PyPI - dj-jwt-auth - Versions diffs - 1.7.1__py3-none-any.whl → 1.8.0__py3-none-any.whl - Mend

dj-jwt-auth 1.7.1py3-none-any.whl → 1.8.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

{dj_jwt_auth-1.7.1.dist-info → dj_jwt_auth-1.8.0.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dj-jwt-auth
-Version: 1.7.1
+Version: 1.8.0
 Summary: A Django package for JSON Web Token validation and verification. Using PyJWT.
 Home-page: https://www.example.com/
 Author: Konstantin Seleznev
@@ -137,3 +137,4 @@ Login URL will be available at `/admin/oidc/`.
 ### Testing:
 Run command `python runtests.py` to run tests.
+To run specific test use `python runtests.py <test_name>`, like `python runtests.py "tests.test.OIDCHandlerTest.test_new_email_exists"`.

{dj_jwt_auth-1.7.1.dist-info → dj_jwt_auth-1.8.0.dist-info}/RECORD RENAMED Viewed

@@ -6,16 +6,16 @@ django_jwt/pkce.py,sha256=j-v2ffCw0X3JW7ak8vfNeSZI-dACOvHbi1eLmJ0R8gM,685
 django_jwt/roles.py,sha256=SaHK3o8T8USS4ZhG4SrHPlZQV2lMb2t1UZHT6IQtBvA,143
 django_jwt/settings.py,sha256=pXQ8WUU4LGBe6PQxCLTLM_2_b1CCSgehqim3yJDqZdw,1922
 django_jwt/urls.py,sha256=ZhcnRcQ1MBRh-bS7fTa-Vkz8yuWUhv-G_uRXKLnKAs0,320
-django_jwt/user.py,sha256=e1OizNlxUQjH2jwbbFxHN0go0pJiVrmLJUDP7lBuUUM,5859
+django_jwt/user.py,sha256=v2oCoAThstFg5x5cOA9nSKlYWZzCEqhFbz63WGhE_NM,6382
 django_jwt/utils.py,sha256=uIFw1JMldE_blC7YkaZbY7rpcawP2E6zsdLyuZRwJoA,1645
 django_jwt/views.py,sha256=jQW3YrW-Oed54KqxjDMaBOQ-dxEnqTAcBEXlQSK-zCE,4231
 django_jwt/templates/django-jwt-index.html,sha256=y8f0v2WbRAFxnIU799I_MZCVsjn1sbdh7bypjdWB0lA,1353
 django_jwt/templates/admin/login.html,sha256=Nihyu0IGvDDZVvQDITXozwlj6XCQ0B8gqlyHLqVNyJc,275
 tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tests/models.py,sha256=tJlhRARVGfFIH6Gp1o00buZKcY2oAk7HNw2PMnkTEDs,295
-tests/test.py,sha256=Llj8u4hyxezdUdCOnM5ogw_hLxC82tiSY6e14W42GjU,11089
+tests/models.py,sha256=jhoJcCEsx5B9AibmoLQLDD3cEsyYzYy6dMdYhRnBVFo,338
+tests/test.py,sha256=HEy5DsEYrPmtWSdeDhgdeV2tZTYlepaWt82VoTBrta8,11828
 tests/urls.py,sha256=D5FhDSVAudurkrpkCZZPnDvgXSgifwFVB3nAlYBg7uQ,212
-dj_jwt_auth-1.7.1.dist-info/METADATA,sha256=AxY9nhrLPx8qkqcvIWfXe1TJSsjZ95d4cjFwfSCJ8zM,4416
-dj_jwt_auth-1.7.1.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-dj_jwt_auth-1.7.1.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
-dj_jwt_auth-1.7.1.dist-info/RECORD,,
+dj_jwt_auth-1.8.0.dist-info/METADATA,sha256=bSdoEA3Rd_Ug7C7B4ZaPCnBs4WOnLUjGhVNkMjDGxMU,4553
+dj_jwt_auth-1.8.0.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+dj_jwt_auth-1.8.0.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
+dj_jwt_auth-1.8.0.dist-info/RECORD,,

