diff --git a/data/users/federated.py b/data/users/federated.py index cdf6a28ce..074818d34 100644 --- a/data/users/federated.py +++ b/data/users/federated.py @@ -107,11 +107,15 @@ class FederatedUsers(object): return (None, 'Unable to pick a username. Please report this to your administrator.') prompts = model.user.get_default_user_prompts(features) - db_user = model.user.create_federated_user(valid_username, email, self._federated_service, - username, - set_password_notification=False, - email_required=self._requires_email, - prompts=prompts) + try: + db_user = model.user.create_federated_user(valid_username, email, self._federated_service, + username, + set_password_notification=False, + email_required=self._requires_email, + prompts=prompts) + except model.InvalidEmailAddressException as iae: + return (None, iae.message) + else: # Update the db attributes from the federated service. if email and db_user.email != email: diff --git a/data/users/test/test_teamsync.py b/data/users/test/test_teamsync.py index 51ab82e6f..e7f10063d 100644 --- a/data/users/test/test_teamsync.py +++ b/data/users/test/test_teamsync.py @@ -257,4 +257,47 @@ def test_teamsync_end_to_end(auth_system_builder, config, app): # Ensure we now have members. msg = 'Auth system: %s' % auth.federated_service sync_team_info = model.team.get_team_sync_information('buynlarge', 'synced2') - assert len(list(model.team.list_team_users(sync_team_info.team))) > 0, msg + team_members = list(model.team.list_team_users(sync_team_info.team)) + assert len(team_members) > 1, msg + + it, _ = auth.iterate_group_members(config) + assert len(team_members) == len(list(it)), msg + + sync_team_info.last_updated = datetime.now() - timedelta(hours=6) + sync_team_info.save() + + # Remove one of the members and force a sync again to ensure we re-link the correct users. + first_member = team_members[0] + model.team.remove_user_from_team('buynlarge', 'synced2', first_member.username, 'devtable') + + team_members2 = list(model.team.list_team_users(sync_team_info.team)) + assert len(team_members2) == 1, msg + assert sync_team(auth, sync_team_info) + + team_members3 = list(model.team.list_team_users(sync_team_info.team)) + assert len(team_members3) > 1, msg + assert set([m.id for m in team_members]) == set([m.id for m in team_members3]) + + +@pytest.mark.parametrize('auth_system_builder,config', [ + (mock_ldap, {'group_dn': 'cn=AwesomeFolk'}), + (fake_keystone, {'group_id': 'somegroupid'}), +]) +def test_teamsync_existing_email(auth_system_builder, config, app): + with auth_system_builder() as auth: + # Create an new team to sync. + org = model.organization.get_organization('buynlarge') + new_synced_team = model.team.create_team('synced2', org, 'member', 'Some synced team.') + sync_team_info = model.team.set_team_syncing(new_synced_team, auth.federated_service, config) + + # Add a new *unlinked* user with the same email address as one of the team members. + it, _ = auth.iterate_group_members(config) + members = list(it) + model.user.create_user_noverify('someusername', members[0][0].email) + + # Sync the team and ensure it doesn't fail. + assert sync_team(auth, sync_team_info) + + team_members = list(model.team.list_team_users(sync_team_info.team)) + assert len(team_members) > 0 + diff --git a/test/fixtures.py b/test/fixtures.py index 37c6f1441..09b989481 100644 --- a/test/fixtures.py +++ b/test/fixtures.py @@ -56,6 +56,9 @@ def init_db_path(tmpdir_factory): application.config.update(conf) application.config.update({"DB_URI": sqlitedb}) initialize_database() + + db.obj.execute_sql('PRAGMA foreign_keys = ON;') + populate_database() close_db_filter(None) return str(sqlitedb_file)