Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(email): populate email from IdPs, update deprecated .warn to .wa… #934

Merged
merged 6 commits into from
Jun 16, 2021
Merged

feat(email): populate email from IdPs, update deprecated .warn to .wa… #934

merged 6 commits into from
Jun 16, 2021

Conversation

Avantol13
Copy link
Contributor

…rning

New Features

  • Try to populate a user's email in the user db if available from IdP

Breaking Changes

Bug Fixes

Improvements

  • change deprecated .warn to new .warning

Dependency updates

Deployment changes

@github-actions
Copy link

The style in this PR agrees with black. ✔️

This formatting comment was generated automatically by a script in uc-cdis/wool.

@coveralls
Copy link

coveralls commented Jun 10, 2021
edited
Loading

Pull Request Test Coverage Report for Build 11228

  • 14 of 19 (73.68%) changed or added relevant lines in 4 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.006%) to 71.124%
Changes Missing Coverage Covered Lines Changed/Added Lines %
fence/resources/openid/ras_oauth2.py 0 1 0.0%
fence/auth.py 7 11 63.64%
Totals Coverage Status
Change from base Build 11222: -0.006%
Covered Lines: 6143
Relevant Lines: 8637
💛 - Coveralls

vpsx
vpsx reviewed Jun 10, 2021
View reviewed changes
fence/auth.py Outdated
f"Updating username {user.username}'s email from {user.email} to {email}"
)
user.email = email

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user already exists in the db and they already have a linked matching identity provider (so, I think, for most cases where a user had logged in before this fence commit), this code won't run, even if the email and the user.email don't match--right? 🧐

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AhH! 😅 You're right, I missed the early return, will adjust. Good eye! 🕵️

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay! One more thing, I think with the new call to _update_users_email up top, this second call is unnecessary

@jawadqur
Copy link
Contributor

I deployed this branch to https://fence.planx-pla.net for testing, will let you know if it's successful.

vpsx
vpsx reviewed Jun 11, 2021
View reviewed changes
Copy link
Contributor

@vpsx vpsx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just flagging a couple possible kinks 🙏

fence/blueprints/login/base.py
@@ -97,8 +100,9 @@ def get(self):
code = flask.request.args.get("code")
result = self.client.get_user_id(code)
username = result.get(self.username_field)
email = result.get(self.email_field)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if I'm reading correctly, this happens to work in the google case because the result happens to contain email -- because when idp is google we use email as username. But in general if the get_user_id code for a given client is not changed so that the returned result has the email field, this part will not work? So for example RAS logins will still not populate the email? I might just be confused on the intended behavior.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 Good thing you looked this over, me hacking this together resulted in some silly mistakes, thanks for wading through this. Debating whether or not to rename get_user_id something like get_user_info... might just leave it and add the logic to clients

fence/auth.py Outdated
"""
Update email if provided and doesn't match db entry.

NOTE: This does NOT commit to the db, do so outside this function
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oof I think in the case where a user already exists, the early return will now prevent the db commit from happening 😅

fence/auth.py Outdated
f"Updating username {user.username}'s email from {user.email} to {email}"
)
user.email = email

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay! One more thing, I think with the new call to _update_users_email up top, this second call is unnecessary

vpsx
vpsx approved these changes Jun 16, 2021
View reviewed changes
Copy link
Contributor

@vpsx vpsx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🎉 ✉️

@Avantol13 Avantol13 merged commit 8fc5367 into master Jun 16, 2021
@Avantol13 Avantol13 deleted the feat/idp_email branch June 16, 2021 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vpsx vpsx vpsx approved these changes

Assignees
No one assigned
Labels
test-google-googleServiceAccountTest test-pidgin-getCoremetadataTest test-portal-coremetadatapageTest test-portal-dataUploadTest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Avantol13 @coveralls @jawadqur @vpsx @PlanXCyborg @Avantol13-machine-user