Merged in [15702] from johnl@taugh.com:

levkowetz · levkowetz · commit 753f34fba13b · 2018-11-08T06:42:32.000Z
Allow email as well as username when logging in. - Legacy-Id: 15739 Note: SVN reference [15702] has been migrated to Git commit e4dd65d
diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
@@ -84,6 +84,18 @@ def test_login_and_logout(self):
         self.assertEqual(r.status_code, 302)
         self.assertEqual(urlsplit(r["Location"])[2], "/foobar")
 
+    def test_login_with_different_email(self):
+        person = PersonFactory(user__username='plain')
+        email = EmailFactory(person=person)
+
+        # try logging in without a next
+        r = self.client.get(urlreverse(ietf.ietfauth.views.login))
+        self.assertEqual(r.status_code, 200)
+
+        r = self.client.post(urlreverse(ietf.ietfauth.views.login), {"username":email, "password":"plain+password"})
+        self.assertEqual(r.status_code, 302)
+        self.assertEqual(urlsplit(r["Location"])[2], urlreverse(ietf.ietfauth.views.profile))
+
     def extract_confirm_url(self, confirm_email):
         # dig out confirm_email link
         msg = confirm_email.get_payload(decode=True)
diff --git a/ietf/ietfauth/views.py b/ietf/ietfauth/views.py
@@ -41,7 +41,7 @@
 from django import forms
 from django.contrib import messages
 from django.conf import settings
-from django.contrib.auth import update_session_auth_hash, logout
+from django.contrib.auth import update_session_auth_hash, logout, authenticate
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.hashers import identify_hasher
@@ -586,6 +586,21 @@ def login(request, extra_context=None):
         form = AuthenticationForm(request, data=request.POST)
         username = form.data.get('username')
         user = User.objects.filter(username=username).first()
+        if not user:
+            # try to find user ID from the email address
+            email = Email.objects.filter(address=username).first()
+            if email and email.person and email.person.user:
+                u2 = email.person.user
+                # be conservative, only accept this if login is valid
+                if u2:
+                    pw = form.data.get('password')
+                    au = authenticate(request, username=u2.username, password=pw)
+                    if au:
+                        # kludge to change the querydict
+                        q2 = request.POST.copy()
+                        q2['username'] = u2.username
+                        request.POST = q2
+                        user = u2
         #
         if user:
             try:
