[#1874] Enabled selection of company branch for eHerkenning users #884
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
pi-sigma
force-pushed
the
feature/1874-company-branches-select
branch
10 times, most recently
from
0ddc3ad
to
a27391b
Compare
pi-sigma
force-pushed
the
feature/1874-company-branches-select
branch
from
a27391b
to
a7dc9f5
Compare
pi-sigma
force-pushed
the
feature/1874-company-branches-select
branch
2 times, most recently
from
b818b88
to
6102f0f
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #884 +/- ##
===========================================
- Coverage 92.93% 92.88% -0.05%
===========================================
Files 819 824 +5
Lines 28250 28474 +224
===========================================
+ Hits 26255 26449 +194
- Misses 1995 2025 +30 ☔ View full report in Codecov by Sentry. |
pi-sigma
force-pushed
the
feature/1874-company-branches-select
branch
from
6102f0f
to
0fdd219
Compare
pi-sigma
changed the title
pi-sigma
force-pushed
the
feature/1874-company-branches-select
branch
6 times, most recently
from
cc716e8
to
68ca2fc
Compare
|
@Bartvaderkin |
| ) | ||
|
|
||
| def post(self, request): | ||
| form = self.get_form() |
There was a problem hiding this comment.
I tested this locally and it's possible to (after logging in with a KvK number) perform a request with the same session ID (with postman for example) and a branch number that does not belong to the KvK number you logged in with. I think it would be good to validate that the branch_number present in the data belongs to the KvK number, to avoid security issues
| }, | ||
| ) | ||
|
|
||
| def post(self, request): |
There was a problem hiding this comment.
I noticed that clicking Log in without selecting a branch returns you to the same page, but doesn't show an error message. I think it would be nice show some kind of error message
| @@ -1253,6 +1392,7 @@ def test_page_show_config_text(self): | |||
| self.assertContains(response, "Hello registration text") | |||
| self.assertContains(response, ' href="http://foo.bar/" ') | |||
|
|
|||
| @skip("Debug") | |||
There was a problem hiding this comment.
Should be removed probably?
There was a problem hiding this comment.
The NecessaryFieldsMiddleware was essentially disabled due to this change: 68ca2fc#diff-09a70cba3ae30157873d6826d98ae3cf634d9f0c764558ef37e98b4620443217R18. I removed that line and switched the order of the KvKLoginMiddleware and NecessaryFieldsMiddleware to fix other tests
|
@pi-sigma I'll pick up the requested changes for this PR |
stevenbal
force-pushed
the
feature/1874-company-branches-select
branch
4 times, most recently
from
51a433d
to
9a4045e
Compare
* add error message for company branch select form * refactor branches form page, remove unnecessary styling and use existing templatetags
* NecessaryFieldsMiddleware reenabled (because it was essentially disabled in a previous commit) * Switched order of KvKLoginMiddleware and NecessaryFieldsMiddleware, because the former should trigger first * Removed unnecessary test and fixed failing tests
to prevent eHerkenning authenticated users to try and post arbitrary vestigingsnummers from other companies
stevenbal
force-pushed
the
feature/1874-company-branches-select
branch
from
54d3d08
to
71fe064
Compare
stevenbal
force-pushed
the
feature/1874-company-branches-select
branch
from
c44b8e3
to
bd53fd2
Compare
|
@alextreme this PR is ready for review. The only thing I just thought of is that it's currently not possible to switch branches after selecting one (you have to log out first), is this an issue? |
In my eyes keeping the company branch set for the duration of the session seems fine |
|
This looks fine for now, I've added #1996 for further styling |
Taiga 1874