hooks: bypass idp_oidc_modify_user_info when user profile is supplied (#63263)
This commit is contained in:
parent
9d50edcdf3
commit
27d92545cf
|
@ -514,7 +514,9 @@ class AppConfig(django.apps.AppConfig):
|
|||
queryset = queryset.filter(ou__slug='usagers')
|
||||
return queryset
|
||||
|
||||
def a2_hook_idp_oidc_modify_user_info(self, client, user, scope_set, user_info):
|
||||
def a2_hook_idp_oidc_modify_user_info(self, client, user, scope_set, user_info, profile=None):
|
||||
if profile:
|
||||
return
|
||||
sub = user_info['sub']
|
||||
user_info.clear()
|
||||
user_info['sub'] = sub
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
from authentic2.custom_user.models import Profile, ProfileType
|
||||
from authentic2.manager.tables import UserTable
|
||||
from authentic2.manager.user_views import UsersView
|
||||
from django.contrib.auth import get_user_model
|
||||
from utils import login
|
||||
|
||||
from authentic2_cut.apps import AppConfig
|
||||
|
@ -31,3 +33,54 @@ def test_a2_hook_manager_modify_table(db, rf, admin, monkeypatch, app):
|
|||
response = login(app, admin, '/manage/users/')
|
||||
assert 'get_full_name' not in response.html
|
||||
assert len(response.pyquery.find('thead').find('tr').children()) == 5
|
||||
|
||||
|
||||
def test_a2_hook_idp_oidc_modify_user_info(db, rf, app):
|
||||
class DummyModule:
|
||||
__path__ = [
|
||||
'./dummy',
|
||||
]
|
||||
|
||||
dummy = DummyModule()
|
||||
User = get_user_model()
|
||||
user = User.objects.create(email='john.doe@example.org', first_name='John', last_name='Doe')
|
||||
app_config = AppConfig('authentic2_cut', dummy)
|
||||
client = None # unused in hook
|
||||
scope_set = {'email', 'profile', 'openid', 'crown'}
|
||||
user_info = {
|
||||
'sub': 'abc',
|
||||
'email': 'abc@ad.dre.ss',
|
||||
'first_name': 'Original first name',
|
||||
'last_name': 'Original last name',
|
||||
}
|
||||
|
||||
# firt attempt without profile, user_info is modified by the hook
|
||||
app_config.a2_hook_idp_oidc_modify_user_info(client, user, scope_set, user_info, profile=None)
|
||||
assert user_info['email'] == 'john.doe@example.org'
|
||||
assert user_info['first_name'] == 'John'
|
||||
assert user_info['given_name'] == 'John'
|
||||
assert user_info['last_name'] == 'Doe'
|
||||
assert user_info['family_name'] == 'Doe'
|
||||
|
||||
profile_type = ProfileType.objects.create(
|
||||
name="Mandataire",
|
||||
slug="mandataire",
|
||||
)
|
||||
profile = Profile.objects.create(
|
||||
profile_type=profile_type,
|
||||
user=user,
|
||||
identifier='abc',
|
||||
email='mandataire-abc',
|
||||
)
|
||||
user_info = {
|
||||
'sub': 'abc',
|
||||
'email': 'abc@ad.dre.ss',
|
||||
'first_name': 'Original first name',
|
||||
'last_name': 'Original last name',
|
||||
}
|
||||
|
||||
# second attempt with profile, whose presence is detected by the hook, thus bypassed
|
||||
app_config.a2_hook_idp_oidc_modify_user_info(client, user, scope_set, user_info, profile=profile)
|
||||
assert user_info['email'] == 'abc@ad.dre.ss'
|
||||
assert user_info['first_name'] == 'Original first name'
|
||||
assert user_info['last_name'] == 'Original last name'
|
||||
|
|
Loading…
Reference in New Issue