Canonical SSO provider

Merge lp:~tartley/canonical-identity-provider/rm-no-verified-address-para into lp:canonical-identity-provider/release

  1. rm-no-verified-address-para
  2. Merge into trunk
Proposed by Jonathan Hartley
Status: Merged
Approved by: Jonathan Hartley
Approved revision: no longer in the source branch.
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: lp:~tartley/canonical-identity-provider/rm-no-verified-address-para
Merge into: lp:canonical-identity-provider/release
Prerequisite: lp:~tartley/canonical-identity-provider/status-code-diagnostics
Diff against target: 43 lines (+0/-22)
2 files modified
src/api/v20/handlers.py (+0/-8)
src/api/v20/tests/test_handlers.py (+0/-14)
To merge this branch: bzr merge lp:~tartley/canonical-identity-provider/rm-no-verified-address-para
Reviewer Review Type Date Requested Status
Matias Bordese (community) Approve
Review via email: mp+377382@code.launchpad.net

Commit message

Remove code that cannot be reached.

The containing 'if not account.can_reset_password',
16 lines up from the deletion,
does not check whether there are any validated email addresses.
Instead it just checks that account.status must be either
Suspended or Deleted.

Suspended accounts are handled by an early return,
9 lines up from the deletion.

Deleted accounts also delete their associated email addresses,
so can not be retrieved by the Account.get_by_email call
near the start of this method.

There was a test for this deleted code,
but it monkey patched a fake value to make this code reachable.
I tried replacing the test with one that didn't do monkey patching
(e.g. using a deleted account would be the only way)
but was unable to make the code reachable.

In practice, accounts with no validated email addresses pass
right by this code, and end up reading from account.preferredemail,
14 lines below the deletion,
which falls back to using a new email address.

To post a comment you must log in.
Revision history for this message
Matias Bordese (matiasb) wrote :

Reviewed possible account status values, makes sense to me.
Even more, DEACTIVATED is not possible here (but I just noted you comment and fix on this in your next MP!).

review: Approve
Revision history for this message
Matias Bordese (matiasb) wrote :

Reviewed possible account status values, makes sense to me.
Even more, DEACTIVATED is not possible here (but I just noted you comment and fix on this in your next MP!).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/api/v20/handlers.py'
2--- src/api/v20/handlers.py 2020-01-09 16:39:50 +0000
3+++ src/api/v20/handlers.py 2020-01-09 16:39:50 +0000
4@@ -300,14 +300,6 @@
5 "not sent out because %s" % condition)
6 return errors.ACCOUNT_DEACTIVATED()
7
8- # user does not have any verified email address
9- # he should contact support
10- condition = ("account '%s' is not allowed to reset password" %
11- account.displayname)
12- logger.debug("PasswordResetTokenHandler.create: email was not "
13- "sent out because %s" % condition)
14- return errors.CAN_NOT_RESET_PASSWORD()
15-
16 # account_email is populated from our database.
17 # It is safe to use to generate tokens, send emails, etc.
18 account_email = None
19
20=== modified file 'src/api/v20/tests/test_handlers.py'
21--- src/api/v20/tests/test_handlers.py 2020-01-09 16:39:50 +0000
22+++ src/api/v20/tests/test_handlers.py 2020-01-09 16:39:50 +0000
23@@ -1772,20 +1772,6 @@
24 self.mock_logger.debug("PasswordResetTokenHandler.create: email was "
25 "not sent out because %s" % condition)
26
27- def test_can_not_reset_password(self):
28- name = 'identityprovider.models.account.Account.can_reset_password'
29- with patch(name, False):
30- content = self.do_post(data=self.data, status_code=403)
31-
32- self.assertEqual(content, {
33- 'message': 'Can not reset password. Please contact login support',
34- 'code': 'CAN_NOT_RESET_PASSWORD',
35- 'extra': {}})
36-
37- condition = "account '%s' is not active" % self.account.displayname
38- self.mock_logger.debug("PasswordResetTokenHandler.create: email was "
39- "not sent out because %s" % condition)
40-
41 def assert_email_used(self, result, expected_email):
42 # Then the response contains the user's stored email.
43 self.assertEqual(result['email'], expected_email)