Fix user verification (#22)

tramuntanal · web-flow · commit b7a405161121 · 2026-03-19T10:17:48.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,9 @@ Following Semantic Versioning 2.
 
 ## next version:
 
+## Version 0.7.2 (PATCH)
+- Fix user verification.
+
 ## Version 0.7.1 (PATCH)
 - Fix invokation of `OnOmniauthRegistrationListener.on_omniauth_registration` after login/registration.
 
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    decidim-idcat_mobil (0.7.1)
+    decidim-idcat_mobil (0.7.2)
       decidim (>= 0.29.0)
       decidim-core (>= 0.29.0)
       omniauth-idcat_mobil (~> 0.6.0)
diff --git a/app/forms/decidim/verifications/valid_handler.rb b/app/forms/decidim/verifications/valid_handler.rb
@@ -10,7 +10,7 @@ class ValidHandler < AuthorizationHandler
       validate :idcatmobil_method?, :has_ok_status?
 
       def unique_id
-        oauth_data["identifier"]
+        oauth_data[:uid]
       end
 
       def metadata
@@ -31,14 +31,14 @@ def to_partial_path
       #-----------------------------------------------------------
 
       def idcatmobil_method?
-        return true if oauth_data["method"] == "idcatmobil"
+        return true if oauth_data.dig(:raw_data, :extra, :method) == "idcatmobil"
 
         errors.add(:base, I18n.t("decidim.verifications.valid.errors.invalid_method"))
         false
       end
 
       def has_ok_status?
-        return true if oauth_data["status"] == "ok"
+        return true if oauth_data.dig(:raw_data, :extra, :status) == "ok"
 
         errors.add(:base, I18n.t("decidim.verifications.valid.errors.invalid_status"))
         false
diff --git a/app/jobs/decidim/valid/verification_job.rb b/app/jobs/decidim/valid/verification_job.rb
@@ -6,17 +6,21 @@ class VerificationJob < ApplicationJob
       queue_as :default
 
       def perform(oauth_data)
-        authorization ||= Decidim::Authorization.find_by(unique_id: handler.unique_id)
+        oauth_data = oauth_data.deep_symbolize_keys
+        handler= retrieve_handler(oauth_data)
+        authorization= Decidim::Authorization.find_by(name: "valid", unique_id: handler.unique_id)
         return if authorization&.granted?
 
-        handler = retrieve_handler(oauth_data)
-        Decidim::Verifications::AuthorizeUser.call(handler) do
+        user= Decidim::User.find(oauth_data[:user_id])
+        Decidim::Verifications::AuthorizeUser.call(handler, user.organization) do
           on(:ok) do
+            Rails.logger.info("User #{user.id} verified successfully with VÀLid.")
             notify_user(handler.user, :ok, handler)
           end
 
           on(:invalid) do
-            notify_user(handler.user, :invalid, handler)
+            Rails.logger.error("Could not verify user #{user.id} with VÀLid: #{handler.errors.full_messages.join(", ")}")
+            notify_user(user, :invalid, handler) if user
           end
         end
       end
@@ -28,16 +32,16 @@ def perform(oauth_data)
 
       # Retrieves handler from Verification workflows registry.
       def retrieve_handler(oauth_data)
-        Decidim::AuthorizationHandler.handler_for(:valid, oauth_data:)
+        Decidim::AuthorizationHandler.handler_for("valid", oauth_data:)
       end
 
       def notify_user(user, status, handler)
         notification_class = status == :ok ? Decidim::IdcatMobil::VerificationSuccessNotification : Decidim::IdcatMobil::VerificationInvalidNotification
         Decidim::EventsManager.publish(
           event: "decidim.verifications.idcat_mobil.#{status}",
           event_class: notification_class,
-          # resource: result,
-          recipient_ids: [user.id],
+          resource: user,
+          affected_users: [user],
           extra: {
             status:,
             errors: handler.errors.full_messages
diff --git a/lib/decidim/idcat_mobil/version.rb b/lib/decidim/idcat_mobil/version.rb
@@ -4,7 +4,7 @@ module Decidim
   module IdcatMobil
     def self.version
       # See CHANGELOG.md to see what changed
-      "0.7.1"
+      "0.7.2"
     end
 
     def self.decidim_version
diff --git a/spec/jobs/decidim/valid/verification_job_spec.rb b/spec/jobs/decidim/valid/verification_job_spec.rb
@@ -6,53 +6,57 @@
 
 module Decidim::Valid
   describe VerificationJob do
-    def pending_to_be_finished
-      pending("Implementation pending, this Decidim module does not support user verification")
-    end
+    let!(:organization) { create(:organization, host: "#{SecureRandom.hex(10)}.example.com") }
+    let!(:user) { create(:user, organization:) }
+    let!(:identity) { create(:identity, provider: "idcat_mobil", user:) }
 
