Change admin search_fields to favor USERNAME_FIELD instead of "email".

First nothing guarantees that the user model has a field named "email" as it can be set to a different name using `EMAIL_FIELD`. At the very least the `get_email_field_name` should have been used. Secondly nothing guarantees that `EMAIL_FIELD` is going to be indexed and thus suitable for search purposes. On the other hand `USERNAME_FIELD` must be unique and thus indexed to enforce the constraint and unique identifies users. For these reasons `USERNAME_FIELD` represents a better choice to allow the different toolkit models to be searched by through the admin.
jazzband · May 25, 2024 · 0206587 · 0206587
1 parent fd2bcec
commit 0206587
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -102,6 +102,7 @@ Sandro Rodrigues
 Shaheed Haque
 Shaun Stanworth
 Silvano Cerza
+Simon Charette
 Sora Yanai
 Spencer Carroll
 Stéphane Raimbault

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 ### Added
 ### Changed
+* #1428 Admin: changed `search_fields` to lookup usernames instead of user emails.
 ### Deprecated
 ### Removed
 ### Fixed

diff --git a/oauth2_provider/admin.py b/oauth2_provider/admin.py
@@ -15,7 +15,7 @@
 )
 
 
-has_email = hasattr(get_user_model(), "email")
+username_field = get_user_model().USERNAME_FIELD
 
 
 class ApplicationAdmin(admin.ModelAdmin):
@@ -25,36 +25,36 @@ class ApplicationAdmin(admin.ModelAdmin):
         "client_type": admin.HORIZONTAL,
         "authorization_grant_type": admin.VERTICAL,
     }
-    search_fields = ("name",) + (("user__email",) if has_email else ())
+    search_fields = ("name", f"user__{username_field}")
     raw_id_fields = ("user",)
 
 
 class AccessTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application", "expires")
     list_select_related = ("application", "user")
     raw_id_fields = ("user", "source_refresh_token")
-    search_fields = ("token",) + (("user__email",) if has_email else ())
+    search_fields = ("token", f"user__{username_field}")
     list_filter = ("application",)
 
 
 class GrantAdmin(admin.ModelAdmin):
     list_display = ("code", "application", "user", "expires")
     raw_id_fields = ("user",)
-    search_fields = ("code",) + (("user__email",) if has_email else ())
+    search_fields = ("code", f"user__{username_field}")
 
 
 class IDTokenAdmin(admin.ModelAdmin):
     list_display = ("jti", "user", "application", "expires")
     raw_id_fields = ("user",)
-    search_fields = ("user__email",) if has_email else ()
+    search_fields = (f"user__{username_field}",)
     list_filter = ("application",)
     list_select_related = ("application", "user")
 
 
 class RefreshTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application")
     raw_id_fields = ("user", "access_token")
-    search_fields = ("token",) + (("user__email",) if has_email else ())
+    search_fields = ("token", f"user__{username_field}")
     list_filter = ("application",)