magicfelix · magicfelix · magicfelix · magicfelix · magicfelix · Tom Teichler
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,18 @@ All notable changes to this project will be documented in this file.
 The format is based on `Keep a Changelog`_,
 and this project adheres to `Semantic Versioning`_.

+`2.12.3` - 2023-03-07
+---------------------
+
+Fixed
+~~~~~
+
+* The permission check for the dashboard edit page failed when the user had no person assigned.
+* OIDC scope "phone" had no claims.
+* AlekSIS groups were not synced to Django groups on registration of existing persons
+* Invitations for existing short name did not work.
+* Invitations for persons without pre-defined e-mail address did not behave correctly
+
 `2.12.2`_ - 2022-12-18
 ----------------------

@@ -976,3 +988,4 @@ Fixed
 .. _2.12: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.12
 .. _2.12.1: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.12.1
 .. _2.12.2: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.12.2
+.. _2.12.3: https://edugit.org/AlekSIS/Official/AlekSIS/-/tags/2.12.3
--- a/aleksis/core/apps.py
+++ b/aleksis/core/apps.py
@@ -212,6 +212,10 @@ class CoreConfig(AppConfig):
                "postal_code": request.user.person.postal_code,
            }

+        if "phone" in scopes and has_person(request.user):
+            claims["mobile_number"] = request.user.person.mobile_number
+            claims["phone_number"] = request.user.person.phone_number
+
        if "groups" in scopes and has_person(request.user):
            claims["groups"] = list(
                request.user.person.member_of.values_list("name", flat=True).all()

--- a/aleksis/core/forms.py
+++ b/aleksis/core/forms.py
@@ -611,6 +611,7 @@ class AccountRegisterForm(SignupForm, ExtensibleForm):
        request = kwargs.pop("request", None)
        super(AccountRegisterForm, self).__init__(*args, **kwargs)

+        person = None
        if request.session.get("account_verified_email"):
            email = request.session["account_verified_email"]

@@ -619,16 +620,27 @@ class AccountRegisterForm(SignupForm, ExtensibleForm):
            except (Person.DoesNotExist, Person.MultipleObjectsReturned):
                raise SuspiciousOperation()

-            self.fields["email"].disabled = True
-            self.fields["email2"].disabled = True
+        elif request.session.get("invitation_code"):
+            try:
+                invitation = PersonInvitation.objects.get(
+                    key=request.session.get("invitation_code")
+                )
+            except PersonInvitation.DoesNotExist:
+                raise SuspiciousOperation()

-            if person:
-                available_fields = [field.name for field in Person._meta.get_fields()]
+            person = invitation.person
+
+        if person:
+            self.instance = person
+            available_fields = [field.name for field in Person._meta.get_fields()]
+            if person.email:
+                self.fields["email"].disabled = True
+                self.fields["email2"].disabled = True
                self.fields["email2"].initial = person.email
-                for field in self.fields:
-                    if field in available_fields and getattr(person, field):
-                        self.fields[field].disabled = True
-                        self.fields[field].initial = getattr(person, field)
+            for field in self.fields:
+                if field in available_fields and getattr(person, field):
+                    self.fields[field].disabled = True
+                    self.fields[field].initial = getattr(person, field)

    def save(self, request):
        adapter = get_adapter(request)
@@ -639,12 +651,29 @@ class AccountRegisterForm(SignupForm, ExtensibleForm):
        for field in Person._meta.get_fields():
            if field.name in self.cleaned_data:
                data[field.name] = self.cleaned_data[field.name]
-        person_qs = Person.objects.filter(email=data["email"])
-        if not person_qs.exists():
-            if get_site_preferences()["account__auto_create_person"]:
-                Person.objects.create(user=user, **data)
+        if self.instance:
+            person_qs = Person.objects.filter(pk=self.instance.pk)
        else:
-            person_qs.update(user=user, **data)
+            person_qs = Person.objects.filter(email=data["email"])
+            if not person_qs.exists():
+                if get_site_preferences()["account__auto_create_person"]:
+                    Person.objects.create(user=user, **data)
+        if person_qs.exists():
+            person = person_qs.first()
+            for field, value in data.items():
+                setattr(person, field, value)
+            person.user = user
+            person.save()
+        invitation_code = request.session.get("invitation_code")
+        if invitation_code:
+            from invitations.views import accept_invitation  # noqa
+
+            try:
+                invitation = PersonInvitation.objects.get(key=invitation_code)
+            except PersonInvitation.DoesNotExist:
+                raise SuspiciousOperation()
+
+            accept_invitation(invitation, request, user)
        self.custom_signup(request, user)
        setup_user_email(request, user, [])
        return user

--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -52,7 +52,7 @@ from haystack.inputs import AutoQuery
 from haystack.query import SearchQuerySet
 from haystack.utils.loading import UnifiedIndex
 from health_check.views import MainView
-from invitations.views import SendInvite, accept_invitation
+from invitations.views import SendInvite
 from oauth2_provider.exceptions import OAuthToolkitError
 from oauth2_provider.models import get_application_model
 from oauth2_provider.views import AuthorizationView
@@ -1001,7 +1001,8 @@ class EditDashboardView(PermissionRequiredMixin, View):
        if (
            self.default_dashboard
            and not request.user.has_perm("core.edit_default_dashboard_rule")
-            or getattr(person, "is_dummy", False)
+            or getattr(request.user, "person", True)
+            and getattr(request.user.person, "is_dummy", False)
        ):
            raise PermissionDenied()

@@ -1105,12 +1106,7 @@ class EnterInvitationCode(FormView):
            and not PersonInvitation.objects.get(key=code).accepted
            and not PersonInvitation.objects.get(key=code).key_expired()
        ):
-            invitation = PersonInvitation.objects.get(key=code)
-            # Mark invitation as accepted and redirect to signup
-            accept_invitation(
-                invitation=invitation, request=self.request, signal_sender=self.request.user
-            )
-            self.request.session["invitation_code_entered"] = True
+            self.request.session["invitation_code"] = code
            return redirect("account_signup")
        return redirect("invitations:accept-invite", code)

@@ -1435,7 +1431,7 @@ class AccountRegisterView(SignupView):
        if (
            not request.user.has_perm("core.can_register")
            and not request.session.get("account_verified_email")
-            and not request.session.get("invitation_code_entered")
+            and not request.session.get("invitation_code")
        ):
            raise PermissionDenied()
        return super(AccountRegisterView, self).dispatch(request, *args, **kwargs)

--- a/docs/conf.py
+++ b/docs/conf.py
@@ -31,7 +31,7 @@ author = "The AlekSIS Team"
 # The short X.Y version
 version = "2.12"
 # The full version, including alpha/beta/rc tags
-release = "2.12.2"
+release = "2.12.3"


 # -- General configuration ---------------------------------------------------

--- a/pyproject.toml
+++ b/pyproject.toml
 [tool.poetry]
 name = "AlekSIS-Core"
-version = "2.12.2"
+version = "2.12.3"
 packages = [
    { include = "aleksis" }
 ]