From 77e021a3719341ef55dd395a0b37c287c084c7a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Mon, 27 Jun 2022 21:30:59 +0200
Subject: [PATCH] Fixed auth mfaIdentifier to provide userName

---
 server/src/uds/core/auths/authenticator.py | 4 +++-
 server/src/uds/web/views/auth.py           | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/src/uds/core/auths/authenticator.py b/server/src/uds/core/auths/authenticator.py
index 14f6b4be..07ee9d59 100644
--- a/server/src/uds/core/auths/authenticator.py
+++ b/server/src/uds/core/auths/authenticator.py
@@ -290,13 +290,15 @@ class Authenticator(Module):  # pylint: disable=too-many-public-methods
         """
         return []
 
-    def mfaIdentifier(self) -> str:
+    def mfaIdentifier(self, username: str) -> str:
         """
         If this method is provided by an authenticator, the user will be allowed to enter a MFA code
         You must return the value used by a MFA provider to identify the user (i.e. email, phone number, etc)
         If not provided, or the return value is '', the user will be allowed to access UDS without MFA
 
         Note: Field capture will be responsible of provider. Put it on MFA tab of user form.
+              Take into consideration that mfaIdentifier will never be invoked if the user has not been
+              previously authenticated. (that is, authenticate method has already been called)
         """
         return ''
 
diff --git a/server/src/uds/web/views/auth.py b/server/src/uds/web/views/auth.py
index b5b0a595..6d2cc4da 100644
--- a/server/src/uds/web/views/auth.py
+++ b/server/src/uds/web/views/auth.py
@@ -139,7 +139,7 @@ def authCallback_stage2(
         request.authorized = True
         if authenticator.getType().providesMfa() and authenticator.mfa:
             authInstance = authenticator.getInstance()
-            if authInstance.mfaIdentifier():
+            if authInstance.mfaIdentifier(user.name):
                 request.authorized = False   # We can ask for MFA so first disauthorize user
                 response = HttpResponseRedirect(
                     reverse('page.mfa')
@@ -256,6 +256,7 @@ def ticketAuth(
         webLogin(request, None, usr, password)
 
         request.user = usr  # Temporarily store this user as "authenticated" user, next requests will be done using session
+        request.authorized = True  # User is authorized
         request.session['ticket'] = '1'  # Store that user access is done using ticket
 
         # Transport must always be automatic for ticket authentication