Update email in db when signing up through Cognito

[ethanstrominger]

Overview

As a user, I want the email entered when signing up with Cognito to match the username and email created in the People Depot DB, so that it is clear which record is associated with me.

Background

People Depot API is currently only being used in dev and is not called by any app, so developers are testing using Postman or similar tool. Similar issues will occur when in production.

Here is an overview of the steps:

• enter in a URL that allows you to create a new user in Cognito and get a token for that user.
• use Postman or similar tool with the token to call an API.
• When the API is called and the user does not exist in the Django db, a user is created with username equal to a UUID provided by the system. The email is not populated.

Solution

Currently, jwt.py (to be renamed to jwt_handler) calls authorize from the rest_framework_jwt package. The Django code then based on configuration calls django.contrib.auth.init.py which then calls authorize from django.contrib.backends.py. This was derived from locking the database which then sends an exception trace whenit can't insert. Here are the relevant snippets from jwt.py.

import jwt
...
jwt.authorize(payload)

Through configuration, this actually calls django.contrib.auth.authorize

To solve this, override authenticate function in backends.py and replace statement that creates a user to add email as a parameter. The code in backends.py that needs to be replaced is: user, created = UserModel._default_manager.get_or_create( **{UserModel.USERNAME_FIELD: username} )

More details are in Action items.

Action Items

• [ ] Rename jwt.py to jwt_handler.py. Do not do any autorefactoring.
• [ ] In settings.py, change the HANDLER constants to this:

  "JWT_PAYLOAD_GET_USERNAME_HANDLER": "core.utils.jwt_handler.get_username_from_payload_handler",
  "JWT_DECODE_HANDLER": "core.utils.jwt_handler.cognito_jwt_decode_handler",

• [ ] Create a CustomModelBackend which subclasses from ModelBackend
• [ ] Copy authenticate code from django/contrib/auth/backends.py into CustomModelBackend
• [ ] Modify below code to also update email.

  user, created = UserModel._default_manager.get_or_create(
              **{UserModel.USERNAME_FIELD: username}
          )

• [ ] Follow instructions in this ChatGPT thread to add CustomModelBackend to AUTHENTICATION_BACKENDS array in settings.py. It should be on the top. You can also ask ChatGPT.
• [ ] Modify

[fyliu]

@ethanstrominger the solution section paragraph is incoherent. Can you reword it to something we can follow? It looks like it just keeps talking about the problem until the middle of the first code block.

I thought the problem is that it's not saving the email address? I can't see the connection to what the paragraph is saying. The issue title is about updating email address, and the proposed changes has to do with overriding authentication in django and I'm not sure how that leads to the email being updated.