signon: report the remote username in __str__()

Signed-off-by: Mattia Rizzolo <mattia@debian.org>

signon/models.py

@@ -41,7 +41,10 @@ class Identity(models.Model):
     objects = IdentityManager()
 
     def __str__(self):
-        return f"{self.person if self.person else '-'}:{self.issuer}:{self.subject}"
+        if self.username:
+            return f"{self.person if self.person else '-'}:{self.issuer}:{self.subject} (aka {self.username})"
+        else:
+            return f"{self.person if self.person else '-'}:{self.issuer}:{self.subject} (no remote username)"
 
     def get_provider(self) -> providers.Provider:
         """

signon/tests/test_authentication.py

@@ -22,7 +22,8 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
         self.assertFalse(request.user.is_authenticated)
 
     def test_one_active_unbound_identity(self):
-        self.identities.create("user", issuer="debsso", subject="user@debian.org", audit_skip=True)
+        self.identities.create(
+            "user", issuer="debsso", subject="user@debian.org", username="user@debian.org", audit_skip=True)
 
         def _instantiate_identities(_self, request):
             request.signon_identities = {
@@ -42,7 +43,9 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
         self.assertFalse(request.user.is_authenticated)
 
     def test_one_active_bound_identity(self):
-        self.identities.create("user1", person=self.user1, issuer="debsso", subject="user@debian.org", audit_skip=True)
+        self.identities.create(
+            "user1", person=self.user1, issuer="debsso",
+            subject="user@debian.org", username="user1@debian.org", audit_skip=True)
 
         def _instantiate_identities(_self, request):
             request.signon_identities = {
@@ -64,8 +67,12 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
     def test_conflicting_active_bound_identities(self):
         # Multiple active bound identities pointing to different people cause
         # failure to authenticate
-        self.identities.create("user1", person=self.user1, issuer="debsso", subject="user1@debian.org", audit_skip=True)
-        self.identities.create("user2", person=self.user2, issuer="salsa", subject="2", audit_skip=True)
+        self.identities.create(
+            "user1", person=self.user1, issuer="debsso",
+            subject="user1@debian.org", username="user1@debian.org", audit_skip=True)
+        self.identities.create(
+            "user2", person=self.user2, issuer="salsa",
+            subject="2", username="user2", audit_skip=True)
 
         def _instantiate_identities(_self, request):
             request.signon_identities = {
@@ -80,7 +87,8 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
 
         self.assertEqual(log.output, [
             'ERROR:signon.middleware:Conflicting person mapping: identities '
-            f'({self.user1}:debsso:user1@debian.org, {self.user2}:salsa:2) map to at least'
+            f'({self.user1}:debsso:user1@debian.org (aka user1@debian.org), '
+            f'{self.user2}:salsa:2 (aka user2)) map to at least'
             f' {self.user1} and {self.user2}'
         ])
 
@@ -213,7 +221,7 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
                 response = client.get(reverse('signon:whoami'))
 
         self.assertEqual(log.output, [
-            f"INFO:signon.middleware:{self.user1}: auto associated to -:salsa:1",
+            f"INFO:signon.middleware:{self.user1}: auto associated to -:salsa:1 (no remote username)",
         ])
 
         self.assertEqual(response.status_code, 200)
@@ -235,13 +243,14 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
     def test_multiple_salsa_accounts(self):
         # One bound debsso account
         self.identities.create(
-                "debsso", person=self.user1, issuer="debsso", subject="user1@debian.org", audit_skip=True)
+            "debsso", person=self.user1, issuer="debsso",
+            subject="user1@debian.org", username="user1@debian.org", audit_skip=True)
         # One bound salsa account
         self.identities.create(
-                "salsa1", person=self.user1, issuer="salsa", subject="1", audit_skip=True)
+            "salsa1", person=self.user1, issuer="salsa", subject="1", username="salsa1", audit_skip=True)
         # One unbound salsa account
         self.identities.create(
-                "salsa2", issuer="salsa", subject="2", audit_skip=True)
+            "salsa2", issuer="salsa", subject="2", username="salsa2", audit_skip=True)
 
         def _instantiate_identities(_self, request):
             request.signon_identities = {
@@ -255,9 +264,9 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
                 response = client.get(reverse('signon:whoami'))
 
         self.assertEqual(log.output, [
-            f"INFO:signon.middleware:{self.user1}:"
-            f" skipping association to -:salsa:2 because {self.user1}:salsa:1 is already associated",
-            f'INFO:signon.middleware:{self.user1}: logging out spurious identity -:salsa:2',
+            f"INFO:signon.middleware:{self.user1}: skipping association to "
+            f"-:salsa:2 (aka salsa2) because {self.user1}:salsa:1 (aka salsa1) is already associated",
+            f'INFO:signon.middleware:{self.user1}: logging out spurious identity -:salsa:2 (aka salsa2)',
         ])
 
         self.assertEqual(response.status_code, 200)
@@ -301,8 +310,8 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
         person = self.identities.debsso.person
 
         self.assertEqual(log.output, [
-            f"INFO:signon.middleware:{person}: auto created from identity -:debsso:new@debian.org",
-            f"INFO:signon.middleware:{person}: auto bound to identity {person}:debsso:new@debian.org",
+            f"INFO:signon.middleware:{person}: auto created from identity -:debsso:new@debian.org (no remote username)",
+            f"INFO:signon.middleware:{person}: auto bound to identity {person}:debsso:new@debian.org (no remote username)",
         ])
 
         self.assertEqual(response.status_code, 200)
@@ -339,8 +348,8 @@ class TestAuthentication(SignonFixtureMixin, TestCase):
         person = self.identities.salsa.person
 
         self.assertEqual(log.output, [
-            f"INFO:signon.middleware:{person}: auto created from identity -:salsa:2",
-            f"INFO:signon.middleware:{person}: auto bound to identity {person}:salsa:2",
+            f"INFO:signon.middleware:{person}: auto created from identity -:salsa:2 (aka new)",
+            f"INFO:signon.middleware:{person}: auto bound to identity {person}:salsa:2 (aka new)",
         ])
 
         self.assertEqual(response.status_code, 200)

signon/tests/test_identity.py

@@ -9,8 +9,8 @@ class TestIdentity(SignonFixtureMixin, TestCase):
     def test_create(self):
         # Create an unbound identity
         identity = Identity.objects.create(
-                issuer="debsso", subject="user1@debian.org",
-                audit_author=self.user1, audit_notes="created test identity")
+            issuer="debsso", subject="user1@debian.org", username="user1@debian.org",
+            audit_author=self.user1, audit_notes="created test identity")
 
         self.assertIsNone(identity.person)
 
@@ -27,10 +27,10 @@ class TestIdentity(SignonFixtureMixin, TestCase):
             'picture': [None, ''],
             'profile': [None, ''],
             'subject': [None, 'user1@debian.org'],
-            'username': [None, ''],
+            'username': [None, 'user1@debian.org'],
         })
 
-        self.assertEqual(str(identity), "-:debsso:user1@debian.org")
+        self.assertEqual(str(identity), "-:debsso:user1@debian.org (aka user1@debian.org)")
 
         # Bind it
         identity.person = self.user1
@@ -44,4 +44,7 @@ class TestIdentity(SignonFixtureMixin, TestCase):
             'person': [None, str(self.user1)],
         })
 
-        self.assertEqual(str(identity), f"{self.user1}:debsso:user1@debian.org")
+        self.assertEqual(
+            str(identity),
+            f"{self.user1}:debsso:user1@debian.org (aka user1@debian.org)"
+        )