def test_flow_automatically_migrated_without_verified_without_password(
self, mock_send_one_time_account_confirm_link):
provider = AuthProvider.objects.create(organization=self.organization,
provider="dummy")
# setup a 'previous' identity, such as when we migrated Google from
# the old idents to the new
user = self.create_user("*****@*****.**",
is_managed=False,
password="")
assert not user.has_usable_password()
UserEmail.objects.filter(
user=user, email="*****@*****.**").update(is_verified=False)
self.create_member(organization=self.organization, user=user)
resp = self.client.post(self.path, {"init": True})
assert resp.status_code == 200
assert self.provider.TEMPLATE in resp.content.decode("utf-8")
path = reverse("sentry-auth-sso")
resp = self.client.post(path, {"email": "*****@*****.**"})
mock_send_one_time_account_confirm_link.assert_called_with(
user,
self.organization,
provider.get_provider().name,
"*****@*****.**",
MigratingIdentityId(id="*****@*****.**", legacy_id=None),
)
self.assertTemplateUsed(resp, "sentry/auth-confirm-account.html")
assert resp.status_code == 200
assert resp.context["existing_user"] == user
def build_identity(self, state):
# https://developers.google.com/identity/protocols/OpenIDConnect#server-flow
# data.user => {
# "iss":"accounts.google.com",
# "at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
# "email_verified":"true",
# "sub":"10769150350006150715113082367",
# "azp":"1234987819200.apps.googleusercontent.com",
# "email":"*****@*****.**",
# "aud":"1234987819200.apps.googleusercontent.com",
# "iat":1353601026,
# "exp":1353604926,
# "hd":"example.com"
# }
data = state["data"]
user_data = state["user"]
# XXX(epurkhiser): We initially were using the email as the id key.
# This caused account dupes on domain changes. Migrate to the
# account-unique sub key.
user_id = MigratingIdentityId(id=user_data["sub"],
legacy_id=user_data["email"])
return {
"id": user_id,
"email": user_data["email"],
"name": user_data["email"],
"data": self.get_oauth_data(data),
"email_verified": user_data["email_verified"],
}
def build_identity(self, state):
data = state["data"]
try:
id_token = data["id_token"]
except KeyError:
raise IdentityNotValid(u"Missing id_token in OAuth response: %s" % data)
try:
_, payload, _ = map(urlsafe_b64decode, id_token.split(".", 2))
except Exception as exc:
raise IdentityNotValid(u"Unable to decode id_token: %s" % exc)
try:
user_data = json.loads(payload)
except ValueError as exc:
raise IdentityNotValid(u"Unable to decode id_token payload: %s" % exc)
# XXX(epurkhiser): This is carryover from the AuthProvider version of
# google identity. Because we will have code that handles interop
# between newstyle generic Identity, and oldstyle AuthProviders, we
# have to keep the MigratingIdentityId here.
user_id = MigratingIdentityId(id=user_data["sub"], legacy_id=user_data["email"])
return {
"type": "google",
"id": user_id,
"email": user_data["email"],
"email_verified": user_data["email_verified"],
"name": user_data["email"],
"domain": user_data.get("hd", DEFAULT_GOOGLE_DOMAIN),
"scopes": sorted(self.oauth_scopes),
"data": self.get_oauth_data(data),
}
def build_identity(self, state):
return {
"id": MigratingIdentityId(
id=state.get("id", state["email"]), legacy_id=state.get("legacy_email")
),
"email": state["email"],
"email_verified": state["email_verified"],
"name": "Dummy",
}
def build_identity(self, state):
return {
'id':
MigratingIdentityId(id=state['email'],
legacy_id=state.get('legacy_email')),
'email':
state['email'],
'name':
'Dummy',
}