feat: login user via email instead of username

dervoeti · dervoeti · commit f26e2dc6f004 · 2025-04-03T11:42:44.000+02:00
diff --git a/backend/application/access_control/services/oidc_authentication.py b/backend/application/access_control/services/oidc_authentication.py
@@ -12,7 +12,7 @@
 from rest_framework.request import Request
 
 from application.access_control.models import Authorization_Group, User
-from application.access_control.queries.user import get_user_by_username
+from application.access_control.queries.user import get_user_by_email
 from application.commons.models import Settings
 
 OIDC_PREFIX = "Bearer"
@@ -71,12 +71,12 @@ def _validate_jwt(self, token: str) -> Optional[User]:
                 algorithms=ALGORITHMS,
                 audience=os.environ["OIDC_CLIENT_ID"],
             )
-            username = payload.get(os.environ["OIDC_USERNAME"])
-            user = get_user_by_username(username)
+            email = payload.get(os.environ["OIDC_EMAIL"])
+            user = get_user_by_email(email)
             if user:
                 user = self._check_user_change(user, payload)
                 return user
-            return self._create_user(username, payload)
+            return self._create_user(email, payload)
         except jwt.PyJWTError as e:
             raise AuthenticationFailed(str(e)) from e
 
@@ -94,10 +94,10 @@ def _get_jwks_uri(self) -> str:
 
         return jwks_uri
 
-    def _create_user(self, username: str, payload: dict) -> User:
-        user = User(username=username, first_name="", last_name="", email="")
-        if os.environ.get("OIDC_EMAIL"):
-            user.email = payload[os.environ["OIDC_EMAIL"]]
+    def _create_user(self, email: str, payload: dict) -> User:
+        user = User(email=email, first_name="", last_name="", email="")
+        if os.environ.get("OIDC_USERNAME"):
+            user.username = payload[os.environ["OIDC_USERNAME"]]
         if os.environ.get("OIDC_FULL_NAME"):
             user.full_name = payload[os.environ["OIDC_FULL_NAME"]]
         if os.environ.get("OIDC_FIRST_NAME"):
@@ -126,7 +126,7 @@ def _create_user(self, username: str, payload: dict) -> User:
             return user
         except IntegrityError as e:
             # User was most likely created by another request
-            existing_user = get_user_by_username(username)
+            existing_user = get_user_by_email(email)
             if not existing_user:
                 raise e
             return existing_user