-    let!(:user) { create(:user) }
-    let!(:identity) { create(:identity, provider: "idecat_mobil", user:) }
     let(:oauth_data) do
       {
         user_id: user.id,
         identity_id: identity.id,
         provider: "idcat_mobil",
-        uid: "idcat_mobil/#{user.id}",
+        uid: "00000000K",
         email: user.email,
-        name: "idcat_mobil",
-        nickname: nil,
+        name: "Alice",
+        nickname: "alice",
         avatar_url: nil,
-        raw_data: {}
+        raw_data: {
+          provider: :idcat_mobil,
+          uid: "00000000K",
+          info: {
+            email: user.email,
+            name: "Alice",
+            prefix: "0034",
+            phone: "972972972",
+            surname1: "COOPER",
+            surname2: "IRON",
+            surnames: "COOPER IRON",
+            country_code: "ES"
+          },
+          credentials: {
+            token: "1/abcdefABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh",
+            expires_at: 1_773_128_240,
+            expires: true
+          },
+          extra: {
+            identifier_type: "1",
+            method: "idcatmobil",
+            assurance_level: "low",
+            status: "ok"
+          }
+        }
       }
     end
 
-    # rubocop: disable Lint/ConstantDefinitionInBlock
-    class TestDecidimPublisher < Decidim::Command
-      include Wisper::Publisher
-      def initialize(*args)
-        super
-      end
-    end
-
-    # rubocop: enable Lint/ConstantDefinitionInBlock
-    def stub_decidim_publisher(clazz, called_method, event_to_publish, *published_event_args)
-      stub_const(clazz, Class.new(TestDecidimPublisher) do
-        define_method(called_method) do |*_args|
-          publish(event_to_publish, *published_event_args)
-        end
-      end)
-    end
-
     context "when omniauth_registration event is notified" do
       context "when authorization is created with success" do
         it "notifies the user for the success" do
-          pending_to_be_finished
-          stub_decidim_publisher("Decidim::Verifications::AuthorizeUser", :call, :ok)
           expect(Decidim::EventsManager)
             .to receive(:publish)
             .with(
               event: "decidim.verifications.idcat_mobil.ok",
               event_class: Decidim::IdcatMobil::VerificationSuccessNotification,
+              resource: user,
               recipient_ids: [user.id],
               extra: {
                 status: :ok,
@@ -65,21 +69,25 @@ def stub_decidim_publisher(clazz, called_method, event_to_publish, *published_ev
       end
 
       context "when authorization creation fails" do
+        let(:oauth_data) do
+          super().merge(status: "invalid", "status" => "invalid")
+        end
+
         it "notifies the user for the failure" do
-          pending_to_be_finished
-          stub_decidim_publisher("Decidim::Verifications::AuthorizeUser", :call, :invalid)
           expect(Decidim::EventsManager)
             .to receive(:publish)
-            .with(
-              event: "decidim.verifications.idcat_mobil.invalid",
-              event_class: Decidim::IdcatMobil::VerificationInvalidNotification,
-              recipient_ids: [user.id],
-              extra: {
-                status: :invalid,
-                errors: []
-              }
-            )
+            .with(hash_including(
+                    event: "decidim.verifications.idcat_mobil.invalid",
+                    event_class: Decidim::IdcatMobil::VerificationInvalidNotification,
+                    resource: user,
+                    recipient_ids: [user.id],
+                    extra: hash_including(
+                      status: :invalid,
+                      errors: ["Unique cannot be blank"]
+                    )
+                  ))
 
+          oauth_data.delete(:uid)
           VerificationJob.new.perform(oauth_data)
         end
       end
