Assure our open-id system can return emails.

Update our data from Open ID Systems when users log in
This commit is contained in:
Dan 2022-12-13 08:14:44 -05:00
parent 552229110c
commit b94e0f7266
3 changed files with 21 additions and 9 deletions

View File

@ -111,6 +111,7 @@ def token() -> dict:
"iat": time.time(), "iat": time.time(),
"exp": time.time() + 86400, # Expire after a day. "exp": time.time() + 86400, # Expire after a day.
"sub": user_name, "sub": user_name,
"email": user_details['email'],
"preferred_username": user_details.get("preferred_username", user_name), "preferred_username": user_details.get("preferred_username", user_name),
}, },
client_secret, client_secret,

View File

@ -460,25 +460,31 @@ class AuthorizationService:
.filter(UserModel.service_id == user_info["sub"]) .filter(UserModel.service_id == user_info["sub"])
.first() .first()
) )
username = email = ""
if "name" in user_info:
username = user_info["name"]
if "username" in user_info:
username = user_info["username"]
elif "preferred_username" in user_info:
username = user_info["preferred_username"]
if "email" in user_info:
email = user_info["email"]
if user_model is None: if user_model is None:
current_app.logger.debug("create_user in login_return") current_app.logger.debug("create_user in login_return")
is_new_user = True is_new_user = True
username = email = ""
if "name" in user_info:
username = user_info["name"]
if "username" in user_info:
username = user_info["username"]
elif "preferred_username" in user_info:
username = user_info["preferred_username"]
if "email" in user_info:
email = user_info["email"]
user_model = UserService().create_user( user_model = UserService().create_user(
service=user_info["iss"], service=user_info["iss"],
service_id=user_info["sub"], service_id=user_info["sub"],
username=username, username=username,
email=email, email=email,
) )
else :
# Update with the latest information
user_model.username = username
user_model.email = email
user_model.service = user_info["iss"]
user_model.service_id = user_info["sub"]
# this may eventually get too slow. # this may eventually get too slow.
# when it does, be careful about backgrounding, because # when it does, be careful about backgrounding, because

View File

@ -70,3 +70,8 @@ class TestFlaskOpenId(BaseTest):
assert 'access_token' in response.json assert 'access_token' in response.json
assert 'id_token' in response.json assert 'id_token' in response.json
assert 'refresh_token' in response.json assert 'refresh_token' in response.json
decoded_token = jwt.decode(response.json['id_token'], options={"verify_signature": False})
assert 'iss' in decoded_token
assert 'email' in decoded_token