Skip to content

Refactor isMultiAuthAvailable method to include current authenticator check #9725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
AfraHussaindeen merged 3 commits into from
Mar 16, 2026
Merged

Refactor isMultiAuthAvailable method to include current authenticator check #9725

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f99a73a
Refactor isMultiAuthAvailable method to include current authenticator…
AfraHussaindeen Mar 9, 2026
b58cc79
Fix review comments
AfraHussaindeen Mar 15, 2026
0f3292f
Add changeset 🦋
AfraHussaindeen Mar 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 3 additions & 29 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/emailOtp.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2021-2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2021-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -28,6 +28,7 @@

<%@ include file="includes/localize.jsp" %>
<%@ include file="includes/init-url.jsp" %>
<%@ include file="util/authenticator-utils.jsp" %>

<%
// Add the email-otp screen to the list to retrieve text branding customizations.
Expand All @@ -37,33 +38,6 @@
<%-- Branding Preferences --%>
<jsp:directive.include file="includes/branding-preferences.jsp"/>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
}
else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>

<%
request.getSession().invalidate();
String queryString = request.getQueryString();
Expand Down Expand Up @@ -305,7 +279,7 @@
<%
String multiOptionURI = request.getParameter("multiOptionURI");
if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
isMultiAuthAvailable(multiOptionURI)) {
isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<a class="ui primary basic button link-button" id="goBackLink"
href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'>
Expand Down
30 changes: 2 additions & 28 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/enableTOTP.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
<%@ taglib prefix="layout" uri="org.wso2.identity.apps.taglibs.layout.controller" %>
<%@ include file="includes/localize.jsp" %>
<jsp:directive.include file="includes/init-url.jsp"/>
<%@ include file="util/authenticator-utils.jsp" %>

<%-- Branding Preferences --%>
<jsp:directive.include file="includes/branding-preferences.jsp"/>
Expand Down Expand Up @@ -60,33 +61,6 @@
}
%>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
}
else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>

<% request.setAttribute("pageName", "enable-totp"); %>

<html lang="en-US">
Expand Down Expand Up @@ -222,7 +196,7 @@
String multiOptionURI = request.getParameter("multiOptionURI");
if (multiOptionURI != null &&
AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
isMultiAuthAvailable(multiOptionURI)) {
isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<a
class="ui primary basic button link-button"
Expand Down
31 changes: 3 additions & 28 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-auth.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2019-2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2019-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -31,32 +31,7 @@

<%@include file="includes/localize.jsp" %>
<%@include file="includes/init-url.jsp" %>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
} else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>
<%@include file="util/authenticator-utils.jsp" %>

<%
String authRequest = Encode.forJavaScriptBlock(request.getParameter("data"));
Expand Down Expand Up @@ -181,7 +156,7 @@
<%
String multiOptionURI = Encode.forJava(request.getParameter("multiOptionURI"));
if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
isMultiAuthAvailable(multiOptionURI)) {
isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<div class="text-center mt-1">
<a
Expand Down
31 changes: 3 additions & 28 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-identifierfirst.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2023-2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2023-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -31,32 +31,7 @@

<%@include file="includes/localize.jsp" %>
<%@include file="includes/init-url.jsp" %>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
} else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>
<%@include file="util/authenticator-utils.jsp" %>

<%
Map data = ((AuthenticationRequestWrapper) request).getAuthParams();
Expand Down Expand Up @@ -179,7 +154,7 @@
<%
String multiOptionURI = request.getParameter("multiOptionURI");
if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) &&
isMultiAuthAvailable(multiOptionURI)) {
isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<a
class="ui primary basic button link-button"
Expand Down
30 changes: 2 additions & 28 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/identifierauth.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2021-2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2021-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -42,33 +42,7 @@
<%@ page import="org.json.JSONObject" %>

<jsp:directive.include file="includes/init-loginform-action-url.jsp"/>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
}
else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>
<%@ include file="util/authenticator-utils.jsp" %>

<%
String emailUsernameEnable = application.getInitParameter("EnableEmailUserName");
Expand Down
32 changes: 3 additions & 29 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/pushAuth.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -34,6 +34,7 @@

<%@ include file="includes/localize.jsp" %>
<%@ include file="includes/init-url.jsp" %>
<%@ include file="util/authenticator-utils.jsp" %>

<%
// Add the push-auth screen to the list to retrieve text branding customizations.
Expand Down Expand Up @@ -216,7 +217,7 @@

<%
String multiOptionURI = request.getParameter("multiOptionURI");
if (isMultiAuthAvailable(multiOptionURI) && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI)) {
if (multiOptionURI != null && AuthenticationEndpointUtil.isValidMultiOptionURI(multiOptionURI) && isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<div class="ui divider hidden"></div>
<a
Expand Down Expand Up @@ -346,32 +347,5 @@

</script>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
}
else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>

</body>
</html>
31 changes: 3 additions & 28 deletions identity-apps-core/apps/authentication-portal/src/main/webapp/pushDeviceEnrollConsent.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<%--
~ Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
~ Copyright (c) 2025-2026, WSO2 LLC. (https://www.wso2.com).
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
Expand Down Expand Up @@ -34,36 +34,11 @@

<%@ include file="includes/localize.jsp" %>
<%@ include file="includes/init-url.jsp" %>
<%@ include file="util/authenticator-utils.jsp" %>

<%-- Branding Preferences --%>
<jsp:directive.include file="includes/branding-preferences.jsp"/>

<%!
private boolean isMultiAuthAvailable(String multiOptionURI) {

boolean isMultiAuthAvailable = true;
if (multiOptionURI == null || multiOptionURI.equals("null")) {
isMultiAuthAvailable = false;
} else {
int authenticatorIndex = multiOptionURI.indexOf("authenticators=");
if (authenticatorIndex == -1) {
isMultiAuthAvailable = false;
} else {
String authenticators = multiOptionURI.substring(authenticatorIndex + 15);
int authLastIndex = authenticators.indexOf("&") != -1 ? authenticators.indexOf("&") : authenticators.length();
authenticators = authenticators.substring(0, authLastIndex);
List<String> authList = Arrays.asList(authenticators.split("%3B"));
if (authList.size() < 2) {
isMultiAuthAvailable = false;
} else if (authList.size() == 2 && authList.contains("backup-code-authenticator%3ALOCAL")) {
isMultiAuthAvailable = false;
}
}
}
return isMultiAuthAvailable;
}
%>

<%
request.getSession().invalidate();
String queryString = request.getQueryString();
Expand Down Expand Up @@ -164,7 +139,7 @@
</button>
<%
String multiOptionURI = request.getParameter("multiOptionURI");
if (isMultiAuthAvailable(multiOptionURI) && AuthenticationEndpointUtil.isSchemeSafeURL(multiOptionURI)) {
if (multiOptionURI != null && AuthenticationEndpointUtil.isSchemeSafeURL(multiOptionURI) && isMultiAuthAvailable(multiOptionURI, request.getParameter("authenticators"))) {
%>
<div class="ui divider hidden"></div>
<a
Expand Down
Loading