hooks: bypass idp_oidc_modify_user_info when user profile is supplied (#63263)

2022-03-28 15:52:51 +02:00 · 2022-03-28 15:52:51 +02:00 · 27d92545cf
parent 9d50edcdf3
commit 27d92545cf
2 changed files with 56 additions and 1 deletions
--- a/src/authentic2_cut/apps.py
+++ b/src/authentic2_cut/apps.py
@ -514,7 +514,9 @@ class AppConfig(django.apps.AppConfig):
                queryset = queryset.filter(ou__slug='usagers')
            return queryset

-    def a2_hook_idp_oidc_modify_user_info(self, client, user, scope_set, user_info):
+    def a2_hook_idp_oidc_modify_user_info(self, client, user, scope_set, user_info, profile=None):
+        if profile:
+            return
        sub = user_info['sub']
        user_info.clear()
        user_info['sub'] = sub
--- a/tests/test_hooks.py
+++ b/tests/test_hooks.py
@ -1,5 +1,7 @@
+from authentic2.custom_user.models import Profile, ProfileType
 from authentic2.manager.tables import UserTable
 from authentic2.manager.user_views import UsersView
+from django.contrib.auth import get_user_model
 from utils import login

 from authentic2_cut.apps import AppConfig
@ -31,3 +33,54 @@ def test_a2_hook_manager_modify_table(db, rf, admin, monkeypatch, app):
    response = login(app, admin, '/manage/users/')
    assert 'get_full_name' not in response.html
    assert len(response.pyquery.find('thead').find('tr').children()) == 5
+
+
+def test_a2_hook_idp_oidc_modify_user_info(db, rf, app):
+    class DummyModule:
+        __path__ = [
+            './dummy',
+        ]
+
+    dummy = DummyModule()
+    User = get_user_model()
+    user = User.objects.create(email='john.doe@example.org', first_name='John', last_name='Doe')
+    app_config = AppConfig('authentic2_cut', dummy)
+    client = None  # unused in hook
+    scope_set = {'email', 'profile', 'openid', 'crown'}
+    user_info = {
+        'sub': 'abc',
+        'email': 'abc@ad.dre.ss',
+        'first_name': 'Original first name',
+        'last_name': 'Original last name',
+    }
+
+    # firt attempt without profile, user_info is modified by the hook
+    app_config.a2_hook_idp_oidc_modify_user_info(client, user, scope_set, user_info, profile=None)
+    assert user_info['email'] == 'john.doe@example.org'
+    assert user_info['first_name'] == 'John'
+    assert user_info['given_name'] == 'John'
+    assert user_info['last_name'] == 'Doe'
+    assert user_info['family_name'] == 'Doe'
+
+    profile_type = ProfileType.objects.create(
+        name="Mandataire",
+        slug="mandataire",
+    )
+    profile = Profile.objects.create(
+        profile_type=profile_type,
+        user=user,
+        identifier='abc',
+        email='mandataire-abc',
+    )
+    user_info = {
+        'sub': 'abc',
+        'email': 'abc@ad.dre.ss',
+        'first_name': 'Original first name',
+        'last_name': 'Original last name',
+    }
+
+    # second attempt with profile, whose presence is detected by the hook, thus bypassed
+    app_config.a2_hook_idp_oidc_modify_user_info(client, user, scope_set, user_info, profile=profile)
+    assert user_info['email'] == 'abc@ad.dre.ss'
+    assert user_info['first_name'] == 'Original first name'
+    assert user_info['last_name'] == 'Original last name'