Basic setup stuff

2025-05-19 19:09:22 +02:00 · 2024-05-09 11:42:18 -06:00 · 2024-05-09 11:42:18 -06:00 · d268ef54b1
commit d268ef54b1
parent c9a735bf6a
8 changed files with 110 additions and 13 deletions
--- a/src/djangooidc/backends.py
+++ b/src/djangooidc/backends.py
@ -21,10 +21,13 @@ class OpenIdConnectBackend(ModelBackend):
    """

    def authenticate(self, request, **kwargs):
+        """Returns a tuple of (User, is_new_user)"""
        logger.debug("kwargs %s" % kwargs)
        user = None
+        is_new_user = True
+
        if not kwargs or "sub" not in kwargs.keys():
-            return user
+            return user, is_new_user

        UserModel = get_user_model()
        username = self.clean_username(kwargs["sub"])
@ -48,6 +51,7 @@ class OpenIdConnectBackend(ModelBackend):
            }

            user, created = UserModel.objects.get_or_create(**args)
+            is_new_user = created

            if not created:
                # If user exists, update existing user
@ -59,10 +63,10 @@ class OpenIdConnectBackend(ModelBackend):
            try:
                user = UserModel.objects.get_by_natural_key(username)
            except UserModel.DoesNotExist:
-                return None
+                return None, is_new_user
        # run this callback for a each login
        user.on_each_login()
-        return user
+        return user, is_new_user

    def update_existing_user(self, user, kwargs):
        """
--- a/src/djangooidc/tests/test_backends.py
+++ b/src/djangooidc/tests/test_backends.py
@ -21,7 +21,7 @@ class OpenIdConnectBackendTestCase(TestCase):
        """Test that authenticate creates a new user if it does not find
        existing user"""
        # Ensure that the authenticate method creates a new user
-        user = self.backend.authenticate(request=None, **self.kwargs)
+        user, _ = self.backend.authenticate(request=None, **self.kwargs)
        self.assertIsNotNone(user)
        self.assertIsInstance(user, User)
        self.assertEqual(user.username, "test_user")
@ -39,7 +39,7 @@ class OpenIdConnectBackendTestCase(TestCase):
        existing_user = User.objects.create_user(username="test_user")

        # Ensure that the authenticate method updates the existing user
-        user = self.backend.authenticate(request=None, **self.kwargs)
+        user, _ = self.backend.authenticate(request=None, **self.kwargs)
        self.assertIsNotNone(user)
        self.assertIsInstance(user, User)
        self.assertEqual(user, existing_user)  # The same user instance should be returned
@ -68,7 +68,7 @@ class OpenIdConnectBackendTestCase(TestCase):

        # Ensure that the authenticate method updates the existing user
        # and preserves existing first and last names
-        user = self.backend.authenticate(request=None, **self.kwargs)
+        user, _ = self.backend.authenticate(request=None, **self.kwargs)
        self.assertIsNotNone(user)
        self.assertIsInstance(user, User)
        self.assertEqual(user, existing_user)  # The same user instance should be returned
@ -89,7 +89,7 @@ class OpenIdConnectBackendTestCase(TestCase):

        # Ensure that the authenticate method updates the existing user
        # and preserves existing first and last names
-        user = self.backend.authenticate(request=None, **self.kwargs)
+        user, _ = self.backend.authenticate(request=None, **self.kwargs)
        self.assertIsNotNone(user)
        self.assertIsInstance(user, User)
        self.assertEqual(user, existing_user)  # The same user instance should be returned
@ -103,5 +103,5 @@ class OpenIdConnectBackendTestCase(TestCase):
    def test_authenticate_with_unknown_user(self):
        """Test that authenticate returns None when no kwargs are supplied"""
        # Ensure that the authenticate method handles the case when the user is not found
-        user = self.backend.authenticate(request=None, **{})
+        user, _ = self.backend.authenticate(request=None, **{})
        self.assertIsNone(user)
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -85,6 +85,7 @@ def login_callback(request):
    """Analyze the token returned by the authentication provider (OP)."""
    global CLIENT
    try:
+        request.session["is_new_user"] = False
        # If the CLIENT is none, attempt to reinitialize before handling the request
        if _client_is_none():
            logger.debug("OIDC client is None, attempting to initialize")
@ -97,9 +98,9 @@ def login_callback(request):
            # add acr_value to request.session
            request.session["acr_value"] = CLIENT.get_step_up_acr_value()
            return CLIENT.create_authn_request(request.session)
-        user = authenticate(request=request, **userinfo)
+        user, is_new_user = authenticate(request=request, **userinfo)
        if user:
-
+            should_update_user = False
            # Fixture users kind of exist in a superposition of verification types,
            # because while the system "verified" them, if they login,
            # we don't know how the user themselves was verified through login.gov until
@ -110,9 +111,17 @@ def login_callback(request):
            # Set the verification type if it doesn't already exist or if its a fixture user
            if not user.verification_type or is_fixture_user:
                user.set_user_verification_type()
+                should_update_user = True
+
+            if is_new_user:
+                user.finished_setup = False
+                should_update_user = True
+
+            if should_update_user:
                user.save()

            login(request, user)
+
            logger.info("Successfully logged in user %s" % user)

            # Clear the flag if the exception is not caught