feat: associates user by email for oauth when tpa is required

Description

  1.  

    1. Description

Currently, in the edX platform, if you try to login with an SSO account using the login form, a username is generated for you based on the email that is used with the SSO provider.

The username is generated using the pipeline `third_party_auth.pipeline.get_username`.

If the username already exists in the platform, you run into a small conflict which sends you back to the login form and requests the following:
![image](https://user-images.githubusercontent.com/5631091/109410595-f82d8280-79ac-11eb-854f-d60339e9fd9b.png)

It basically requests that you link your edX account and your SSO account.

However, sometimes we would want the edX account and SSO account to be associated by email. There's already a special pipeline available in the platform for that, `third_party_auth.pipeline.associate_by_email_if_login_api`. Sadly, however, it is only available for a certain entry method of authentication, called `login_api`.

~So in order to start associating the edX account and SSO account by email, this pull request adds a waffle switch.~

~*Update:* After a lot of reading through the code and investigation, it seems like the `login_api` auth entry is no longer used. Accordingly, I took the liberty of removing said pipeline and replacing it with something that seemed useful. Now the pipeline runs whenever third party authentication is required.~

*Update*: After @waheedahmed's [findings](https://github.com/edx/edx-platform/pull/25935#pullrequestreview-611983769), which is that `login_api` is in fact still used, and @zamanafzal's [request](https://github.com/edx/edx-platform/pull/25935#discussion_r595030485), which is to make the functionality specific to Oauth providers, a new pipeline was added to associate the user by email *only when the following conditions are met*:

  • The social auth provider is an Oauth2 provider

  • The `ENABLE_REQUIRE_THIRD_PARTY_AUTH` is enabled

  1.  

    1. Supporting information

  1.  

    1. Testing instructions

  1.  

    1.  

      1. Preparation

Please send an email to `nizar` at `opencraft.com`, requesting to be added as a test user to the Google SSO used for this sandbox.

*You need a Google Account, because you'll be using the same email address when registering through the form and through the SSO.*

  1.  

    1.  

      1. Reproducing the problem

  1.  

    1.  

      1.  

        1. Logging in with the SSO

Login with the Google SSO over at the sandbox with [default behavior](https://pr25935-default.sandbox.opencraft.hosting/)

  1.  

    1.  

      1.  

        1. Removing Social Auth Record

Sign in as `staff`:`edx` into the [django admin](https://pr25935-default.sandbox.opencraft.hosting/admin) and delete the [user social auth](https://pr25935-default.sandbox.opencraft.hosting/admin/social_django/usersocialauth) for your user.

  1.  

    1.  

      1.  

        1. Logging in with the SSO, again...

Login, again, with the Google SSO over at the sandbox with [default behavior](https://pr25935-default.sandbox.opencraft.hosting/). After doing that, you should receive a similar screenshot
![image](https://user-images.githubusercontent.com/5631091/109410595-f82d8280-79ac-11eb-854f-d60339e9fd9b.png)

  1.  

    1.  

      1. Testing the fix

  1.  

    1.  

      1.  

        1. Logging in with the SSO

Login with the Google SSO over at the sandbox with [default behavior](https://pr25935.sandbox.opencraft.hosting/)

  1.  

    1.  

      1.  

        1. Removing Social Auth Record

Sign in as `staff`:`edx` into the [django admin](https://pr25935.sandbox.opencraft.hosting/admin) and delete the [user social auth](https://pr25935.sandbox.opencraft.hosting/admin/social_django/usersocialauth) for your user.

  1.  

    1.  

      1.  

        1. Logging in with the SSO, again...

Login, again, with the Google SSO over at the sandbox with [default behavior](https://pr25935.sandbox.opencraft.hosting/). After that, you should be able to directly login 😃

*Settings*
```yaml
EDXAPP_LMS_ENV_EXTRA:
ENABLE_REQUIRE_THIRD_PARTY_AUTH: true
```

Activity

Show:
Natalia Berdnikov
January 13, 2021, 4:04 PM

sounds good

Braden MacDonald
January 13, 2021, 1:34 AM

I would be happy to review this once it's ready for engineering review, but it probably needs product review first.

Done

Assignee

Braden MacDonald

Reporter

Open Source Pull Request Bot

Contributor Name

Nizar Mahmoud

Repo

edx/edx-platform

Customer

Epic Link

None

OSCM Assignee

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Blended Hour Utilization Percentage

None

edX Theme

None

edX Squad

None

Github Lines Added

156

Github Lines Deleted

28

Priority

Unset