Projet

Général

Profil

0001-auth_oidc-ignore-email-case-when-linking-existing-us.patch

Benjamin Dauvergne, 26 août 2021 12:35

Télécharger (3,29 ko)

Voir les différences: 

Subject: [PATCH] auth_oidc: ignore email case when linking existing users
 (#56392)


 src/authentic2_auth_oidc/backends.py |  4 ++--
 tests/test_auth_oidc.py              | 33 ++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
src/authentic2_auth_oidc/backends.py
257 257 
            if provider.strategy == models.OIDCProvider.STRATEGY_CREATE:
258 258 
                try:
259 259 
                    if app_settings.A2_EMAIL_IS_UNIQUE and email:
260 
                        user = User.objects.get(email=email)
260 
                        user = User.objects.get(email__iexact=email)
261 261 
                    elif provider.ou and provider.ou.email_is_unique:
262 
                        user = User.objects.get(ou=provider.ou, email=email)
262 
                        user = User.objects.get(ou=provider.ou, email__iexact=email)
263 263 
                    linked = True
264 264 
                except User.DoesNotExist:
265 265 
                    pass
tests/test_auth_oidc.py
39 39 
from authentic2.custom_user.models import DeletedUser
40 40 
from authentic2.models import Attribute, AttributeValue
41 41 
from authentic2.utils.misc import last_authentication_event
42 
from authentic2_auth_oidc.backends import OIDCBackend
42 43 
from authentic2_auth_oidc.models import OIDCAccount, OIDCClaimMapping, OIDCProvider
43 44 
from authentic2_auth_oidc.utils import (
44 45 
    IDToken,
......
944 945 
    with utils.check_log(caplog, 'found user using username'):
945 946 
        with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, nonce=nonce):
946 947 
            response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})
948 

  		




  
  949
  
    

  		




  
  950
  
    
def test_link_by_email(app, caplog, code):

  		




  
  951
  
    
    oidc_provider = make_oidc_provider(idtoken_algo=OIDCProvider.ALGO_HMAC)

  		




  
  952
  
    
    ou = get_default_ou()

  		




  
  953
  
    
    ou.email_is_unique = True

  		




  
  954
  
    
    ou.save()

  		




  
  955
  
    

  		




  
  956
  
    
    user = User.objects.create(ou=ou, email='john.doe@example.com')

  		




  
  957
  
    
    assert User.objects.count() == 1

  		




  
  958
  
    
    assert OIDCAccount.objects.count() == 0

  		




  
  959
  
    

  		




  
  960
  
    
    response = app.get('/').maybe_follow()

  		




  
  961
  
    
    assert oidc_provider.name in response.text

  		




  
  962
  
    
    response = response.click(oidc_provider.name)

  		




  
  963
  
    
    location = urllib.parse.urlparse(response.location)

  		




  
  964
  
    
    query = QueryDict(location.query)

  		




  
  965
  
    
    state = query['state']

  		




  
  966
  
    
    nonce = query['nonce']

  		




  
  967
  
    

  		




  
  968
  
    
    with oidc_provider_mock(

  		




  
  969
  
    
        oidc_provider,

  		




  
  970
  
    
        oidc_provider_jwkset,

  		




  
  971
  
    
        code,

  		




  
  972
  
    
        nonce=nonce,

  		




  
  973
  
    
        extra_user_info={'email': 'JOHN.DOE@examplE.COM'},

  		




  
  974
  
    
    ):

  		




  
  975
  
    
        response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})

  		




  
  976
  
    

  		




  
  977
  
    
    assert app.session['_auth_user_id'] == str(user.id)

  		




  
  978
  
    
    assert User.objects.count() == 1

  		




  
  979
  
    
    assert OIDCAccount.objects.count() == 1

  		




  947
  
  
    
-