ui: ignore missing profile attribute in dev admin (bug 2019496)

[shtrom]

No description provided.

[github-actions]

View this pull request in Lando to land it once approved.

[cgsheeh]

I'm able to render every page with my admin-enabled account in Lando-dev. In LandoOIDCAuthenticationBackend we create the .profile attribute in the post_auth_hook, so it seems we should have a .profile for any account which goes through the standard auth flow. How are you logging in the admin user where you're seeing this issue? It seems we should send admin accounts through the Profile creation code path (or add a code path to create a Profile manually) instead of adding workarounds.

[zzzeid]

I think this will only impact users created via the CLI (e.g., API users, or via our dev scripts). I think a better solution would be to either (1) create a hook that will create a profile for any user not created via that OIDC flow, or (2) handle the missing profile when we run into that issue (i.e., via a backend or middleware).

[zzzeid]

I'm able to render every page with my admin-enabled account in Lando-dev. In LandoOIDCAuthenticationBackend we create the .profile attribute in the post_auth_hook, so it seems we should have a .profile for any account which goes through the standard auth flow. How are you logging in the admin user where you're seeing this issue? It seems we should send admin accounts through the Profile creation code path (or add a code path to create a Profile manually) instead of adding workarounds.

The profile creation code path (as it exists today) would not be compatible with the workflows that do not go through OIDC, since there is no association with LDAP in that case (and thus no automatic permissions, or email, etc. as they would be for LDAP accounts). So we should probably have a flag on the profile that is set to make this more explicit in these cases.