✨ [#3967] Add 'auth_context_branch_number' static variable

sergei-maertens · sergei-maertens · commit b5e791eaf552 · 2024-07-03T13:03:55.000+02:00
For eherkenning authentication, this will contain the branch number
that the employee is authenticated/authorized for.
diff --git a/docs/manual/forms/variables.rst b/docs/manual/forms/variables.rst
@@ -112,7 +112,8 @@ authenticatiecontextdatamodel_. De structuur is als volgt:
         "authorizee": {
             "legalSubject": {
                 "identifierType": "string",
-                "identifier": "string"
+                "identifier": "string",
+                "branchNumber": "string"
             },
             "actingSubject": {
                 "identifierType": "string",
@@ -169,6 +170,10 @@ De onderdelen van deze structuur worden ook als individuele variabelen aangebode
     Identificatie van de (wettelijke) vertegenwoordiger. Leeg indien het formulier
     zonder inloggen gestart is.
 
+``auth_context_branch_number``
+    Vestigingsnummer waarvoor de medewerker ingelogd is. Leeg indien het geen
+    eHerkenning-login betreft.
+
 ``auth_context_acting_subject_identifier_type``
     In de praktijk zal de waarde altijd ``opaque`` of leeg zijn. Geeft aan hoe de
     identificatie van de handelende persoon ("de persoon aan de knoppen")
diff --git a/src/openforms/authentication/static_variables/static_variables.py b/src/openforms/authentication/static_variables/static_variables.py
@@ -192,6 +192,21 @@ def get_initial_value(self, submission: Submission | None = None) -> str:
         return auth_context["authorizee"]["legalSubject"]["identifier"]
 
 
+@register_static_variable("auth_context_branch_number")
+class AuthContextBranchNumber(BaseStaticVariable):
+    name = _("Authentication context data: branch number")
+    data_type = FormVariableDataTypes.string
+
+    def get_initial_value(self, submission: Submission | None = None) -> str:
+        if submission is None or not submission.is_authenticated:
+            return ""
+        auth_context = submission.auth_info.to_auth_context_data()
+        if auth_context["source"] != "eherkenning":
+            return ""
+        legal_subject = auth_context["authorizee"]["legalSubject"]
+        return legal_subject.get("branchNumber", "")
+
+
 @register_static_variable("auth_context_acting_subject_identifier_type")
 class AuthContextActingSubjectIdentifierType(BaseStaticVariable):
     name = _("Authentication context data: authorizee, acting subject identifier type")
diff --git a/src/openforms/authentication/tests/test_static_variables.py b/src/openforms/authentication/tests/test_static_variables.py
@@ -77,3 +77,62 @@ def test_language_code_variable(self):
         }
 
         self.assertEqual(static_data["language_code"], "nl")
+
+    def test_branch_number_variable(self):
+        cases = (
+            (
+                AuthInfoFactory.create(
+                    is_digid=True,
+                    legal_subject_service_restriction="foo",
+                ),
+                "",
+            ),
+            (
+                AuthInfoFactory.create(
+                    is_digid_machtigen=True,
+                    legal_subject_service_restriction="foo",
+                ),
+                "",
+            ),
+            (
+                AuthInfoFactory.create(
+                    is_eh=True,
+                    legal_subject_service_restriction="123456789012",
+                ),
+                "123456789012",
+            ),
+            (
+                AuthInfoFactory.create(
+                    is_eh_bewindvoering=True,
+                    legal_subject_service_restriction="123456789012",
+                ),
+                "123456789012",
+            ),
+            (
+                AuthInfoFactory.create(
+                    is_eh=True,
+                    legal_subject_service_restriction="",
+                ),
+                "",
+            ),
+            (
+                AuthInfoFactory.create(
+                    is_eh_bewindvoering=True,
+                    legal_subject_service_restriction="",
+                ),
+                "",
+            ),
+        )
+        for auth_info, expected in cases:
+            with self.subTest(
+                attribute=auth_info.attribute,
+                service_restriction=auth_info.legal_subject_service_restriction,
+            ):
+                static_data = {
+                    variable.key: variable.initial_value
+                    for variable in get_static_variables(
+                        submission=auth_info.submission
+                    )
+                }
+
+                self.assertEqual(static_data["auth_context_branch_number"], expected)
