0001-auth_fc-factorize-code-checking-email-unicity-45199.patch
| src/authentic2_auth_fc/utils.py | ||
|---|---|---|
| 20 | 20 |
import datetime |
| 21 | 21 |
import uuid |
| 22 | 22 | |
| 23 | 23 |
import requests |
| 24 | 24 |
from requests.adapters import HTTPAdapter |
| 25 | 25 |
from requests.packages.urllib3.util.retry import Retry |
| 26 | 26 | |
| 27 | 27 |
from django.conf import settings |
| 28 |
from django.contrib.auth import get_user_model |
|
| 28 | 29 |
from django.shortcuts import resolve_url |
| 29 | 30 |
from django.utils.http import urlencode |
| 30 | 31 |
from django.utils.translation import ugettext_lazy as _ |
| 31 | 32 |
from django.urls import reverse |
| 32 | 33 | |
| 34 |
from authentic2.a2_rbac.utils import get_default_ou |
|
| 35 |
from authentic2 import app_settings as a2_app_settings |
|
| 33 | 36 |
from . import app_settings |
| 34 | 37 | |
| 35 | 38 | |
| 36 | 39 |
def build_logout_url(request, next_url=None): |
| 37 | 40 |
""" |
| 38 | 41 |
For now fc_id_token in request.session is used as the flag of an |
| 39 | 42 |
active session on the OP. It is set in the login view and deleted in the |
| 40 | 43 |
logout return view. |
| ... | ... | |
| 137 | 140 |
if not _insee_countries: |
| 138 | 141 |
_insee_countries = json.load( |
| 139 | 142 |
open( |
| 140 | 143 |
os.path.join( |
| 141 | 144 |
os.path.dirname(__file__), 'insee-countries.json'))) |
| 142 | 145 |
return _insee_countries.get(insee_code, _('Unknown INSEE code'))
|
| 143 | 146 | |
| 144 | 147 | |
| 148 |
def email_is_unique(): |
|
| 149 |
default_ou = get_default_ou() |
|
| 150 |
return a2_app_settings.A2_EMAIL_IS_UNIQUE or default_ou.email_is_unique |
|
| 151 | ||
| 152 | ||
| 153 |
def users_having_email(email): |
|
| 154 |
default_ou = get_default_ou() |
|
| 155 |
User = get_user_model() |
|
| 156 |
qs = User.objects.filter(email__iexact=email) |
|
| 157 |
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique: |
|
| 158 |
qs = qs.filter(ou=default_ou) |
|
| 159 |
return qs |
|
| 160 | ||
| 161 | ||
| 145 | 162 |
def apply_user_info_mappings(user, user_info): |
| 146 | 163 |
assert user |
| 147 | 164 |
assert user_info |
| 148 | 165 | |
| 149 | 166 |
logger = logging.getLogger(__name__) |
| 150 | 167 |
mappings = app_settings.user_info_mappings |
| 151 | 168 | |
| 152 | 169 |
save_user = False |
| src/authentic2_auth_fc/views.py | ||
|---|---|---|
| 20 | 20 |
import requests |
| 21 | 21 | |
| 22 | 22 |
from requests_oauthlib import OAuth2Session |
| 23 | 23 | |
| 24 | 24 | |
| 25 | 25 |
from django.db import IntegrityError |
| 26 | 26 |
from django.views.generic import View, FormView |
| 27 | 27 |
from django.http import HttpResponseRedirect, Http404 |
| 28 |
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
|
|
| 28 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
|
| 29 | 29 |
from django.contrib import messages |
| 30 | 30 |
from django.shortcuts import resolve_url, render |
| 31 | 31 |
from django.urls import reverse |
| 32 | 32 |
from django.utils.six.moves.urllib import parse as urlparse |
| 33 | 33 |
from django.utils.translation import ugettext as _ |
| 34 | 34 |
from django.utils.http import is_safe_url, urlencode |
| 35 | 35 |
from django.conf import settings |
| 36 | 36 |
from django.core import signing |
| ... | ... | |
| 39 | 39 |
from django.forms import Form |
| 40 | 40 |
try: |
| 41 | 41 |
from django.contrib.auth.views import update_session_auth_hash |
| 42 | 42 |
except ImportError: |
| 43 | 43 |
update_session_auth_hash = None |
| 44 | 44 | |
| 45 | 45 |
from authentic2 import app_settings as a2_app_settings |
| 46 | 46 |
from authentic2 import utils as a2_utils, hooks, constants |
| 47 |
from authentic2.a2_rbac.utils import get_default_ou |
|
| 48 | 47 |
from authentic2.forms.passwords import SetPasswordForm |
| 49 | 48 |
from authentic2.utils import views as views_utils |
| 50 | 49 | |
| 51 | 50 |
from . import app_settings, models, utils |
| 52 | 51 | |
| 53 | 52 | |
| 54 | 53 |
class LoggerMixin(object): |
| 55 | 54 |
def __init__(self, *args, **kwargs): |
| ... | ... | |
| 388 | 387 |
messages.info(request, |
| 389 | 388 |
_('Your FranceConnect account {} has been linked.').format(self.fc_display_name))
|
| 390 | 389 |
hooks.call_hooks('event', name='fc-link', user=request.user, sub=self.sub, request=request)
|
| 391 | 390 |
else: |
| 392 | 391 |
messages.info(request, _('Your local account has been updated.'))
|
| 393 | 392 |
self.update_user_info() |
| 394 | 393 |
return self.redirect(request) |
| 395 | 394 | |
| 396 |
default_ou = get_default_ou() |
|
| 397 |
email_is_unique = a2_app_settings.A2_EMAIL_IS_UNIQUE or default_ou.email_is_unique |
|
| 398 | 395 |
user = a2_utils.authenticate( |
| 399 | 396 |
request, |
| 400 | 397 |
sub=self.sub, |
| 401 | 398 |
user_info=self.user_info, |
| 402 | 399 |
token=self.token) |
| 403 | 400 |
if user: |
| 404 | 401 |
self.fc_account = user.fc_accounts.get(order=0) |
| 405 |
if not user and self.user_info.get('email') and email_is_unique:
|
|
| 402 |
if not user and self.user_info.get('email') and utils.email_is_unique():
|
|
| 406 | 403 |
email = self.user_info['email'] |
| 407 |
User = get_user_model() |
|
| 408 |
qs = User.objects.filter(email__iexact=email) |
|
| 409 |
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique: |
|
| 410 |
qs = qs.filter(ou=default_ou) |
|
| 411 | ||
| 404 |
qs = utils.users_having_email(email) |
|
| 412 | 405 |
if qs.exists(): |
| 413 | 406 |
# there should not be multiple accounts with the same mail |
| 414 | 407 |
if len(qs) > 1: |
| 415 | 408 |
self.logger.error(u'multiple accounts with the same mail %s, %s', email, |
| 416 | 409 |
list(qs)) |
| 417 | 410 |
# ok we have one account |
| 418 | 411 |
elif len(qs) == 1: |
| 419 | 412 |
user = qs[0] |
| 420 |
- |
|