mirror of
https://github.com/cisagov/manage.get.gov.git
synced 2025-07-03 01:33:32 +02:00
Merge pull request #1462 from cisagov/dk/1433-oidc-mult-levels
Issues 1433, 1435: Multi-level identity-verification based on users
This commit is contained in:
commit
796bda8493
7 changed files with 195 additions and 18 deletions
|
@ -3,6 +3,8 @@ import logging
|
|||
from django.contrib.auth.models import AbstractUser
|
||||
from django.db import models
|
||||
|
||||
from registrar.models.user_domain_role import UserDomainRole
|
||||
|
||||
from .domain_invitation import DomainInvitation
|
||||
from .transition_domain import TransitionDomain
|
||||
from .domain import Domain
|
||||
|
@ -64,6 +66,36 @@ class User(AbstractUser):
|
|||
def is_restricted(self):
|
||||
return self.status == self.RESTRICTED
|
||||
|
||||
@classmethod
|
||||
def needs_identity_verification(cls, email, uuid):
|
||||
"""A method used by our oidc classes to test whether a user needs email/uuid verification
|
||||
or the full identity PII verification"""
|
||||
|
||||
# An existing user who is a domain manager of a domain (that is,
|
||||
# they have an entry in UserDomainRole for their User)
|
||||
try:
|
||||
existing_user = cls.objects.get(username=uuid)
|
||||
if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
|
||||
return False
|
||||
except cls.DoesNotExist:
|
||||
# Do nothing when the user is not found, as we're checking for existence.
|
||||
pass
|
||||
except Exception as err:
|
||||
raise err
|
||||
|
||||
# A new incoming user who is a domain manager for one of the domains
|
||||
# that we inputted from Verisign (that is, their email address appears
|
||||
# in the username field of a TransitionDomain)
|
||||
if TransitionDomain.objects.filter(username=email).exists():
|
||||
return False
|
||||
|
||||
# A new incoming user who is being invited to be a domain manager (that is,
|
||||
# their email address is in DomainInvitation for an invitation that is not yet "retrieved").
|
||||
if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED).exists():
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def check_domain_invitations_on_login(self):
|
||||
"""When a user first arrives on the site, we need to retrieve any domain
|
||||
invitations that match their email address."""
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue