fix(email): make sure to update email in db even if user has logged i…

…n before
uc-cdis · Jun 11, 2021 · 90ee044 · 90ee044
1 parent 1f30488
commit 90ee044
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/fence/auth.py b/fence/auth.py
@@ -92,6 +92,8 @@ def set_flask_session_values(user):
 
     user = query_for_user(session=current_session, username=username)
     if user:
+        _update_users_email(user, email)
+
         #  This expression is relevant to those users who already have user and
         #  idp info persisted to the database. We return early to avoid
         #  unnecessarily re-saving that user and idp info.
@@ -112,11 +114,7 @@ def set_flask_session_values(user):
     if not idp:
         idp = IdentityProvider(name=provider)
 
-    if email and user.email != email:
-        logger.info(
-            f"Updating username {user.username}'s email from {user.email} to {email}"
-        )
-        user.email = email
+    _update_users_email(user, email)
 
     user.identity_provider = idp
     current_session.add(user)
@@ -261,3 +259,16 @@ def wrapper(*args, **kwargs):
 def admin_login_required(function):
     """Compose the login required and admin required decorators."""
     return login_required({"admin"})(admin_required(function))
+
+
+def _update_users_email(user, email):
+    """
+    Update email if provided and doesn't match db entry.
+
+    NOTE: This does NOT commit to the db, do so outside this function
+    """
+    if email and user.email != email:
+        logger.info(
+            f"Updating username {user.username}'s email from {user.email} to {email}"
+        )
+        user.email = email