You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/cloudharness_django/middleware.py
+84-9Lines changed: 84 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -15,35 +15,82 @@
15
15
16
16
17
17
def_get_user(kc_user_id: str) ->User:
18
+
"""
19
+
Get or create a Django user for the given Keycloak user ID.
20
+
21
+
CRITICAL SAFETY GUARANTEE: This function will NEVER return a User without a valid Member.
22
+
If we cannot ensure a Member exists, we return None (which triggers anonymous user behavior).
23
+
24
+
Returns:
25
+
User: A Django User with a guaranteed Member relationship, or None for anonymous
26
+
"""
18
27
user=None
19
28
ifkc_user_idisNone:
20
29
returnNone
21
-
# found bearer token get the Django user
30
+
22
31
try:
32
+
# Try to get existing user by member relationship
23
33
try:
24
34
user=User.objects.get(member__kc_id=kc_user_id)
35
+
36
+
# SAFETY CHECK: Verify member relationship is intact
37
+
try:
38
+
_=user.member# Access to verify it exists
39
+
exceptMember.DoesNotExist:
40
+
# Member was deleted between the query and now - return None for safety
41
+
log.error("User %s found but Member missing. Returning anonymous.", user.id)
42
+
returnNone
43
+
25
44
exceptUser.DoesNotExist:
45
+
# User doesn't exist - create it via sync_kc_user
26
46
user_svc=get_user_service()
27
47
kc_user=user_svc.auth_client.get_current_user()
28
48
try:
49
+
# sync_kc_user is atomic and guarantees Member creation
29
50
user=user_svc.sync_kc_user(kc_user)
30
51
user_svc.sync_kc_user_groups(kc_user)
52
+
53
+
# SAFETY CHECK: Final verification that Member exists
54
+
try:
55
+
_=user.member
56
+
exceptMember.DoesNotExist:
57
+
# This should NEVER happen due to sync_kc_user safety, but be defensive
58
+
log.error("sync_kc_user returned user %s without Member! Returning anonymous.", user.id)
59
+
returnNone
60
+
31
61
exceptUniqueViolationase:
32
-
# this can happen as a race condition while creating the Member object
62
+
# Race condition while creating the Member object
33
63
log.warning("UniqueViolation error for kc_id %s. Probably a race condition. %s", kc_user_id, str(e))
34
-
returnUser.objects.get(member__kc_id=kc_user_id) # If it still fails, we are missing something serious
35
-
64
+
# Try to get the user again
65
+
try:
66
+
user=User.objects.get(member__kc_id=kc_user_id)
67
+
# Verify member exists
68
+
_=user.member
69
+
except (User.DoesNotExist, Member.DoesNotExist):
70
+
log.error("Failed to retrieve user after UniqueViolation. Returning anonymous.")
71
+
returnNone
72
+
36
73
exceptUser.MultipleObjectsReturned:
37
74
# Race condition, multiple users created for the same kc_id
38
75
log.warning("Multiple users found for kc_id %s, cleaning up...", kc_user_id)
Copy file name to clipboardExpand all lines: infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/cloudharness_django/services/user.py
0 commit comments