auth: Include user_id in the params returned at the end of mobile flow.

The user id is a very useful piece of information that the mobile
client should have access to - instead of only getting the email. This
makes it much simpler to impleent clients that might be robust to
changes in email address.
This commit is contained in:
Mateusz Mandera 2021-11-16 16:04:04 +01:00 committed by Tim Abbott
parent 9e979e9e66
commit 0abbb87155
4 changed files with 15 additions and 3 deletions

View File

@ -20,6 +20,12 @@ format used by the Zulip server that they are interacting with.
## Changes in Zulip 5.0 ## Changes in Zulip 5.0
**Feature level 108**
* In the mobile application authentication flow, the authenticated
user's `user_id` is now included in the parameters encoded in the
final `zulip://` redirect URL.
**Feature level 107** **Feature level 107**
* [`POST /register`](/api/register-queue), [`PATCH /settings`](/api/update-settings), * [`POST /register`](/api/register-queue), [`PATCH /settings`](/api/update-settings),
[`PATCH /realm/user_settings_defaults`](/api/update-realm-user-settings-defaults): [`PATCH /realm/user_settings_defaults`](/api/update-realm-user-settings-defaults):

View File

@ -33,7 +33,7 @@ DESKTOP_WARNING_VERSION = "5.4.3"
# Changes should be accompanied by documentation explaining what the # Changes should be accompanied by documentation explaining what the
# new level means in templates/zerver/api/changelog.md, as well as # new level means in templates/zerver/api/changelog.md, as well as
# "**Changes**" entries in the endpoint's documentation in `zulip.yaml`. # "**Changes**" entries in the endpoint's documentation in `zulip.yaml`.
API_FEATURE_LEVEL = 107 API_FEATURE_LEVEL = 108
# Bump the minor PROVISION_VERSION to indicate that folks should provision # Bump the minor PROVISION_VERSION to indicate that folks should provision
# only when going from an old version of the code to a newer version. Bump # only when going from an old version of the code to a newer version. Bump

View File

@ -1200,7 +1200,10 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase):
def test_social_auth_mobile_success(self) -> None: def test_social_auth_mobile_success(self) -> None:
mobile_flow_otp = "1234abcd" * 8 mobile_flow_otp = "1234abcd" * 8
account_data_dict = self.get_account_data_dict(email=self.email, name="Full Name") hamlet = self.example_user("hamlet")
account_data_dict = self.get_account_data_dict(
email=hamlet.delivery_email, name="Full Name"
)
self.assert_length(mail.outbox, 0) self.assert_length(mail.outbox, 0)
self.user_profile.date_joined = timezone_now() - datetime.timedelta( self.user_profile.date_joined = timezone_now() - datetime.timedelta(
seconds=JUST_CREATED_THRESHOLD + 1 seconds=JUST_CREATED_THRESHOLD + 1
@ -1231,7 +1234,9 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase):
query_params = urllib.parse.parse_qs(parsed_url.query) query_params = urllib.parse.parse_qs(parsed_url.query)
self.assertEqual(parsed_url.scheme, "zulip") self.assertEqual(parsed_url.scheme, "zulip")
self.assertEqual(query_params["realm"], ["http://zulip.testserver"]) self.assertEqual(query_params["realm"], ["http://zulip.testserver"])
self.assertEqual(query_params["email"], [self.example_email("hamlet")]) self.assertEqual(query_params["email"], [hamlet.delivery_email])
self.assertEqual(query_params["user_id"], [str(hamlet.id)])
encrypted_api_key = query_params["otp_encrypted_api_key"][0] encrypted_api_key = query_params["otp_encrypted_api_key"][0]
hamlet_api_keys = get_all_api_keys(self.example_user("hamlet")) hamlet_api_keys = get_all_api_keys(self.example_user("hamlet"))
self.assertIn(otp_decrypt_api_key(encrypted_api_key, mobile_flow_otp), hamlet_api_keys) self.assertIn(otp_decrypt_api_key(encrypted_api_key, mobile_flow_otp), hamlet_api_keys)

View File

@ -382,6 +382,7 @@ def create_response_for_otp_flow(
params = { params = {
encrypted_key_field_name: otp_encrypt_api_key(key, otp), encrypted_key_field_name: otp_encrypt_api_key(key, otp),
"email": user_profile.delivery_email, "email": user_profile.delivery_email,
"user_id": user_profile.id,
"realm": realm_uri, "realm": realm_uri,
} }
# We can't use HttpResponseRedirect, since it only allows HTTP(S) URLs # We can't use HttpResponseRedirect, since it only allows HTTP(S) URLs