IA-only auth flow

[mekarpeles]

Note: Before accepting, we need to CR and checkin code into olsystem

Todo:

• some naming needs to change.
• test cases required

Test flows:
Account Creation

1. Attempt to create an account on OpenLibrary.org w/ the email of an existing Archive.org user (e.g. foo@archive.org)
2. Attempt to create an account on OpenLibrary.org w/ the email of an existing Open Library username
3. Attempt to create an account on OpenLibrary.org w/ with an email that doesn't exist on IA or OL (e.g. foo+test1@archive.org)

Login

1. Attempt to login w/ valid OL credentials (the following should all fail):

• try w/ an OL account which hasn't been activated
• try w/ an OL account which is blocked
• try w/ an OL account which is linked
• try w/ an OL account which is not linked

2. Attempt to login w/ an email that doesn't exist on IA or OL (this should fail -- no such account)
3. Attempt to login w/ a valid IA account...

• which isn't verified/activated (should fail)
• which is already linked to an OL account (should succeed)
• which is unlinked & where no OL account exists with matching email (should succeed)
• which is unlinked & shares the same email as an OL account which is also unlinked (should succeed)
• which is unlinked & shares the same email as an OL account linked to another account (this should fail!)

[bfalling]

Misspell. Should be "assuming".

[bfalling]

Under which conditions would ol_account.itemname be true-y? We've already determined that there was no ol_account going in to this branch, and OpenLibraryAccount.create() will return an error dictionary if it fails, won't it? (Or is there a case where it will return None?) Cuz if what I say is correct, then seems like if not ol_account.itemname will always be true, since it's always dealing with a newly created, therefore unlinked ol_account.

[mekarpeles]

You're right, there shouldn't be a case possible, I added this because a function had been removed between branches causing it to appear as if the account did not have an itemname set after login (when really the function to fetch the itemname was indeed the problem)

[bfalling]

I think you can slightly simplify the logic by consolidating this if with the occurrence of if lending.config_ia_auth_only just above. If you go that route, you'll need to move around the if not ol_account.verified logic.

[mekarpeles]

I think this is about the same level of complexity in either case as ol_account.verified would then have to be checked in 2 locations instead of lending.config_ia_auth_only

[bfalling]

At this point, wouldn't it be the OL account which is not verified (for dev usage)? (Of course, this logic may shift if you follow the previous suggestion.)

[mekarpeles]

Yes, you're right

[bfalling]

Maybe add comment. This is for the new OL account.

[bfalling]

i.e. We already checked for blocked accounts up above, but you might comment that this is for the newly fetched OL account.

[bfalling]

Why wait this long to shut out OL logins when in production? In this current code, if the IA login fails, then the system still makes a db call to OL and an HTTP call to IA and then realizes "Oh, hey, I'm in production. I should return an error." Seems these should be moved up.

[mekarpeles]

Removed this flow entirely to simplify path of execution

[bfalling]

Seems like this whole branch starting with # Links the accounts if they can be and are not already is not needed for the production case. Haven't we already hit every case up above?

[mekarpeles]

Yes, this was an attempt to fix the problem where user logged in and it appeared as if they were not linked (when really the function to check link status had a regression). Resolved

[bfalling]

Please make sure all these forms are in the test plan.

[bfalling]

LGTM

[LeadSongDog]

@mekarpeles Did this change not disable the user's ability to set preferences, such as interface language? I can't even find the menu anymore.