feat: go back button, goes back to PCF instead of going to change-email page

Author: rdubigny

assets/js/go-back.js

@@ -1,13 +1,15 @@
 document.addEventListener(
   "DOMContentLoaded",
   function () {
-    var goBackLink = document.getElementById("go-back-link");
+    var goBackLinks = document.querySelectorAll(".go-back-link");
 
     function goBack() {
       history.back();
     }
 
-    goBackLink.addEventListener("click", goBack);
+    goBackLinks.forEach(function (goBackLink) {
+      goBackLink.addEventListener("click", goBack);
+    });
   },
   false,
 );

cypress/e2e/signin_from_proconnect_federation_client/fixtures.sql

@@ -21,7 +21,8 @@ INSERT INTO oidc_clients
   (client_name, client_id, client_secret, redirect_uris,
    post_logout_redirect_uris, scope, client_uri, client_description,
    userinfo_signed_response_alg, id_token_signed_response_alg,
-   authorization_signed_response_alg, introspection_signed_response_alg)
+   authorization_signed_response_alg, introspection_signed_response_alg,
+   is_proconnect_federation)
 VALUES
   (
     'ProConnect Federation',
@@ -34,4 +35,5 @@ VALUES
     'openid uid given_name usual_name email phone siret is_service_public is_public_service',
     'http://localhost:4001/',
     'Dispositif d’identification des agents de la fonction publique.',
-    'ES256', 'ES256', 'ES256', 'ES256');
+    'ES256', 'ES256', 'ES256', 'ES256',
+    true);

cypress/e2e/signin_from_proconnect_federation_client/index.cy.ts

@@ -41,4 +41,13 @@ describe("sign-in from proconnect federation client", () => {
     cy.contains("moncomptepro-proconnect-federation-client");
     cy.contains("unused1@yopmail.com");
   });
+
+  it("should go back to the Federation client when hitting the change email button", () => {
+    cy.visit("http://localhost:4001");
+    cy.get("button.proconnect-button").click();
+
+    cy.get("#change-email-address").click();
+
+    cy.contains("moncomptepro-proconnect-federation-client");
+  });
 });

migrations/1728637528120_add-is-pcf.cjs

@@ -0,0 +1,15 @@
+exports.shorthands = undefined;
+
+exports.up = async (pgm) => {
+  await pgm.db.query(`
+    ALTER TABLE oidc_clients
+      ADD COLUMN is_proconnect_federation boolean NOT NULL DEFAULT FALSE;
+  `);
+};
+
+exports.down = async (pgm) => {
+  await pgm.db.query(`
+    ALTER TABLE oidc_clients
+      DROP COLUMN is_proconnect_federation;
+  `);
+};

scripts/create-anonymized-copy-of-database.sh

@@ -84,7 +84,8 @@ SELECT
   userinfo_signed_response_alg,
   id_token_signed_response_alg,
   authorization_signed_response_alg,
-  introspection_signed_response_alg
+  introspection_signed_response_alg,
+  is_proconnect_federation
 FROM oidc_clients"
 psql $SRC_DB_URL --command="ALTER TABLE tmp_oidc_clients ADD PRIMARY KEY (id)"
 pg_dump --table=tmp_oidc_clients $SRC_DB_URL | psql $DEST_DB_URL

scripts/fixtures.sql

@@ -1088,3 +1088,7 @@ SELECT setval(
         (SELECT last_value FROM oidc_clients_id_seq)
       )
   );
+
+UPDATE oidc_clients
+SET is_proconnect_federation = true
+WHERE id = 15;

src/controllers/interaction.ts

@@ -8,6 +8,7 @@ import {
   isWithinTwoFactorAuthenticatedSession,
 } from "../managers/session/authenticated";
 import { setLoginHintInUnauthenticatedSession } from "../managers/session/unauthenticated";
+import { findByClientId } from "../repositories/oidc-client";
 import epochTime from "../services/epoch-time";
 import { mustReturnOneOrganizationInPayload } from "../services/must-return-one-organization-in-payload";
 import { shouldTrigger2fa } from "../services/should-trigger-2fa";
@@ -18,7 +19,7 @@ export const interactionStartControllerFactory =
     try {
       const {
         uid: interactionId,
-        params: { login_hint, scope },
+        params: { client_id, login_hint, scope },
         prompt,
       } = await oidcProvider.interactionDetails(req, res);
 
