Refactor isMultiAuthAvailable method to include current authenticator check

Author: AfraHussaindeen

identity-apps-core/apps/authentication-portal/src/main/webapp/emailOtp.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2021-2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2021-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -28,6 +28,7 @@
 
 <%@ include file="includes/localize.jsp" %>
 <%@ include file="includes/init-url.jsp" %>
+<%@ include file="util/authenticator-utils.jsp" %>
 
 <%
     // Add the email-otp screen to the list to retrieve text branding customizations.
@@ -37,33 +38,6 @@
 <%-- Branding Preferences --%>
 <jsp:directive.include file="includes/branding-preferences.jsp"/>
 
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                }
-                else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
-
 <%
     request.getSession().invalidate();
     String queryString = request.getQueryString();
@@ -305,7 +279,7 @@
                 <%
                     String multiOptionURI = request.getParameter("multiOptionURI");
                     if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
-                    isMultiAuthAvailable(multiOptionURI)) {
+                    isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                 %>
                     <a class="ui primary basic button link-button" id="goBackLink"
                     href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'>

identity-apps-core/apps/authentication-portal/src/main/webapp/enableTOTP.jsp

@@ -30,6 +30,7 @@
 <%@ taglib prefix="layout" uri="org.wso2.identity.apps.taglibs.layout.controller" %>
 <%@ include file="includes/localize.jsp" %>
 <jsp:directive.include file="includes/init-url.jsp"/>
+<%@ include file="util/authenticator-utils.jsp" %>
 
 <%-- Branding Preferences --%>
 <jsp:directive.include file="includes/branding-preferences.jsp"/>
@@ -60,33 +61,6 @@
     }
 %>
 
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                }
-                else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
-
 <% request.setAttribute("pageName", "enable-totp"); %>
 
 <html lang="en-US">
@@ -222,7 +196,7 @@
                                     String multiOptionURI = request.getParameter("multiOptionURI");
                                     if (multiOptionURI != null &&
                                             AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
-                                            isMultiAuthAvailable(multiOptionURI)) {
+                                            isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                                 %>
                                     <a
                                         class="ui primary basic button link-button"

identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-auth.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2019-2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2019-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -31,32 +31,7 @@
 
 <%@include file="includes/localize.jsp" %>
 <%@include file="includes/init-url.jsp" %>
-
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                } else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
+<%@include file="util/authenticator-utils.jsp" %>
 
 <%
     String authRequest = Encode.forJavaScriptBlock(request.getParameter("data"));
@@ -181,7 +156,7 @@
                             <%
                                 String multiOptionURI = Encode.forJava(request.getParameter("multiOptionURI"));
                                 if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
-                                    isMultiAuthAvailable(multiOptionURI)) {
+                                    isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                             %>
                                 <div class="text-center mt-1">
                                     <a

identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-identifierfirst.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2023-2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2023-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -31,32 +31,7 @@
 
 <%@include file="includes/localize.jsp" %>
 <%@include file="includes/init-url.jsp" %>
-
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                } else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
+<%@include file="util/authenticator-utils.jsp" %>
 
 <%
     Map data = ((AuthenticationRequestWrapper) request).getAuthParams();
@@ -179,7 +154,7 @@
                             <%
                                 String multiOptionURI = request.getParameter("multiOptionURI");
                                 if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
-                                    isMultiAuthAvailable(multiOptionURI)) {
+                                    isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                             %>
                                 <a
                                     class="ui primary basic button link-button"

identity-apps-core/apps/authentication-portal/src/main/webapp/identifierauth.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2021-2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2021-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -42,33 +42,7 @@
 <%@ page import="org.json.JSONObject" %>
 
 <jsp:directive.include file="includes/init-loginform-action-url.jsp"/>
-
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                }
-                else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
+<%@ include file="util/authenticator-utils.jsp" %>
 
 <%
     String emailUsernameEnable = application.getInitParameter("EnableEmailUserName");

identity-apps-core/apps/authentication-portal/src/main/webapp/pushAuth.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -34,6 +34,7 @@
 
 <%@ include file="includes/localize.jsp" %>
 <%@ include file="includes/init-url.jsp" %>
+<%@ include file="util/authenticator-utils.jsp" %>
 
 <%
     // Add the push-auth screen to the list to retrieve text branding customizations.
@@ -216,7 +217,7 @@
 
                                 <%
                                     String multiOptionURI = request.getParameter("multiOptionURI");
-                                    if (isMultiAuthAvailable(multiOptionURI) && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI)) {
+                                    if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) && isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                                 %>
                                     <div class="ui divider hidden"></div>
                                     <a
@@ -346,32 +347,5 @@
 
         </script>
 
-        <%!
-            private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-                boolean isMultiAuthAvailable = true;
-                if (multiOptionURI == null || multiOptionURI.equals("null")) {
-                    isMultiAuthAvailable = false;
-                } else {
-                    int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-                    if (authenticatorIndex == -1) {
-                        isMultiAuthAvailable = false;
-                    } else {
-                        String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                        int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                        authenticators = authenticators.substring(0, authLastIndex);
-                        List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                        if (authList.size() < 2) {
-                            isMultiAuthAvailable = false;
-                        }
-                        else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                            isMultiAuthAvailable = false;
-                        }
-                    }
-                }
-                return isMultiAuthAvailable;
-            }
-        %>
-
     </body>
 </html>

identity-apps-core/apps/authentication-portal/src/main/webapp/pushDeviceEnrollConsent.jsp

@@ -1,5 +1,5 @@
 <%--
-  ~ Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+  ~ Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
   ~
   ~ WSO2 LLC. licenses this file to you under the Apache License,
   ~ Version 2.0 (the "License"); you may not use this file except
@@ -34,36 +34,11 @@
 
 <%@ include file="includes/localize.jsp" %>
 <%@ include file="includes/init-url.jsp" %>
+<%@ include file="util/authenticator-utils.jsp" %>
 
 <%-- Branding Preferences --%>
 <jsp:directive.include file="includes/branding-preferences.jsp"/>
 
-<%!
-    private boolean isMultiAuthAvailable(String multiOptionURI) {
-
-        boolean isMultiAuthAvailable = true;
-        if (multiOptionURI == null || multiOptionURI.equals("null")) {
-            isMultiAuthAvailable = false;
-        } else {
-            int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
-            if (authenticatorIndex == -1) {
-                isMultiAuthAvailable = false;
-            } else {
-                String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
-                int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
-                authenticators = authenticators.substring(0, authLastIndex);
-                List<String> authList = Arrays.asList(authenticators.split("%3B"));
-                if (authList.size() < 2) {
-                    isMultiAuthAvailable = false;
-                } else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
-                    isMultiAuthAvailable = false;
-                }
-            }
-        }
-        return isMultiAuthAvailable;
-    }
-%>
-
 <%
     request.getSession().invalidate();
     String queryString = request.getQueryString();
@@ -164,7 +139,7 @@
                                 </button>
                                 <%
                                     String multiOptionURI = request.getParameter("multiOptionURI");
-                                    if (isMultiAuthAvailable(multiOptionURI) && AuthenticationEndpointUtil.isSchemeSafeURL(multiOptionURI)) {
+                                    if (multiOptionURI != null && AuthenticationEndpointUtil.isSchemeSafeURL(multiOptionURI) && isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
                                 %>
                                     <div class="ui divider hidden"></div>
                                     <a