Fixed auth mfaIdentifier to provide userName

server/src/uds/core/auths/authenticator.py

@@ -290,13 +290,15 @@ class Authenticator(Module):  # pylint: disable=too-many-public-methods
         """
         return []
 
-    def mfaIdentifier(self) -> str:
+    def mfaIdentifier(self, username: str) -> str:
         """
         If this method is provided by an authenticator, the user will be allowed to enter a MFA code
         You must return the value used by a MFA provider to identify the user (i.e. email, phone number, etc)
         If not provided, or the return value is '', the user will be allowed to access UDS without MFA
 
         Note: Field capture will be responsible of provider. Put it on MFA tab of user form.
+              Take into consideration that mfaIdentifier will never be invoked if the user has not been
+              previously authenticated. (that is, authenticate method has already been called)
         """
         return ''
 

server/src/uds/web/views/auth.py

@@ -139,7 +139,7 @@ def authCallback_stage2(
         request.authorized = True
         if authenticator.getType().providesMfa() and authenticator.mfa:
             authInstance = authenticator.getInstance()
-            if authInstance.mfaIdentifier():
+            if authInstance.mfaIdentifier(user.name):
                 request.authorized = False   # We can ask for MFA so first disauthorize user
                 response = HttpResponseRedirect(
                     reverse('page.mfa')
@@ -256,6 +256,7 @@ def ticketAuth(
         webLogin(request, None, usr, password)
 
         request.user = usr  # Temporarily store this user as "authenticated" user, next requests will be done using session
+        request.authorized = True  # User is authorized
         request.session['ticket'] = '1'  # Store that user access is done using ticket
 
         # Transport must always be automatic for ticket authentication