Add finished setup flag

src/djangooidc/backends.py

@@ -21,13 +21,11 @@ class OpenIdConnectBackend(ModelBackend):
     """
 
     def authenticate(self, request, **kwargs):
-        """Returns a tuple of (User, is_new_user)"""
         logger.debug("kwargs %s" % kwargs)
         user = None
-        is_new_user = True
+        request.session["is_new_user"] = True
-
         if not kwargs or "sub" not in kwargs.keys():
-            return user, is_new_user
+            return user
 
         UserModel = get_user_model()
         username = self.clean_username(kwargs["sub"])
@@ -51,7 +49,7 @@ class OpenIdConnectBackend(ModelBackend):
             }
 
             user, created = UserModel.objects.get_or_create(**args)
-            is_new_user = created
+            request.session["is_new_user"] = created
 
             if not created:
                 # If user exists, update existing user
@@ -63,10 +61,10 @@ class OpenIdConnectBackend(ModelBackend):
             try:
                 user = UserModel.objects.get_by_natural_key(username)
             except UserModel.DoesNotExist:
-                return None, is_new_user
+                return None
         # run this callback for a each login
         user.on_each_login()
-        return user, is_new_user
+        return user
 
     def update_existing_user(self, user, kwargs):
         """

src/djangooidc/tests/test_backends.py

@@ -21,7 +21,7 @@ class OpenIdConnectBackendTestCase(TestCase):
         """Test that authenticate creates a new user if it does not find
         existing user"""
         # Ensure that the authenticate method creates a new user
-        user, _ = self.backend.authenticate(request=None, **self.kwargs)
+        user = self.backend.authenticate(request=None, **self.kwargs)
         self.assertIsNotNone(user)
         self.assertIsInstance(user, User)
         self.assertEqual(user.username, "test_user")
@@ -39,7 +39,7 @@ class OpenIdConnectBackendTestCase(TestCase):
         existing_user = User.objects.create_user(username="test_user")
 
         # Ensure that the authenticate method updates the existing user
-        user, _ = self.backend.authenticate(request=None, **self.kwargs)
+        user = self.backend.authenticate(request=None, **self.kwargs)
         self.assertIsNotNone(user)
         self.assertIsInstance(user, User)
         self.assertEqual(user, existing_user)  # The same user instance should be returned
@@ -68,7 +68,7 @@ class OpenIdConnectBackendTestCase(TestCase):
 
         # Ensure that the authenticate method updates the existing user
         # and preserves existing first and last names
-        user, _ = self.backend.authenticate(request=None, **self.kwargs)
+        user = self.backend.authenticate(request=None, **self.kwargs)
         self.assertIsNotNone(user)
         self.assertIsInstance(user, User)
         self.assertEqual(user, existing_user)  # The same user instance should be returned
@@ -89,7 +89,7 @@ class OpenIdConnectBackendTestCase(TestCase):
 
         # Ensure that the authenticate method updates the existing user
         # and preserves existing first and last names
-        user, _ = self.backend.authenticate(request=None, **self.kwargs)
+        user = self.backend.authenticate(request=None, **self.kwargs)
         self.assertIsNotNone(user)
         self.assertIsInstance(user, User)
         self.assertEqual(user, existing_user)  # The same user instance should be returned
@@ -103,5 +103,5 @@ class OpenIdConnectBackendTestCase(TestCase):
     def test_authenticate_with_unknown_user(self):
         """Test that authenticate returns None when no kwargs are supplied"""
         # Ensure that the authenticate method handles the case when the user is not found
-        user, _ = self.backend.authenticate(request=None, **{})
+        user = self.backend.authenticate(request=None, **{})
         self.assertIsNone(user)

src/djangooidc/views.py

@@ -98,7 +98,8 @@ def login_callback(request):
             # add acr_value to request.session
             request.session["acr_value"] = CLIENT.get_step_up_acr_value()
             return CLIENT.create_authn_request(request.session)
-        user, is_new_user = authenticate(request=request, **userinfo)
+        user = authenticate(request=request, **userinfo)
+        is_new_user = request.session["is_new_user"]
         if user:
             should_update_user = False
             # Fixture users kind of exist in a superposition of verification types,

src/registrar/admin.py

@@ -539,7 +539,7 @@ class MyUserAdmin(BaseUserAdmin):
     fieldsets = (
         (
             None,
-            {"fields": ("username", "password", "status", "verification_type")},
+            {"fields": ("username", "password", "status", "finished_setup", "verification_type")},
         ),
         ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
         (
@@ -557,7 +557,7 @@ class MyUserAdmin(BaseUserAdmin):
         ("Important dates", {"fields": ("last_login", "date_joined")}),
     )
 
-    readonly_fields = ("verification_type",)
+    readonly_fields = ("verification_type", "finished_setup")
 
     # Hide Username (uuid), Groups and Permissions
     # Q: Now that we're using Groups and Permissions,