oidc: Don't raise AssertionError if no name is provided.

Closes #20821. Just like we did this for SAML in cee4da64fa, so should we for oidc, as some providers like Keycloak may not send the name by default.
2025-11-04 14:03:30 +00:00 · 2022-01-30 12:48:45 +01:00
parent c0d4f8ec79
commit d5a784a1ca
2 changed files with 37 additions and 4 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -3336,13 +3336,21 @@ class GenericOpenIdConnectTest(SocialAuthBase):
            }
        )

-    def get_account_data_dict(self, email: str, name: str) -> Dict[str, Any]:
+    def get_account_data_dict(self, email: str, name: Optional[str]) -> Dict[str, Any]:
+        if name is not None:
+            name_parts = name.split(" ")
+            given_name = name_parts[0]
+            family_name = name_parts[1]
+        else:
+            given_name = None
+            family_name = None
+
        return dict(
            email=email,
            name=name,
            nickname="somenickname",
-            given_name=name.split(" ")[0],
-            family_name=name.split(" ")[1],
+            given_name=given_name,
+            family_name=family_name,
        )

    @override_settings(TERMS_OF_SERVICE_VERSION=None)
@@ -3377,6 +3385,28 @@ class GenericOpenIdConnectTest(SocialAuthBase):
                expect_confirm_registration_page=False,
            )

+    def test_auth_registration_with_no_name_provided(self) -> None:
+        """
+        The OIDC IdP may not send the name information. The
+        signup flow should proceed normally, without pre-filling the name in the
+        registration form.
+        """
+        email = "newuser@zulip.com"
+        subdomain = "zulip"
+        realm = get_realm("zulip")
+        account_data_dict = self.get_account_data_dict(email=email, name=None)
+        result = self.social_auth_test(account_data_dict, subdomain=subdomain, is_signup=True)
+        self.stage_two_of_registration(
+            result,
+            realm,
+            subdomain,
+            email,
+            "",
+            "Full Name",
+            skip_registration_form=False,
+            expect_full_name_prepopulated=False,
+        )
+
    def test_social_auth_no_key(self) -> None:
        """
        Requires overriding because client key/secret are configured
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -1557,14 +1557,17 @@ def social_associate_user_helper(
    full_name = kwargs["details"].get("fullname")
    first_name = kwargs["details"].get("first_name")
    last_name = kwargs["details"].get("last_name")
+
    if all(name is None for name in [full_name, first_name, last_name]) and backend.name not in [
        "apple",
        "saml",
+        "oidc",
    ]:
        # (1) Apple authentication provides the user's name only the very first time a user tries to log in.
        # So if the user aborts login or otherwise is doing this the second time,
        # we won't have any name data.
-        # (2) Some IdPs may not send any name value if the user doesn't have them set in the IdP's directory.
+        # (2) Some SAML or OIDC IdPs may not send any name value if the user doesn't
+        # have them set in the IdP's directory.
        #
        # The name will just default to the empty string in the code below.