From 6019cbec8302d92a938e2e3903633751a46bd05a Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Fri, 24 May 2024 23:51:17 -0400 Subject: [PATCH] Change admin search_fields to favor `USERNAME_FIELD` instead of "email". First nothing guarantees that the user model has a field named "email" as it can be set to a different name using `EMAIL_FIELD`. At the very least the `get_email_field_name` should have been used. Secondly nothing guarantees that `EMAIL_FIELD` is going to be indexed and thus suitable for search purposes. On the other hand `USERNAME_FIELD` must be unique and thus indexed to enforce the constraint and unique identifies users. For these reasons `USERNAME_FIELD` represents a better choice to allow the different toolkit models to be searched by through the admin. --- AUTHORS | 1 + oauth2_provider/admin.py | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/AUTHORS b/AUTHORS index 15eec14f9..29184c6fe 100644 --- a/AUTHORS +++ b/AUTHORS @@ -102,6 +102,7 @@ Sandro Rodrigues Shaheed Haque Shaun Stanworth Silvano Cerza +Simon Charette Sora Yanai Spencer Carroll Stéphane Raimbault diff --git a/oauth2_provider/admin.py b/oauth2_provider/admin.py index cefc75bb6..f3e98ac19 100644 --- a/oauth2_provider/admin.py +++ b/oauth2_provider/admin.py @@ -15,7 +15,7 @@ ) -has_email = hasattr(get_user_model(), "email") +username_field = get_user_model().USERNAME_FIELD class ApplicationAdmin(admin.ModelAdmin): @@ -25,7 +25,7 @@ class ApplicationAdmin(admin.ModelAdmin): "client_type": admin.HORIZONTAL, "authorization_grant_type": admin.VERTICAL, } - search_fields = ("name",) + (("user__email",) if has_email else ()) + search_fields = ("name", f"user__{username_field}") raw_id_fields = ("user",) @@ -33,20 +33,20 @@ class AccessTokenAdmin(admin.ModelAdmin): list_display = ("token", "user", "application", "expires") list_select_related = ("application", "user") raw_id_fields = ("user", "source_refresh_token") - search_fields = ("token",) + (("user__email",) if has_email else ()) + search_fields = ("token", f"user__{username_field}") list_filter = ("application",) class GrantAdmin(admin.ModelAdmin): list_display = ("code", "application", "user", "expires") raw_id_fields = ("user",) - search_fields = ("code",) + (("user__email",) if has_email else ()) + search_fields = ("code", f"user__{username_field}") class IDTokenAdmin(admin.ModelAdmin): list_display = ("jti", "user", "application", "expires") raw_id_fields = ("user",) - search_fields = ("user__email",) if has_email else () + search_fields = ("user__email", f"user__{username_field}") list_filter = ("application",) list_select_related = ("application", "user") @@ -54,7 +54,7 @@ class IDTokenAdmin(admin.ModelAdmin): class RefreshTokenAdmin(admin.ModelAdmin): list_display = ("token", "user", "application") raw_id_fields = ("user", "access_token") - search_fields = ("token",) + (("user__email",) if has_email else ()) + search_fields = ("token", f"user__{username_field}") list_filter = ("application",)