From 7042ed707140ff846bbb0d2f3d1798a78d5b5eed Mon Sep 17 00:00:00 2001
From: ssedoudbgouv <85867707+ssedoudbgouv@users.noreply.github.com>
Date: Tue, 18 Feb 2025 08:57:30 +0100
Subject: [PATCH] TRELLO-2916: prevent other user than CCRF to use pro connect
 (#1892)

---
 app/orchestrators/UserOrchestrator.scala | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/orchestrators/UserOrchestrator.scala b/app/orchestrators/UserOrchestrator.scala
index c641915d..a0a81f94 100644
--- a/app/orchestrators/UserOrchestrator.scala
+++ b/app/orchestrators/UserOrchestrator.scala
@@ -19,6 +19,7 @@ import java.time.OffsetDateTime
 import cats.syntax.option._
 import models.AuthProvider.ProConnect
 import models.AuthProvider.SignalConso
+import models.UserRole.DGCCRF
 import models.event.Event
 import models.event.Event.stringToDetailsJsValue
 import models.proconnect.ProConnectClaim
@@ -88,11 +89,13 @@ class UserOrchestrator(userRepository: UserRepositoryInterface, eventRepository:
   override def getProConnectUser(claim: ProConnectClaim, role: UserRole): Future[User] =
     OptionT(userRepository.findByAuthProviderId(claim.sub))
       .orElseF(userRepository.findByEmail(claim.email))
+      .filter(_.userRole == DGCCRF)
       .semiflatMap { user =>
         val updated = user.copy(
           email = EmailAddress(claim.email),
           firstName = claim.givenName,
           lastName = claim.usualName,
+          userRole = role,
           authProvider = ProConnect,
           authProviderId = claim.sub.some,
           lastEmailValidation = Some(OffsetDateTime.now())