Merge pull request #11836 from mfo/US/authen-api-referentiel

ETQ administrateur, je souhaite pouvoir utiliser le champ referentiel avancé (à configurer) avec une API qui requiert un token d'authentification (type: Authorization: Bearer XXX)

Author: mfo

Gemfile

@@ -57,6 +57,7 @@ gem 'i18n-tasks', require: false
 gem 'iban-tools'
 gem 'image_processing'
 gem 'invisible_captcha'
+gem 'jsonpath'
 gem 'json_schemer'
 gem 'jwt'
 gem 'kaminari'

Gemfile.lock

@@ -415,6 +415,8 @@ GEM
       regexp_parser (~> 2.0)
       simpleidn (~> 0.2)
     jsonapi-renderer (0.2.2)
+    jsonpath (1.1.5)
+      multi_json
     jwt (2.10.1)
       base64
     kaminari (1.2.2)
@@ -963,7 +965,6 @@ PLATFORMS
   arm-linux-gnu
   arm-linux-musl
   arm64-darwin
-  ruby
   x86-linux-gnu
   x86-linux-musl
   x86_64-darwin
@@ -1036,6 +1037,7 @@ DEPENDENCIES
   invisible_captcha
   irb
   json_schemer
+  jsonpath
   jwt
   kaminari
   kredis

app/components/dsfr/input_errorable.rb

@@ -23,7 +23,7 @@ def input_group_error_class_names
 
         {
           "#{dsfr_group_classname}--error" => errors_on_attribute?,
-          "#{dsfr_group_classname}--valid" => !errors_on_attribute? && errors_on_another_attribute? && object.public_send(attribute).present?
+          "#{dsfr_group_classname}--valid" => !errors_on_attribute? && errors_on_another_attribute? && object.try(attribute).present?
         }
       end
 

app/components/referentiels/mapping_form_component.rb

@@ -2,9 +2,15 @@
 
 class Referentiels::MappingFormComponent < Referentiels::MappingFormBase
   TYPES = [:string, :decimal_number, :integer_number, :boolean, :date, :datetime, :array].index_by(&:itself).freeze
+  attr_reader :referentiel_service
+  delegate :test_url, :test_headers, to: :referentiel_service
+  def initialize(**args)
+    super
+    @referentiel_service = ReferentielService.new(referentiel: referentiel)
+  end
 
   def last_request_keys
-    JSONPath.hash_to_jsonpath(referentiel.last_response_body)
+    JSONPathUtil.hash_to_jsonpath(referentiel.last_response_body)
   end
 
   def error_title

app/components/referentiels/mapping_form_component/mapping_form_component.html.haml

@@ -5,7 +5,11 @@
     = render Dsfr::AlertComponent.new(title: error_title, state: :error, extra_class_names: 'fr-mb-3w') do |c|
       - c.with_body do
         %p L'API n'a pas retournée une réponse valide, veuillez vérifier les paramètres du referentiel :
-        %pre Endpoint: #{@referentiel.url}
+        %pre Endpoint: #{test_url}
+
+        - if test_headers.present?
+          %pre Headers: #{test_headers}
+
         %pre Status: #{JSON.pretty_generate(@referentiel.last_response_status)}
         %pre Body: #{JSON.pretty_generate(@referentiel.last_response_body)}
 
@@ -23,8 +27,11 @@
           %button.fr-accordion__btn{ type: :button, "aria-controls" => "last_response", "aria-expanded" => "false" } Afficher la réponse récupérée à partir de la requête configurée
 
       .fr-collapse#last_response
-        %pre= @referentiel.url
-        %pre= JSON.pretty_generate(@referentiel.last_response_body)
+        %pre Endpoint: #{test_url}
+        - if test_headers.present?
+          %pre Headers: #{test_headers}
+        %pre Status: #{JSON.pretty_generate(@referentiel.last_response_status)}
+        %pre Body: #{JSON.pretty_generate(@referentiel.last_response_body)}
 
       %section
         .fr-table.fr-table--bordered

app/components/referentiels/new_form_component.rb

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
 
 class Referentiels::NewFormComponent < Referentiels::MappingFormBase
+  delegate :authentication_by_header_token?,
+           :authentication_data_header,
+           to: :referentiel
+
   def id
     :new_referentiel
   end
@@ -19,11 +23,35 @@ def form_url
 
   def form_options
     {
-      data: { turbo: 'true' },
+      data: { turbo: 'true', controller: 'referentiel-new-form' },
       html: { novalidate: 'novalidate', id: }
     }
   end
 
