Bugfix: Ensure self_group name matches email during authentication #78
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
breedenc
changed the title
breedenc
commented
Nov 21, 2023
| @@ -120,48 +150,83 @@ def test_get_nonexistent_user(self): | |||
| """ | |||
| MockUser.users = copy.deepcopy(USERS) | |||
| email = "[email protected]" | |||
| expected_userid = MockUser.users[-1].get("id") + 1 | |||
There was a problem hiding this comment.
Changed this to a derived value which still tests that a new user was created, but does not require the expected ID value to be hard-coded into the unit test and updated in the case that unrelated tests are added.
g-marconet
approved these changes
Nov 21, 2023
| from typing import Tuple | ||
|
|
||
| from django.db import transaction |
There was a problem hiding this comment.
nit: Has black been run on the changed files? (this change may well be because black was run, but I figured I'd ask)
There was a problem hiding this comment.
yes, either black or isort would have made this change, i did not make it manually
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Artemis API keys are authorized via the group with which they are associated. This applies to individual users' API keys as well - these are assigned to a "self group" that contains only the user for whom the group was created. When created, a self group is named after the user's email address. This PR adds logic to the Artemis UI authentication which ensures that the name of the user's self group stays in-sync with the user's email address (in the case of an email address update).
This PR also adds debug-level logs to the
repolambda to facilitate debugging.Motivation and Context
PR #50 introduced authentication via Email Aliases, in which a user account's email address could be updated automatically according to configured patterns. However, this logic did not update the name of the user's self group to the user's new email address, and some API authentication/authorization logic is dependent on the name of the self group. This PR ensures that when a user authenticates to the Artemis UI, their self group is named correctly.
How Has This Been Tested?
Types of changes
Checklist
Pic