def test_is_vouched(self, rget, rlogging):
def mocked_get(url, **options):
if 'tmickel' in url:
return Response(NOT_VOUCHED_FOR)
if 'peterbe' in url:
return Response(VOUCHED_FOR)
if 'trouble' in url:
return Response('Failed', status_code=500)
raise NotImplementedError(url)
rget.side_effect = mocked_get
ok_(not mozillians.is_vouched('*****@*****.**'))
ok_(mozillians.is_vouched('*****@*****.**'))
self.assertRaises(
mozillians.BadStatusCodeError,
mozillians.is_vouched,
'*****@*****.**'
)
# also check that the API key is scrubbed
try:
mozillians.is_vouched('*****@*****.**')
raise
except mozillians.BadStatusCodeError, msg:
ok_(settings.MOZILLIANS_API_KEY not in str(msg))
def test_is_vouched(self, rget):
def mocked_get(url, **options):
if 'tmickel' in url:
return Response(NOT_VOUCHED_FOR_USERS)
if 'peterbe' in url:
return Response(VOUCHED_FOR_USERS)
if 'trouble' in url:
return Response('Failed', status_code=500)
raise NotImplementedError(url)
rget.side_effect = mocked_get
ok_(not mozillians.is_vouched('*****@*****.**'))
ok_(mozillians.is_vouched('*****@*****.**'))
self.assertRaises(
mozillians.BadStatusCodeError,
mozillians.is_vouched,
'*****@*****.**'
)
# also check that the API key is scrubbed
try:
mozillians.is_vouched('*****@*****.**')
raise
except mozillians.BadStatusCodeError as msg:
ok_(settings.MOZILLIANS_API_KEY not in str(msg))
def test_is_not_vouched(self, rget, rlogging):
def mocked_get(url, **options):
if 'tmickel' in url:
return Response(NO_VOUCHED_FOR)
raise NotImplementedError(url)
rget.side_effect = mocked_get
ok_(not mozillians.is_vouched('*****@*****.**'))
def test_is_not_vouched(self, rget):
def mocked_get(url, **options):
if 'tmickel' in url:
return Response(NOT_VOUCHED_FOR_USERS)
raise NotImplementedError(url)
rget.side_effect = mocked_get
ok_(not mozillians.is_vouched('*****@*****.**'))
def login_success(self):
"""the user passed the BrowserID hurdle, but do they have a valid
email address or vouched for in Mozillians"""
domain = self.user.email.split('@')[-1].lower()
try:
if domain in settings.ALLOWED_BID:
# If you were a contributor before, undo that.
# This might be the case when we extend settings.ALLOWED_BID
# with new domains and people with those domains logged
# in before.
try:
# This works because of the OneToOneField and
# related_name='profile' on the UserProfile class.
profile = self.user.profile
# if you were a contributor before, undo that now
if profile.contributor:
profile.contributor = False
profile.save()
except UserProfile.DoesNotExist:
pass
elif is_vouched(self.user.email):
try:
profile = self.user.profile
if not profile.contributor:
profile.contributor = True
profile.save()
except UserProfile.DoesNotExist:
profile = UserProfile.objects.create(
user=self.user,
contributor=True
)
else:
messages.error(
self.request,
'Email {0} authenticated but not vouched for'
.format(self.user.email)
)
return self.login_failure()
except BadStatusCodeError:
logger.error('Unable to call out to mozillians', exc_info=True)
messages.error(
self.request,
'Email {0} authenticated but unable to connect to '
'Mozillians to see if are vouched. '
.format(self.user.email)
)
return self.login_failure()
return super(CustomBrowserIDVerify, self).login_success()
def login_success(self):
"""the user passed the BrowserID hurdle, but do they have a valid
email address or vouched for in Mozillians"""
domain = self.user.email.split('@')[-1].lower()
try:
if domain in settings.ALLOWED_BID:
# If you were a contributor before, undo that.
# This might be the case when we extend settings.ALLOWED_BID
# with new domains and people with those domains logged
# in before.
try:
# This works because of the OneToOneField and
# related_name='profile' on the UserProfile class.
profile = self.user.profile
# if you were a contributor before, undo that now
if profile.contributor:
profile.contributor = False
profile.save()
except UserProfile.DoesNotExist:
pass
elif is_vouched(self.user.email):
try:
profile = self.user.profile
if not profile.contributor:
profile.contributor = True
profile.save()
except UserProfile.DoesNotExist:
profile = UserProfile.objects.create(
user=self.user,
contributor=True
)
else:
messages.error(
self.request,
'Email {0} authenticated but not vouched for'
.format(self.user.email)
)
return self.login_failure()
except BadStatusCodeError:
logger.error('Unable to call out to mozillians', exc_info=True)
messages.error(
self.request,
'Email {0} authenticated but unable to connect to '
'Mozillians to see if are vouched. '
.format(self.user.email)
)
return self.login_failure()
return super(CustomBrowserIDVerify, self).login_success()
def filter_users_by_claims(self, claims):
users = super(
AirmozillaOIDCAuthenticationBackend,
self
).filter_users_by_claims(claims)
# If this returned a set of users, it means the email already
# exists (got in at some point). If so, do nothing but just
# return the users.
if users:
