Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

user_details pipeline fails to update changed user data

See original GitHub issue

The user_details pipeline does not update the local user when the user details from the OAuth provider have been changed. In the following code from user_details() in user.py, line 98 is testing for a truthy value for current_value, but it shouldn’t since that means that changed details will not be updated:

        # Check https://github.com/omab/python-social-auth/issues/671
        current_value = getattr(user, name, None)
        if current_value or current_value == value:
            continue

To test this I changed my name on the OAuth provider, logged out of the application, and logged in again. The name field had not been updated. I tracked it down to the code above.

I substituted:

        try:
            current_value = getattr(user, name)
            if current_value == value:
                continue
        except AttributeError:
            continue

And it works correctly for my purposes. Note that this can possibly update a field value to None or empty string (whatever is in the details). I think that is the correct behavior.

This passes all the tests, but there isn’t a test that demonstrates the incorrect behavior, and I’m not quite sure how to write one. It should be quite simple, if someone wants to give me some tips.

BTW, email is hard-coded as a protected field. I’m wondering if that is correct, because I can envision the user changing their email at some point, and wanting that field to be updated.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:8

github_iconTop GitHub Comments

4reactions
LiamKcommented, Jul 22, 2018

Actually, it is even simpler, since the check for missing attribute is already being done above.

        current_value = getattr(user, name)
        if current_value == value:
            continue
1reaction
nicholasamorimcommented, Dec 3, 2019

An alternative way to forking this repo is to replace the function in the pipeline:

Put this in your settings:

SOCIAL_AUTH_PIPELINE = (
    # All default except the last
    "social_core.pipeline.social_auth.social_details",
    "social_core.pipeline.social_auth.social_uid",
    "social_core.pipeline.social_auth.auth_allowed",
    "social_core.pipeline.social_auth.social_user",
    "social_core.pipeline.user.get_username",
    "social_core.pipeline.user.create_user",
    "social_core.pipeline.social_auth.associate_user",
    "social_core.pipeline.social_auth.load_extra_data",
    # Replace default one with yours
    # "social_core.pipeline.user.user_details",
    "myproject.myapp.mymodule.user_details",
)

then define user_details with the fix by @LiamK:

def user_details(strategy, details, user=None, *args, **kwargs):
    """Update user details using data from provider."""
    if not user:
        return

    changed = False  # flag to track changes
    protected = ("username", "id", "pk") + tuple(
        strategy.setting("PROTECTED_USER_FIELDS", [])
    )

    for name, value in details.items():
        if value is None or not hasattr(user, name) or name in protected:
            continue

        current_value = getattr(user, name, None)
        if current_value == value:  # FIX!
            continue

        changed = True
        setattr(user, name, value)

    if changed:
        strategy.storage.user.changed(user)

And that’s it.

NOTE: The function above removes email as a protected field. It suits my purpose for SAML (or GitHub or…) where email can be updated, for example.

Would be interesting to see the fix merged and even more: to have a way of overriding the hardcoded protected fields.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure Build - How to get the user details who triggered the ...
I would like to get the user details who triggers the build and use their name, mail ID and PAT and use them...
Read more >
Modifying your user details and password - Pega
To update your information, do the following steps: In the navigation pane of Deployment Manager click Users, and then click People.
Read more >
Pipeline - Python Social Auth documentation - Read the Docs
Basic user details generated by the backend, used to create/update the user model details (this dict will contain values like username , email...
Read more >
Known Issues - Cribl Docs
Workaround: Use the Data Routes interface to manage the Pipeline and stateful Functions indicated above. If your QuickConnect data doesn't oblige a changed...
Read more >
How to manage users on your account - monday.com Support
To change a user's type, locate the user and click on their current user type to the right of their name. From the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

LinkedIn using v1

Next page

Problem with Instagram authentication if user is not logged to instagram beforehand