SocialGouv
diff --git a/‎packages/app/drizzle/0023_add_admin_impersonation_events.sql‎
Lines changed: 21 additions & 0 deletions b/‎packages/app/drizzle/0023_add_admin_impersonation_events.sql‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎packages/app/drizzle/0024_add_admin_impersonation_events.sql‎
Lines changed: 21 additions & 0 deletions b/‎packages/app/drizzle/0024_add_admin_impersonation_events.sql‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎packages/app/drizzle/meta/_journal.json‎
Lines changed: 7 additions & 0 deletions b/‎packages/app/drizzle/meta/_journal.json‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/app/src/app/admin/impersonate/page.tsx‎
Lines changed: 5 additions & 0 deletions b/‎packages/app/src/app/admin/impersonate/page.tsx‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/app/src/app/layout.tsx‎
Lines changed: 18 additions & 8 deletions b/‎packages/app/src/app/layout.tsx‎
Lines changed: 18 additions & 8 deletions
diff --git a/‎packages/app/src/app/mon-espace/page.tsx‎
Lines changed: 8 additions & 1 deletion b/‎packages/app/src/app/mon-espace/page.tsx‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎packages/app/src/e2e/admin.e2e.ts‎
Lines changed: 9 additions & 0 deletions b/‎packages/app/src/e2e/admin.e2e.ts‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎packages/app/src/modules/admin/__tests__/schemas.test.ts‎
Lines changed: 34 additions & 0 deletions b/‎packages/app/src/modules/admin/__tests__/schemas.test.ts‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎packages/app/src/modules/admin/impersonate/CompanyPreviewCard.tsx‎
Lines changed: 45 additions & 0 deletions b/‎packages/app/src/modules/admin/impersonate/CompanyPreviewCard.tsx‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎packages/app/src/modules/admin/impersonate/ImpersonateForm.tsx‎
Lines changed: 141 additions & 0 deletions b/‎packages/app/src/modules/admin/impersonate/ImpersonateForm.tsx‎
Lines changed: 141 additions & 0 deletions
@@ -0,0 +1,21 @@
+-- Admin impersonation audit log: one row per "mimoquage" session started by
+-- an admin. Used for audit trail and as the source for the recently
+-- impersonated quick-pick list in the backoffice UI.
+CREATE TABLE IF NOT EXISTS "app_admin_impersonation_event" (
+	"id" varchar(255) PRIMARY KEY NOT NULL,
+	"admin_user_id" varchar(255) NOT NULL,
+	"siren" varchar(9) NOT NULL,
+	"started_at" timestamp with time zone NOT NULL,
+	"stopped_at" timestamp with time zone
+);
+--> statement-breakpoint
+ALTER TABLE "app_admin_impersonation_event"
+	ADD CONSTRAINT "app_admin_impersonation_event_admin_user_id_app_user_id_fk"
+	FOREIGN KEY ("admin_user_id") REFERENCES "app_user"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "app_admin_impersonation_event"
+	ADD CONSTRAINT "app_admin_impersonation_event_siren_app_company_siren_fk"
+	FOREIGN KEY ("siren") REFERENCES "app_company"("siren") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "admin_impersonation_event_admin_started_idx"
+	ON "app_admin_impersonation_event" ("admin_user_id", "started_at");
@@ -0,0 +1,21 @@
+-- Admin impersonation audit log: one row per "mimoquage" session started by
+-- an admin. Used for audit trail and as the source for the recently
+-- impersonated quick-pick list in the backoffice UI.
+CREATE TABLE IF NOT EXISTS "app_admin_impersonation_event" (
+	"id" varchar(255) PRIMARY KEY NOT NULL,
+	"admin_user_id" varchar(255) NOT NULL,
+	"siren" varchar(9) NOT NULL,
+	"started_at" timestamp with time zone NOT NULL,
+	"stopped_at" timestamp with time zone
+);
+--> statement-breakpoint
+ALTER TABLE "app_admin_impersonation_event"
+	ADD CONSTRAINT "app_admin_impersonation_event_admin_user_id_app_user_id_fk"
+	FOREIGN KEY ("admin_user_id") REFERENCES "app_user"("id") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+ALTER TABLE "app_admin_impersonation_event"
+	ADD CONSTRAINT "app_admin_impersonation_event_siren_app_company_siren_fk"
+	FOREIGN KEY ("siren") REFERENCES "app_company"("siren") ON DELETE no action ON UPDATE no action;
+--> statement-breakpoint
+CREATE INDEX IF NOT EXISTS "admin_impersonation_event_admin_started_idx"
+	ON "app_admin_impersonation_event" ("admin_user_id", "started_at");
@@ -169,6 +169,13 @@
 			"when": 1775500000000,
 			"tag": "0023_add_audit_action_log",
 			"breakpoints": true
+		},
+		{
+			"idx": 24,
+			"version": "7",
+			"when": 1775600000000,
+			"tag": "0024_add_admin_impersonation_events",
+			"breakpoints": true
 		}
 	]
 }
@@ -0,0 +1,5 @@
+import { ImpersonatePage } from "~/modules/admin";
+
+export default function Page() {
+	return <ImpersonatePage />;
+}
@@ -2,7 +2,14 @@ import type { Metadata } from "next";
 import Script from "next/script";
 
 import { MatomoAnalytics } from "~/modules/analytics";
-import { Footer, Header, ResourceBanner, SkipLinks } from "~/modules/layout";
+import { SessionProviderWrapper } from "~/modules/auth";
+import {
+	Footer,
+	Header,
+	ImpersonateBanner,
+	ResourceBanner,
+	SkipLinks,
+} from "~/modules/layout";
 import { ProfileModal } from "~/modules/profile";
 import { TRPCReactProvider } from "~/trpc/react";
 
@@ -47,13 +54,16 @@ export default function RootLayout({
 			<body>
 				<MatomoAnalytics />
 				<SkipLinks />
-				<TRPCReactProvider>
-					<Header />
-					{children}
-					<ResourceBanner />
-					<Footer />
-					<ProfileModal />
-				</TRPCReactProvider>
+				<SessionProviderWrapper>
+					<TRPCReactProvider>
+						<ImpersonateBanner />
+						<Header />
+						{children}
+						<ResourceBanner />
+						<Footer />
+						<ProfileModal />
+					</TRPCReactProvider>
+				</SessionProviderWrapper>
 				<Script
 					src="/dsfr/dsfr.module.min.js"
 					strategy="afterInteractive"
 
@@ -11,10 +11,17 @@ export default async function Page() {
 		redirect("/login");
 	}
 
+	// When an admin is impersonating a company, use the impersonated SIREN
+	// (padded to SIRET length so MonEspacePage can extract it the same way).
+	const effectiveSiret =
+		session.user.isAdmin && session.user.impersonation
+			? session.user.impersonation.siren
+			: (session.user.siret ?? null);
+
 	return (
 		<HydrateClient>
 			<MonEspacePage
-				siret={session.user.siret ?? null}
+				siret={effectiveSiret}
 				userPhone={session.user.phone ?? null}
 			/>
 		</HydrateClient>
 
