zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-15 09:07:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix verification type

Browse source
This commit is contained in:
zandercymatics 2024-04-19 15:30:37 -06:00
parent 5cba82b343
commit 3e7f143a1e
No known key found for this signature in database
GPG key ID: FF4636ABEC9682B7
5 changed files with 53 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/djangooidc/views.py
View file

@ -99,8 +99,11 @@ def login_callback(request):
return CLIENT.create_authn_request(request.session) return CLIENT.create_authn_request(request.session)
user = authenticate(request=request, **userinfo) user = authenticate(request=request, **userinfo)
if user: if user:
# Set the verification type
user.set_user_verification_type()
login(request, user) login(request, user)
logger.info("Successfully logged in user %s" % user) logger.info("Successfully logged in user %s" % user)
# Clear the flag if the exception is not caught # Clear the flag if the exception is not caught
request.session.pop("redirect_attempted", None) request.session.pop("redirect_attempted", None)
return redirect(request.session.get("next", "/")) return redirect(request.session.get("next", "/"))

15
src/registrar/admin.py
View file

@ -508,7 +508,7 @@ class MyUserAdmin(BaseUserAdmin):
("Important dates", {"fields": ("last_login", "date_joined")}), ("Important dates", {"fields": ("last_login", "date_joined")}),
) )
readonly_fields = ("verification_type") readonly_fields = ("verification_type",)
# Hide Username (uuid), Groups and Permissions # Hide Username (uuid), Groups and Permissions
# Q: Now that we're using Groups and Permissions, # Q: Now that we're using Groups and Permissions,
@ -516,7 +516,7 @@ class MyUserAdmin(BaseUserAdmin):
analyst_fieldsets = ( analyst_fieldsets = (
( (
None, None,
{"fields": ("password", "status")}, {"fields": ("password", "status", "verification_type")},
), ),
("Personal Info", {"fields": ("first_name", "last_name", "email")}), ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
( (
@ -636,11 +636,14 @@ class MyUserAdmin(BaseUserAdmin):
return [] return []
def get_readonly_fields(self, request, obj=None): def get_readonly_fields(self, request, obj=None):
readonly_fields = list(self.readonly_fields)
if request.user.has_perm("registrar.full_access_permission"): if request.user.has_perm("registrar.full_access_permission"):
return () # No read-only fields for all access users return readonly_fields
# Return restrictive Read-only fields for analysts and else:
# users who might not belong to groups # Return restrictive Read-only fields for analysts and
return self.analyst_readonly_fields # users who might not belong to groups
return self.analyst_readonly_fields
class HostIPInline(admin.StackedInline): class HostIPInline(admin.StackedInline):

4
src/registrar/fixtures_users.py
View file

@ -6,6 +6,7 @@ from registrar.models import (
User, User,
UserGroup, UserGroup,
) )
from registrar.models.verified_by_staff import VerifiedByStaff
fake = Faker() fake = Faker()
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -187,6 +188,9 @@ class UserFixture:
logger.info(f"Going to load {len(users)} users in group {group_name}") logger.info(f"Going to load {len(users)} users in group {group_name}")
for user_data in users: for user_data in users:
try: try:
# TODO - Add the fixture user to the VerifiedByStaff table
# (To track how this user was verified)
user, _ = User.objects.get_or_create(username=user_data["username"]) user, _ = User.objects.get_or_create(username=user_data["username"])
user.is_superuser = False user.is_superuser = False
user.first_name = user_data["first_name"] user.first_name = user_data["first_name"]

28
src/registrar/migrations/0085_user_verification_type.py Normal file
View file

@ -0,0 +1,28 @@
# Generated by Django 4.2.10 on 2024-04-19 21:02
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("registrar", "0084_create_groups_v11"),
]
operations = [
migrations.AddField(
model_name="user",
name="verification_type",
field=models.CharField(
blank=True,
choices=[
("grandfathered", "Legacy user"),
("verified_by_staff", "Verified by staff"),
("regular", "Verified by Login.gov"),
("invited", "Invited by a domain manager"),
],
help_text="The means through which this user was verified",
null=True,
),
),
]

18
src/registrar/models/user.py
View file

@ -60,7 +60,7 @@ class User(AbstractUser):
) )
verification_type = models.CharField( verification_type = models.CharField(
choices=VerificationTypeChoices, choices=VerificationTypeChoices.choices,
null=True, null=True,
blank=True, blank=True,
help_text="The means through which this user was verified", help_text="The means through which this user was verified",
@ -115,19 +115,19 @@ class User(AbstractUser):
@classmethod @classmethod
def get_existing_user_from_uuid(cls, uuid): def existing_user(cls, uuid):
existing_user = None existing_user = None
try: try:
existing_user = cls.objects.get(username=uuid) existing_user = cls.objects.get(username=uuid)
if existing_user and UserDomainRole.objects.filter(user=existing_user).exists(): if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
return (False, existing_user) return False
except cls.DoesNotExist: except cls.DoesNotExist:
# Do nothing when the user is not found, as we're checking for existence. # Do nothing when the user is not found, as we're checking for existence.
pass pass
except Exception as err: except Exception as err:
raise err raise err
return (True, existing_user) return True
@classmethod @classmethod
def needs_identity_verification(cls, email, uuid): def needs_identity_verification(cls, email, uuid):
@ -136,14 +136,14 @@ class User(AbstractUser):
# An existing user who is a domain manager of a domain (that is, # An existing user who is a domain manager of a domain (that is,
# they have an entry in UserDomainRole for their User) # they have an entry in UserDomainRole for their User)
user_exists, existing_user = cls.existing_user(uuid) user_exists = cls.existing_user(uuid)
if not user_exists: if not user_exists:
return False return False
# The user needs identity verification if they don't meet # The user needs identity verification if they don't meet
# any special criteria, i.e. we are validating them "regularly" # any special criteria, i.e. we are validating them "regularly"
existing_user.verification_type = cls.get_verification_type_from_email(email) verification_type = cls.get_verification_type_from_email(email)
return existing_user.verification_type == cls.VerificationTypeChoices.REGULAR return verification_type == cls.VerificationTypeChoices.REGULAR
@classmethod @classmethod
def get_verification_type_from_email(cls, email, invitation_status=DomainInvitation.DomainInvitationStatus.INVITED): def get_verification_type_from_email(cls, email, invitation_status=DomainInvitation.DomainInvitationStatus.INVITED):
@ -167,11 +167,11 @@ class User(AbstractUser):
return verification_type return verification_type
def user_verification_type(self, check_if_user_exists=False): def set_user_verification_type(self):
if self.verification_type is None: if self.verification_type is None:
# Would need to check audit log # Would need to check audit log
retrieved = DomainInvitation.DomainInvitationStatus.RETRIEVED retrieved = DomainInvitation.DomainInvitationStatus.RETRIEVED
user_exists, _ = self.existing_user(self.username) user_exists = self.existing_user(self.username)
verification_type = self.get_verification_type_from_email(self.email, invitation_status=retrieved) verification_type = self.get_verification_type_from_email(self.email, invitation_status=retrieved)
# This should check if the type is unknown, use check_if_user_exists? # This should check if the type is unknown, use check_if_user_exists?