Add support for temp usernames and an interstitial to confirm username

When a user now logs in for the first time for any external auth (LDAP, JWT, Keystone, Github, Google, Dex), they will be presented with a confirmation screen that affords them the opportunity to change their Quay-assigned username. Addresses most of the user issues around #74
2016-09-08 18:43:50 -04:00 · 2016-09-08 18:43:50 -04:00 · 1e3b354201
commit 1e3b354201
parent 840ea4e768
18 changed files with 388 additions and 24 deletions
--- a/endpoints/oauthlogin.py
+++ b/endpoints/oauthlogin.py
@ -37,11 +37,11 @@ def get_user(service, token):
    'access_token': token,
    'alt': 'json',
  }
-  get_user = client.get(service.user_endpoint(), params=token_param)
-  if get_user.status_code != requests.codes.ok:
+  got_user = client.get(service.user_endpoint(), params=token_param)
+  if got_user.status_code != requests.codes.ok:
    return {}

-  return get_user.json()
+  return got_user.json()


 def conduct_oauth_login(service, user_id, username, email, metadata={}):
@ -65,7 +65,7 @@ def conduct_oauth_login(service, user_id, username, email, metadata={}):

      to_login = model.user.create_federated_user(new_username, email, service_name.lower(),
                                                  user_id, set_password_notification=True,
-                                                  metadata=metadata)
+                                                  metadata=metadata, confirm_username=True)

      # Success, tell analytics
      analytics.track(to_login.username, 'register', {'service': service_name.lower()})
@ -75,7 +75,7 @@ def conduct_oauth_login(service, user_id, username, email, metadata={}):
        logger.debug('Aliasing with state: %s', state)
        analytics.alias(to_login.username, state)

-    except model.InvalidEmailAddressException as ieex:
+    except model.InvalidEmailAddressException:
      message = "The e-mail address %s is already associated " % (email, )
      message = message + "with an existing %s account." % (app.config['REGISTRY_TITLE_SHORT'], )
      message = message + "\nPlease log in with your username and password and "
@ -87,7 +87,10 @@ def conduct_oauth_login(service, user_id, username, email, metadata={}):
      return render_ologin_error(service_name, ex.message)

  if common_login(to_login):
-    return redirect(url_for('web.index'))
+    if model.user.has_user_prompts(to_login):
+      return redirect(url_for('web.updateuser'))
+    else:
+      return redirect(url_for('web.index'))

  return render_ologin_error(service_name)