From 073e4de837209750980652e9fe21f71358ec3f8d Mon Sep 17 00:00:00 2001
From: Eduardo Robles <edu@sequentech.io>
Date: Thu, 28 Sep 2023 14:23:40 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9E=20Resend=20auth=20codes=20in=20ema?=
 =?UTF-8?q?il-otl=20or=20sms-otp=20doesn't=20work=20in=20alt-auth-?=
 =?UTF-8?q?=E2=80=A6=20(#307)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Parent issue: https://github.com/sequentech/meta/issues/260

Ensuring resend-auth-codes REST API works when alternative auth method
id is supplied
---
 iam/api/tests.py |  2 +-
 iam/api/views.py | 22 ++++++++++++++++++----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/iam/api/tests.py b/iam/api/tests.py
index 2b916d86..397d8743 100644
--- a/iam/api/tests.py
+++ b/iam/api/tests.py
@@ -1664,7 +1664,7 @@ def test_register_and_resend_code(self):
         response = c.post('/api/auth-event/%d/resend_auth_code/' % self.aeid, data)
         self.assertEqual(response.status_code, 400)
         r = parse_json_response(response)
-        self.assertEqual(r['error_codename'], 'AUTH_EVENT_NOT_STARTED')
+        self.assertEqual(r['error_codename'], 'INVALID_REQUEST')
 
         # good: self.aeid.census = close but allow_user_resend = True
         self.ae.auth_method_config['config']['allow_user_resend'] = True
diff --git a/iam/api/views.py b/iam/api/views.py
index aa0c73fb..0fa2eb6a 100644
--- a/iam/api/views.py
+++ b/iam/api/views.py
@@ -35,6 +35,7 @@
 import plugins
 from authmethods import (
     auth_authenticate,
+    get_patched_auth_event,
     auth_authenticate_otl,
     auth_census,
     auth_register,
@@ -1067,18 +1068,31 @@ class ResendAuthCode(View):
 
     def post(self, request, pk):
         auth_event = get_object_or_404(AuthEvent, pk=pk)
+
+        # we need the patched auth event to account for alternative auth method
+        # when calling to function check_allow_user_resend()
+        (patched_auth_event, error) = get_patched_auth_event(auth_event, request)
+        if error is not None:
+            return json_response(
+                status=500,
+                error_codename=ErrorCodes.INTERNAL_SERVER_ERROR
+            )
+
+        # if registration is closed, check that resend auth codes is allowed
         if (
             auth_event.census == 'close' and
-            not auth_event.check_allow_user_resend()
+            not patched_auth_event.check_allow_user_resend()
         ):
             return json_response(
                 status=400,
-                error_codename="AUTH_EVENT_NOT_STARTED")
-        # registration is closed
+                error_codename="INVALID_REQUEST")
+        
+        # if registration is open, check that resend auth codes is allowed and
+        # the auth event is started
         if (
             (
                 auth_event.census == 'open' or
-                auth_event.check_allow_user_resend()
+                patched_auth_event.check_allow_user_resend()
             ) and
             auth_event.status != AuthEvent.STARTED and
             auth_event.status != AuthEvent.RESUMED