Skip to content

Commit

Permalink
Merge pull request #935 from maykinmedia/feature/1999-oidc-user-field…
Browse files Browse the repository at this point in the history 
…s-mapping

♻️ [#1999] Use fixed unique ID fieldname for OIDC
@alextreme
alextreme authored Jan 5, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
2 parents ba4e7bc + e36283a commit 1b45842
Showing 2 changed files with 21 additions and 14 deletions.
9 changes: 5 additions & 4 deletions src/digid_eherkenning_oidc_generics/backends.py
View file
Original file line number Diff line number Diff line change
@@ -17,6 +17,7 @@
class OIDCAuthenticationBackend(_OIDCAuthenticationBackend):
config_identifier_field = "identifier_claim_name"
callback_path = None
unique_id_user_fieldname = ""

def authenticate(self, request, *args, **kwargs):
# Avoid attempting OIDC for a specific variant if we know that that is not the
@@ -28,18 +29,16 @@ def authenticate(self, request, *args, **kwargs):

def filter_users_by_claims(self, claims):
"""Return all users matching the specified subject."""
identifier_claim_name = getattr(self.config, self.config_identifier_field)
unique_id = self.retrieve_identifier_claim(claims)

if not unique_id:
return self.UserModel.objects.none()
return self.UserModel.objects.filter(
**{f"{identifier_claim_name}__iexact": unique_id}
**{f"{self.unique_id_user_fieldname}__iexact": unique_id}
)

def create_user(self, claims):
"""Return object for a newly created user account."""
identifier_claim_name = getattr(self.config, self.config_identifier_field)
unique_id = self.retrieve_identifier_claim(claims)

logger.debug("Creating OIDC user: %s", unique_id)
@@ -49,7 +48,7 @@ def create_user(self, claims):
self.UserModel.USERNAME_FIELD: generate_email_from_string(
unique_id, domain="localhost"
),
identifier_claim_name: unique_id,
self.unique_id_user_fieldname: unique_id,
"login_type": self.login_type,
}
)
@@ -68,6 +67,7 @@ class OIDCAuthenticationDigiDBackend(SoloConfigDigiDMixin, OIDCAuthenticationBac

login_type = LoginTypeChoices.digid
callback_path = reverse_lazy("digid_oidc:callback")
unique_id_user_fieldname = "bsn"


class OIDCAuthenticationEHerkenningBackend(
@@ -79,3 +79,4 @@ class OIDCAuthenticationEHerkenningBackend(

login_type = LoginTypeChoices.eherkenning
callback_path = reverse_lazy("eherkenning_oidc:callback")
unique_id_user_fieldname = "kvk"
26 changes: 16 additions & 10 deletions src/open_inwoner/accounts/tests/test_oidc_views.py
View file
Original file line number Diff line number Diff line change
@@ -226,7 +226,9 @@ class DigiDOIDCFlowTests(TestCase):
@patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token")
@patch(
"digid_eherkenning_oidc_generics.models.OpenIDConnectDigiDConfig.get_solo",
return_value=OpenIDConnectDigiDConfig(id=1, enabled=True),
return_value=OpenIDConnectDigiDConfig(
id=1, enabled=True, identifier_claim_name="sub"
),
)
def test_existing_bsn_creates_no_new_user(
self,
@@ -241,8 +243,7 @@ def test_existing_bsn_creates_no_new_user(
# sub is the oidc_id field in our db
mock_get_userinfo.return_value = {
"email": "[email protected]",
"sub": "some_username",
"bsn": "123456782",
"sub": "123456782",
}
user = DigidUserFactory.create(
first_name="John",
@@ -286,7 +287,9 @@ def test_existing_bsn_creates_no_new_user(
@patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token")
@patch(
"digid_eherkenning_oidc_generics.models.OpenIDConnectDigiDConfig.get_solo",
return_value=OpenIDConnectDigiDConfig(id=1, enabled=True),
return_value=OpenIDConnectDigiDConfig(
id=1, enabled=True, identifier_claim_name="sub"
),
)
def test_new_user_is_created_when_new_bsn(
self,
@@ -298,7 +301,7 @@ def test_new_user_is_created_when_new_bsn(
mock_brp,
):
# set up a user with a non existing email address
mock_get_userinfo.return_value = {"sub": "some_username", "bsn": "000000000"}
mock_get_userinfo.return_value = {"sub": "000000000"}
DigidUserFactory.create(bsn="123456782", email="[email protected]")
session = self.client.session
session["oidc_states"] = {"mock": {"nonce": "nonce"}}
@@ -434,7 +437,9 @@ class eHerkenningOIDCFlowTests(TestCase):
@patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token")
@patch(
"digid_eherkenning_oidc_generics.models.OpenIDConnectEHerkenningConfig.get_solo",
return_value=OpenIDConnectEHerkenningConfig(id=1, enabled=True),
return_value=OpenIDConnectEHerkenningConfig(
id=1, enabled=True, identifier_claim_name="sub"
),
)
def test_existing_kvk_creates_no_new_user(
self,
@@ -455,8 +460,7 @@ def test_existing_kvk_creates_no_new_user(
# sub is the oidc_id field in our db
mock_get_userinfo.return_value = {
"email": "[email protected]",
"sub": "some_username",
"kvk": "12345678",
"sub": "12345678",
}
user = eHerkenningUserFactory.create(
first_name="John",
@@ -500,7 +504,9 @@ def test_existing_kvk_creates_no_new_user(
@patch("mozilla_django_oidc_db.backends.OIDCAuthenticationBackend.get_token")
@patch(
"digid_eherkenning_oidc_generics.models.OpenIDConnectEHerkenningConfig.get_solo",
return_value=OpenIDConnectEHerkenningConfig(id=1, enabled=True),
return_value=OpenIDConnectEHerkenningConfig(
id=1, enabled=True, identifier_claim_name="sub"
),
)
def test_new_user_is_created_when_new_kvk(
self,
@@ -513,7 +519,7 @@ def test_new_user_is_created_when_new_kvk(
):
mock_retrieve_rsin_with_kvk.return_value = "123456789"
# set up a user with a non existing email address
mock_get_userinfo.return_value = {"sub": "some_username", "kvk": "00000000"}
mock_get_userinfo.return_value = {"sub": "00000000"}
eHerkenningUserFactory.create(kvk="12345678", email="[email protected]")
session = self.client.session
session["oidc_states"] = {"mock": {"nonce": "nonce"}}

0 comments on commit 1b45842

Please sign in to comment.