django_jwt/user.py CHANGED Viewed

@@ -4,6 +4,8 @@ from logging import getLogger
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group, Permission
+from django.db import transaction
+from django.db.utils import IntegrityError
 from django.http.request import HttpRequest
 from django_jwt import settings
@@ -23,6 +25,7 @@ def mapper(user_data: dict) -> dict:
 class UserHandler:
     modified_at = None
+    userdata_collected = False
     def __init__(self, payload: dict, request: HttpRequest, access_token: str):
         self.payload = payload
@@ -41,10 +44,12 @@ class UserHandler:
     def _collect_user_data(self):
         """Collect user data from KeyCloak"""
-        user_data = oidc_handler.get_user_info(self.access_token)
-        log.info(f"[OIDC] User data: {user_data}")
-        self.kwargs["email"] = user_data["email"].lower()
-        self.kwargs.update(mapper(user_data))
+        if not self.userdata_collected:
+            user_data = oidc_handler.get_user_info(self.access_token)
+            log.debug(f"[OIDC] User data: {user_data}")
+            self.kwargs["email"] = user_data["email"].lower()
+            self.kwargs.update(mapper(user_data))
+            self.userdata_collected = True
     def _update_user(self, user):
         """Update user fields if they are changed"""
@@ -69,6 +74,7 @@ class UserHandler:
     def _get_by_email(self) -> model:
         """Get user from database by email and update to resave kc_id."""
+        self._collect_user_data()
         user = model.objects.get(email=self.kwargs["email"])
         self._update_user(user)
         if self.on_update:
@@ -84,17 +90,16 @@ class UserHandler:
                 user_modified_at = user_modified_at.replace(tzinfo=utc)
             is_modified = user_modified_at < self.modified_at
-            log.info(
-                f"[OIDC] User modified at: {user_modified_at}, "
-                f"modified_at: {self.modified_at}, "
-                f"is_modified: {is_modified}, "
-                f"email: {user.email}",
-            )
             if self.modified_at and is_modified:
                 self._update_user(user)
                 if self.on_update:
                     self.on_update(user, self.request, self.payload)
+    def _clean_kc_id(self):
+        model.objects.filter(**{settings.OIDC_USER_UID: self.kwargs[settings.OIDC_USER_UID]}).update(
+            **{settings.OIDC_USER_UID: None}
+        )
     def get_user(self) -> model:
         """
         Get user from database by kc_id or email.
@@ -103,18 +108,29 @@ class UserHandler:
         """
         try:
-            user = model.objects.get(**{settings.OIDC_USER_UID: self.kwargs[settings.OIDC_USER_UID]})
-            self._update_existing_user(user)
+            with transaction.atomic():
+                user = model.objects.get(**{settings.OIDC_USER_UID: self.kwargs[settings.OIDC_USER_UID]})
+                self._update_existing_user(user)
             return user
+        except IntegrityError:
+            # User with this email already exists
+            self._clean_kc_id()
+            return self._get_by_email()  # Will update kc_id
         except model.DoesNotExist:
             self._collect_user_data()
             try:
                 return self._get_by_email()
             except model.DoesNotExist:
                 return self._create_new_user()
         except model.MultipleObjectsReturned:
-            log.error(f"[OIDC] Multiple users found by {settings.OIDC_USER_UID}: {self.kwargs[settings.OIDC_USER_UID]}")
+            log.warning(
+                f"[OIDC] Multiple users found by {settings.OIDC_USER_UID}: {self.kwargs[settings.OIDC_USER_UID]}"
+            )
+            # clear kc_id if multiple users found
+            self._clean_kc_id()
             return self._get_by_email()

tests/models.py CHANGED Viewed

@@ -6,3 +6,4 @@ from django.utils import timezone
 class User(AbstractUser):
     kc_id = models.CharField(max_length=255, null=True, blank=True)
     modified_timestamp = models.DateTimeField(auto_now=False, default=timezone.now)
+    email = models.EmailField(unique=True)

tests/test.py CHANGED Viewed

@@ -114,14 +114,36 @@ class OIDCHandlerTest(TestCase):
         self.assertUserWithPayload()
     def test_exists_multiple_kc_id(self, *_):
-        """User exists in database by email"""
-        user = User.objects.create(email="example@bk.com", kc_id="123")
-        User.objects.create(email="example@gmail.com", kc_id="123", username="other")
+        """
+        KC ID exists in database by email
+        """
+        user = User.objects.create(email="example@bk.com", kc_id="1234")
+        User.objects.create(email="example@gmail.com", kc_id="1234", username="other")
         self.middleware.process_request(self.request)
         self.assertEqual(self.request.user, user)
+        self.assertUserWithPayload()
-        # fields are updated if they are changed in KeyCloak
+    def test_new_email_exists(self, user_info, access_token):
+        """Test case when:
+        - some email 'A' exists in DB with some KC ID
+        - user change email in KC from 'B' to 'A'
+        - KC ID will be attached to existing user with email 'A'
+        """
+        user_info.return_value["email"] = "a@bk.com"
+        user_a = User.objects.create(email="a@bk.com", username="a")
+        user_b = User.objects.create(email="b@bk.com", kc_id="1234", username="b")
+        self.middleware.process_request(self.request)
+        user_a.refresh_from_db()
+        user_b.refresh_from_db()
+        self.assertEqual(self.request.user, user_a)
         self.assertUserWithPayload()
+        self.assertEqual(user_a.kc_id, "1234")
+        self.assertEqual(user_b.kc_id, None)
     def test_exists_email_differeent_kc_id_user(self, *_):
         """User exists in database by email but different kc_id"""
@@ -180,7 +202,7 @@ class OIDCHandlerTest(TestCase):
         self.middleware.process_request(self.request)
         self.assertEqual(self.request.user.username, "override")
-    def test_updated_at(self, access_token, user_info):
+    def test_updated_at(self, user_info, access_token):
         """Check that
         - the updated_at field saved correct
         - don't call userdata if updated_at is not changed
@@ -199,7 +221,7 @@ class OIDCHandlerTest(TestCase):
         self.middleware.process_request(self.request)
         user.refresh_from_db()
         self.assertEqual(user.modified_timestamp, updated_at)
-        # self.assertEqual(user_info.call_count, 1)
+        self.assertEqual(user_info.call_count, 1)
 @patch("django_jwt.utils.get_alg", return_value="HS256")

{dj_jwt_auth-1.7.1.dist-info → dj_jwt_auth-1.8.0.dist-info}/WHEEL RENAMED Viewed

File without changes

{dj_jwt_auth-1.7.1.dist-info → dj_jwt_auth-1.8.0.dist-info}/top_level.txt RENAMED Viewed

File without changes

dj-jwt-auth 1.7.1__py3-none-any.whl → 1.8.0__py3-none-any.whl

dj-jwt-auth 1.7.1py3-none-any.whl → 1.8.0py3-none-any.whl