Request user details sync after Passkey login and registration

Author: Stormheg

src/django_otp_webauthn/views.py

@@ -21,7 +21,11 @@
 from django_otp_webauthn import exceptions
 from django_otp_webauthn.models import AbstractWebAuthnCredential
 from django_otp_webauthn.settings import app_settings
-from django_otp_webauthn.utils import get_credential_model, rewrite_exceptions
+from django_otp_webauthn.utils import (
+    get_credential_model,
+    request_user_details_sync,
+    rewrite_exceptions,
+)
 
 WebAuthnCredential = get_credential_model()
 User = get_user_model()
@@ -153,6 +157,8 @@ def post(self, *args, **kwargs):
             # change that indicator.
             if not self.request.user.is_verified():
                 otp_login(self.request, device)
+
+            request_user_details_sync(self.request)
         return Response(data={"id": device.pk}, content_type="application/json")
 
 
@@ -245,6 +251,7 @@ def complete_auth(self, device: AbstractWebAuthnCredential) -> AbstractBaseUser:
 
         # Mark the user as having passed verification
         otp_login(self.request, device)
+        request_user_details_sync(self.request)
 
     success_url_allowed_hosts = set()
 

tests/integration/test_views_authentication.py

@@ -212,6 +212,8 @@ def test_authentication_complete__anonymous_user_passwordless_login_allowed(
     assert (
         session["_auth_user_backend"] == "django_otp_webauthn.backends.WebAuthnBackend"
     )
+    # Signaled that user details sync is needed
+    assert session["otp_webauthn_sync_needed"] is True
 
 
 @pytest.mark.django_db
@@ -235,6 +237,8 @@ def test_authentication_complete__verify_existing_user(api_client, settings, use
     session = api_client.session
     assert "otp_webauthn_authentication_state" not in session
     assert session["otp_device_id"] == credential.persistent_id
+    # Signaled that user details sync is needed
+    assert session["otp_webauthn_sync_needed"] is True
 
 
 @pytest.mark.django_db
@@ -258,6 +262,8 @@ def test_authentication_complete_device_usable__unconfirmed(api_client, user):
     session = api_client.session
     assert "otp_webauthn_authentication_state" not in session
     assert "otp_device_id" not in session
+    # No user details sync should be requested
+    assert "otp_webauthn_sync_needed" not in session
 
 
 @pytest.mark.django_db
@@ -285,6 +291,8 @@ def test_authentication_complete_device_usable__user_disabled(
     session = api_client.session
     assert "otp_webauthn_authentication_state" not in session
     assert "otp_device_id" not in session
+    # No user details sync should be requested
+    assert "otp_webauthn_sync_needed" not in session
 
 
 @pytest.mark.django_db

tests/integration/test_views_registration.py

@@ -241,6 +241,9 @@ def test_registration_complete__valid_response_but_already_verified(
     assert cred.persistent_id != credential.persistent_id
     assert api_client.session["otp_device_id"] == credential.persistent_id
 
+    # Signaled that user details sync is needed
+    assert api_client.session["otp_webauthn_sync_needed"] is True
+
 
 @pytest.mark.django_db
 def test_registration_complete__valid_response(api_client, user, credential_model):
@@ -279,3 +282,6 @@ def test_registration_complete__valid_response(api_client, user, credential_mode
 
     # The user session wasn't 2FA verified before, so now it should be
     assert api_client.session["otp_device_id"] == cred.persistent_id
+
+    # Signaled that user details sync is needed
+    assert api_client.session["otp_webauthn_sync_needed"] is True