BLUEBUTTON-666 Add login using email address in addition to username (#684)

dtisza1 · web-flow · commit b0f82eb15727 · 2019-01-07T10:50:19.000-05:00
* Add login using email address in addition to username

* Add test for login using email address
diff --git a/apps/accounts/tests/test_login.py b/apps/accounts/tests/test_login.py
@@ -64,3 +64,12 @@ def test_logout(self):
         response = self.client.get(reverse('mylogout'), follow=True)
         self.assertEqual(response.status_code, 200)
         self.assertContains(response, 'Login')
+
+    def test_valid_login_email(self):
+        """
+        Valid User can login using their email address
+        """
+        form_data = {'username': 'fred@example.com', 'password': 'bedrocks'}
+        response = self.client.post(self.url, form_data, follow=True)
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, 'Logout')
diff --git a/apps/accounts/views/mfa.py b/apps/accounts/views/mfa.py
@@ -3,6 +3,7 @@
 from django.http import HttpResponseRedirect
 from django.urls import reverse
 from django.contrib.auth import authenticate, login
+from django.contrib.auth.models import User
 from django.contrib import messages
 from django.utils.translation import ugettext_lazy as _
 from ..models import UserProfile, MFACode
@@ -15,6 +16,7 @@
 from django.views.decorators.cache import never_cache
 from axes.decorators import axes_dispatch
 
+
 logger = logging.getLogger('hhs_oauth_server.accounts')
 failed_login_log = logging.getLogger('unsuccessful_logins')
 
@@ -88,6 +90,17 @@ def mfa_login(request):
         if form.is_valid():
             username = form.cleaned_data['username']
             password = form.cleaned_data['password']
+
+            # If username doesn't exist, try username matching email address.
+            try:
+                User.objects.get(username__iexact=username)
+            except User.DoesNotExist:
+                try:
+                    check_user = User.objects.get(email__iexact=username)
+                    username = check_user.username
+                except User.DoesNotExist:
+                    pass
+
             user = authenticate(request=request, username=username.lower(), password=password)
 
             if user is not None:
