user_details pipeline fails to update changed user data
See original GitHub issueThe user_details pipeline does not update the local user when the user details from the OAuth provider have been changed. In the following code from user_details() in user.py, line 98 is testing for a truthy value for current_value, but it shouldn’t since that means that changed details will not be updated:
# Check https://github.com/omab/python-social-auth/issues/671
current_value = getattr(user, name, None)
if current_value or current_value == value:
continue
To test this I changed my name on the OAuth provider, logged out of the application, and logged in again. The name field had not been updated. I tracked it down to the code above.
I substituted:
try:
current_value = getattr(user, name)
if current_value == value:
continue
except AttributeError:
continue
And it works correctly for my purposes. Note that this can possibly update a field value to None or empty string (whatever is in the details). I think that is the correct behavior.
This passes all the tests, but there isn’t a test that demonstrates the incorrect behavior, and I’m not quite sure how to write one. It should be quite simple, if someone wants to give me some tips.
BTW, email is hard-coded as a protected field. I’m wondering if that is correct, because I can envision the user changing their email at some point, and wanting that field to be updated.
Issue Analytics
- State:
- Created 5 years ago
- Comments:8
Top GitHub Comments
Actually, it is even simpler, since the check for missing attribute is already being done above.
An alternative way to forking this repo is to replace the function in the pipeline:
Put this in your settings:
then define user_details with the fix by @LiamK:
And that’s it.
NOTE: The function above removes email as a protected field. It suits my purpose for SAML (or GitHub or…) where email can be updated, for example.
Would be interesting to see the fix merged and even more: to have a way of overriding the hardcoded protected fields.