Fix IntegrityError when user has multiple email addresses (#29)

Since you can set up multiple email addresses for users, it is possible that sentry_ldap_auth updates the wrong email address when changing the UserEmail field. Say, you have two UserEmail objects for an user, 'personal' and 'system-wide'. When 'personal' gets updated to "system-wide", this generates an IntegrityError because (user, email) is unique in the database, preventing logon. I doubt this entire structure is even necessary because when the 'email' attribute is set correctly on ``AUTH_LDAP_USER_ATTR_MAP`` this should all happen automatically.
Banno · Apr 20, 2018 · 33d74bb · 33d74bb
1 parent f06770f
commit 33d74bb
Showing 1 changed file with 10 additions and 14 deletions.
diff --git a/sentry_ldap_auth/backend.py b/sentry_ldap_auth/backend.py
@@ -27,27 +27,23 @@ def get_or_create_user(self, username, ldap_user):
 
         user.is_managed = True
 
+        # Add the user email address
         try:
             from sentry.models import (UserEmail)
         except ImportError:
             pass
         else:
-            userEmail = UserEmail.objects.filter(user=user)
-            if not userEmail:
-                userEmail = UserEmail.objects.create(user=user)
-            else:
-                userEmail = userEmail[0]
-
-            if not hasattr(settings, 'AUTH_LDAP_DEFAULT_EMAIL_DOMAIN'):
-                email = ' '
-            else:
-                email = username + '@' + settings.AUTH_LDAP_DEFAULT_EMAIL_DOMAIN
-
             if 'mail' in ldap_user.attrs:
-                userEmail.email = ldap_user.attrs.get('mail')[0]
+                email = ldap_user.attrs.get('mail')[0]
+            elif not hasattr(settings, 'AUTH_LDAP_DEFAULT_EMAIL_DOMAIN'):
+                email = ''
             else:
-                userEmail.email = email
-            userEmail.save()
+                email = username + '@' + settings.AUTH_LDAP_DEFAULT_EMAIL_DOMAIN
+
+            # django-auth-ldap may have accidentally created an empty email address
+            UserEmail.objects.filter(user=user, email='').delete()
+            if email:
+                UserEmail.objects.get_or_create(user=user, email=email)
 
         # Check to see if we need to add the user to an organization
         if not settings.AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION: