bcgov · seeker25 · Sep 6, 2023 · Sep 5, 2023 · Sep 5, 2023 · Sep 5, 2023
diff --git a/auth-api/src/auth_api/resources/v1/entity.py b/auth-api/src/auth_api/resources/v1/entity.py
@@ -26,6 +26,7 @@
 from auth_api.tracer import Tracer
 from auth_api.utils.endpoints_enums import EndpointEnum
 from auth_api.utils.roles import ALL_ALLOWED_ROLES, CLIENT_AUTH_ROLES, Role
+from auth_api.utils.util import mask_email
 
 
 bp = Blueprint('ENTITIES', __name__, url_prefix=f'{EndpointEnum.API_V1.value}/entities')
@@ -128,6 +129,26 @@ def delete_entity(business_identifier):
  return response, status
 
 
+@bp.route('/<string:business_identifier>/authentication', methods=['GET', 'OPTIONS'])
+@cross_origin(origins='*')
+@TRACER.trace()
+@_jwt.requires_auth
+def get_entity_authentication(business_identifier):
+ """Get passcode or password for the Entity identified by the provided business identifier."""
+ # This route allows public users to see if businesses have a form of authentication.
+ # It's used by the business dashboard for magic link.
+ if ((entity := EntityService.find_by_business_identifier(business_identifier, skip_auth=True)) and
+ (contact := entity.get_contact())):
+ has_valid_pass_code = (entity.pass_code_claimed == 'f' and entity.pass_code is not None) or \
+ entity.corp_type in ['SP', 'GP']
+ return {
+ 'contactEmail': mask_email(contact.email),
+ 'hasValidPassCode': has_valid_pass_code
+ }, http_status.HTTP_200_OK
+ return jsonify({'message': f'Authentication for {business_identifier} was not found.'}), \
+ http_status.HTTP_404_NOT_FOUND
+
+
 @bp.route('/<string:business_identifier>/contacts', methods=['GET', 'OPTIONS'])
 @cross_origin(origins='*', methods=['GET', 'POST', 'PUT', 'DELETE'])
 @TRACER.trace()

diff --git a/auth-api/src/auth_api/services/entity.py b/auth-api/src/auth_api/services/entity.py
@@ -70,6 +70,11 @@ def corp_type(self):
  """Return the corp_type_code for this entity."""
  return self._model.corp_type_code
 
+ @property
+ def pass_code_claimed(self):
+ """Return the pass_code_claimed for this entity."""
+ return self._model.pass_code_claimed
+
  @property
  def status(self):
  """Return the status for this entity."""

diff --git a/auth-api/tests/unit/api/test_entity.py b/auth-api/tests/unit/api/test_entity.py
@@ -486,3 +486,22 @@ def test_get_entity_contacts(client, jwt, session):
  assert data['email'] == 'fo*@ba*****'
  assert 'phone' not in data
  assert 'phone_extension' not in data
+
+
+def test_get_entity_authentication(client, jwt, session):
+ """Assert that an entity authentication can be retrieved."""
+ headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role)
+ rv_create = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1),
+ headers=headers, content_type='application/json')
+ assert rv_create.status_code == http_status.HTTP_201_CREATED
+ client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']),
+ headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json')
+
+ headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
+ rv = client.get(f'/api/v1/entities/{TestEntityInfo.entity1["businessIdentifier"]}/authentication',
+ headers=headers, content_type='application/json')
+ assert rv.status_code == http_status.HTTP_200_OK
+ data = json.loads(rv.data)
+ assert data['contactEmail'] != TestContactInfo.contact1['email']
+ assert data['contactEmail'] == 'fo*@ba*****'
+ assert 'hasValidPassCode' in data