Handle multiple user accounts exist during submissions

- create is_user_already_registered func - raise error during application submissions when not logged in if user provides an email that is present in multiple account.

Handle multiple user accounts exist during submissions
734cbb2b · Saurabh Kumar · aab80209 · 734cbb2b · 734cbb2b
Commit 734cbb2b authored 2 years ago by Saurabh Kumar
--- a/hypha/apply/users/models.py
+++ b/hypha/apply/users/models.py
@@ -22,7 +22,7 @@ from .groups import (
    STAFF_GROUP_NAME,
    TEAMADMIN_GROUP_NAME,
 )
-from .utils import get_user_by_email, send_activation_email
+from .utils import get_user_by_email, is_user_already_registered, send_activation_email


 class UserQuerySet(models.QuerySet):
@@ -73,9 +73,9 @@ class UserManager(BaseUserManager.from_queryset(UserQuerySet)):
        if not email:
            raise ValueError('The given email must be set')
        email = self.normalize_email(email)
-        existing_user = get_user_by_email(email, sensitive_search=0)
-        if existing_user:
-            raise ValueError('That email address is already taken.')
+        is_registered, reason = is_user_already_registered(email)
+        if is_registered:
+            raise ValueError(reason)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
@@ -123,23 +123,45 @@ class UserManager(BaseUserManager.from_queryset(UserQuerySet)):
        return params

    def get_or_create_and_notify(self, defaults=dict(), site=None, **kwargs):
-        # Set a temp password so users can access the password reset function if needed.
-        temp_pass = BaseUserManager().make_random_password(length=32)
-        temp_pass_hash = make_password(temp_pass)
-        defaults.update(password=temp_pass_hash)
-        user = get_user_by_email(kwargs.get('email'), sensitive_search=0)  # case insensitive matching
-        if not user:
+        """Create or get an account for applicant.
+        Args:
+            defaults: _description_. Defaults to dict().
+            site: _description_. Defaults to None.
+
+        Raises:
+            IntegrityError: if multiple account exist with same email
+
+        Returns:
+            _description_
+        """
+        _created = False
+
+        email = kwargs.get('email')
+        is_registered, _ = is_user_already_registered(email=email)
+
+        if is_registered:
+            user = get_user_by_email(email=email)
+            if not user:
+                raise IntegrityError("Found multiple account")
+
+        else:
+            temp_pass = BaseUserManager().make_random_password(length=32)
+            temp_pass_hash = make_password(temp_pass)
+            defaults.update(password=temp_pass_hash)
            try:
                params = dict(resolve_callables(self._extract_model_params(defaults, **kwargs)))
                user = self.create(**params)
            except IntegrityError:
                raise
-            send_activation_email(user, site)
            applicant_group = Group.objects.get(name=APPLICANT_GROUP_NAME)
            user.groups.add(applicant_group)
            user.save()
-            return user, True
-        return user, False
+            send_activation_email(user, site)
+            _created = True
+
+
+        return user, _created
+


 class User(AbstractUser):

--- a/hypha/apply/users/utils.py
+++ b/hypha/apply/users/utils.py
 from django.conf import settings
 from django.contrib.auth import get_user_model
+from django.utils.translation import gettext_lazy as _
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.core.mail import send_mail
 from django.template.loader import render_to_string
@@ -8,12 +9,12 @@ from django.utils.encoding import force_bytes
 from django.utils.http import urlsafe_base64_encode


-def get_user_by_email(email, sensitive_search=1):
+def get_user_by_email(email):
    UserModel = get_user_model()
    qs = UserModel.objects.filter(email__iexact=email)  # case insensitive matching

    # if multiple accounts then check with case sensitive search
-    if len(qs) > 1 and sensitive_search:
+    if len(qs) > 1:
        qs = qs.filter(email=email)  # case sensitive matching

    if len(qs) == 0:
@@ -23,6 +24,20 @@ def get_user_by_email(email, sensitive_search=1):
    return user


+def is_user_already_registered(email: str) -> (bool, str):
+    """
+    Checks if a specified user is already registered.
+    Returns a tuple containing a boolean value that indicates if the user exists
+    and in case he does whats the duplicated attribute
+    """
+
+    user_model = get_user_model()
+    if user_model.objects.filter(email=email):
+        return (True, _("Email is already in use."))
+
+    return (False, None)
+
+
 def can_use_oauth_check(user):
    """
    Checks that the user belongs to the whitelisted domains.