Open hazraa opened 2 years ago
We had the same problem, I've overwritten the Backend to make a case insensitive check. I wouldn't say its incorrect. On MS we store emails CamelCase while Django uses lowercase.
import logging
from django.contrib.auth import get_user_model
from microsoft_auth.backends import MicrosoftAuthenticationBackend
logger = logging.getLogger("django")
User = get_user_model()
class CIUserMicrosoftAuthenticationBackend(MicrosoftAuthenticationBackend):
"""
Extend the original auth backend to use and compare lowercase
usernames/emails. These methods might need to be updated if the
upstream class changes.
"""
def _verify_microsoft_user(self, microsoft_user, data):
user = microsoft_user.user
if user is None:
fullname = data.get("name")
first_name, last_name = "", ""
if fullname is not None:
try:
# LastName, FirstName format
last_name, first_name = fullname.split(", ")
except ValueError:
try:
first_name, last_name = fullname.split(" ", 1)
except ValueError:
firstname = fullname
try:
# create new Django user from provided data
user = User.objects.get(
username__iexact=data["email"].lower()
) # ⚠️ Change here
if user.first_name == "" and user.last_name == "":
user.first_name = first_name
user.last_name = last_name
user.save()
except User.DoesNotExist:
user = User(
username=data["email"].lower(), # ⚠️ Change here
first_name=first_name,
last_name=last_name,
email=data["email"].lower(), # ⚠️ Change here
)
user.save()
existing_account = self._get_existing_microsoft_account(user)
if existing_account is not None:
if self.config.MICROSOFT_AUTH_AUTO_REPLACE_ACCOUNTS:
existing_account.user = None
existing_account.save()
else:
logger.warning(
(
"User {} already has linked Microsoft "
"account and MICROSOFT_AUTH_AUTO_REPLACE_ACCOUNTS "
"is False"
).format(user.email)
)
return None
microsoft_user.user = user
microsoft_user.save()
return user
.../site-packages/microsoft_auth/backends.py in _verify_microsoft_user
Maybe particular to our 'incorrect' use case where django admin users can be setup manually and then are tied to their AD user by the previously manually entered email address. The 'get()' ofcourse barfs on multiples.