Commit 62ea83a5 authored by Ludovic LANGE's avatar Ludovic LANGE Committed by Vincent A

[bred] Let the user choose the order of SCA methods

The default SCA methods were : sms, then app notification, then otp.
This patch allows the user to configure (in config file), using the preferred_sca
key, the list of authentication methods he wants to allow (for example, to have
SMS first, then otp, then App notification, etc...)

As for now, the following methods are supported by the module:
* notification (mobile application notification)
* sms (sms on your trusted mobile phone)
* otp (e-Code that must be generated on the mobile application)

device name (which appears in the website) can be customized with the configuration
parent 5d46b719
......@@ -221,6 +221,13 @@ def get_connection_twofa_method(self):
# The order and tests are taken from the bred website code.
# Keywords in scripts.js: showSMS showEasyOTP showOTP
methods = self.context['liste']
# Overriding default order of tests with 'preferred_sca' configuration item
preferred_auth_methods = tuple(self.config.get('preferred_sca', '').get().split())
for auth_method in preferred_auth_methods:
if methods.get(auth_method):
return auth_method
if methods.get('sms'):
return 'sms'
elif methods.get('notification') and methods.get('otp'):
......@@ -301,7 +308,7 @@ def enrol_device(self):
data = {
'uuid': self.device_id, # Called an uuid but it's just a 50 digits long string.
'deviceName': 'Accès BudgetInsight pour agrégation', # clear message for user
'deviceName': self.config.get('device_name', 'Accès BudgetInsight pour agrégation').get(), # clear message for user
'biometricEnabled': False,
'securedBiometricEnabled': False,
'notificationEnabled': False,
......@@ -48,6 +48,8 @@ class BredModule(Module, CapBankWealth, CapProfile, CapBankTransferAddRecipient)
ValueBackendPassword('login', label='Identifiant', masked=False, regexp=r'.{1,32}'),
ValueBackendPassword('password', label='Mot de passe'),
Value('accnum', label='Numéro du compte bancaire (optionnel)', default='', masked=False),
Value('preferred_sca', label='Mécanisme(s) d\'authentification forte préferrés (optionnel, un ou plusieurs (séparés par des espaces) parmi: elcard usb sms otp mail password svi notification whatsApp)', default='', masked=False),
Value('device_name', label='Nom du device qui sera autorisé pour 90j suite à l\'authentication forte', default='', masked=False),
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment