Revert the UserOpenID model change which added the account_verified flag. The…

Revert the UserOpenID model change which added the account_verified flag. The intention was to allow for the support of multiple UserOpenIDs for a given User, but in reality the solution wouldn't have provided this, because we have no idea which OP provided the e-mail address associated with the account. In the meantime, allow for the simple case of handling account_verified for a single UserOpenID, while not ruling out future support for the complex case.

django_openid_auth/auth.py

@@ -80,8 +80,7 @@ class OpenIDBackend:
                 claimed_id__exact=openid_response.identity_url)
         except UserOpenID.DoesNotExist:
             if getattr(settings, 'OPENID_CREATE_USERS', False):
-                user, user_openid = self.create_user_from_openid(
-                    openid_response)
+                user = self.create_user_from_openid(openid_response)
         else:
             user = user_openid.user
 
@@ -90,7 +89,7 @@ class OpenIDBackend:
 
         if getattr(settings, 'OPENID_UPDATE_DETAILS_FROM_SREG', False):
             details = self._extract_user_details(openid_response)
-            self.update_user_details(user_openid, details, openid_response)
+            self.update_user_details(user, details, openid_response)
 
         if getattr(settings, 'OPENID_PHYSICAL_MULTIFACTOR_REQUIRED', False):
             pape_response = pape.Response.fromSuccessResponse(openid_response)
@@ -275,10 +274,10 @@ class OpenIDBackend:
             openid_response.identity_url)
 
         user = User.objects.create_user(username, email, password=None)
-        user_openid = self.associate_openid(user, openid_response)
-        self.update_user_details(user_openid, details, openid_response)
+        self.associate_openid(user, openid_response)
+        self.update_user_details(user, details, openid_response)
 
-        return user, user_openid
+        return user
 
     def associate_openid(self, user, openid_response):
         """Associate an OpenID with a user account."""
@@ -300,8 +299,7 @@ class OpenIDBackend:
 
         return user_openid
 
-    def update_user_details(self, user_openid, details, openid_response):
-        user = user_openid.user
+    def update_user_details(self, user, details, openid_response):
         updated = False
         if details['first_name']:
             user.first_name = details['first_name'][:30]
@@ -313,13 +311,18 @@ class OpenIDBackend:
             user.email = details['email']
             updated = True
         if getattr(settings, 'OPENID_FOLLOW_RENAMES', False):
-            user.username = self._get_available_username(details['nickname'], openid_response.identity_url)
+            user.username = self._get_available_username(
+                details['nickname'], openid_response.identity_url)
             updated = True
         account_verified = details.get('account_verified', None)
-        if (account_verified is not None and
-                user_openid.account_verified != account_verified):
-            user_openid.account_verified = account_verified
-            user_openid.save()
+        if (account_verified is not None):
+            permission = Permission.objects.get(codename='account_verified')
+            perm_label = '%s.%s' % (permission.content_type.app_label,
+                                    permission.codename)
+            if account_verified and not user.has_perm(perm_label):
+                user.user_permissions.add(permission)
+            elif not account_verified and user.has_perm(perm_label):
+                user.user_permissions.remove(permission)
 
         if updated:
             user.save()

django_openid_auth/models.py

@@ -59,27 +59,13 @@ class UserOpenID(models.Model):
     user = models.ForeignKey(User)
     claimed_id = models.TextField(max_length=2047, unique=True)
     display_id = models.TextField(max_length=2047)
-    account_verified = models.BooleanField(default=False)
 
     class Meta:
         permissions = (
             ('account_verified', 'The OpenID has been verified'),
         )
 
-    def _get_permission(self):
-        return Permission.objects.get(codename='account_verified')
-
-    def save(self, force_insert=False, force_update=False, using=None):
-        permission = self._get_permission()
-        perm_label = '%s.%s' % (permission.content_type.app_label,
-                                permission.codename)
-        if self.account_verified and not self.user.has_perm(perm_label):
-            self.user.user_permissions.add(permission)
-        elif not self.account_verified and self.user.has_perm(perm_label):
-            self.user.user_permissions.remove(permission)
-        super(UserOpenID, self).save(force_insert, force_update, using)
-
     def delete(self, using=None):
-        permission = self._get_permission()
+        permission = Permission.objects.get(codename='account_verified')
         self.user.user_permissions.remove(permission)
         super(UserOpenID, self).delete(using)

django_openid_auth/tests/test_auth.py

@@ -29,7 +29,11 @@
 import unittest
 
 from django.conf import settings
-from django.contrib.auth.models import Group, User
+from django.contrib.auth.models import (
+    Group,
+    Permission,
+    User,
+)
 from django.test import TestCase
 
 from django_openid_auth.auth import OpenIDBackend
@@ -181,13 +185,12 @@ class OpenIDBackendTests(TestCase):
         user_openid, created = UserOpenID.objects.get_or_create(
             user=user,
             claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
-            account_verified=False)
+            display_id='http://example.com/existing_identity')
         data = dict(first_name=u"Some56789012345678901234567890123",
             last_name=u"User56789012345678901234567890123",
             email=u"someotheruser@example.com", account_verified=False)
 
-        self.backend.update_user_details(user_openid, data, response)
+        self.backend.update_user_details(user, data, response)
 
         self.assertEqual("Some56789012345678901234567890",  user.first_name)
         self.assertEqual("User56789012345678901234567890",  user.last_name)
@@ -206,35 +209,44 @@ class OpenIDBackendTests(TestCase):
             user=user, claimed_id=claimed_id, display_id=display_id)
         return user_openid
 
-    def _test_account_verified(self, user_openid, verified, expected):
+    def _test_account_verified(self, user, initially_verified, expected):
         # set user's verification status
-        user_openid.account_verified = verified
+        permission = Permission.objects.get(codename='account_verified')
+        if initially_verified:
+            user.user_permissions.add(permission)
+        else:
+            user.user_permissions.remove(permission)
+
+        if hasattr(user, '_perm_cache'):
+            del user._perm_cache
 
         # get a response including verification status
         response = self.make_response_ax()
         data = dict(first_name=u"Some56789012345678901234567890123",
-            last_name=u"User56789012345678901234567890123",
-            email=u"someotheruser@example.com", account_verified=expected)
-        self.backend.update_user_details(user_openid, data, response)
+                    last_name=u"User56789012345678901234567890123",
+                    email=u"someotheruser@example.com",
+                    account_verified=expected)
+        self.backend.update_user_details(user, data, response)
 
         # refresh object from the database
-        user_openid = UserOpenID.objects.get(pk=user_openid.pk)
+        user = User.objects.get(pk=user.pk)
         # check the verification status
-        self.assertEqual(user_openid.account_verified, expected)
-        self.assertEqual(user_openid.user.has_perm(
-            'django_openid_auth.account_verified'), expected)
+        self.assertEqual(user.has_perm('django_openid_auth.account_verified'),
+                         expected)
 
-    def test_update_user_openid_unverified(self):
+    def test_update_user_perms_unverified(self):
         user_openid = self.make_user_openid()
 
-        for verified in (False, True):
-            self._test_account_verified(user_openid, verified, expected=False)
+        for initially_verified in (False, True):
+            self._test_account_verified(
+                user_openid.user, initially_verified, expected=False)
 
-    def test_update_user_openid_verified(self):
+    def test_update_user_perms_verified(self):
         user_openid = self.make_user_openid()
 
-        for verified in (False, True):
-            self._test_account_verified(user_openid, verified, expected=True)
+        for initially_verified in (False, True):
+            self._test_account_verified(
+                user_openid.user, initially_verified, expected=True)
 
     def test_extract_user_details_name_with_trailing_space(self):
         response = self.make_response_ax(fullname="SomeUser ")

django_openid_auth/tests/test_models.py

@@ -31,7 +31,10 @@ import unittest
 from django.contrib.auth.models import User
 from django.test import TestCase
 
-from django_openid_auth.models import UserOpenID
+from django_openid_auth.models import (
+    Permission,
+    UserOpenID,
+)
 
 
 class UserOpenIDModelTestCase(TestCase):
@@ -42,47 +45,26 @@ class UserOpenIDModelTestCase(TestCase):
         user_openid, created = UserOpenID.objects.get_or_create(
             user=user,
             claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
-            account_verified=False)
+            display_id='http://example.com/existing_identity')
 
         self.assertEqual('someuser', user_openid.user.username)
         self.assertEqual(
             user_openid.claimed_id, 'http://example.com/existing_identity')
         self.assertEqual(
             user_openid.display_id, 'http://example.com/existing_identity')
-        self.assertFalse(user_openid.account_verified)
         self.assertFalse(
             User.objects.get(username='someuser').has_perm(
                 'django_openid_auth.account_verified'))
 
-    def test_create_verified_useropenid(self):
-        user = User.objects.create_user('someuser', 'someuser@example.com',
-                                        password=None)
-        user_openid, created = UserOpenID.objects.get_or_create(
-            user=user,
-            claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
-            account_verified=True)
-
-        self.assertEqual('someuser', user_openid.user.username)
-        self.assertEqual(
-            user_openid.claimed_id, 'http://example.com/existing_identity')
-        self.assertEqual(
-            user_openid.display_id, 'http://example.com/existing_identity')
-        self.assertTrue(user_openid.account_verified)
-        self.assertTrue(
-            User.objects.get(username='someuser').has_perm(
-                'django_openid_auth.account_verified'))
-
     def test_delete_verified_useropenid(self):
         user = User.objects.create_user('someuser', 'someuser@example.com',
                                         password=None)
         user_openid, created = UserOpenID.objects.get_or_create(
             user=user,
             claimed_id='http://example.com/existing_identity',
-            display_id='http://example.com/existing_identity',
-            account_verified=True)
-
+            display_id='http://example.com/existing_identity')
+        permission = Permission.objects.get(codename='account_verified')
+        user.user_permissions.add(permission)
         self.assertTrue(
             User.objects.get(username='someuser').has_perm(
                 'django_openid_auth.account_verified'))