+  def authentication_data_header_opts
+    {
+      opts: {
+        name: "referentiel[authentication_data][header]",
+        value: authentication_data_header
+      }
+    }
+  end
+
+  def authentication_data_header_value_opts
+    options = {
+      opts: {
+        name: "referentiel[authentication_data][value]",
+        input_type: authentication_by_header_token? ? :password : :text,
+        value: authentication_by_header_token? ? "C'est un secret" : '',
+        data: {
+          'referentiel-new-form-target' => 'input'
+        }
+      }
+    }
+    options[:opts][:disabled] = true if authentication_by_header_token?
+    options
+  end
+
   def submit_options
     if referentiel.type.nil?
       { class: 'fr-btn', disabled: true }

app/components/referentiels/new_form_component/new_form_component.html.haml

@@ -48,6 +48,22 @@
       = render Dsfr::InputComponent.new(form:, attribute: :test_data)
       .clearfix
 
+    - if @referentiel.type == 'Referentiels::APIReferentiel'
+      %hr.fr-hr.fr-my-5w
+
+      %div{ data: { controller: 'hide-target'} }
+        .fr-checkbox-group.fr-mb-3w
+          = form.check_box :authentication_method, { checked: @referentiel.authentication_method.present?, class: 'fr-checkbox', data: { 'hide-target_target': 'source' } }
+          = form.label :authentication_method, 'Ajouter une méthode d’authentification', class: 'fr-label'
+
+        %div{ data: { 'hide-target_target' => 'toHide' }, class: class_names('fr-hidden': [email protected]_method.present?) }
+          = form.hidden_field :authentication_method, value: 'header_token'
+          = render Dsfr::InputComponent.new(form:, attribute: "authentication_data[header]", **authentication_data_header_opts)
+          = render Dsfr::InputComponent.new(form:, attribute: "authentication_data[value]", **authentication_data_header_value_opts)
+
+          %button{ type: 'button', class: 'fr-btn fr-btn--secondary', data: { action: 'click->referentiel-new-form#changeHeaderValue' } }
+            Changer la valeur de l'en-tête
+
   %ul.fr-btns-group.fr-btns-group--inline-sm.flex.justify-center.fr-mt-5w
     %li= link_to "Annuler", back_url, class: 'fr-btn fr-btn--secondary'
     %li= form.submit 'Étape suivante', submit_options

app/controllers/administrateurs/referentiels_controller.rb

@@ -70,7 +70,7 @@ def referentiel_mapping_params
 
     def referentiel_params
       params.require(:referentiel)
-        .permit(:type, :mode, :url, :hint, :test_data)
+        .permit(:type, :mode, :url, :hint, :test_data, :authentication_method, authentication_data: [:header, :value])
     rescue ActionController::ParameterMissing
       {}
     end
@@ -85,7 +85,7 @@ def retrieve_referentiel
 
     def build_or_clone_by_id_params
       if params[:referentiel_id]
-        Referentiel.find(params[:referentiel_id]).attributes.slice(*%w[url test_data hint mode type])
+        Referentiel.find(params[:referentiel_id]).attributes.slice(*%w[url test_data hint mode type authentication_data authentication_method])
       else
         params = referentiel_params.to_h
         params = params.merge(type: Referentiels::APIReferentiel) if !Referentiels::APIReferentiel.csv_available?

app/javascript/controllers/referentiel_new_form_controller.ts

@@ -0,0 +1,14 @@
+import { ApplicationController } from './application_controller';
+
+export class ReferentielNewFormController extends ApplicationController {
+  static targets = ['input'];
+
+  declare readonly inputTarget: HTMLInputElement;
+
+  changeHeaderValue(event: Event) {
+    event.preventDefault();
+    this.inputTarget.value = '';
+    this.inputTarget.disabled = false;
+    this.inputTarget.focus();
+  }
+}

app/lib/json_path.rb renamed to app/lib/json_path_util.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
-class JSONPath
+# Extension de la classe JsonPath de la gem
+class JSONPathUtil
   def self.hash_to_jsonpath(hash, parent_path = '$')
     hash.each_with_object({}) do |(key, value), result|
       current_path = "#{parent_path}.#{key}"
@@ -24,14 +25,4 @@ def self.extract_array_name(str)
   def self.extract_key_after_array(str)
     str[/\[(.*?)\](.*)/, 2]
   end
-
-  # getters
-  def self.value(hash, jsonpath)
-    hash&.dig(*jsonpath.split('.')[1..])
-  end
-
-  def self.get_array(hash, array_path)
-    root_path = extract_array_name(array_path)
-    value(hash, root_path)
-  end
 end