Ensure avatar auth

[premachb]

Description

Ensure user is logged in before going through onboarding flow by redirecting to GitHub login if a user is not authenticated.

Checklist

• linter status: 100% pass
• changes don't break existing behavior
• commit message follows commit guidelines

Affected core subsystem(s)

Dashboard folder more specifically the Onboarding Flow.

Testing

Simple change that checks and redirects and I've confirmed this doesn't break if the user is logged in.

Refers/Fixes

Refs: #1554

[codecov]

Codecov Report

Merging #1587 into master will increase coverage by 1.53%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master    #1587      +/-   ##
==========================================
+ Coverage    28.4%   29.93%   +1.53%     
==========================================
  Files         130      130              
  Lines        9592     9596       +4     
  Branches     1241     1243       +2     
==========================================
+ Hits         2725     2873     +148     
+ Misses       6769     6619     -150     
- Partials       98      104       +6

Impacted Files	Coverage Δ
app/dashboard/views.py	14.62% <0%> (-0.1%)	⬇️
app/app/settings.py	80.43% <0%> (+80.43%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 13500cf...633c7a9. Read the comment docs.

[owocki]

LGTM

[SaptakS]

This is wrong. This will cause anyone who goes to the onboarding flow to be redirected to the github login. That is not expected. We want this only for the standalone avatar page. So this check should be only if someone is trying to access endpoints like: /onboard/contributor/?steps=avatar or /onboard/profile and so on.

[mbeacom]

@premachb Thanks for your contribution!

cc @owocki @SaptakS
I have adjusted this PR to only redirect to login when the user is hitting onboard outside of a flow containing the github step.

This will ensure we're redirecting to auth for any user passing steps without github or entering with the profile flow.

Also, I updated the if check by dropping if not request.user - request.user will always be present, but it might represent an unauthenticated user. In cases of auth, we want to check request.user.is_authenticated and hasattr(request.user, 'profile') to verify the user's auth flow has successfully completed and they have been assigned a profile object.

Thanks again for the contribution!

[SaptakS]

@mbeacom makes sense.