Fix authenticator order (#541)

Fixes AAP-28034:
**Changes Made:**
- Added a `get_next_authenticator_order` function to find the next order
value, which is equals to `max(order) + 1`
- Added unit test

**Testing Steps:**
1. Create a new authenticator, and confirm the followings:
- If given an order, the created authenticator's order = given order
value
- If no order was given, the created authenticator's order = max(order)
+ 1
2. Update/ Delete the order of the current authenticators
3. Back to step 1 and confirm the authenticator order is as expected

---------

Co-authored-by: Truc Duong <[email protected]>
Co-authored-by: Rick Elrod <[email protected]>

ansible_base/authentication/migrations/0013_alter_authenticator_order.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.11 on 2024-07-31 20:25
+
+import ansible_base.authentication.models.authenticator
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dab_authentication', '0012_alter_authenticatormap_map_type'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='authenticator',
+            name='order',
+            field=models.IntegerField(default=ansible_base.authentication.models.authenticator.get_next_authenticator_order, help_text='The order in which an authenticator will be tried. This only pertains to username/password authenticators'),
+        ),
+    ]

ansible_base/authentication/models/authenticator.py

@@ -5,6 +5,14 @@
 from ansible_base.lib.utils.models import prevent_search
 
 
+def get_next_authenticator_order():
+    """
+    Returns the next authenticator order, which is equals to max(order) + 1
+    """
+    largest_order_authenticator = Authenticator.objects.values('order').order_by('-order').first()
+    return largest_order_authenticator['order'] + 1 if largest_order_authenticator else 1
+
+
 class Authenticator(UniqueNamedCommonModel):
     ignore_relations = ['authenticator_users']
     enabled = fields.BooleanField(default=False, help_text="Should this authenticator be enabled")
@@ -19,7 +27,8 @@ class Authenticator(UniqueNamedCommonModel):
         help_text="The type of authentication service this is",
     )
     order = fields.IntegerField(
-        default=1, help_text="The order in which an authenticator will be tried. This only pertains to username/password authenticators"
+        default=get_next_authenticator_order,
+        help_text="The order in which an authenticator will be tried. This only pertains to username/password authenticators",
     )
     slug = fields.SlugField(max_length=1024, default=None, editable=False, unique=True, help_text="An immutable identifier for the authenticator")
     category = fields.CharField(max_length=30, default=None, help_text="The base type of this authenticator")

test_app/tests/authentication/models/test_authenticator.py

@@ -13,3 +13,22 @@ def test_authenticator_from_db(ldap_authenticator):
     with mock.patch('ansible_base.authentication.models.authenticator.get_authenticator_plugin', side_effect=ImportError("Test Exception")):
         ldap_auth = Authenticator.objects.first()
         assert ldap_auth.configuration.get('BIND_PASSWORD', None) != 'securepassword'
+
+
+@pytest.mark.django_db
+def test_authenticator_order_on_create_update():
+    """
+    ensures that authenticator order = max(current order) + 1 for newly created authenticators
+    and that order is generated correctly for new authenticators when there is an update in orders
+    """
+    auth_type = "ansible_base.authentication.authenticator_plugins.local"
+    auth1 = Authenticator.objects.create(name='Authenticator 1', type=auth_type, order=11)
+    auth2 = Authenticator.objects.create(name='Authenticator 2', type=auth_type)
+    assert auth2.order == auth1.order + 1
+
+    # update order of auth2
+    auth2.order = 10
+    auth2.save()
+
+    auth3 = Authenticator.objects.create(name='Authenticator 3', type=auth_type)
+    assert auth3.order == 12