diff --git a/trojstenid/users/models.py b/trojstenid/users/models.py index 95dbf1c..9cd69d2 100644 --- a/trojstenid/users/models.py +++ b/trojstenid/users/models.py @@ -12,6 +12,7 @@ from ulid import ULID if TYPE_CHECKING: + from allauth.account.models import EmailAddress from django.db.models.manager import RelatedManager from trojstenid.schools.models import UserSchoolRecord @@ -43,6 +44,7 @@ class User(AbstractUser): avatar_file = ImageField(upload_to=user_avatar_name, blank=True) userschoolrecord_set: "RelatedManager[UserSchoolRecord]" + emailaddress_set: "RelatedManager[EmailAddress]" @property def avatar(self): diff --git a/trojstenid/users/validators.py b/trojstenid/users/validators.py index 3e51ebd..3fdae9a 100644 --- a/trojstenid/users/validators.py +++ b/trojstenid/users/validators.py @@ -5,7 +5,14 @@ class OurOAuth2Validator(OAuth2Validator): oidc_claim_scope = OAuth2Validator.oidc_claim_scope - oidc_claim_scope.update({"groups": "groups", "school_info": "school_info"}) + oidc_claim_scope.update( + { + # field: required scope + "groups": "groups", + "school_info": "school_info", + "emails": "email", + } + ) def get_additional_claims(self, request): user: User = request.user @@ -13,18 +20,24 @@ def get_additional_claims(self, request): if record := user.get_current_school_record(): school_info = record.to_dict() + emails = set() + emails.add(user.email) + for e in user.emailaddress_set.filter(verified=True): + emails.add(e.email) + return { "name": user.get_full_name(), "family_name": user.last_name, "given_name": user.first_name, "preferred_username": user.username, "email": user.email, + "emails": list(emails), "groups": [g.name for g in user.groups.all()], "school_info": school_info, } - def validate_silent_login(self, request): + def validate_silent_login(self, request): # pyright:ignore return True - def validate_silent_authorization(self, request): + def validate_silent_authorization(self, request): # pyright:ignore return True