From 62ea83a517e61fb04e05c4894925886ffc748e04 Mon Sep 17 00:00:00 2001 From: Ludovic LANGE Date: Fri, 22 Jan 2021 11:16:51 +0100 Subject: [PATCH] [bred] Let the user choose the order of SCA methods The default SCA methods were : sms, then app notification, then otp. This patch allows the user to configure (in config file), using the preferred_sca key, the list of authentication methods he wants to allow (for example, to have SMS first, then otp, then App notification, etc...) As for now, the following methods are supported by the module: * notification (mobile application notification) * sms (sms on your trusted mobile phone) * otp (e-Code that must be generated on the mobile application) device name (which appears in the website) can be customized with the configuration file. --- modules/bred/bred/browser.py | 9 ++++++++- modules/bred/module.py | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/bred/bred/browser.py b/modules/bred/bred/browser.py index c527c79594..6ca2b583d4 100644 --- a/modules/bred/bred/browser.py +++ b/modules/bred/bred/browser.py @@ -221,6 +221,13 @@ def get_connection_twofa_method(self): # The order and tests are taken from the bred website code. # Keywords in scripts.js: showSMS showEasyOTP showOTP methods = self.context['liste'] + + # Overriding default order of tests with 'preferred_sca' configuration item + preferred_auth_methods = tuple(self.config.get('preferred_sca', '').get().split()) + for auth_method in preferred_auth_methods: + if methods.get(auth_method): + return auth_method + if methods.get('sms'): return 'sms' elif methods.get('notification') and methods.get('otp'): @@ -301,7 +308,7 @@ def enrol_device(self): self.update_headers() data = { 'uuid': self.device_id, # Called an uuid but it's just a 50 digits long string. - 'deviceName': 'Accès BudgetInsight pour agrégation', # clear message for user + 'deviceName': self.config.get('device_name', 'Accès BudgetInsight pour agrégation').get(), # clear message for user 'biometricEnabled': False, 'securedBiometricEnabled': False, 'notificationEnabled': False, diff --git a/modules/bred/module.py b/modules/bred/module.py index afc5bf74e9..52134ae2bc 100644 --- a/modules/bred/module.py +++ b/modules/bred/module.py @@ -48,6 +48,8 @@ class BredModule(Module, CapBankWealth, CapProfile, CapBankTransferAddRecipient) ValueBackendPassword('login', label='Identifiant', masked=False, regexp=r'.{1,32}'), ValueBackendPassword('password', label='Mot de passe'), Value('accnum', label='Numéro du compte bancaire (optionnel)', default='', masked=False), + Value('preferred_sca', label='Mécanisme(s) d\'authentification forte préferrés (optionnel, un ou plusieurs (séparés par des espaces) parmi: elcard usb sms otp mail password svi notification whatsApp)', default='', masked=False), + Value('device_name', label='Nom du device qui sera autorisé pour 90j suite à l\'authentication forte', default='', masked=False), ValueTransient('request_information'), ValueTransient('resume'), ValueTransient('otp_sms'), -- GitLab