[PLAT-1145][Hotfix] Confirming ORCID account doesn't work if you are logged in

[Johnetordoff]

Purpose

If you try to confirm your ORCID account while logged in the OSF will redirect to the dashboard without confirming the account. This fix allows you to comfirm it without logging out.

Changes

• moves redirect clause to after confirmation clause so it's not missed.
• adds test

QA Notes

I tested this in the shell by creating a user with (paraphasing) :

user.email_verifications = {'token': {'email': user.email, 'external_identity': {'ORCID' {'fake_external_identity_id': 'fake status'}}}}
me.external_identity = {'ORCID': {'fake_external_identity_id': 'fake status'}}

and hitting endpoint http://localhost:5000/confirm/external/<user guid>/token/?destination=dashboard then checking account setting to see if the user had a confirmed fake ORCID.

Documentation

🐞 fix, no docs

Side Effects

None that I know of.

Ticket

https://openscience.atlassian.net/browse/PLAT-1145

[erinspace]

Just 2 questions!

[erinspace]

Could you modify self.user for your test instead of taking the time to create your own?

[erinspace]

Curious of how much of the above should indeed be happening before the current logged in status of the user is checked - for example user.date_last_logged_in = timezone.now() should probably still happen after the logged in check.

[sloria]

Why was this moved? It looks like this change will never get saved.

[Johnetordoff]

I'm not sure what you mean, the idea with this is that if the user was logged in already their date_last_logged_in shouldn't change, but if they log in with this function it should miss the redirect and hit that line. Edit: look at @erinspace comment above.

[sloria]

OK, but the user isn't being saved after this point.