Assure our open-id system can return emails.

Update our data from Open ID Systems when users log in
2022-12-13 08:14:44 -05:00 · 2022-12-13 08:14:44 -05:00 · bcfbd9a6ea
parent 4a8b07e98d
commit bcfbd9a6ea
3 changed files with 21 additions and 9 deletions
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/openid_blueprint/openid_blueprint.py
@ -111,6 +111,7 @@ def token() -> dict:
            "iat": time.time(),
            "exp": time.time() + 86400,  # Expire after a day.
            "sub": user_name,
+            "email": user_details['email'],
            "preferred_username": user_details.get("preferred_username", user_name),
        },
        client_secret,
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@ -460,10 +460,6 @@ class AuthorizationService:
                .filter(UserModel.service_id == user_info["sub"])
                .first()
            )
-
-        if user_model is None:
-            current_app.logger.debug("create_user in login_return")
-            is_new_user = True
        username = email = ""
        if "name" in user_info:
            username = user_info["name"]
@ -473,12 +469,22 @@ class AuthorizationService:
            username = user_info["preferred_username"]
        if "email" in user_info:
            email = user_info["email"]
+
+        if user_model is None:
+            current_app.logger.debug("create_user in login_return")
+            is_new_user = True
            user_model = UserService().create_user(
                service=user_info["iss"],
                service_id=user_info["sub"],
                username=username,
                email=email,
            )
+        else :
+            # Update with the latest information
+            user_model.username = username
+            user_model.email = email
+            user_model.service = user_info["iss"]
+            user_model.service_id = user_info["sub"]

        # this may eventually get too slow.
        # when it does, be careful about backgrounding, because
--- a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py
+++ b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_openid_blueprint.py
@ -70,3 +70,8 @@ class TestFlaskOpenId(BaseTest):
        assert 'access_token' in response.json
        assert 'id_token' in response.json
        assert 'refresh_token' in response.json
+
+        decoded_token = jwt.decode(response.json['id_token'], options={"verify_signature": False})
+        assert 'iss' in decoded_token
+        assert 'email' in decoded_token
+