From a89b22e3973ae9fe221f6d58f6375e78b6c48b3d Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Wed, 14 Feb 2024 17:02:52 +1100
Subject: [PATCH] Allow user to disconnect OIDC account

This makes testing much easier. But probably also good for users to
revoke any access via OIDC apps. It also enables users to then connect
to a different account, or just renew the current connection.
---
 app/controllers/admin/oidc_settings_controller.rb | 9 ++++++++-
 app/models/spree/user.rb                          | 1 +
 app/views/admin/oidc_settings/index.html.haml     | 9 +++++----
 config/locales/en.yml                             | 1 +
 config/routes/admin.rb                            | 2 +-
 spec/system/admin/oidc_settings_spec.rb           | 5 ++++-
 6 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/app/controllers/admin/oidc_settings_controller.rb b/app/controllers/admin/oidc_settings_controller.rb
index f668442bc0..69ce9dbfc9 100644
--- a/app/controllers/admin/oidc_settings_controller.rb
+++ b/app/controllers/admin/oidc_settings_controller.rb
@@ -2,6 +2,13 @@
 
 module Admin
   class OidcSettingsController < Spree::Admin::BaseController
-    def index; end
+    def index
+      @account = spree_current_user.oidc_account
+    end
+
+    def destroy
+      spree_current_user.oidc_account&.destroy
+      redirect_to admin_oidc_settings_path
+    end
   end
 end
diff --git a/app/models/spree/user.rb b/app/models/spree/user.rb
index b94c1ace9c..56c0607262 100644
--- a/app/models/spree/user.rb
+++ b/app/models/spree/user.rb
@@ -42,6 +42,7 @@ module Spree
     has_many :credit_cards, dependent: :destroy
     has_many :report_rendering_options, class_name: "::ReportRenderingOptions", dependent: :destroy
     has_many :webhook_endpoints, dependent: :destroy
+    has_one :oidc_account, dependent: :destroy
 
     accepts_nested_attributes_for :enterprise_roles, allow_destroy: true
     accepts_nested_attributes_for :webhook_endpoints
diff --git a/app/views/admin/oidc_settings/index.html.haml b/app/views/admin/oidc_settings/index.html.haml
index b2ab3b3401..1c33bb99bd 100644
--- a/app/views/admin/oidc_settings/index.html.haml
+++ b/app/views/admin/oidc_settings/index.html.haml
@@ -7,16 +7,17 @@
   %h2= t(".connect")
   %br
 
-  - # I'll refactor this later:
-  - account = OidcAccount.find_by(provider: "openid_connect", user: spree_current_user)
-  - if account
+  - if @account
     = t(".already_connected")
-    = account.uid
+    = @account.uid
     %br
     %br
 
     = t(".view_account")
     = link_to t(".les_communs_link"), "#{ Devise.omniauth_configs[:openid_connect].options[:issuer] }/account"
+    %br
+    %br
+    = button_to t(".disconnect"), admin_oidc_setting_path(@account), method: :delete
 
   - else
     = t(".link_your_account")
diff --git a/config/locales/en.yml b/config/locales/en.yml
index e615792f8c..9111bec265 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1712,6 +1712,7 @@ en:
       index:
         title: "OIDC Settings"
         connect: "Connect Your Account"
+        disconnect: "Disconnect"
         already_connected: "Your account is already linked to this DFC authorization account:"
         les_communs_link: "Les Communs Open ID server"
         link_your_account: "You need first to link your account with the authorization provider used by DFC (Les Communs Open ID Connect)."
diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index b8fef0838c..20dace8c6a 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -113,7 +113,7 @@ Openfoodnetwork::Application.routes.draw do
       put :unpause, on: :member
     end
 
-    resources :oidc_settings, only: :index
+    resources :oidc_settings, only: [:index, :destroy]
 
     resources :subscription_line_items, only: [], format: :json do
       post :build, on: :collection
diff --git a/spec/system/admin/oidc_settings_spec.rb b/spec/system/admin/oidc_settings_spec.rb
index 18c62a87fe..2ea91b78b8 100644
--- a/spec/system/admin/oidc_settings_spec.rb
+++ b/spec/system/admin/oidc_settings_spec.rb
@@ -17,10 +17,13 @@ describe "OIDC Settings" do
       login_as user
     end
 
-    it "allows you to connect to an account" do
+    it "allows you to connect to an account and disconnect again" do
       visit admin_oidc_settings_path
       click_button "Link your Les Communs OIDC Account"
       expect(page).to have_content "Your account is already linked"
+
+      click_button "Disconnect"
+      expect(page).to have_button "Link your Les Communs OIDC Account"
     end
   end
 end