set up step_up_auth using stubbed out User.needs_identity_verification

2025-05-16 09:37:03 +02:00 · 2023-12-06 15:49:21 -05:00 · 2023-12-06 15:49:21 -05:00 · f6a288f511
commit f6a288f511
parent 695b4199f3
3 changed files with 15 additions and 10 deletions
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -75,7 +75,7 @@ def login_callback(request):
            # if not satisfied, redirect user to login with stepped up acr_value
            if requires_step_up_auth(userinfo):
                # add acr_value to request.session
-                request.session["acr_value"] = CLIENT.behaviour.get("step_up_acr_value")
+                request.session["acr_value"] = CLIENT.get_step_up_acr_value()
                return CLIENT.create_authn_request(request.session)

            login(request, user)
@ -87,13 +87,13 @@ def login_callback(request):
        return error_page(request, err)

 def requires_step_up_auth(userinfo):
-    # if User.needs_identity_verification and step_up_acr_value not in 
-    # ial returned from callback, redirect to 
-    step_up_acr_value = CLIENT.behavior.get("step_up_acr_value", "UNKNOWN")
+    """ if User.needs_identity_verification and step_up_acr_value not in
+    ial returned from callback, return True """
+    step_up_acr_value = CLIENT.get_step_up_acr_value()
    acr_value = userinfo.get("ial", "")
    uuid = userinfo.get("sub", "")
    email = userinfo.get("email", "")
-    return User.needs_identity_verification(email, uuid) and acr_value == step_up_acr_value
+    return User.needs_identity_verification(email, uuid) and acr_value != step_up_acr_value

 def logout(request, next_page=None):
    """Redirect the user to the authentication provider (OP) logout page."""
@ -125,7 +125,6 @@ def logout(request, next_page=None):
        if next_page:
            request.session["next"] = next_page

-
 def logout_callback(request):
    """Simple redirection view: after logout, redirect to `next`."""
    next = request.session.get("next", "/")