def test_flow_automatically_migrated_without_verified_without_password( self, mock_send_one_time_account_confirm_link): provider = AuthProvider.objects.create(organization=self.organization, provider="dummy") # setup a 'previous' identity, such as when we migrated Google from # the old idents to the new user = self.create_user("*****@*****.**", is_managed=False, password="") assert not user.has_usable_password() UserEmail.objects.filter( user=user, email="*****@*****.**").update(is_verified=False) self.create_member(organization=self.organization, user=user) resp = self.client.post(self.path, {"init": True}) assert resp.status_code == 200 assert self.provider.TEMPLATE in resp.content.decode("utf-8") path = reverse("sentry-auth-sso") resp = self.client.post(path, {"email": "*****@*****.**"}) mock_send_one_time_account_confirm_link.assert_called_with( user, self.organization, provider.get_provider().name, "*****@*****.**", MigratingIdentityId(id="*****@*****.**", legacy_id=None), ) self.assertTemplateUsed(resp, "sentry/auth-confirm-account.html") assert resp.status_code == 200 assert resp.context["existing_user"] == user
def build_identity(self, state): # https://developers.google.com/identity/protocols/OpenIDConnect#server-flow # data.user => { # "iss":"accounts.google.com", # "at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q", # "email_verified":"true", # "sub":"10769150350006150715113082367", # "azp":"1234987819200.apps.googleusercontent.com", # "email":"*****@*****.**", # "aud":"1234987819200.apps.googleusercontent.com", # "iat":1353601026, # "exp":1353604926, # "hd":"example.com" # } data = state["data"] user_data = state["user"] # XXX(epurkhiser): We initially were using the email as the id key. # This caused account dupes on domain changes. Migrate to the # account-unique sub key. user_id = MigratingIdentityId(id=user_data["sub"], legacy_id=user_data["email"]) return { "id": user_id, "email": user_data["email"], "name": user_data["email"], "data": self.get_oauth_data(data), "email_verified": user_data["email_verified"], }
def build_identity(self, state): data = state["data"] try: id_token = data["id_token"] except KeyError: raise IdentityNotValid(u"Missing id_token in OAuth response: %s" % data) try: _, payload, _ = map(urlsafe_b64decode, id_token.split(".", 2)) except Exception as exc: raise IdentityNotValid(u"Unable to decode id_token: %s" % exc) try: user_data = json.loads(payload) except ValueError as exc: raise IdentityNotValid(u"Unable to decode id_token payload: %s" % exc) # XXX(epurkhiser): This is carryover from the AuthProvider version of # google identity. Because we will have code that handles interop # between newstyle generic Identity, and oldstyle AuthProviders, we # have to keep the MigratingIdentityId here. user_id = MigratingIdentityId(id=user_data["sub"], legacy_id=user_data["email"]) return { "type": "google", "id": user_id, "email": user_data["email"], "email_verified": user_data["email_verified"], "name": user_data["email"], "domain": user_data.get("hd", DEFAULT_GOOGLE_DOMAIN), "scopes": sorted(self.oauth_scopes), "data": self.get_oauth_data(data), }
def build_identity(self, state): return { "id": MigratingIdentityId( id=state.get("id", state["email"]), legacy_id=state.get("legacy_email") ), "email": state["email"], "email_verified": state["email_verified"], "name": "Dummy", }
def build_identity(self, state): return { 'id': MigratingIdentityId(id=state['email'], legacy_id=state.get('legacy_email')), 'email': state['email'], 'name': 'Dummy', }