From e6f6f4697aaf2673d3981634640630b0b63372aa Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Thu, 10 Sep 2020 21:45:21 +0000
Subject: [PATCH] OpenID already has a photo URL as part of the 'profile'
 scope.  Added the the datatracker photo url to the returned OpenID 'profile'
 scope information when a profile photo is available.  - Legacy-Id: 18484

---
 ietf/ietfauth/tests.py |  4 ++--
 ietf/ietfauth/utils.py | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
index 644a40c7b..210e44877 100644
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@@ -765,7 +765,7 @@ class OpenIDConnectTests(TestCase):
             client.store_registration_info(client_reg)
 
             # Get a user for which we want to get access
-            person = PersonFactory()
+            person = PersonFactory(with_bio=True)
             RoleFactory(name_id='chair', person=person)
             # an additional email
             EmailFactory(person=person)
@@ -831,7 +831,7 @@ class OpenIDConnectTests(TestCase):
             # Get userinfo, check keys present
             userinfo = client.do_user_info_request(state=params["state"], scope=args['scope'])
             for key in [ 'email', 'family_name', 'given_name', 'meeting', 'name', 'roles',
-                         'ticket_type', 'reg_type', 'affiliation', ]:
+                         'ticket_type', 'reg_type', 'affiliation', 'picture', ]:
                 self.assertIn(key, userinfo)
             self.assertIn('remote', set(userinfo['reg_type'].split()))
             self.assertNotIn('hackathon', set(userinfo['reg_type'].split()))
diff --git a/ietf/ietfauth/utils.py b/ietf/ietfauth/utils.py
index ba4adb10d..fbd7f298b 100644
--- a/ietf/ietfauth/utils.py
+++ b/ietf/ietfauth/utils.py
@@ -18,6 +18,7 @@ from django.core.exceptions import PermissionDenied
 from django.db.models import Q
 from django.http import HttpResponseRedirect
 from django.shortcuts import get_object_or_404
+from django.urls import reverse as urlreverse
 from django.utils.decorators import available_attrs
 from django.utils.http import urlquote
 
@@ -209,21 +210,24 @@ def openid_userinfo(claims, user):
     # Populate claims dict.
     person = get_object_or_404(Person, user=user)
     email = person.email()
+    if person.photo:
+        photo_path = urlreverse('ietf.person.views.photo', kwargs={'email_or_name': person.email()})
+        photo_url = settings.IDTRACKER_BASE_URL + photo_path
+    else:
+        photo_url = ''
     claims.update( {
             'name':         person.plain_name(),
             'given_name':   person.first_name(),
             'family_name':  person.last_name(),
             'nickname':     '-',
             'email':        email.address if email else '',
+            'picture':      photo_url,
         } )
     return claims
 
-
-
-
 oidc_provider.lib.claims.StandardScopeClaims.info_profile = (
 		'Basic profile',
-		'Access to your basic datatracker information: Name.'
+		'Access to your basic datatracker information: Name, photo.'
 	    )
 
 class OidcExtraScopeClaims(oidc_provider.lib.claims.ScopeClaims):