0001-auth_oidc-show-a-warning-message-if-target-user-is-a.patch

Benjamin Dauvergne, 17 octobre 2022 10:10

Voir les différences: en ligne côte à côte

Subject: [PATCH] auth_oidc: show a warning message if target user is already
 linked to another provider (#65692)

 src/authentic2_auth_oidc/backends.py | 28 ++++++++++++++++++-----
 src/authentic2_auth_oidc/views.py    |  2 --
 tests/test_auth_oidc.py              | 33 ++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 7 deletions(-)

     import requests
     from django.conf import settings
     from django.contrib import messages
     from django.contrib.auth import get_user_model
     from django.contrib.auth.backends import ModelBackend
     from django.db.transaction import atomic
     from django.db import IntegrityError
     from django.db.transaction import atomic, set_rollback
     from django.utils.timezone import now
     from django.utils.translation import gettext as _
     from jwcrypto.jwk import JWK
     from jwcrypto.jwt import JWT
-...
     class OIDCBackend(ModelBackend):
         # pylint: disable=arguments-renamed
         def authenticate(self, request, access_token=None, id_token=None, nonce=None, provider=None):
             with atomic(savepoint=False):
             with atomic():
                 return self._authenticate(
                     request, access_token=access_token, id_token=id_token, nonce=nonce, provider=provider
+                )
-...
                         user = User.objects.create(ou=provider.ou, email=email or '')
                         user.set_unusable_password()
                         created_user = True
                     oidc_account, created = models.OIDCAccount.objects.get_or_create(
                         provider=provider, user=user, defaults={'sub': id_token.sub}
+                    )
                     try:
                         oidc_account, created = models.OIDCAccount.objects.get_or_create(
                             provider=provider, user=user, defaults={'sub': id_token.sub}
+                        )
                     except IntegrityError:
                         set_rollback(True)
                         logger.warning('auth_oidc: email %s is already linked to another provider.', email)
                         if request:
                             messages.warning(
                                 request,
                                 _(
                                     'Your email is already linked to another SSO account, please contact an administrator.'
                                 ),
+                            )
                             return None
                     if not created and oidc_account.sub != id_token.sub:
                         logger.info(
                             'auth_oidc: changed user %s sub from %s to %s (issuer %s)',
-...
                         oidc_account.sub = id_token.sub
                         oidc_account.save()
                 else:
                     if request:
                         messages.warning(request, _('No user found'))
                     logger.warning(
                         'auth_oidc: cannot create user for sub %r as issuer %r does not allow it',
                         id_token.sub,

src/authentic2_auth_oidc/views.py
295	295	'provider_pk': provider.pk,
296	296	}
297	297	)
298		else:
299		messages.warning(request, _('No user found'))
300	298	return self.continue_to_next_url(request)
301	299
302	300	errors = {

         user = User.objects.get()
         assert simple_role in user.roles.all()
     def test_double_link(app, caplog, code, simple_user, oidc_provider_jwkset):
         ou = get_default_ou()
         ou.email_is_unique = True
         ou.save()
         provider1 = make_oidc_provider(name='provider1', jwkset=oidc_provider_jwkset)
         provider2 = make_oidc_provider(name='provider2', jwkset=oidc_provider_jwkset)
         OIDCAccount.objects.create(provider=provider2, sub='1234', user=simple_user)
         response = app.get('/').maybe_follow()
         response = response.click('provider1')
         location = urllib.parse.urlparse(response.location)
         query = QueryDict(location.query)
         state = query['state']
         nonce = query['nonce']
         # sub=john.doe
         with utils.check_log(caplog, 'auth_oidc: email user@example.net is already linked'):
             with oidc_provider_mock(
                 provider1,
                 oidc_provider_jwkset,
                 code,
                 nonce=nonce,
                 extra_id_token={'email': simple_user.email},
                 extra_user_info={'email': simple_user.email},
             ):
                 response = app.get(login_callback_url(provider1), params={'code': code, 'state': state})
             response = response.maybe_follow()
         warnings = response.pyquery('.warning')
         assert len(warnings) == 1
         assert 'Your email is already linked' in warnings.text()
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-auth_oidc-show-a-warning-message-if-target-user-is-a.patch