def associate_by_email_if_oauth(auth_entry, backend, details, user, strategy, *args, **kwargs): """ This pipeline step associates the current social auth with the user with the same email address in the database. It defers to the social library's associate_by_email implementation, which verifies that only a single database user is associated with the email. This association is done ONLY if the user entered the pipeline belongs to Oauth provider and `ENABLE_REQUIRE_THIRD_PARTY_AUTH` is enabled. """ if is_require_third_party_auth_enabled() and is_oauth_provider(backend.name, **kwargs): association_response, user_is_active = get_associated_user_by_email_response( backend, details, user, *args, **kwargs) if user_is_active: return association_response
def associate_by_email_if_login_api(auth_entry, backend, details, user, current_partial=None, *args, **kwargs): # lint-amnesty, pylint: disable=keyword-arg-before-vararg """ This pipeline step associates the current social auth with the user with the same email address in the database. It defers to the social library's associate_by_email implementation, which verifies that only a single database user is associated with the email. This association is done ONLY if the user entered the pipeline through a LOGIN API. """ if auth_entry == AUTH_ENTRY_LOGIN_API: # Temporary custom attribute to help ensure there is no usage. set_custom_attribute('deprecated_auth_entry_login_api', True) association_response, user_is_active = get_associated_user_by_email_response( backend, details, user, *args, **kwargs) if user_is_active: return association_response
def associate_by_email_if_enterprise_user(): """ If the learner arriving via SAML is already linked to the enterprise customer linked to the same IdP, they should not be prompted for their edX password. """ try: enterprise_customer_user = is_enterprise_customer_user( current_provider.provider_id, current_user) logger.info( '[Multiple_SSO_SAML_Accounts_Association_to_User] Enterprise user verification:' 'User Email: {email}, User ID: {user_id}, Provider ID: {provider_id},' ' is_enterprise_customer_user: {enterprise_customer_user}'. format( email=current_user.email, user_id=current_user.id, provider_id=current_provider.provider_id, enterprise_customer_user=enterprise_customer_user, )) if enterprise_customer_user: # this is python social auth pipeline default method to automatically associate social accounts # if the email already matches a user account. association_response, user_is_active = get_associated_user_by_email_response( backend, details, user, *args, **kwargs) if not user_is_active: logger.info( '[Multiple_SSO_SAML_Accounts_Association_to_User] User association account is not' ' active: User Email: {email}, User ID: {user_id}, Provider ID: {provider_id},' ' is_enterprise_customer_user: {enterprise_customer_user}' .format( email=current_user.email, user_id=current_user.id, provider_id=current_provider.provider_id, enterprise_customer_user=enterprise_customer_user)) return None return association_response except Exception as ex: # pylint: disable=broad-except logger.exception( '[Multiple_SSO_SAML_Accounts_Association_to_User] Error in' ' saml multiple accounts association: User ID: %s, User Email: %s:,' 'Provider ID: %s, Exception: %s', current_user.id, current_user.email, current_provider.provider_id, ex)
def test_get_associated_user_by_email_response(self, user, user_is_active): """ Tests if an association response is returned for a user """ with mock.patch( 'common.djangoapps.third_party_auth.utils.associate_by_email', side_effect=lambda _b, _d, u, *_a, **_k: {'user': u} if u else None, ): mock_user = MagicMock(return_value=user) mock_user.is_active = user_is_active association_response, user_is_active_resonse = get_associated_user_by_email_response( backend=None, details=None, user=mock_user) if association_response: self.assertEqual(association_response['user'](), user) self.assertEqual(user_is_active_resonse, user_is_active) else: self.assertIsNone(association_response) self.assertFalse(user_is_active_resonse)