paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

oidc: Don't raise AssertionError if no name is provided.

Browse Source 
Closes #20821.
Just like we did this for SAML in
cee4da64fa, so should we for oidc, as some
providers like Keycloak may not send the name by default.
This commit is contained in:
Mateusz Mandera
2022-01-30 12:48:45 +01:00
committed by Tim Abbott
parent c0d4f8ec79
commit d5a784a1ca
2 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
zerver/tests/test_auth_backends.py
View File

@@ -3336,13 +3336,21 @@ class GenericOpenIdConnectTest(SocialAuthBase):
} }
) )
def get_account_data_dict(self, email: str, name: str) -> Dict[str, Any]: def get_account_data_dict(self, email: str, name: Optional[str]) -> Dict[str, Any]:
if name is not None:
name_parts = name.split(" ")
given_name = name_parts[0]
family_name = name_parts[1]
else:
given_name = None
family_name = None
return dict( return dict(
email=email, email=email,
name=name, name=name,
nickname="somenickname", nickname="somenickname",
given_name=name.split(" ")[0], given_name=given_name,
family_name=name.split(" ")[1], family_name=family_name,
) )
@override_settings(TERMS_OF_SERVICE_VERSION=None) @override_settings(TERMS_OF_SERVICE_VERSION=None)
@@ -3377,6 +3385,28 @@ class GenericOpenIdConnectTest(SocialAuthBase):
expect_confirm_registration_page=False, expect_confirm_registration_page=False,
) )
def test_auth_registration_with_no_name_provided(self) -> None:
"""
The OIDC IdP may not send the name information. The
signup flow should proceed normally, without pre-filling the name in the
registration form.
"""
email = "newuser@zulip.com"
subdomain = "zulip"
realm = get_realm("zulip")
account_data_dict = self.get_account_data_dict(email=email, name=None)
result = self.social_auth_test(account_data_dict, subdomain=subdomain, is_signup=True)
self.stage_two_of_registration(
result,
realm,
subdomain,
email,
"",
"Full Name",
skip_registration_form=False,
expect_full_name_prepopulated=False,
)
def test_social_auth_no_key(self) -> None: def test_social_auth_no_key(self) -> None:
""" """
Requires overriding because client key/secret are configured Requires overriding because client key/secret are configured

5
zproject/backends.py
View File

@@ -1557,14 +1557,17 @@ def social_associate_user_helper(
full_name = kwargs["details"].get("fullname") full_name = kwargs["details"].get("fullname")
first_name = kwargs["details"].get("first_name") first_name = kwargs["details"].get("first_name")
last_name = kwargs["details"].get("last_name") last_name = kwargs["details"].get("last_name")
if all(name is None for name in [full_name, first_name, last_name]) and backend.name not in [ if all(name is None for name in [full_name, first_name, last_name]) and backend.name not in [
"apple", "apple",
"saml", "saml",
"oidc",
]: ]:
# (1) Apple authentication provides the user's name only the very first time a user tries to log in. # (1) Apple authentication provides the user's name only the very first time a user tries to log in.
# So if the user aborts login or otherwise is doing this the second time, # So if the user aborts login or otherwise is doing this the second time,
# we won't have any name data. # we won't have any name data.
# (2) Some IdPs may not send any name value if the user doesn't have them set in the IdP's directory. # (2) Some SAML or OIDC IdPs may not send any name value if the user doesn't
# have them set in the IdP's directory.
# #
# The name will just default to the empty string in the code below. # The name will just default to the empty string in the code below.