diff --git a/swh/auth/django/utils.py b/swh/auth/django/utils.py --- a/swh/auth/django/utils.py +++ b/swh/auth/django/utils.py @@ -32,11 +32,11 @@ # create a Django user that will not be saved to database user = OIDCUser( id=user_id, - username=decoded_token["preferred_username"], + username=decoded_token.get("preferred_username", ""), password="", - first_name=decoded_token["given_name"], - last_name=decoded_token["family_name"], - email=decoded_token["email"], + first_name=decoded_token.get("given_name", ""), + last_name=decoded_token.get("family_name", ""), + email=decoded_token.get("email", ""), ) # set is_staff user property based on groups diff --git a/swh/auth/tests/test_utils.py b/swh/auth/tests/test_utils.py --- a/swh/auth/tests/test_utils.py +++ b/swh/auth/tests/test_utils.py @@ -6,6 +6,8 @@ from copy import copy from datetime import datetime +import pytest + from swh.auth.django.utils import oidc_user_from_decoded_token, oidc_user_from_profile from swh.auth.tests.sample_data import CLIENT_ID, DECODED_TOKEN, OIDC_PROFILE @@ -42,6 +44,30 @@ assert user.sub == "feacd344-b468-4a65-a236-14f61e6b7200" +@pytest.mark.parametrize( + "key,mapped_key", + [ + ("preferred_username", "username"), + ("given_name", "first_name"), + ("family_name", "last_name"), + ("email", "email"), + ], +) +def test_oidc_user_from_decoded_token_empty_fields_ok(key, mapped_key): + decoded_token = copy(DECODED_TOKEN) + decoded_token.pop(key, None) + + user = oidc_user_from_decoded_token(decoded_token, client_id=CLIENT_ID) + + assert user.id == 338521271020811424925120118444075479552 + assert user.password == "" + assert user.is_staff is False + assert user.permissions == set() + assert user.sub == "feacd344-b468-4a65-a236-14f61e6b7200" + # Ensure the missing field is mapped to an empty value + assert getattr(user, mapped_key) == "" + + def test_oidc_user_from_profile(keycloak_mock): date_now = datetime.now()