From 9b5d356e46ada90843552dc99ee8363071944a8f Mon Sep 17 00:00:00 2001 From: Ralph Broenink Date: Sun, 14 Jan 2018 11:09:42 +0100 Subject: [PATCH] Fix IntegrityError when user has multiple email addresses Since you can set up multiple email addresses for users, it is possible that sentry_ldap_auth updates the wrong email address when changing the UserEmail field. Say, you have two UserEmail objects for an user, 'personal' and 'system-wide'. When 'personal' gets updated to "system-wide", this generates an IntegrityError because (user, email) is unique in the database, preventing logon. I doubt this entire structure is even necessary because when the 'email' attribute is set correctly on ``AUTH_LDAP_USER_ATTR_MAP`` this should all happen automatically. --- sentry_ldap_auth/backend.py | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/sentry_ldap_auth/backend.py b/sentry_ldap_auth/backend.py index 9798c30..b34862c 100644 --- a/sentry_ldap_auth/backend.py +++ b/sentry_ldap_auth/backend.py @@ -19,27 +19,23 @@ def get_or_create_user(self, username, ldap_user): user.is_managed = True + # Add the user email address try: from sentry.models import (UserEmail) except ImportError: pass else: - userEmail = UserEmail.objects.filter(user=user) - if not userEmail: - userEmail = UserEmail.objects.create(user=user) - else: - userEmail = userEmail[0] - - if not hasattr(settings, 'AUTH_LDAP_DEFAULT_EMAIL_DOMAIN'): - email = ' ' - else: - email = username + '@' + settings.AUTH_LDAP_DEFAULT_EMAIL_DOMAIN - if 'mail' in ldap_user.attrs: - userEmail.email = ldap_user.attrs.get('mail')[0] + email = ldap_user.attrs.get('mail')[0] + elif not hasattr(settings, 'AUTH_LDAP_DEFAULT_EMAIL_DOMAIN'): + email = '' else: - userEmail.email = email - userEmail.save() + email = username + '@' + settings.AUTH_LDAP_DEFAULT_EMAIL_DOMAIN + + # django-auth-ldap may have accidentally created an empty email address + UserEmail.objects.filter(user=user, email='').delete() + if email: + UserEmail.objects.get_or_create(user=user, email=email) # Check to see if we need to add the user to an organization if not settings.AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION: