Add OneTimeLink support to retrieve authentication codes for voters (#…

…247) * working in adding OneTimeLink to retrieve auth codes * setting fixed-code in unit test during election creation * WIP
sequentech · Nov 8, 2022 · ddd4382 · ddd4382
1 parent c3bb6fd
commit ddd4382
Show file tree

Hide file tree

Showing 20 changed files with 999 additions and 54 deletions.
diff --git a/iam/api/migrations/0049_authevent_add_otl.py b/iam/api/migrations/0049_authevent_add_otl.py
@@ -0,0 +1,24 @@
+# Generated by Edulix on 2022-10-19 10:00
+
+from django.db import models, migrations
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('api', '0048_authevent_allowed_statuses'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='authevent',
+            name='support_otl_enabled',
+            field=models.BooleanField(default=False),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='authevent',
+            name='inside_authenticate_otl_period',
+            field=models.BooleanField(default=False),
+            preserve_default=False,
+        ),
+    ]
diff --git a/iam/api/models.py b/iam/api/models.py
@@ -292,6 +292,8 @@ class AuthEvent(models.Model):
 
     created = models.DateTimeField(auto_now_add=True)
     admin_fields = JSONField(blank=True, null=True)
+    support_otl_enabled = models.BooleanField(default=False)
+    inside_authenticate_otl_period = models.BooleanField(default=False)
     has_ballot_boxes = models.BooleanField(default=True)
     allow_public_census_query = models.BooleanField(default=True)
 
@@ -391,7 +393,9 @@ def serialize(self, restrict=False):
             'openid_connect_providers': [
                 provider['public_info']
                 for provider in settings.OPENID_CONNECT_PROVIDERS_CONF
-            ]
+            ],
+            'support_otl_enabled': self.support_otl_enabled,
+            'inside_authenticate_otl_period': self.inside_authenticate_otl_period
         }
 
         def none_list(e):

diff --git a/iam/api/tasks.py b/iam/api/tasks.py
@@ -93,15 +93,24 @@ def census_send_auth_task(
                census.append(item.user.user.id)
            elif "email" == auth_method and item.user.user.email:
                census.append(item.user.user.id)
-    
+
     extend_errors = plugins.call("extend_send_message", e, len(census), kwargs)
     if extend_errors:
         logger.info("census_send_auth_task(pk = %r): errors" % pk)
         # Only can return one error at least for now
         return extend_errors[0]
 
+    force_create_otl = (
+        e.support_otl_enabled and
+        isinstance(config, dict) and
+        'force_create_otl' in config and
+        isinstance(config['force_create_otl'], bool) and
+        config.get('force_create_otl', False)
+    )
     logger.info("census_send_auth_task(pk = %r): send_codes.apply_async" % pk)
-    send_codes.apply_async(args=[census, ip, auth_method, config, sender_uid, pk])
+    send_codes.apply_async(
+        args=[census, ip, auth_method, config, sender_uid, pk, force_create_otl]
+    )
 
 def launch_tally(auth_event):
     '''

diff --git a/iam/api/test_data.py b/iam/api/test_data.py
@@ -1356,6 +1356,52 @@
     ]
 }
 
+
+# election configuration:
+# - uses email authentication
+# - static codes (allows setting them when uploading census)
+# - allows one time links
+# - membership-id extra field that is required during OTL auth
+auth_event_otp1 = {
+    "auth_method": "email",
+    "census": "open",
+    "auth_method_config": {
+        "authentication-action":{
+            "mode":"vote",
+            "mode-config": None
+        },
+        "registration-action":{
+            "mode":"vote",
+            "mode-config":None
+        },
+        "subject": "Confirm your email",
+        "msg": "Click __URL__ and put this code __CODE__",
+        "fixed-code": True
+    },
+    "support_otl_enabled": True,
+    "extra_fields": [
+        {
+            "name": "email",
+            "type": "email",
+            "required": True,
+            "min": 4,
+            "max": 255,
+            "required_on_authentication": True,
+            "match_against_census_on_otl_authentication": True
+        },
+        {
+            "name": "membership-id",
+            "type": "text",
+            "required": False,
+            "unique": True,
+            "min": 1,
+            "max": 64,
+            "required_on_authentication": False,
+            "match_against_census_on_otl_authentication": True
+        }
+    ]
+}
+
 def get_auth_event19_census(auth_method):
     if 'email' in auth_method:
         return {