Skip to content

Commit

Permalink
feat: automatically associate user with TransitAgency using SSO domain
Browse files Browse the repository at this point in the history 
this lessens the chance that the user will reach the in_person views
without an associated TransitAgency.
  • Loading branch information
@angela-tran
angela-tran committed Aug 27, 2024
1 parent 19513cd commit f0aeef2
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 0 deletions.
9 changes: 9 additions & 0 deletions benefits/core/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ def pre_login_user(user, request):
logger.debug(f"Running pre-login callback for user: {user.username}")
add_google_sso_userinfo(user, request)
add_staff_user_to_group(user, request)
add_transit_agency_staff_user_to_group(user, request)


def add_google_sso_userinfo(user, request):
Expand Down Expand Up @@ -151,3 +152,11 @@ def add_staff_user_to_group(user, request):
if user.email in settings.GOOGLE_SSO_STAFF_LIST:
staff_group = Group.objects.get(name=settings.STAFF_GROUP_NAME)
user.groups.add(staff_group)


def add_transit_agency_staff_user_to_group(user, request):
user_sso_domain = user.email.split("@")[1]
if user_sso_domain:
agency = models.TransitAgency.objects.filter(sso_domain=user_sso_domain).first()
if agency is not None and agency.staff_group:
user.groups.add(agency.staff_group)
25 changes: 25 additions & 0 deletions tests/pytest/core/test_admin.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import pytest
from django.conf import settings
from django.contrib.auth.models import User, Group

import benefits.core.admin
from benefits.core.admin import GOOGLE_USER_INFO_URL, pre_login_user

Expand Down Expand Up @@ -94,3 +95,27 @@ def test_pre_login_user_does_not_add_transit_staff_to_group(mocker, settings):
staff_group = Group.objects.get(name=settings.STAFF_GROUP_NAME)
assert staff_group.user_set.count() == 0
assert agency_user.groups.count() == 0


@pytest.mark.django_db
def test_pre_login_user_add_transit_staff_to_transit_staff_group(mocker, settings, model_TransitAgency):
mocked_request = mocker.Mock()
mocked_request.session.get.return_value = None

transit_agency_staff_group = Group.objects.create(name="CST Staff")
model_TransitAgency.pk = None
model_TransitAgency.staff_group = transit_agency_staff_group
model_TransitAgency.sso_domain = "cst.org"
model_TransitAgency.save()

settings.GOOGLE_SSO_STAFF_LIST = ["*"]
settings.GOOGLE_SSO_ALLOWABLE_DOMAINS = ["cst.org"]

# simulate what `django_google_sso` does for us (sets is_staff to True)
agency_user = User.objects.create_user(username="agency_user", email="[email protected]", is_staff=True)

pre_login_user(agency_user, mocked_request)

# assert that a transit agency user gets added to their TransitAgency's staff group based on SSO domain
assert agency_user.groups.count() == 1
assert agency_user.groups.first() == transit_agency_staff_group

0 comments on commit f0aeef2

Please sign in to comment.