Only show roles in active roups in the oidc roles claim. Fixes #3424. Commit ready for merge.

- Legacy-Id: 19412
2021-10-11 19:08:46 +00:00 · 2021-10-11 19:08:46 +00:00 · 21f5a55e2f
parent d1a9f0d844
commit 21f5a55e2f
2 changed files with 5 additions and 2 deletions
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -810,7 +810,8 @@ class OpenIDConnectTests(TestCase):
            # Get a user for which we want to get access
            person = PersonFactory(with_bio=True)
-            RoleFactory(name_id='chair', person=person)
+            active_group = RoleFactory(name_id='chair', person=person).group
            closed_group = RoleFactory(name_id='chair', person=person, group__state_id='conclude').group
            # an additional email
            EmailFactory(person=person)
            email_list = person.email_set.all().values_list('address', flat=True)
@ -880,6 +881,8 @@ class OpenIDConnectTests(TestCase):
                self.assertTrue(userinfo[key])
            self.assertIn('remote', set(userinfo['reg_type'].split()))
            self.assertNotIn('hackathon', set(userinfo['reg_type'].split()))
            self.assertIn(active_group.acronym, [i[1] for i in userinfo['roles']])
            self.assertNotIn(closed_group.acronym, [i[1] for i in userinfo['roles']])
            # Create another registration, with a different email
            MeetingRegistration.objects.create(
--- a/ietf/ietfauth/utils.py
+++ b/ietf/ietfauth/utils.py
@ -247,7 +247,7 @@ class OidcExtraScopeClaims(oidc_provider.lib.claims.ScopeClaims):
        )
    def scope_roles(self):
-        roles = self.user.person.role_set.values_list('name__slug', 'group__acronym')
+        roles = self.user.person.role_set.filter(group__state_id__in=('active','bof','proposed')).values_list('name__slug', 'group__acronym')
        info = {
                'roles': list(roles)
            }