PPHA-475: Add email to user model and pull from NHS Login

Themitchell · Themitchell · commit 816b931e171e · 2025-12-22T09:49:39.000Z
diff --git a/lung_cancer_screening/questions/auth.py b/lung_cancer_screening/questions/auth.py
@@ -37,10 +37,18 @@ def create_user(self, claims):
         nhs_number = claims.get('nhs_number')
         if not nhs_number:
             raise ValueError("Missing 'nhs_number' claim in OIDC token")
-        return user_class.objects.create_user(nhs_number=nhs_number)
 
+        email = claims.get('email')
+        return user_class.objects.create_user(
+            nhs_number=nhs_number,
+            email=email
+        )
 
-    def update_user(self, user, _claims):
+    def update_user(self, user, claims):
+        email = claims.get('email')
+        if email and user.email != email:
+            user.email = email
+            user.save()
         return user
 
     def _create_client_assertion(self):
@@ -64,15 +72,18 @@ def _create_client_assertion(self):
             'iss': client_id,
             'sub': client_id,
             'aud': token_endpoint,
-            'jti': f"{client_id}-{now}",
+            'jti': f"{client_id}-{now}",  # noqa: E501
             'iat': now,
             'exp': now + 300,
         }
 
         headers = {'alg': settings.OIDC_RP_SIGN_ALGO}
 
         assertion = jwt.encode(
-            claims, private_key, algorithm=settings.OIDC_RP_SIGN_ALGO, headers=headers
+            claims,
+            private_key,
+            algorithm=settings.OIDC_RP_SIGN_ALGO,
+            headers=headers
         )
 
         if isinstance(assertion, bytes):
diff --git a/lung_cancer_screening/questions/migrations/0024_add_email_to_user.py b/lung_cancer_screening/questions/migrations/0024_add_email_to_user.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.2.9 on 2025-12-17 15:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('questions', '0023_rename_height_responseset_height_metric'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='email',
+            field=models.EmailField(blank=True, max_length=254, null=True),
+        ),
+    ]
diff --git a/lung_cancer_screening/questions/models/user.py b/lung_cancer_screening/questions/models/user.py
@@ -19,6 +19,7 @@ def create_user(self, nhs_number, **extra_fields):
 
 class User(AbstractBaseUser):
     nhs_number = models.CharField(max_length=10, unique=True)
+    email = models.EmailField(blank=True, null=True)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
 
diff --git a/lung_cancer_screening/questions/tests/unit/models/test_user.py b/lung_cancer_screening/questions/tests/unit/models/test_user.py
@@ -15,6 +15,15 @@ def test_has_nhs_number_as_a_string(self):
             str
         )
 
+
+    def test_has_email_as_a_string(self):
+        self.user.email = 'test@example.com'
+        self.assertIsInstance(
+            self.user.email,
+            str
+        )
+
+
     def test_has_created_at_as_a_datetime(self):
         self.assertIsInstance(
             self.user.created_at,
diff --git a/lung_cancer_screening/questions/tests/unit/test_auth.py b/lung_cancer_screening/questions/tests/unit/test_auth.py
@@ -59,6 +59,17 @@ def test_create_user_when_nhs_number_claim_is_provided(self):
 
         self.assertEqual(user.nhs_number, '1234567890')
 
+    def test_create_user_with_email_claim(self):
+        claims = {
+            'nhs_number': '1234567890',
+            'email': 'test@example.com'
+        }
+
+        user = self.backend.create_user(claims)
+
+        self.assertEqual(user.nhs_number, '1234567890')
+        self.assertEqual(user.email, 'test@example.com')
+
     def test_create_user_without_nhs_number_raises_error(self):
         claims = {}
 
@@ -75,6 +86,33 @@ def test_update_user_returns_user(self):
         result = self.backend.update_user(user, claims)
 
         self.assertEqual(result, user)
+        self.assertEqual(user.email, 'test@example.com')
+
+    def test_update_user_updates_email_when_provided(self):
+        user = User.objects.create_user(
+            nhs_number='1234567890',
+            email='old@example.com'
+        )
+        claims = {'nhs_number': '1234567890', 'email': 'new@example.com'}
+
+        result = self.backend.update_user(user, claims)
+
+        user.refresh_from_db()
+        self.assertEqual(user.email, 'new@example.com')
+        self.assertEqual(result, user)
+
+    def test_update_user_does_not_update_email_when_not_provided(self):
+        user = User.objects.create_user(
+            nhs_number='1234567890',
+            email='existing@example.com'
+        )
+        claims = {'nhs_number': '1234567890'}
+
+        result = self.backend.update_user(user, claims)
+
+        user.refresh_from_db()
+        self.assertEqual(user.email, 'existing@example.com')
+        self.assertEqual(result, user)
 
     @patch('lung_cancer_screening.questions.auth.requests.post')
     def test_get_token_success(self, mock_post):
