Backport recent changes to legacy go

Signed-off-by: Lukasz Gryglicki <lgryglicki@cncf.io>

Assisted by [OpenAI](https://platform.openai.com/)

Assisted by [GitHub Copilot](https://github.com/features/copilot)

Author: lukaszgryglicki

cla-backend-go/v2/sign/service.go

@@ -2061,7 +2061,7 @@ func (s *service) populateUserDetails(ctx context.Context, signatureReferenceTyp
 			if userModel.Username != "" {
 				userSignDetails.userSignatureName = userModel.Username
 			}
-			if userEmail := getUserEmail(userModel, preferredEmail, allowLFEmail); userEmail != "" {
+			if userEmail := getUserEmail(userModel, preferredEmail, latestSignature.SignatureReturnURLType, allowLFEmail); userEmail != "" {
 				userSignDetails.userSignatureEmail = userEmail
 			}
 		}
@@ -2162,11 +2162,15 @@ func getTabsFromDocument(document *v1Models.ClaGroupDocument, documentID string,
 }
 
 // helper function to get user email
-func getUserEmail(user *v1Models.User, preferredEmail string, allowLFEmail bool) string {
+func getUserEmail(user *v1Models.User, preferredEmail string, providerType string, allowLFEmail bool) string {
 	if user == nil {
 		return ""
 	}
 	if preferredEmail != "" {
+		if strings.EqualFold(providerType, "github") || strings.EqualFold(providerType, "gitlab") {
+			return preferredEmail
+		}
+
 		if utils.StringInSlice(preferredEmail, user.Emails) || (allowLFEmail && user.LfEmail == strfmt.Email(preferredEmail)) {
 			return preferredEmail
 		}
@@ -2244,7 +2248,7 @@ func (s *service) createDefaultIndividualValues(user *v1Models.User, preferredEm
 		}
 	}
 
-	if userEmail := getUserEmail(user, preferredEmail, allowLFEmail); userEmail != "" {
+	if userEmail := getUserEmail(user, preferredEmail, "", allowLFEmail); userEmail != "" {
 		defaultValues["email"] = userEmail
 	}
 

cla-backend-legacy/internal/api/github_oauth.go

@@ -265,10 +265,13 @@ func (h *Handlers) githubGetOrCreateUser(ctx context.Context, sess middleware.Se
 
 	now := time.Now().UTC()
 	if userItem != nil {
-		// Update existing user: set github id, username, emails.
+		// Update existing user: set github id, username, display name and emails
 		if githubLogin != "" {
 			userItem["user_github_username"] = githubLogin
 		}
+		if githubName != "" {
+			userItem["user_name"] = githubName
+		}
 		userItem["user_emails"] = emails
 		userItem["user_github_id"] = githubID
 		userItem["date_modified"] = formatPynamoDateTimeUTC(now)

cla-backend-legacy/internal/api/handlers.go

@@ -713,6 +713,31 @@ func (h *Handlers) putAuditEventBestEffort(ctx context.Context, in auditEventInp
 	_ = h.events.PutItem(ctx, item)
 }
 
+func (h *Handlers) refreshStoredUserName(ctx context.Context, item map[string]types.AttributeValue, authUser *auth.AuthUser) map[string]types.AttributeValue {
+	if h == nil || h.users == nil || item == nil || authUser == nil {
+		return item
+	}
+
+	userName := strings.TrimSpace(authUser.Name)
+	if userName == "" || getAttrString(item, "user_name") == userName {
+		return item
+	}
+
+	updated := make(map[string]types.AttributeValue, len(item)+1)
+	for k, v := range item {
+		updated[k] = v
+	}
+	updated["user_name"] = &types.AttributeValueMemberS{Value: userName}
+	updated["date_modified"] = &types.AttributeValueMemberS{Value: formatPynamoDateTimeUTC(time.Now().UTC())}
+
+	if err := h.users.PutItem(ctx, updated); err != nil {
+		logging.Warnf("refreshStoredUserName: unable to update user_id=%s lf_username=%s: %v", getAttrString(item, "user_id"), authUser.Username, err)
+		return item
+	}
+
+	return updated
+}
+
 func (h *Handlers) getOrCreateUser(ctx context.Context, authUser *auth.AuthUser) (map[string]types.AttributeValue, bool, error) {
 	if authUser == nil {
 		return nil, false, fmt.Errorf("missing auth user")
@@ -723,7 +748,7 @@ func (h *Handlers) getOrCreateUser(ctx context.Context, authUser *auth.AuthUser)
 		return nil, false, err
 	}
 	if len(items) > 0 {
-		return items[0], false, nil
+		return h.refreshStoredUserName(ctx, items[0], authUser), false, nil
 	}
 
 	now := time.Now().UTC()
@@ -1276,6 +1301,11 @@ func (h *Handlers) GetHealthV2(w http.ResponseWriter, r *http.Request) {
 // Calls: cla.controllers.user.get_user
 
 func (h *Handlers) GetUserV2(w http.ResponseWriter, r *http.Request) {
+	_, authErrResp, err := h.authValidator.Authenticate(r.Header)
+	if err != nil {
+		respond.JSON(w, http.StatusUnauthorized, authErrResp)
+		return
+	}
 	if h.users == nil {
 		respond.JSON(w, http.StatusInternalServerError, "users store not configured")
 		return