fix(authenticator.utils): get ID_KEY from authenticator configuration, not defaults (ansible#672)

BrennanPaciorek · web-flow · commit b0c42fd3436e · 2024-12-09T16:01:22.000-05:00
- **tests(authentication): fix UID_KEY tests for
authentication.determine_username_from_uid_social, introduce failing
test**
- **fix(authenticator.utils): get ID_KEY from authenticator
configuration, not defaults**

AAP-37203
diff --git a/ansible_base/authentication/utils/authentication.py b/ansible_base/authentication/utils/authentication.py
@@ -95,13 +95,21 @@ def check_system_username(uid: str) -> None:
 
 
 def determine_username_from_uid_social(**kwargs) -> dict:
-    uid_field = getattr(kwargs.get('backend', None), 'ID_KEY', 'username')
-    if uid_field is None:
-        uid_field = 'username'
+    backend = kwargs.get('backend', None)
+    uid_field = 'username'
+    if backend:
+        # Update our fallback if the authenticator has an ID_KEY field, ignore if ID_KEY is None
+        if getattr(backend, "ID_KEY", None) is not None:
+            uid_field = backend.ID_KEY
+        # Favor the authenticator configuration variable ID_KEY if present
+        if hasattr(backend, "setting"):
+            uid_field_setting = backend.setting('ID_KEY', default=None)
+            if uid_field_setting is not None:
+                uid_field = uid_field_setting
     selected_username = kwargs.get('details', {}).get(uid_field, None)
     if not selected_username:
         raise AuthException(
-            _('Unable to get associated username from attribute {uid_field}: %(details)s') % {'uid_field': uid_field, 'details': kwargs.get("details", None)}
+            _('Unable to get associated username from attribute %(uid_field)s: %(details)s') % {'uid_field': uid_field, 'details': kwargs.get("details", None)}
         )
 
     authenticator = kwargs.get('backend')
diff --git a/test_app/tests/authentication/utils/test_authentication.py b/test_app/tests/authentication/utils/test_authentication.py
@@ -11,6 +11,13 @@
 from test_app.models import User
 
 
+@pytest.fixture
+def oidc_authenticator_plugin_uid_key_overridden(oidc_authenticator, random_name):
+    oidc_authenticator.configuration['ID_KEY'] = random_name
+    oidc_authenticator.save()
+    yield (oidc_authenticator, random_name)
+
+
 @pytest.mark.django_db
 class TestAuthenticationUtilsAuthentication:
     logger = 'ansible_base.authentication.utils.authentication.logger'
@@ -200,16 +207,26 @@ def test_determine_username_from_uid_social_happy_path(self, ldap_authenticator)
         )
         assert response == {'username': 'Bob'}
 
+    def test_determine_username_from_uid_social_authenticator_ID_KEY(self, oidc_authenticator_plugin_uid_key_overridden):
+        backend_authenticator_class, uid_key = oidc_authenticator_plugin_uid_key_overridden
+        backend = get_authenticator_class(backend_authenticator_class.type)(database_instance=backend_authenticator_class)
+        kwargs = {
+            'backend': backend,
+        }
+        with pytest.raises(AuthException) as ae:
+            authentication.determine_username_from_uid_social(**kwargs)
+        assert f'Unable to get associated username from attribute {uid_key}' in ae.value.backend
+
     @pytest.mark.parametrize(
         "kwargs,expected_uid_field",
         [
             ({}, 'username'),
             ({'backend': None}, 'username'),
-            ({'backend': SimpleNamespace(ID_KEY='testing')}, 'testing'),
-            ({'backend': SimpleNamespace(ID_KEY=None)}, 'testing'),
+            ({'backend': SimpleNamespace(ID_KEY="id_key_test_value")}, 'id_key_test_value'),
+            ({'backend': SimpleNamespace(ID_KEY=None)}, 'username'),
         ],
     )
-    def test_determine_username_from_uid_social_authenticator_ID_KEY(self, kwargs, expected_uid_field):
+    def test_determine_username_from_uid_social_authenticator_ID_KEY_fallback(self, kwargs, expected_uid_field):
         with pytest.raises(AuthException) as ae:
             authentication.determine_username_from_uid_social(**kwargs)
-            assert f'Unable to get associated username from attribute {expected_uid_field}' in ae
+        assert f'Unable to get associated username from attribute {expected_uid_field}' in ae.value.backend
diff --git a/test_app/tests/conftest.py b/test_app/tests/conftest.py
@@ -1,5 +1,6 @@
 import random
 import re
+import string
 from collections import defaultdict
 from datetime import datetime, timedelta
 from unittest import mock
@@ -29,6 +30,11 @@
 from test_app import models
 
 
+@pytest.fixture
+def random_name(length: int = 10) -> str:
+    return ''.join(random.choices(string.ascii_lowercase, k=length))
+
+
 @pytest.fixture()
 def openapi_schema():
     request = RequestFactory().get('/api/v1/')
