CenterForOpenScience · brianjgeiger · Sep 28, 2016 · Jul 12, 2016 · Jul 12, 2016 · Jul 12, 2016
diff --git a/api/base/authentication/backends.py b/api/base/authentication/backends.py
@@ -4,7 +4,7 @@
 class ODMBackend(object):
 
     def authenticate(self, username=None, password=None):
-        return get_user(username=username, password=password) or None
+        return get_user(email=username, password=password) or None
 
     def get_user(self, user_id):
         return User.load(user_id)
diff --git a/api/institutions/authentication.py b/api/institutions/authentication.py
@@ -52,7 +52,7 @@ def authenticate(self, request):
         username = provider['user']['username']
         fullname = provider['user']['fullname']
 
-        user, created = get_or_create_user(fullname, username)
+        user, created = get_or_create_user(fullname, username, reset_password=False)
 
         if created:
             user.given_name = provider['user'].get('givenName')

diff --git a/framework/auth/__init__.py b/framework/auth/__init__.py
@@ -108,21 +108,24 @@ def register_unconfirmed(username, password, fullname, campaign=None):
     return user
 
 
-def get_or_create_user(fullname, address, is_spam=False):
-    """Get or create user by email address.
+def get_or_create_user(fullname, address, reset_password=True, is_spam=False):
+    """
+    Get or create user by fullname and email address.
 
-    :param str fullname: User full name
-    :param str address: User email address
-    :param bool is_spam: User flagged as potential spam
-    :return: Tuple of (user, created)
+    :param str fullname: user full name
+    :param str address: user email address
+    :param boolean reset_password: ask user to reset their password
+    :param bool is_spam: user flagged as potential spam
+    :return: tuple of (user, created)
     """
     user = get_user(email=address)
     if user:
         return user, False
     else:
         password = str(uuid.uuid4())
         user = User.create_confirmed(address, password, fullname)
-        user.verification_key = generate_verification_key()
+        if password:
+            user.verification_key_v2 = generate_verification_key(verification_type='password')
         if is_spam:
             user.system_tags.append('is_spam')
         return user, True