Coverage for ivatar / ivataraccount / auth.py: 93%

41 statements  

« prev     ^ index     » next       coverage.py v7.13.1, created at 2026-01-16 00:08 +0000

1from social_core.backends.open_id_connect import OpenIdConnectAuth 

2 

3from ivatar.ivataraccount.models import ConfirmedEmail, Photo 

4from ivatar.settings import logger, TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS 

5 

6 

7from social_django.utils import load_strategy 

8 

9 

10class FedoraOpenIdConnect(OpenIdConnectAuth): 

11 name = "fedora" 

12 USERNAME_KEY = "nickname" 

13 OIDC_ENDPOINT = "https://id.fedoraproject.org" 

14 DEFAULT_SCOPE = ["openid", "profile", "email"] 

15 TOKEN_ENDPOINT_AUTH_METHOD = "client_secret_post" 

16 

17 def __init__(self, strategy=None, *args, **kwargs): 

18 if strategy is None: 

19 strategy = load_strategy() 

20 super().__init__(strategy, *args, **kwargs) 

21 

22 

23# Pipeline methods 

24 

25 

26def add_confirmed_email(backend, user, response, *args, **kwargs): 

27 """Add a ConfirmedEmail if we trust the auth backend to validate email.""" 

28 if not kwargs.get("is_new", False): 

29 return None # Only act on account creation 

30 if backend.name not in TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS: 

31 return None 

32 if ConfirmedEmail.objects.filter(email=user.email).count() > 0: 

33 # email already exists 

34 return None 

35 (confirmed_id, external_photos) = ConfirmedEmail.objects.create_confirmed_email( 

36 user, user.email, True 

37 ) 

38 confirmed_email = ConfirmedEmail.objects.get(id=confirmed_id) 

39 logger.debug( 

40 "Email %s added upon creation of user %s", confirmed_email.email, user.pk 

41 ) 

42 photo = Photo.objects.create(user=user, ip_address=confirmed_email.ip_address) 

43 import_result = photo.import_image("Gravatar", confirmed_email.email) 

44 if import_result: 

45 logger.debug("Gravatar image imported for %s", confirmed_email.email) 

46 

47 

48def associate_by_confirmed_email(backend, details, user=None, *args, **kwargs): 

49 """ 

50 Associate current auth with a user that has their email address as ConfirmedEmail in the DB. 

51 """ 

52 if user: 

53 return None 

54 email = details.get("email") 

55 if not email: 

56 return None 

57 try: 

58 confirmed_email = ConfirmedEmail.objects.get(email=email) 

59 except ConfirmedEmail.DoesNotExist: 

60 return None 

61 user = confirmed_email.user 

62 logger.debug("Found a matching ConfirmedEmail for %s upon login", user.username) 

63 return {"user": user, "is_new": False}