✨ [#4246] Update BRP and StUF-BG prefill plugins to use new auth cont…

…ext data The legacy machtigen data-structure is deprecated, instead, we check more strictly for a BSN in a mandate context set by authentication.
open-formulieren · Jul 2, 2024 · 35cd111 · 35cd111
1 parent 4990261
commit 35cd111
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/src/openforms/prefill/contrib/haalcentraal_brp/plugin.py b/src/openforms/prefill/contrib/haalcentraal_brp/plugin.py
@@ -91,7 +91,18 @@ def get_identifier_value(
             return submission.auth_info.value
 
         if identifier_role == IdentifierRoles.authorizee:
-            return submission.auth_info.machtigen.get("identifier_value")
+            legacy_fallback = submission.auth_info.machtigen.get("identifier_value")
+            auth_context = submission.auth_info.to_auth_context_data()
+            # check if we have new-style authentication context capturing, and favour
+            # that over the legacy format
+            legal_subject = auth_context["authorizee"]["legalSubject"]
+            # this only works if the identifier is a BSN
+            if (
+                "representee" not in auth_context
+                or legal_subject["identifierType"] != "bsn"
+            ):
+                return legacy_fallback
+            return legal_subject["identifier"] or legacy_fallback
 
     @classmethod
     def get_prefill_values(

diff --git a/src/openforms/prefill/contrib/stufbg/plugin.py b/src/openforms/prefill/contrib/stufbg/plugin.py
@@ -143,7 +143,18 @@ def get_identifier_value(
             return submission.auth_info.value
 
         if identifier_role == IdentifierRoles.authorizee:
-            return submission.auth_info.machtigen.get("identifier_value")
+            legacy_fallback = submission.auth_info.machtigen.get("identifier_value")
+            auth_context = submission.auth_info.to_auth_context_data()
+            # check if we have new-style authentication context capturing, and favour
+            # that over the legacy format
+            legal_subject = auth_context["authorizee"]["legalSubject"]
+            # this only works if the identifier is a BSN
+            if (
+                "representee" not in auth_context
+                or legal_subject["identifierType"] != "bsn"
+            ):
+                return legacy_fallback
+            return legal_subject["identifier"] or legacy_fallback
 
     @classmethod
     def get_prefill_values(