From 3daf4e9e7c45393ad86b6732b909baf36b4fb582 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Dubigny?= <raphael.dubigny@beta.gouv.fr>
Date: Mon, 16 Dec 2024 16:38:47 +0100
Subject: [PATCH] WIP: mob prog on certification dirigeant

---
 README.md                                     |  1 +
 .../e2e/signin_with_right_acr/fixtures.sql    |  7 ++++++-
 cypress/e2e/signin_with_right_acr/index.cy.ts | 19 +++++++++++++++++++
 src/config/env.ts                             |  1 +
 src/config/env.zod.ts                         |  3 +++
 src/controllers/interaction.ts                |  2 ++
 test/env.zod.test.ts                          |  2 ++
 7 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8c074276f..daf4d8377 100644
--- a/README.md
+++ b/README.md
@@ -170,6 +170,7 @@ Les valeurs `acr` utilisées par ProConnect Identité sont les suivantes :
   - code à usage unique envoyé par email à l'adresse de contact référencée dans un annuaire de référence
   - identité du dirigeant d'association conforme
 - `https://proconnect.gouv.fr/assurance/consistency-checked-2fa` : `https://proconnect.gouv.fr/assurance/consistency-checked` + authentification à double facteur
+- `https://proconnect.gouv.fr/assurance/certification-dirigeant` : pour activer la certification dirigeant
 
 ## 3. 👋 Contribuer à ProConnect Identité
 
diff --git a/cypress/e2e/signin_with_right_acr/fixtures.sql b/cypress/e2e/signin_with_right_acr/fixtures.sql
index a28753662..bd6357fce 100644
--- a/cypress/e2e/signin_with_right_acr/fixtures.sql
+++ b/cypress/e2e/signin_with_right_acr/fixtures.sql
@@ -21,6 +21,10 @@ VALUES
   (4, 'ial1-aal1@yopmail.com', true, CURRENT_TIMESTAMP,
    '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP,
    'Jean', 'IAL1 AAL1', '0123456789', 'Sbire',
+   null, null, false),
+  (5, 'certification-dirigeant@yopmail.com', true, CURRENT_TIMESTAMP,
+   '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP,
+   'Jean', 'Certification', '0123456789', 'Dirigeant',
    null, null, false);
 
 INSERT INTO organizations
@@ -34,7 +38,8 @@ VALUES
   (1, 1, false, 'domain', true),
   (2, 1, false, null, true),
   (3, 1, false, 'domain', true),
-  (4, 1, false, null, true);
+  (4, 1, false, null, true),
+  (5, 1, false, null, true);
 
 INSERT INTO oidc_clients
 (client_name, client_id, client_secret, redirect_uris,
diff --git a/cypress/e2e/signin_with_right_acr/index.cy.ts b/cypress/e2e/signin_with_right_acr/index.cy.ts
index 6be238a42..533b5e089 100644
--- a/cypress/e2e/signin_with_right_acr/index.cy.ts
+++ b/cypress/e2e/signin_with_right_acr/index.cy.ts
@@ -104,3 +104,22 @@ describe("sign-in with a client requiring 2fa identity", () => {
     cy.contains("Attention : le site que vous voulez utiliser requiert la 2FA");
   });
 });
+
+describe("sign-in with a client requiring certification dirigeant identity", () => {
+  beforeEach(() => {
+    cy.visit("http://localhost:4000");
+    cy.setRequestedAcrs([
+      "https://proconnect.gouv.fr/assurance/certification-dirigeant",
+    ]);
+  });
+
+  it.only("should sign-in an return the right acr value", function () {
+    cy.get("button#custom-connection").click({ force: true });
+
+    cy.login("certification-dirigeant@yopmail.com");
+
+    cy.contains(
+      '"acr": "https://proconnect.gouv.fr/assurance/certification-dirigeant"',
+    );
+  });
+});
diff --git a/src/config/env.ts b/src/config/env.ts
index 33a75ec68..e7c3a334d 100644
--- a/src/config/env.ts
+++ b/src/config/env.ts
@@ -32,6 +32,7 @@ export const {
   ACR_VALUE_FOR_IAL1_AAL2,
   ACR_VALUE_FOR_IAL2_AAL1,
   ACR_VALUE_FOR_IAL2_AAL2,
+  ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT,
   BREVO_API_KEY,
   CRISP_BASE_URL,
   CRISP_IDENTIFIER,
diff --git a/src/config/env.zod.ts b/src/config/env.zod.ts
index 518dd4e66..ce4b24b37 100644
--- a/src/config/env.zod.ts
+++ b/src/config/env.zod.ts
@@ -67,6 +67,9 @@ export const paramsEnvSchema = z.object({
   ACR_VALUE_FOR_IAL2_AAL2: z
     .string()
     .default("https://proconnect.gouv.fr/assurance/consistency-checked-2fa"),
+  ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT: z
+    .string()
+    .default("https://proconnect.gouv.fr/assurance/certification-dirigeant"),
   DEPLOY_ENV: z
     .enum(["localhost", "preview", "production", "sandbox"])
     .default("localhost"),
diff --git a/src/controllers/interaction.ts b/src/controllers/interaction.ts
index 356f07ee4..0c2aedc0b 100644
--- a/src/controllers/interaction.ts
+++ b/src/controllers/interaction.ts
@@ -2,6 +2,7 @@ import type { NextFunction, Request, Response } from "express";
 import Provider, { errors } from "oidc-provider";
 import { z } from "zod";
 import {
+  ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT,
   ACR_VALUE_FOR_IAL1_AAL1,
   ACR_VALUE_FOR_IAL1_AAL2,
   ACR_VALUE_FOR_IAL2_AAL1,
@@ -95,6 +96,7 @@ export const interactionEndControllerFactory =
         : isConsistencyChecked
           ? ACR_VALUE_FOR_IAL2_AAL1
           : ACR_VALUE_FOR_IAL1_AAL1;
+      currentAcr = ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT;
 
       const amr = getSessionStandardizedAuthenticationMethodsReferences(req);
       const ts = user.last_sign_in_at
diff --git a/test/env.zod.test.ts b/test/env.zod.test.ts
index fcd8b0c1b..89b84927f 100644
--- a/test/env.zod.test.ts
+++ b/test/env.zod.test.ts
@@ -26,6 +26,8 @@ test("default sample env with configured INSEE secrets", () => {
       "https://proconnect.gouv.fr/assurance/consistency-checked",
     ACR_VALUE_FOR_IAL2_AAL2:
       "https://proconnect.gouv.fr/assurance/consistency-checked-2fa",
+    ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT:
+      "https://proconnect.gouv.fr/assurance/certification-dirigeant",
     API_AUTH_PASSWORD: "admin",
     API_AUTH_USERNAME: "admin",
     CRISP_BASE_URL: "https://api.crisp.chat",