@@ -9,3 +9,12 @@ test("admin user can access /admin and sees backoffice page", async ({
 	).toBeVisible();
 	await expect(page.getByText("administrateur")).toBeVisible();
 });
+
+test("admin user can access /admin/impersonate and sees impersonate page", async ({
+	page,
+}) => {
+	await page.goto("/admin/impersonate");
+	await expect(
+		page.getByRole("heading", { name: "Mimoquer une entreprise", level: 1 }),
+	).toBeVisible();
+});
@@ -0,0 +1,34 @@
+import { describe, expect, it } from "vitest";
+
+import { impersonateSearchSchema, startImpersonateSchema } from "../schemas";
+
+describe("admin schemas", () => {
+	it("accepts a valid 9-digit SIREN", () => {
+		expect(
+			impersonateSearchSchema.safeParse({ siren: "123456789" }).success,
+		).toBe(true);
+		expect(
+			startImpersonateSchema.safeParse({ siren: "987654321" }).success,
+		).toBe(true);
+	});
+
+	it("strips spaces before validating (e.g. '775 670 417')", () => {
+		const result = impersonateSearchSchema.safeParse({
+			siren: "775 670 417",
+		});
+		expect(result.success).toBe(true);
+		if (result.success) {
+			expect(result.data.siren).toBe("775670417");
+		}
+	});
+
+	it.each([
+		"",
+		"12345678",
+		"1234567890",
+		"12345678a",
+		"abcdefghi",
+	])("rejects invalid SIREN %s", (siren) => {
+		expect(impersonateSearchSchema.safeParse({ siren }).success).toBe(false);
+	});
+});
@@ -0,0 +1,45 @@
+type Props = {
+	company: {
+		siren: string;
+		name: string;
+		address: string | null;
+		nafCode: string | null;
+		workforce: number | null;
+	};
+};
+
+/**
+ * Read-only summary of an entreprise, shown before the admin confirms they
+ * want to impersonate it.
+ */
+export function CompanyPreviewCard({ company }: Props) {
+	return (
+		<div className="fr-card fr-mt-3w">
+			<div className="fr-card__body">
+				<div className="fr-card__content">
+					<h2 className="fr-card__title fr-h3">{company.name}</h2>
+					<div className="fr-card__desc">
+						<p>
+							<strong>SIREN :</strong> {company.siren}
+						</p>
+						{company.address && (
+							<p>
+								<strong>Adresse :</strong> {company.address}
+							</p>
+						)}
+						{company.nafCode && (
+							<p>
+								<strong>Code NAF :</strong> {company.nafCode}
+							</p>
+						)}
+						{company.workforce !== null && (
+							<p>
+								<strong>Effectif :</strong> {company.workforce}
+							</p>
+						)}
+					</div>
+				</div>
+			</div>
+		</div>
+	);
+}
@@ -0,0 +1,141 @@
+"use client";
+
+import { useRouter } from "next/navigation";
+import { useSession } from "next-auth/react";
+import { useState } from "react";
+
+import { impersonateSearchSchema } from "~/modules/admin/schemas";
+import { useZodForm } from "~/modules/shared/useZodForm";
+import { api } from "~/trpc/react";
+
+import { CompanyPreviewCard } from "./CompanyPreviewCard";
+
+/**
+ * Search + preview + start/stop impersonation.
+ *
+ * The impersonation state is stored in the NextAuth JWT. Starting is a
+ * single `session.update({ impersonation: { siren, name } })` call: the
+ * server-side `jwt` callback writes the audit row and mutates the token
+ * atomically. Stopping is the same call with `null`.
+ */
+export function ImpersonateForm() {
+	const session = useSession();
+	const router = useRouter();
+	const [serverError, setServerError] = useState<string | null>(null);
+	const [starting, setStarting] = useState(false);
+
+	const form = useZodForm(impersonateSearchSchema, {
+		defaultValues: { siren: "" },
+	});
+
+	const lastImpersonated = api.admin.getLastImpersonated.useQuery(undefined, {
+		enabled: session.data?.user.isAdmin === true,
+	});
+
+	const searchMutation = api.admin.searchCompany.useMutation({
+		onSuccess: () => setServerError(null),
+		onError: (err) => setServerError(err.message),
+	});
+
+	const preview = searchMutation.data ?? null;
+
+	const onSearch = form.handleSubmit((values) => {
+		searchMutation.mutate(values);
+	});
+
+	const onStart = async () => {
+		if (!preview) return;
+		setStarting(true);
+		try {
+			await session.update({
+				impersonation: { siren: preview.siren, name: preview.name },
+			});
+			router.push("/mon-espace");
+		} finally {
+			setStarting(false);
+		}
+	};
+
+	const sirenError = form.formState.errors.siren?.message;
+
+	return (
+		<div className="fr-mt-4w">
+			<form noValidate onSubmit={onSearch}>
+				<div
+					className={
+						sirenError
+							? "fr-input-group fr-input-group--error"
+							: "fr-input-group"
+					}
+				>
+					<label className="fr-label" htmlFor="impersonate-siren">
+						SIREN de l'entreprise
+					</label>
+					<input
+						aria-describedby={
+							sirenError ? "impersonate-siren-error" : undefined
+						}
+						aria-invalid={Boolean(sirenError)}
+						aria-required="true"
+						autoComplete="off"
+						className="fr-input"
+						id="impersonate-siren"
+						inputMode="numeric"
+						list="impersonate-siren-list"
+						type="text"
+						{...form.register("siren")}
+					/>
+					<datalist id="impersonate-siren-list">
+						{(lastImpersonated.data ?? []).map((c) => (
+							<option key={c.siren} value={c.siren}>
+								{c.name}
+							</option>
+						))}
+					</datalist>
+					{sirenError && (
+						<p className="fr-error-text" id="impersonate-siren-error">
+							{sirenError}
+						</p>
+					)}
+				</div>
+
+				<ul className="fr-btns-group fr-btns-group--inline-sm">
+					<li>
+						<button
+							className="fr-btn"
+							disabled={searchMutation.isPending}
+							type="submit"
+						>
+							Rechercher
+						</button>
+					</li>
+				</ul>
+			</form>
+
+			{serverError && (
+				<div className="fr-alert fr-alert--error fr-mt-2w" role="alert">
+					<h3 className="fr-alert__title">Erreur</h3>
+					<p>{serverError}</p>
+				</div>
+			)}
+
+			{preview && (
+				<>
+					<CompanyPreviewCard company={preview} />
+					<ul className="fr-btns-group fr-btns-group--inline-sm fr-mt-2w">
+						<li>
+							<button
+								className="fr-btn"
+								disabled={starting}
+								onClick={onStart}
+								type="button"
+							>
+								Valider et mimoquer
+							</button>
+						</li>
+					</ul>
+				</>
+			)}
+		</div>
+	);
+}
Original file line number	Diff line number	Diff line change
`@@ -169,6 +169,13 @@`
`169`	`169`	`"when": 1775500000000,`
`170`	`170`	`"tag": "0023_add_audit_action_log",`
`171`	`171`	`"breakpoints": true`
	`172`	`+ },`
	`173`	`+ {`
	`174`	`+ "idx": 24,`
	`175`	`+ "version": "7",`
	`176`	`+ "when": 1775600000000,`
	`177`	`+ "tag": "0024_add_admin_impersonation_events",`
	`178`	`+ "breakpoints": true`
`172`	`179`	`}`
`173`	`180`	`]`
`174`	`181`	`}`