Fixed #33561 -- Allowed synchronization of user attributes in RemoteUserBackend.

tests/auth_tests/test_remote_user.py

@@ -6,8 +6,15 @@ from django.contrib.auth.backends import RemoteUserBackend
 from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.models import User
 from django.middleware.csrf import _get_new_csrf_string, _mask_cipher_secret
-from django.test import Client, TestCase, modify_settings, override_settings
+from django.test import (
+    Client,
+    TestCase,
+    ignore_warnings,
+    modify_settings,
+    override_settings,
+)
 from django.utils import timezone
+from django.utils.deprecation import RemovedInDjango50Warning
 
 
 @override_settings(ROOT_URLCONF="auth_tests.urls")
@@ -215,11 +222,14 @@ class CustomRemoteUserBackend(RemoteUserBackend):
         """
         return username.split("@")[0]
 
-    def configure_user(self, request, user):
+    def configure_user(self, request, user, created=True):
         """
         Sets user's email address using the email specified in an HTTP header.
+        Sets user's last name for existing users.
         """
         user.email = request.META.get(RemoteUserTest.email_header, "")
+        if not created:
+            user.last_name = user.username
         user.save()
         return user
 
@@ -242,8 +252,12 @@ class RemoteUserCustomTest(RemoteUserTest):
         should not have been configured with an email address.
         """
         super().test_known_user()
-        self.assertEqual(User.objects.get(username="knownuser").email, "")
-        self.assertEqual(User.objects.get(username="knownuser2").email, "")
+        knownuser = User.objects.get(username="knownuser")
+        knownuser2 = User.objects.get(username="knownuser2")
+        self.assertEqual(knownuser.email, "")
+        self.assertEqual(knownuser2.email, "")
+        self.assertEqual(knownuser.last_name, "knownuser")
+        self.assertEqual(knownuser2.last_name, "knownuser2")
 
     def test_unknown_user(self):
         """
@@ -260,11 +274,40 @@ class RemoteUserCustomTest(RemoteUserTest):
         )
         self.assertEqual(response.context["user"].username, "newuser")
         self.assertEqual(response.context["user"].email, "user@example.com")
+        self.assertEqual(response.context["user"].last_name, "")
         self.assertEqual(User.objects.count(), num_users + 1)
         newuser = User.objects.get(username="newuser")
         self.assertEqual(newuser.email, "user@example.com")
 
 
+# RemovedInDjango50Warning.
+class CustomRemoteUserNoCreatedArgumentBackend(CustomRemoteUserBackend):
+    def configure_user(self, request, user):
+        return super().configure_user(request, user)
+
+
+@ignore_warnings(category=RemovedInDjango50Warning)
+class RemoteUserCustomNoCreatedArgumentTest(RemoteUserTest):
+    backend = "auth_tests.test_remote_user.CustomRemoteUserNoCreatedArgumentBackend"
+
+
+@override_settings(ROOT_URLCONF="auth_tests.urls")
+@modify_settings(
+    AUTHENTICATION_BACKENDS={
+        "append": "auth_tests.test_remote_user.CustomRemoteUserNoCreatedArgumentBackend"
+    },
+    MIDDLEWARE={"append": "django.contrib.auth.middleware.RemoteUserMiddleware"},
+)
+class RemoteUserCustomNoCreatedArgumentDeprecationTest(TestCase):
+    def test_known_user_sync(self):
+        msg = (
+            "`created=True` must be added to the signature of "
+            "CustomRemoteUserNoCreatedArgumentBackend.configure_user()."
+        )
+        with self.assertWarnsMessage(RemovedInDjango50Warning, msg):
+            self.client.get("/remote_user/", **{RemoteUserTest.header: "newuser"})
+
+
 class CustomHeaderMiddleware(RemoteUserMiddleware):
     """
     Middleware that overrides custom HTTP auth user header.