fix(fly): return user with correct auth

sentaur-athena · sentaur-athena · commit da7b9895cb82 · 2023-09-19T16:34:23.000-07:00
diff --git a/src/sentry/services/hybrid_cloud/user/impl.py b/src/sentry/services/hybrid_cloud/user/impl.py
@@ -21,6 +21,7 @@
     OrganizationStatus,
     UserEmail,
 )
+from sentry.models.authidentity import AuthIdentity
 from sentry.models.user import User
 from sentry.services.hybrid_cloud.auth import AuthenticationContext
 from sentry.services.hybrid_cloud.filter_query import (
@@ -37,6 +38,7 @@
 )
 from sentry.services.hybrid_cloud.user.serial import serialize_rpc_user
 from sentry.services.hybrid_cloud.user.service import UserService
+from sentry.signals import user_signup
 
 logger = logging.getLogger("user:provisioning")
 
@@ -172,7 +174,9 @@ def get_first_superuser(self) -> Optional[RpcUser]:
             return None
         return serialize_rpc_user(user)
 
-    def get_or_create_user_by_email(self, *, email: str) -> RpcUser:
+    def get_or_create_user_by_email(
+        self, *, email: str, ident: Optional[str] = None, referrer: Optional[str] = None
+    ) -> RpcUser:
         with transaction.atomic(router.db_for_write(User)):
             user_query = User.objects.filter(email__iexact=email, is_active=True)
             # Create User if it doesn't exist
@@ -182,12 +186,25 @@ def get_or_create_user_by_email(self, *, email: str) -> RpcUser:
                     email=email,
                     name=email,
                 )
+                user_signup.send_robust(
+                    sender=self, user=user, source="api", referrer=referrer or "unknown"
+                )
             else:
                 # Users are not supposed to have the same email but right now our auth pipeline let this happen
-                # So let's not break the user experience
+                # So let's not break the user experience. Instead return the user with auth identity of ident or
+                # the first user if ident is None
+                user = user_query[0]
                 if user_query.count() > 1:
                     logger.warning("Email has multiple users", extra={"email": email})
-                user = user_query[0]
+                    if ident:
+                        for candid_user in user_query:
+                            identity_query = AuthIdentity.objects.filter(
+                                user=candid_user, ident=ident
+                            )
+                            if identity_query.exists():
+                                user = candid_user
+                                break
+
             return serialize_rpc_user(user)
 
     def verify_any_email(self, *, email: str) -> bool:
diff --git a/src/sentry/services/hybrid_cloud/user/service.py b/src/sentry/services/hybrid_cloud/user/service.py
@@ -139,7 +139,9 @@ def get_first_superuser(self) -> Optional[RpcUser]:
 
     @rpc_method
     @abstractmethod
-    def get_or_create_user_by_email(self, *, email: str) -> RpcUser:
+    def get_or_create_user_by_email(
+        self, *, email: str, ident: Optional[str] = None, referrer: Optional[str] = None
+    ) -> RpcUser:
         pass
 
     @rpc_method
diff --git a/tests/sentry/services/hybrid_cloud/user/test_impl.py b/tests/sentry/services/hybrid_cloud/user/test_impl.py
@@ -1,3 +1,6 @@
+from sentry.auth.providers.fly.provider import FlyOAuth2Provider
+from sentry.models.authidentity import AuthIdentity
+from sentry.models.authprovider import AuthProvider
 from sentry.services.hybrid_cloud.user.service import user_service
 from sentry.testutils.cases import TestCase
 from sentry.testutils.silo import control_silo_test
@@ -28,3 +31,19 @@ def test_get_user_ci(self):
         user = self.create_user(email="tESt@email.com")
         fetched_user = user_service.get_or_create_user_by_email(email="TesT@email.com")
         assert user.id == fetched_user.id
+
+    def test_get_user_with_ident(self):
+        user1 = self.create_user(email="test@email.com", username="1")
+        user2 = self.create_user(email="test@email.com", username="2")
+        org = self.create_organization(slug="test")
+        config_data = FlyOAuth2Provider.build_config(resource={"id": "x1234x"})
+        partner_user_id = "u4567u"
+        provider = AuthProvider.objects.create(
+            organization_id=org.id, provider="fly", config=config_data
+        )
+        AuthIdentity.objects.create(auth_provider=provider, user=user2, ident=partner_user_id)
+        fetched_user = user_service.get_or_create_user_by_email(
+            email="TesT@email.com", ident=partner_user_id
+        )
+        assert user2.id == fetched_user.id
+        assert user1.id != fetched_user.id
