use only required attributes as phone identifier candidates (#87701)

2024-03-04 15:17:56 +01:00 · 2024-03-04 15:17:56 +01:00 · a22467772f
parent 2d9a56b43e
commit a22467772f
2 changed files with 18 additions and 0 deletions
--- a/src/authentic2/apps/authenticators/forms.py
+++ b/src/authentic2/apps/authenticators/forms.py
@ -79,6 +79,7 @@ class LoginPasswordAuthenticatorAdvancedForm(forms.ModelForm):

        self.fields['phone_identifier_field'].choices = Attribute.objects.filter(
            disabled=False,
+            required=True,
            multiple=False,
            kind__in=('phone_number', 'fr_phone_number'),
        ).values_list('id', 'label')
--- a/tests/test_manager_authenticators.py
+++ b/tests/test_manager_authenticators.py
@ -135,15 +135,32 @@ def test_authenticators_password(app, superuser_or_admin, settings):
    # phone authn management feature flag is activated
    settings.A2_ALLOW_PHONE_AUTHN_MANAGEMENT = True

+    # mandatory phone attributes are defined
    phone1 = Attribute.objects.create(
        name='another_phone',
        kind='phone_number',
        label='Another phone',
+        required=True,
    )
    phone2 = Attribute.objects.create(
        name='yet_another_phone',
        kind='fr_phone_number',
        label='Yet another phone',
+        required=True,
+    )
+
+    # however, other optional phone attributes will be discarded
+    Attribute.objects.create(
+        name='an_optional_phone',
+        kind='phone_number',
+        label='An optional phone',
+        required=False,
+    )
+    Attribute.objects.create(
+        name='an_optional_french_phone',
+        kind='fr_phone_number',
+        label='An optional French phone',
+        required=False,
    )

    resp = app.get('/manage/authenticators/%s/edit/' % authenticator.pk)