Merged in [15702] from johnl@taugh.com:

Allow email as well as username when logging in. - Legacy-Id: 15739 Note: SVN reference [15702] has been migrated to Git commit e4dd65d9f9
2018-11-08 06:42:32 +00:00 · 2018-11-08 06:42:32 +00:00 · 753f34fba1
parent 89ef806013 e4dd65d9f9
commit 753f34fba1
2 changed files with 28 additions and 1 deletions
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -84,6 +84,18 @@ class IetfAuthTests(TestCase):
        self.assertEqual(r.status_code, 302)
        self.assertEqual(urlsplit(r["Location"])[2], "/foobar")

+    def test_login_with_different_email(self):
+        person = PersonFactory(user__username='plain')
+        email = EmailFactory(person=person)
+
+        # try logging in without a next
+        r = self.client.get(urlreverse(ietf.ietfauth.views.login))
+        self.assertEqual(r.status_code, 200)
+
+        r = self.client.post(urlreverse(ietf.ietfauth.views.login), {"username":email, "password":"plain+password"})
+        self.assertEqual(r.status_code, 302)
+        self.assertEqual(urlsplit(r["Location"])[2], urlreverse(ietf.ietfauth.views.profile))
+
    def extract_confirm_url(self, confirm_email):
        # dig out confirm_email link
        msg = confirm_email.get_payload(decode=True)
--- a/ietf/ietfauth/views.py
+++ b/ietf/ietfauth/views.py
@ -41,7 +41,7 @@ import django.core.signing
 from django import forms
 from django.contrib import messages
 from django.conf import settings
-from django.contrib.auth import update_session_auth_hash, logout
+from django.contrib.auth import update_session_auth_hash, logout, authenticate
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.hashers import identify_hasher
@ -586,6 +586,21 @@ def login(request, extra_context=None):
        form = AuthenticationForm(request, data=request.POST)
        username = form.data.get('username')
        user = User.objects.filter(username=username).first()
+        if not user:
+            # try to find user ID from the email address
+            email = Email.objects.filter(address=username).first()
+            if email and email.person and email.person.user:
+                u2 = email.person.user
+                # be conservative, only accept this if login is valid
+                if u2:
+                    pw = form.data.get('password')
+                    au = authenticate(request, username=u2.username, password=pw)
+                    if au:
+                        # kludge to change the querydict
+                        q2 = request.POST.copy()
+                        q2['username'] = u2.username
+                        request.POST = q2
+                        user = u2
        #
        if user:
            try: