make mfa_provider_name param optional if there's only a single MFA …

…provider
piccolo-orm · Sep 8, 2024 · 78de9a9 · 78de9a9
1 parent 5bcb5cd
commit 78de9a9
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 29 deletions.
diff --git a/piccolo_api/session_auth/endpoints.py b/piccolo_api/session_auth/endpoints.py
@@ -310,33 +310,39 @@ async def post(self, request: Request) -> Response:
                                 status_code=401, detail="MFA code required"
                             )
 
-                    mfa_provider_name = body.get("mfa_provider_name")
-
-                    if mfa_provider_name is None:
-                        raise HTTPException(
-                            status_code=401,
-                            detail="MFA provider must be specified",
-                        )
-
-                    filtered_mfa_providers = [
-                        i
-                        for i in enrolled_mfa_providers
-                        if i.name == mfa_provider_name
-                    ]
-
-                    if len(filtered_mfa_providers) == 0:
-                        raise HTTPException(
-                            status_code=401,
-                            detail="MFA provider not recognised.",
-                        )
-
-                    if len(filtered_mfa_providers) > 1:
-                        raise HTTPException(
-                            status_code=401,
-                            detail="Multiple matching MFA providers found.",
-                        )
-
-                    active_mfa_provider = filtered_mfa_providers[0]
+                    # Work out which MFA provider to use:
+                    if len(enrolled_mfa_providers) == 1:
+                        active_mfa_provider = enrolled_mfa_providers[0]
+                    else:
+                        mfa_provider_name = body.get("mfa_provider_name")
+
+                        if mfa_provider_name is None:
+                            raise HTTPException(
+                                status_code=401,
+                                detail="MFA provider must be specified",
+                            )
+
+                        filtered_mfa_providers = [
+                            i
+                            for i in enrolled_mfa_providers
+                            if i.name == mfa_provider_name
+                        ]
+
+                        if len(filtered_mfa_providers) == 0:
+                            raise HTTPException(
+                                status_code=401,
+                                detail="MFA provider not recognised.",
+                            )
+
+                        if len(filtered_mfa_providers) > 1:
+                            raise HTTPException(
+                                status_code=401,
+                                detail=(
+                                    "Multiple matching MFA providers found."
+                                ),
+                            )
+
+                        active_mfa_provider = filtered_mfa_providers[0]
 
                     if not await active_mfa_provider.authenticate_user(
                         user=user, code=mfa_code

diff --git a/piccolo_api/templates/session_login.html b/piccolo_api/templates/session_login.html
@@ -24,8 +24,6 @@ <h1>Login</h1>
                         <option value="{{ mfa_provider_name }}">{{ mfa_provider_name }}</option>
                     {% endfor %}
                 </select>
-            {% else %}
-                <input type="hidden" name="mfa_provider" value="{{ mfa_provider_names[0] }}" />
             {% endif %}
 
             <input type="text" required minlength="6" name="mfa_token" placeholder="ABC123-XYZ789" />