From 12cc26efa46bd42f8da54f3deab9b0b2fb512153 Mon Sep 17 00:00:00 2001
From: Maxime Gasselin <maxime.gasselin@budget-insight.com>
Date: Mon, 21 Dec 2020 10:43:57 +0100
Subject: [PATCH] [caissedepargne] bypass TLS_CLIENT_CERTIFICATE

When this authentification method is the default choice, we check if we
can use PASSWORD authentification mode.
---
 modules/caissedepargne/browser.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/modules/caissedepargne/browser.py b/modules/caissedepargne/browser.py
index c52d6dc531..e649564580 100644
--- a/modules/caissedepargne/browser.py
+++ b/modules/caissedepargne/browser.py
@@ -605,6 +605,25 @@ def do_otp_emv_authentication(self, *params):
         label = "Veuillez renseigner le code affiché sur le boitier (Lecteur CAP en mode « Code »)"
         raise BrowserQuestion(Value('emv_otp', label=label))
 
+    def handle_certificate_authentification(self, *params):
+        # We don't handle this authentification mode yet
+        # But we can check if PASSWORD authentification can be done
+        if self.page.is_other_authentication_method():
+            doc = self.page.doc
+            self.location(
+                self.url + '/step',
+                json={"fallback": {}}
+            )
+
+            if self.page.get_authentication_method_type() == 'PASSWORD':
+                # To use vk_authentication method we merge the two last json
+                # The first one with authentication values and second one with vk values
+                doc['step'] = self.page.doc
+                self.page.doc = doc
+                return self.do_vk_authentication(*params)
+
+        raise AuthMethodNotImplemented('TLS_CLIENT_CERTIFICATE')
+
     def handle_emv_otp(self):
         self.authentication_step.go(
             domain=self.login_otp_validation['domain'],
@@ -645,7 +664,8 @@ def do_authentication_validation(self, authentication_method, feature, **params)
         This method is used for login or transfer/new recipient authentication.
 
         Parameters:
-        authentication_method (str): authentication method in ('SMS', 'CLOUDCARD', 'PASSWORD', 'EMV')
+        authentication_method (str): authentication method in:
+        ('SMS', 'CLOUDCARD', 'PASSWORD', 'EMV', 'TLS_CLIENT_CERTIFICATE')
         feature (str): action that need authentication in ('login', 'transfer', 'recipient')
         """
         AUTHENTICATION_METHODS = {
@@ -653,6 +673,7 @@ def do_authentication_validation(self, authentication_method, feature, **params)
             'CLOUDCARD': self.do_cloudcard_authentication,
             'PASSWORD': self.do_vk_authentication,
             'EMV': self.do_otp_emv_authentication,
+            'TLS_CLIENT_CERTIFICATE': self.handle_certificate_authentification,
         }
         AUTHENTICATION_METHODS[authentication_method](**params)
 
-- 
GitLab