[HIDP-194] Add last_usage field to OpenIdConnection model (#336)

Author: ramonakira

packages/hidp/hidp/federated/migrations/0002_openidconnection_last_usage.py

@@ -0,0 +1,19 @@
+# Generated by Django 5.2 on 2025-05-08 09:11
+
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('hidp_federated', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='openidconnection',
+            name='last_usage',
+            field=models.DateTimeField(default=django.utils.timezone.now, verbose_name='last usage of this connection'),
+        ),
+    ]

packages/hidp/hidp/federated/models.py

@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.db import models
+from django.utils import timezone
 from django.utils.text import format_lazy
 from django.utils.translation import gettext_lazy as _
 
@@ -53,6 +54,10 @@ class OpenIdConnection(models.Model):
     # Unique identifier for the user at the identity provider (i.e. the "sub" claim)
     # Guaranteed to be unique together with the issuer_claim.
     subject_claim = models.CharField(max_length=255)
+    # The last time the user used this OpenID connection.
+    last_usage = models.DateTimeField(
+        _("last usage of this connection"), default=timezone.now
+    )
 
     # Manager
     objects = OpenIdConnectionQuerySet.as_manager()

packages/hidp/hidp/federated/views.py

@@ -11,6 +11,7 @@
     HttpResponseRedirect,
 )
 from django.urls import reverse, reverse_lazy
+from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.utils.text import format_lazy
@@ -180,6 +181,10 @@ def get_next_url(  # noqa: PLR6301 (no-self-use)
                 user_info=user_info,
             )
             view_name = "hidp_oidc_client:login"
+
+            # Update the last used date of the connection.
+            connection.last_usage = timezone.now()
+            connection.save()
         elif request.user.is_authenticated:
             # `sub` claim does not match an existing user:
             # Display a form allowing the user to link the OIDC account.

packages/hidp/hidp/locale/django.pot

@@ -191,6 +191,10 @@ msgstr ""
 msgid "Unknown provider: {provider_key}"
 msgstr ""
 
+#: hidp/federated/models.py
+msgid "last usage of this connection"
+msgstr ""
+
 #: hidp/federated/views.py
 msgid "An unexpected error occurred during authentication. Please try again."
 msgstr ""

packages/hidp/hidp/locale/nl/LC_MESSAGES/django.po

@@ -192,6 +192,10 @@ msgstr "OpenID-koppelingen"
 msgid "Unknown provider: {provider_key}"
 msgstr "Onbekende dienst: {provider_key}"
 
+#: hidp/federated/models.py
+msgid "last usage of this connection"
+msgstr "laatste gebruik van deze koppeling"
+
 #: hidp/federated/views.py
 msgid "An unexpected error occurred during authentication. Please try again."
 msgstr "Onverwachte fout tijdens authenticatie. Probeer het opnieuw."

packages/hidp/tests/smoke_tests/test_federated/test_views.py

@@ -271,12 +271,16 @@ def test_redirect_to_register(self, mock_handle_authentication_callback):
     )
     def test_redirect_to_login(self, mock_handle_authentication_callback):
         user = user_factories.VerifiedUserFactory()
-        models.OpenIdConnection.objects.create(
+        connection = models.OpenIdConnection.objects.create(
             user=user,
             provider_key="example",
             issuer_claim="example",
             subject_claim="test_subject",
         )
+
+        # Save original timestamp for comparison
+        original_last_usage = connection.last_usage
+
         response = self.client.get(
             reverse("hidp_oidc_client:callback", kwargs={"provider_key": "example"}),
             secure=True,
@@ -289,6 +293,14 @@ def test_redirect_to_login(self, mock_handle_authentication_callback):
         token = query["token"][0]
         self.assertIn(token, self.client.session)
 
+        # Refresh from DB and assert last_usage was updated
+        connection.refresh_from_db()
+        self.assertIsNotNone(connection.last_usage)
+        self.assertGreater(
+            connection.last_usage,
+            original_last_usage,
+        )
+
     @mock.patch(
         "hidp.federated.views.authorization_code_flow.handle_authentication_callback",
         return_value=(*_VALID_AUTH_CALLBACK, None),