return users
# Never heard of this user before!
# Because we set settings.OIDC_CREATE_USER it won't immediately
# be created.
# If we that this user should not be allowed in, return an empty
# list or empty queryset.
email = claims.get('email')
domain = email.split('@')[-1].lower()
if domain in settings.ALLOWED_BID:
# You've never signed in before but you have an awesome
# email domain.
user = super(
AirmozillaOIDCAuthenticationBackend,
self
).create_user(claims)
return [user]
# A this point, you need to be a vouced mozillian.
# And if you are you get a "contributor" profile.
if is_vouched(email):
user = super(
AirmozillaOIDCAuthenticationBackend,
self
).create_user(claims)
UserProfile.objects.create(
user=user,
contributor=True
)
return [user]
return UserModel.objects.none()
def login_success(self):
"""the user passed the BrowserID hurdle, but do they have a valid
email address or vouched for in Mozillians"""
domain = self.user.email.split('@')[-1]
try:
if domain in settings.ALLOWED_BID:
# awesome!
pass
elif is_vouched(self.user.email):
try:
profile = self.user.get_profile()
if not profile.contributor:
profile.contributor = True
profile.save()
except UserProfile.DoesNotExist:
profile = UserProfile.objects.create(
user=self.user,
contributor=True
)
else:
messages.error(
self.request,
'Email {0} authenticated but not vouched for'
.format(self.user.email)
)
return super(CustomBrowserIDVerify, self).login_failure()
except BadStatusCodeError:
logger.error('Unable to call out to mozillians', exc_info=True)
messages.error(
self.request,
'Email {0} authenticated but unable to connect to '
'Mozillians to see if are vouched. '
.format(self.user.email)
)
return super(CustomBrowserIDVerify, self).login_failure()
return super(CustomBrowserIDVerify, self).login_success()
def get_user(user_info):
email = user_info['email']
domain = email.split('@')[-1].lower()
_allowed_bid = False
_is_vouched = False
if domain in settings.ALLOWED_BID:
# This variable matters later when we have the user
_allowed_bid = True
elif is_vouched(email):
# This variable matters later when we have the user
_is_vouched = True
else:
return
created = False
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
try:
user = User.objects.get(email__iexact=email)
except User.DoesNotExist:
try:
user = UserEmailAlias.objects.get(email__iexact=email).user
except UserEmailAlias.DoesNotExist:
# We have to create the user
user = User.objects.create(
email=email,
username=default_username(email),
)
created = True
if not created:
# If the found user is inactive, and the user's alias points
# to another use, return that one instead.
if not user.is_active:
try:
user = UserEmailAlias.objects.get(
email__iexact=user.email
).user
except UserEmailAlias.DoesNotExist:
# At least we tried
pass
if user_info.get('given_name'):
if user_info['given_name'] != user.first_name:
user.first_name = user_info['given_name']
user.save()
if user_info.get('family_name'):
if user_info['family_name'] != user.first_name:
user.last_name = user_info['family_name']
user.save()
if _allowed_bid and not created:
# If you were a contributor before, undo that.
# This might be the case when we extend settings.ALLOWED_BID
# with new domains and people with those domains logged
# in before.
try:
# if you were a contributor before, undo that now
if user.profile.contributor:
user.profile.contributor = False
user.profile.save()
except UserProfile.DoesNotExist:
pass
elif _is_vouched:
# If you existed before and is now not in ALLOWED_BID
# really make sure you have a UserProfile with
# .contributor set to True
try:
if not user.profile.contributor:
user.profile.contributor = True
user.profile.save()
except UserProfile.DoesNotExist:
UserProfile.objects.create(
user=user,
contributor=True
)
return user
def get_user(user_info):
email = user_info['email']
domain = email.split('@')[-1].lower()
_allowed_bid = False
_is_vouched = False
if domain in settings.ALLOWED_BID:
# This variable matters later when we have the user
_allowed_bid = True
elif is_vouched(email):
# This variable matters later when we have the user
_is_vouched = True
else:
return
created = False
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
try:
user = User.objects.get(email__iexact=email)
except User.DoesNotExist:
try:
user = UserEmailAlias.objects.get(email__iexact=email).user
except UserEmailAlias.DoesNotExist:
# We have to create the user
user = User.objects.create(
email=email,
username=default_username(email),
)
created = True
if not created:
# If the found user is inactive, and the user's alias points
# to another use, return that one instead.
if not user.is_active:
try:
user = UserEmailAlias.objects.get(
email__iexact=user.email).user
except UserEmailAlias.DoesNotExist:
# At least we tried
pass
if user_info.get('given_name'):
if user_info['given_name'] != user.first_name:
user.first_name = user_info['given_name']
user.save()
if user_info.get('family_name'):
if user_info['family_name'] != user.first_name:
user.last_name = user_info['family_name']
user.save()
if _allowed_bid and not created:
# If you were a contributor before, undo that.
# This might be the case when we extend settings.ALLOWED_BID
# with new domains and people with those domains logged
# in before.
try:
# if you were a contributor before, undo that now
if user.profile.contributor:
user.profile.contributor = False
user.profile.save()
except UserProfile.DoesNotExist:
pass
elif _is_vouched:
# If you existed before and is now not in ALLOWED_BID
# really make sure you have a UserProfile with
# .contributor set to True
try:
if not user.profile.contributor:
user.profile.contributor = True
user.profile.save()
except UserProfile.DoesNotExist:
UserProfile.objects.create(user=user, contributor=True)
return user
