).to match('profile%20email%20openid')
+      end
+    end
+
+    context 'with custom scopes' do
+      before(:all) do
+        @default_scopes = Rails.configuration.x.fcp.scopes
+        Rails.configuration.x.fcp.scopes = [:birthdate, :given_name, :family_name, :preferred_username]
+      end
+
+      after(:all) do
+        Rails.configuration.x.fcp.scopes = @default_scopes
+      end
+
+      it 'must contain all the custom scopes' do
+        expect(subject).to match('birthdate%20given_name%20family_name%20preferred_username%20openid')
+      end
+    end
   end
 
   describe '#find_or_retrieve_france_connect_information' do