🥅 [#2197] Block eHerkenning login for ZZP if RSIN is required

issue: https://taiga.maykinmedia.nl/project/open-inwoner/issue/2197

src/open_inwoner/accounts/eherkenning_urls.py

@@ -0,0 +1,16 @@
+from django.urls import path
+
+from digid_eherkenning_oidc_generics.eherkenning_urls import urlpatterns
+
+from .views import CustomEHerkenningOIDCAuthenticationCallbackView
+
+app_name = "eherkenning_oidc"
+
+
+urlpatterns = [
+    path(
+        "callback/",
+        CustomEHerkenningOIDCAuthenticationCallbackView.as_view(),
+        name="callback",
+    ),
+] + urlpatterns

src/open_inwoner/accounts/views/__init__.py

@@ -13,6 +13,7 @@
     CustomDigiDAssertionConsumerServiceView,
     CustomeHerkenningAssertionConsumerServiceMockView,
     CustomeHerkenningAssertionConsumerServiceView,
+    CustomEHerkenningOIDCAuthenticationCallbackView,
     LogPasswordChangeView,
     LogPasswordResetConfirmView,
     LogPasswordResetView,
@@ -81,4 +82,5 @@
     "NewsletterSubscribeView",
     "CustomRegistrationView",
     "NecessaryFieldsUserView",
+    "CustomEHerkenningOIDCAuthenticationCallbackView",
 ]

src/open_inwoner/accounts/views/auth.py

@@ -1,10 +1,12 @@
 from django.conf import settings
+from django.contrib import auth, messages
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.contrib.auth.views import (
     PasswordChangeView,
     PasswordResetConfirmView,
     PasswordResetView,
 )
+from django.http import HttpResponseRedirect
 from django.shortcuts import resolve_url
 from django.urls import reverse
 from django.utils.translation import gettext as _
@@ -15,10 +17,15 @@
 from digid_eherkenning.views.digid import DigiDAssertionConsumerServiceView
 from digid_eherkenning.views.eherkenning import eHerkenningAssertionConsumerServiceView
 
+from digid_eherkenning_oidc_generics.views import (
+    eHerkenningOIDCAuthenticationCallbackView,
+)
 from eherkenning.mock import eherkenning_conf
 from eherkenning.mock.views.eherkenning import (
     eHerkenningAssertionConsumerServiceMockView,
 )
+from open_inwoner.openklant.models import OpenKlantConfig
+from open_inwoner.openzaak.models import OpenZaakConfig
 from open_inwoner.utils.views import LogMixin
 
 from ..choices import LoginTypeChoices
@@ -133,8 +140,30 @@ def get_success_url(self):
         return super().get_success_url()
 
 
+class BlockEenmanszaakLoginMixin:
+    def get(self, request):
+        response = super().get(request)
+
+        openzaak_config = OpenZaakConfig.get_solo()
+        openklant_config = OpenKlantConfig.get_solo()
+        if (
+            hasattr(request.user, "rsin")
+            and not request.user.rsin
+            and (
+                openzaak_config.fetch_eherkenning_zaken_with_rsin
+                or openklant_config.use_rsin_for_innNnpId_query_parameter
+            )
+        ):
+            auth.logout(request)
+            message = _("Use DigiD to log in as a sole proprietor.")
+            messages.error(request, message)
+            failure_url = self.get_failure_url()
+            return HttpResponseRedirect(failure_url)
+        return response
+
+
 class CustomeHerkenningAssertionConsumerServiceMockView(
-    eHerkenningAssertionConsumerServiceMockView
+    BlockEenmanszaakLoginMixin, eHerkenningAssertionConsumerServiceMockView
 ):
     def get_login_url(self):
         """
@@ -201,3 +230,10 @@ def get_success_url(self):
             del session["invite_url"]
 
         return super().get_success_url()
+
+
+class CustomEHerkenningOIDCAuthenticationCallbackView(
+    BlockEenmanszaakLoginMixin, eHerkenningOIDCAuthenticationCallbackView
+):
+    def get_failure_url(self):
+        return settings.LOGIN_URL

src/open_inwoner/urls.py

@@ -121,9 +121,7 @@
     ),
     path(
         "eherkenning-oidc/",
-        include(
-            "digid_eherkenning_oidc_generics.eherkenning_urls",
-        ),
+        include("open_inwoner.accounts.eherkenning_urls"),
     ),
     path("login/failure/", OIDCFailureView.as_view(), name="oidc-error"),
     path("faq/", FAQView.as_view(), name="general_faq"),