CR response: simplify duduping and add docstring

Author: cslzchen

api/institutions/authentication.py

@@ -226,11 +226,11 @@ def authenticate(self, request):
 
         # Deduplicate full name first if it is provided
         if fullname:
-            fullname = deduplicate_sso_attributes(institution, sso_identity, 'fullname', fullname)
+            fullname = deduplicate_sso_attributes('fullname', fullname)
         # Use given name and family name to build full name if it is not provided
         if given_name and family_name and not fullname:
-            given_name = deduplicate_sso_attributes(institution, sso_identity, 'given_name', given_name)
-            family_name = deduplicate_sso_attributes(institution, sso_identity, 'family_name', family_name)
+            given_name = deduplicate_sso_attributes('given_name', given_name)
+            family_name = deduplicate_sso_attributes('family_name', family_name)
             fullname = given_name + ' ' + family_name
 
         # Non-empty full name is required. Fail the auth and inform sentry if not provided.
@@ -243,13 +243,7 @@ def authenticate(self, request):
 
         # Deduplicate sso email, currently we only handle duplicate sso email instead of multiple sso email
         try:
-            sso_email = deduplicate_sso_attributes(
-                institution,
-                sso_identity,
-                'sso_email',
-                sso_email,
-                ignore_errors=False,
-            )
+            sso_email = deduplicate_sso_attributes('sso_email', sso_email)
         except MultipleSSOEmailError:
             message = f'Institution SSO Error: multiple SSO email [sso_email={sso_email}, sso_identity={sso_identity}, institution={institution._id}]'
             sentry.log_message(message)

framework/auth/__init__.py

@@ -159,17 +159,16 @@ def get_or_create_institutional_user(fullname, sso_email, sso_identity, primary_
     return user, True, None, None, sso_identity
 
 
-def deduplicate_sso_attributes(institution, sso_identity, attr_name, attr_value, delimiter=';', ignore_errors=True):
+def deduplicate_sso_attributes(attr_name, attr_value, delimiter=';'):
     if delimiter not in attr_value:
         return attr_value
     value_set = set(attr_value.split(delimiter))
     if len(value_set) != 1:
-        message = (f'Multiple values {attr_value} found for SSO attribute {attr_name}: '
-                   f'[institution_id={institution._id}, sso_identity={sso_identity}]')
-        if ignore_errors:
-            sentry.log_message(message)
-            return attr_value
-        raise MultipleSSOEmailError(message)
+        message = f'Multiple values found for SSO attribute: [{attr_name}={attr_value}]'
+        sentry.log_message(message)
+        if attr_name == 'sso_email':
+            raise MultipleSSOEmailError(message)
+        return attr_value
     return value_set.pop()
 
 

framework/auth/exceptions.py

@@ -68,4 +68,5 @@ class MergeConflictError(EmailConfirmTokenError):
 
 
 class MultipleSSOEmailError(AuthError):
+    """Raised if institution SSO provides multiple emails which OSF cannot deduplicate."""
     pass