kobotoolbox / kpi / 17774937636
81%
master: 76%

LAST BUILD BRANCH: dev-1257-remove-v1-forms-endpoint
DEFAULT BRANCH: master
Ran
Jobs 2
Files 666
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 81.478% (+0.01%) from 81.465%
17774937636

push

github

web-flow 
fix(sso): update primary email when enabling SSO DEV-1005 (#6250)

### 📣 Summary
Update a user's email if they enable SSO and do not allow them to change
it as long as SSO is enabled.

### 📖 Description
When a user connects their account to an SSO provider with an email
address, we should update their email address to match the email used by
the SSO. Once this is set, the user should not be allowed to change it.


### 💭 Notes
This PR makes the assumption that if a user has a SocialAccount and an
EmailAddress, the email address probably came from the SSO and so should
not be changed. There is an edge case where this wouldn't be true:
1. ACCOUNT_EMAIL_REQUIRED = False
2. The SSO provider does not use email
3. The user separately created and verified their email

However, this should be extremely rare, and it's very hard to determine
if an EmailAddress came from an SSO, so we're choosing to keep the
assumption in.

Besides preventing users from updating their emails if they have SSO
enabled, this PR also takes care of setting the correct email address
for a user if they enable SSO on a pre-existing account. It's somewhat
surprising allauth doesn't do this automatically, though it seems like
something they considered:
https://github.com/pennersr/django-allauth/blob/52e90f442/allauth/socialaccount/models.py#L313.
In case we get multiple email addresses from the SSO provider, which is
possible, we use allauth's `cleanup_email_addresses` to select the
correct primary one and set all the other ones to not-primary. Then we
manually send the email_confirmed signal to indicate that we have
confirmed this new primary email, since by the time the
`social_account_added` signal is called, we know the email has been
confirmed. The existing handler for the signal takes care of cleaning up
the rest of the non-primary emails.

We do this instead of removing all the non-primary addresses just in
case we ever change the logic around what to ... (continued)

6474 of 10155 branches covered (63.75%)

27 of 32 new or added lines in 3 files covered. (84.38%)

24516 of 30089 relevant lines covered (81.48%)

1.6 hits per line

New Missed Lines in Diff

Lines Coverage File
1
95.24
 kobo/apps/accounts/signals.py
4
88.89
 1.01% kobo/apps/accounts/serializers.py
Jobs
ID Job ID Ran Files Coverage
1 17774937636.1 666
78.95
2 17774937636.2 666
81.46
Source Files on build 17774937636