@@ -29,6 +30,10 @@ export const interactionStartControllerFactory =
         req.session.mustUse2FA = true;
       }
 
+      const oidcClient = await findByClientId(client_id);
+      req.session.authForProconnectFederation =
+        oidcClient?.is_proconnect_federation;
+
       if (login_hint) {
         setLoginHintInUnauthenticatedSession(req, login_hint);
       }
@@ -102,6 +107,7 @@ export const interactionEndControllerFactory =
       req.session.interactionId = undefined;
       req.session.mustReturnOneOrganizationInPayload = undefined;
       req.session.mustUse2FA = undefined;
+      req.session.authForProconnectFederation = undefined;
 
       await oidcProvider.interactionFinished(req, res, result);
     } catch (error) {

src/controllers/user/signin-signup.ts

@@ -170,6 +170,7 @@ export const getSignInController = async (
       csrfToken: csrfToken(req),
       email,
       showPasskeySection: hasWebauthnConfigured,
+      changeEmailButtonMustReturnToPCF: req.session.authForProconnectFederation,
     });
   } catch (error) {
     next(error);
@@ -218,10 +219,12 @@ export const getSignUpController = async (
     const { login_hint } = await schema.parseAsync(req.query);
 
     return res.render("user/sign-up", {
+      pageTitle: "Choisir votre mot de passe",
       notifications: await getNotificationsFromRequest(req),
       csrfToken: csrfToken(req),
       loginHint: login_hint,
       email: getEmailFromUnauthenticatedSession(req),
+      changeEmailButtonMustReturnToPCF: req.session.authForProconnectFederation,
     });
   } catch (error) {
     next(error);

src/managers/session/authenticated.ts

@@ -53,6 +53,7 @@ export const createAuthenticatedSession = async (
     mustReturnOneOrganizationInPayload,
     mustUse2FA,
     referrerPath,
+    authForProconnectFederation,
   } = req.session;
 
   // as selected org is not stored in session,
@@ -77,6 +78,7 @@ export const createAuthenticatedSession = async (
           mustReturnOneOrganizationInPayload;
         req.session.mustUse2FA = mustUse2FA;
         req.session.referrerPath = referrerPath;
+        req.session.authForProconnectFederation = authForProconnectFederation;
         // new session reset amr
         req.session.amr = [];
 

src/repositories/oidc-client.ts

@@ -6,21 +6,7 @@ export const getClients = async () => {
 
   const { rows }: QueryResult<OidcClient> = await connection.query(`
 SELECT
-    id,
-    client_description,
-    created_at,
-    updated_at,
-    client_name,
-    client_id,
-    client_secret,
-    redirect_uris,
-    post_logout_redirect_uris,
-    scope,
-    client_uri,
-    userinfo_signed_response_alg,
-    id_token_signed_response_alg,
-    authorization_signed_response_alg,
-    introspection_signed_response_alg
+    *
 FROM oidc_clients
 `);
 
@@ -33,21 +19,7 @@ export const findByClientId = async (client_id: string) => {
   const { rows }: QueryResult<OidcClient> = await connection.query(
     `
 SELECT
-    id,
-    client_description,
-    created_at,
-    updated_at,
-    client_name,
-    client_id,
-    client_secret,
-    redirect_uris,
-    post_logout_redirect_uris,
-    scope,
-    client_uri,
-    userinfo_signed_response_alg,
-    id_token_signed_response_alg,
-    authorization_signed_response_alg,
-    introspection_signed_response_alg
+    *
 FROM oidc_clients
 WHERE client_id = $1
 `,
@@ -63,21 +35,7 @@ export const getByUserIdOrderedByConnectionCount = async (user_id: number) => {
   const { rows }: QueryResult<OidcClient> = await connection.query(
     `
 SELECT
-    oc.id,
-    oc.client_description,
-    oc.created_at,
-    oc.updated_at,
-    oc.client_name,
-    oc.client_id,
-    oc.client_secret,
-    oc.redirect_uris,
-    oc.post_logout_redirect_uris,
-    oc.scope,
-    oc.client_uri,
-    oc.userinfo_signed_response_alg,
-    oc.id_token_signed_response_alg,
-    oc.authorization_signed_response_alg,
-    oc.introspection_signed_response_alg
+    oc.*
 FROM (
     SELECT
         user_id,