Make email addresses optional in external auth if email feature is turned off

Before this change, external auth such as Keystone would fail if a user without an email address tried to login, even if the email feature was disabled.
2016-09-08 12:24:47 -04:00 · 2016-09-08 12:24:47 -04:00 · d7f56350a4
commit d7f56350a4
parent 934cdecbd6
18 changed files with 206 additions and 93 deletions
--- a/data/model/organization.py
+++ b/data/model/organization.py
@ -5,10 +5,10 @@ from data.model import (user, team, DataModelException, InvalidOrganizationExcep
                        InvalidUsernameException, db_transaction, _basequery)


-def create_organization(name, email, creating_user):
+def create_organization(name, email, creating_user, email_required=True):
  try:
    # Create the org
-    new_org = user.create_user_noverify(name, email)
+    new_org = user.create_user_noverify(name, email, email_required=email_required)
    new_org.organization = True
    new_org.save()

--- a/data/model/user.py
+++ b/data/model/user.py
@ -1,6 +1,7 @@
 import bcrypt
 import logging
 import json
+import uuid

 from peewee import JOIN_LEFT_OUTER, IntegrityError, fn
 from uuid import uuid4
@ -31,13 +32,12 @@ def hash_password(password, salt=None):
  salt = salt or bcrypt.gensalt()
  return bcrypt.hashpw(password.encode('utf-8'), salt)

-
-def create_user(username, password, email, auto_verify=False):
+def create_user(username, password, email, auto_verify=False, email_required=True):
  """ Creates a regular user, if allowed. """
  if not validate_password(password):
    raise InvalidPasswordException(INVALID_PASSWORD_MESSAGE)

-  created = create_user_noverify(username, email)
+  created = create_user_noverify(username, email, email_required=email_required)
  created.password_hash = hash_password(password)
  created.verified = auto_verify
  created.save()
@ -45,9 +45,14 @@ def create_user(username, password, email, auto_verify=False):
  return created


-def create_user_noverify(username, email):
-  if not validate_email(email):
-    raise InvalidEmailAddressException('Invalid email address: %s' % email)
+def create_user_noverify(username, email, email_required=True):
+  if email_required:
+    if not validate_email(email):
+      raise InvalidEmailAddressException('Invalid email address: %s' % email)
+  else:
+    # If email addresses are not required and none was specified, then we just use a unique
+    # ID to ensure that the database consistency check remains intact.
+    email = email or str(uuid.uuid4())

  (username_valid, username_issue) = validate_username(username)
  if not username_valid:
@ -300,8 +305,8 @@ def list_entity_robot_permission_teams(entity_name, include_permissions=False):


 def create_federated_user(username, email, service_name, service_ident,
-                          set_password_notification, metadata={}):
-  new_user = create_user_noverify(username, email)
+                          set_password_notification, metadata={}, email_required=True):
+  new_user = create_user_noverify(username, email, email_required=email_required)
  new_user.verified = True
  new_user.save()