From 0a2ad2a7057737b4e5e29c2570e15583459fc625 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Mon, 5 Oct 2020 16:13:00 +0200
Subject: [PATCH] manager: look for duplicates on user creation (#45419)

---
 src/authentic2/manager/app_settings.py        |  1 +
 .../authentic2/manager/user_add.html          | 21 +++++++++
 src/authentic2/manager/user_views.py          | 16 +++++++
 tests/test_user_manager.py                    | 43 +++++++++++++++++++
 4 files changed, 81 insertions(+)

diff --git a/src/authentic2/manager/app_settings.py b/src/authentic2/manager/app_settings.py
index 587c99c2..3a2f338f 100644
--- a/src/authentic2/manager/app_settings.py
+++ b/src/authentic2/manager/app_settings.py
@@ -28,6 +28,7 @@ class AppSettings(object):
         'USER_SEARCH_MINIMUM_CHARS': 0,
         'LOGIN_URL': None,
         'SITE_TITLE': None,
+        'CHECK_DUPLICATE_USERS': False,
     }
 
     def __getattr__(self, name):
diff --git a/src/authentic2/manager/templates/authentic2/manager/user_add.html b/src/authentic2/manager/templates/authentic2/manager/user_add.html
index 2e4f3192..d795dd71 100644
--- a/src/authentic2/manager/templates/authentic2/manager/user_add.html
+++ b/src/authentic2/manager/templates/authentic2/manager/user_add.html
@@ -5,6 +5,27 @@
   {% trans "Add an user" %}
 {% endblock %}
 
+{% block beforeform %}
+{% if duplicate_users %}
+<input type="hidden" name="confirm-creation-token" value="{{ form.cleaned_data.first_name }} {{ form.cleaned_data.last_name }}">
+<div class=warningnotice>
+  <p>{% trans "This user may already exist, please check the list below before creating it :" %}</p>
+  <ul>
+    {% for user in duplicate_users %}
+    <li>
+      <a href="{% url 'a2-manager-user-detail' pk=user.pk %}">{{ user.get_full_name }}</a> {{ user.email }}
+      {% for attribute in user.attribute_values.all %}
+      {% if attribute.content and attribute.attribute.name != "first_name" and attribute.attribute.name != "last_name" %}
+      - {{ attribute.content }}
+      {% endif %}
+      {% endfor %}
+    </li>
+    {% endfor %}
+  </ul>
+</div>
+{% endif %}
+{% endblock %}
+
 {% block hidden_inputs %}
   {{ block.super }}
   {% if next %}<input type="hidden" name="next" value="{{ next }}">{% endif %}
diff --git a/src/authentic2/manager/user_views.py b/src/authentic2/manager/user_views.py
index a0e03e1e..f7cc65fc 100644
--- a/src/authentic2/manager/user_views.py
+++ b/src/authentic2/manager/user_views.py
@@ -148,6 +148,7 @@ class UserAddView(BaseAddView):
     form_class = UserAddForm
     permissions = ['custom_user.add_user']
     template_name = 'authentic2/manager/user_add.html'
+    duplicate_users = None
 
     def dispatch(self, request, *args, **kwargs):
         qs = request.user.ous_with_perm('custom_user.add_user')
@@ -193,9 +194,24 @@ class UserAddView(BaseAddView):
             field_name='cancel')
         context['next'] = select_next_url(self.request, default=None, include_post=True)
         context['ou'] = self.ou
+        context['duplicate_users'] = self.duplicate_users
         return context
 
     def form_valid(self, form):
+        if app_settings.CHECK_DUPLICATE_USERS:
+            first_name = form.cleaned_data['first_name']
+            last_name = form.cleaned_data['last_name']
+            duplicate_users = User.objects.find_duplicates(
+                first_name=first_name,
+                last_name=last_name,
+                birthdate=form.cleaned_data.get('birthdate'),
+            )
+            token = self.request.POST.get('confirm-creation-token')
+            valid_confirmation_token = bool(token == '%s %s' % (first_name, last_name))
+            if duplicate_users and not valid_confirmation_token:
+                self.duplicate_users = duplicate_users
+                return self.form_invalid(form)
+
         response = super(UserAddView, self).form_valid(form)
         hooks.call_hooks('event', name='manager-add-user', user=self.request.user,
                          instance=form.instance, form=form)
diff --git a/tests/test_user_manager.py b/tests/test_user_manager.py
index 764cc6ed..42ddc9c9 100644
--- a/tests/test_user_manager.py
+++ b/tests/test_user_manager.py
@@ -18,6 +18,7 @@
 from __future__ import unicode_literals
 
 import csv
+import datetime
 import re
 import time
 from urllib.parse import urlparse
@@ -920,3 +921,45 @@ def test_manager_user_authorizations(app, superuser, simple_user):
     resp = resp.follow()
     assert resp.html.find('td').text == \
         'This user has not granted profile data access to any service yet.'
+
+
+def test_manager_create_user_duplicates(admin, app, ou1, settings):
+    settings.A2_MANAGER_CHECK_DUPLICATE_USERS = True
+    Attribute.objects.create(kind='string', name='address', label='address', required=False)
+    Attribute.objects.create(kind='birthdate', name='birthdate', label='birthdate', required=False)
+
+    user = User.objects.create(first_name='Alexander', last_name='Longname')
+    user.attributes.birthdate = datetime.date(1980, 1, 2)
+    user.attributes.address = 'bakers street'
+    user2 = User.objects.create(first_name='Alexandra', last_name='Longname')
+    user3 = User.objects.create(first_name='Alex', last_name='Shortname')
+
+    login(app, admin)
+    resp = app.get('/manage/users/%s/add/' % ou1.pk)
+
+    form = resp.form
+    form.set('first_name', 'Alexandre')
+    form.set('last_name', 'Longname')
+    form.set('email', 'alexandre.longname@entrouvert.com')
+    form.set('password1', 'ABcd1234')
+    form.set('password2', 'ABcd1234')
+    resp = form.submit()
+
+    assert 'user may already exist' in resp.text
+    assert 'Alexander Longname' in resp.text and 'bakers street' in resp.text and '1980-01-02' in resp.text
+    assert '/users/%s/' % user.pk in resp.text
+    assert '/users/%s/' % user2.pk in resp.text
+
+    # This user was in fact duplicate. Agent reuses the form to fill details on another user
+    form = resp.form
+    form.set('first_name', 'Alexa')
+    form.set('last_name', 'Shortname')
+    form.set('email', 'ashortname@entrouvert.com')
+    resp = form.submit()
+
+    assert 'user may already exist' in resp.text
+    assert '/users/%s/' % user3.pk in resp.text
+
+    # Not a duplicate this time. Simply submitting again creates user
+    resp = resp.form.submit().follow()
+    assert User.objects.filter(first_name='Alexa').count() == 1
-- 
2.20.1