0001-auth_fc-factorize-code-checking-email-unicity-45199.patch
src/authentic2_auth_fc/utils.py | ||
---|---|---|
20 | 20 |
import datetime |
21 | 21 |
import uuid |
22 | 22 | |
23 | 23 |
import requests |
24 | 24 |
from requests.adapters import HTTPAdapter |
25 | 25 |
from requests.packages.urllib3.util.retry import Retry |
26 | 26 | |
27 | 27 |
from django.conf import settings |
28 |
from django.contrib.auth import get_user_model |
|
28 | 29 |
from django.shortcuts import resolve_url |
29 | 30 |
from django.utils.http import urlencode |
30 | 31 |
from django.utils.translation import ugettext_lazy as _ |
31 | 32 |
from django.urls import reverse |
32 | 33 | |
34 |
from authentic2.a2_rbac.utils import get_default_ou |
|
35 |
from authentic2 import app_settings as a2_app_settings |
|
33 | 36 |
from . import app_settings |
34 | 37 | |
35 | 38 | |
36 | 39 |
def build_logout_url(request, next_url=None): |
37 | 40 |
""" |
38 | 41 |
For now fc_id_token in request.session is used as the flag of an |
39 | 42 |
active session on the OP. It is set in the login view and deleted in the |
40 | 43 |
logout return view. |
... | ... | |
137 | 140 |
if not _insee_countries: |
138 | 141 |
_insee_countries = json.load( |
139 | 142 |
open( |
140 | 143 |
os.path.join( |
141 | 144 |
os.path.dirname(__file__), 'insee-countries.json'))) |
142 | 145 |
return _insee_countries.get(insee_code, _('Unknown INSEE code')) |
143 | 146 | |
144 | 147 | |
148 |
def email_is_unique(): |
|
149 |
default_ou = get_default_ou() |
|
150 |
return a2_app_settings.A2_EMAIL_IS_UNIQUE or default_ou.email_is_unique |
|
151 | ||
152 | ||
153 |
def users_having_email(email): |
|
154 |
default_ou = get_default_ou() |
|
155 |
User = get_user_model() |
|
156 |
qs = User.objects.filter(email__iexact=email) |
|
157 |
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique: |
|
158 |
qs = qs.filter(ou=default_ou) |
|
159 |
return qs |
|
160 | ||
161 | ||
145 | 162 |
def apply_user_info_mappings(user, user_info): |
146 | 163 |
assert user |
147 | 164 |
assert user_info |
148 | 165 | |
149 | 166 |
logger = logging.getLogger(__name__) |
150 | 167 |
mappings = app_settings.user_info_mappings |
151 | 168 | |
152 | 169 |
save_user = False |
src/authentic2_auth_fc/views.py | ||
---|---|---|
20 | 20 |
import requests |
21 | 21 | |
22 | 22 |
from requests_oauthlib import OAuth2Session |
23 | 23 | |
24 | 24 | |
25 | 25 |
from django.db import IntegrityError |
26 | 26 |
from django.views.generic import View, FormView |
27 | 27 |
from django.http import HttpResponseRedirect, Http404 |
28 |
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
|
|
28 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
|
29 | 29 |
from django.contrib import messages |
30 | 30 |
from django.shortcuts import resolve_url, render |
31 | 31 |
from django.urls import reverse |
32 | 32 |
from django.utils.six.moves.urllib import parse as urlparse |
33 | 33 |
from django.utils.translation import ugettext as _ |
34 | 34 |
from django.utils.http import is_safe_url, urlencode |
35 | 35 |
from django.conf import settings |
36 | 36 |
from django.core import signing |
... | ... | |
39 | 39 |
from django.forms import Form |
40 | 40 |
try: |
41 | 41 |
from django.contrib.auth.views import update_session_auth_hash |
42 | 42 |
except ImportError: |
43 | 43 |
update_session_auth_hash = None |
44 | 44 | |
45 | 45 |
from authentic2 import app_settings as a2_app_settings |
46 | 46 |
from authentic2 import utils as a2_utils, hooks, constants |
47 |
from authentic2.a2_rbac.utils import get_default_ou |
|
48 | 47 |
from authentic2.forms.passwords import SetPasswordForm |
49 | 48 |
from authentic2.utils import views as views_utils |
50 | 49 | |
51 | 50 |
from . import app_settings, models, utils |
52 | 51 | |
53 | 52 | |
54 | 53 |
class LoggerMixin(object): |
55 | 54 |
def __init__(self, *args, **kwargs): |
... | ... | |
388 | 387 |
messages.info(request, |
389 | 388 |
_('Your FranceConnect account {} has been linked.').format(self.fc_display_name)) |
390 | 389 |
hooks.call_hooks('event', name='fc-link', user=request.user, sub=self.sub, request=request) |
391 | 390 |
else: |
392 | 391 |
messages.info(request, _('Your local account has been updated.')) |
393 | 392 |
self.update_user_info() |
394 | 393 |
return self.redirect(request) |
395 | 394 | |
396 |
default_ou = get_default_ou() |
|
397 |
email_is_unique = a2_app_settings.A2_EMAIL_IS_UNIQUE or default_ou.email_is_unique |
|
398 | 395 |
user = a2_utils.authenticate( |
399 | 396 |
request, |
400 | 397 |
sub=self.sub, |
401 | 398 |
user_info=self.user_info, |
402 | 399 |
token=self.token) |
403 | 400 |
if user: |
404 | 401 |
self.fc_account = user.fc_accounts.get(order=0) |
405 |
if not user and self.user_info.get('email') and email_is_unique:
|
|
402 |
if not user and self.user_info.get('email') and utils.email_is_unique():
|
|
406 | 403 |
email = self.user_info['email'] |
407 |
User = get_user_model() |
|
408 |
qs = User.objects.filter(email__iexact=email) |
|
409 |
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique: |
|
410 |
qs = qs.filter(ou=default_ou) |
|
411 | ||
404 |
qs = utils.users_having_email(email) |
|
412 | 405 |
if qs.exists(): |
413 | 406 |
# there should not be multiple accounts with the same mail |
414 | 407 |
if len(qs) > 1: |
415 | 408 |
self.logger.error(u'multiple accounts with the same mail %s, %s', email, |
416 | 409 |
list(qs)) |
417 | 410 |
# ok we have one account |
418 | 411 |
elif len(qs) == 1: |
419 | 412 |
user = qs[0] |
420 |
- |