♻️(models) remove multiple identities

Multiple identities were complicating this project's code. We moved the management of multiple identities to our OIDC provider.
2024-06-09 22:43:42 +02:00
parent 79330015e0
commit 2ec292bb91
37 changed files with 509 additions and 1149 deletions
--- a/src/backend/core/authentication/backends.py
+++ b/src/backend/core/authentication/backends.py
@@ -2,7 +2,6 @@

 from django.conf import settings
 from django.core.exceptions import SuspiciousOperation
-from django.db import models
 from django.utils.translation import gettext_lazy as _

 import requests
@@ -10,14 +9,12 @@ from mozilla_django_oidc.auth import (
    OIDCAuthenticationBackend as MozillaOIDCAuthenticationBackend,
 )

-from core.models import Identity
-

 class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
    """Custom OpenID Connect (OIDC) Authentication Backend.

    This class overrides the default OIDC Authentication Backend to accommodate differences
-    in the User and Identity models, and handles signed and/or encrypted UserInfo response.
+    in the User model, and handles signed and/or encrypted UserInfo response.
    """

    def get_userinfo(self, access_token, id_token, payload):
@@ -81,28 +78,16 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
                _("User info contained no recognizable user identification")
            )

-        user = (
-            self.UserModel.objects.filter(identities__sub=sub)
-            .annotate(
-                identity_email=models.F("identities__email"),
-                identity_name=models.F("identities__name"),
-            )
-            .distinct()
-            .first()
-        )
-        if user:
+        try:
+            user = self.UserModel.objects.get(sub=sub)
+        except self.UserModel.DoesNotExist:
+            if self.get_settings("OIDC_CREATE_USER", True):
+                user = self.create_user(user_info)
+        else:
            email = user_info.get("email")
            name = user_info.get("name")
-            if (
-                email
-                and email != user.identity_email
-                or name
-                and name != user.identity_name
-            ):
-                Identity.objects.filter(sub=sub).update(email=email, name=name)
-
-        elif self.get_settings("OIDC_CREATE_USER", True):
-            user = self.create_user(user_info)
+            if email and email != user.email or name and name != user.name:
+                self.UserModel.objects.filter(sub=sub).update(email=email, name=name)

        return user

@@ -114,9 +99,9 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
                _("Claims contained no recognizable user identification")
            )

-        user = self.UserModel.objects.create(password="!")  # noqa: S106
-        Identity.objects.create(
-            user=user, sub=sub, email=claims.get("email"), name=claims.get("name")
+        return self.UserModel.objects.create(
+            password="!",  # noqa: S106
+            sub=sub,
+            email=claims.get("email"),
+            name=claims.get("name"),
        )
-
-        return user