More oidc tests test_login_callback_requires_step_up_auth and test_login_callback_no_step_up_auth, lint

2025-07-03 09:43:33 +02:00 · 2023-12-07 16:33:35 -05:00 · 2023-12-07 16:33:35 -05:00 · 1001454a85
commit 1001454a85
parent 1a2b16a3da
5 changed files with 82 additions and 57 deletions
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -70,29 +70,32 @@ class User(AbstractUser):
    def needs_identity_verification(cls, email, uuid):
        """A method used by our oidc classes to test whether a user needs email/uuid verification
        or the full identity PII verification"""
-                
-         # An existing user who is a domain manager of a domain (that is,
-         # they have an entry in UserDomainRole for their User)
-        try:    
+
+        # An existing user who is a domain manager of a domain (that is,
+        # they have an entry in UserDomainRole for their User)
+        try:
            existing_user = cls.objects.get(username=uuid)
            if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
                return False
-        except:
+        except cls.DoesNotExist:
+            # Do nothing when the user is not found, as we're checking for existence.
            pass
-                
+        except Exception as err:
+            raise err
+
        # A new incoming user who is a domain manager for one of the domains
        # that we inputted from Verisign (that is, their email address appears
-        # in the username field of a TransitionDomain) 
+        # in the username field of a TransitionDomain)
        if TransitionDomain.objects.filter(username=email).exists():
            return False
-            
+
        # A new incoming user who is being invited to be a domain manager (that is,
        # their email address is in DomainInvitation for an invitation that is not yet "retrieved").
        if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED):
            return False
-                
+
        return True
-    
+
    def check_domain_invitations_on_login(self):
        """When a user first arrives on the site, we need to retrieve any domain
        invitations that match their email address."""