Change admin search_fields to favor USERNAME_FIELD instead of "email".

First nothing guarantees that the user model has a field named "email" as it
can be set to a different name using `EMAIL_FIELD`. At the very least the
`get_email_field_name` should have been used.

Secondly nothing guarantees that `EMAIL_FIELD` is going to be indexed and thus
suitable for search purposes. On the other hand `USERNAME_FIELD` must be unique
and thus indexed to enforce the constraint and unique identifies users.

For these reasons `USERNAME_FIELD` represents a better choice to allow the
different toolkit models to be searched by through the admin.

Author: charettes

AUTHORS

@@ -102,6 +102,7 @@ Sandro Rodrigues
 Shaheed Haque
 Shaun Stanworth
 Silvano Cerza
+Simon Charette
 Sora Yanai
 Spencer Carroll
 Stéphane Raimbault

oauth2_provider/admin.py

@@ -15,7 +15,7 @@
 )
 
 
-has_email = hasattr(get_user_model(), "email")
+username_field = get_user_model().USERNAME_FIELD
 
 
 class ApplicationAdmin(admin.ModelAdmin):
@@ -25,36 +25,36 @@ class ApplicationAdmin(admin.ModelAdmin):
         "client_type": admin.HORIZONTAL,
         "authorization_grant_type": admin.VERTICAL,
     }
-    search_fields = ("name",) + (("user__email",) if has_email else ())
+    search_fields = ("name", f"user__{username_field}")
     raw_id_fields = ("user",)
 
 
 class AccessTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application", "expires")
     list_select_related = ("application", "user")
     raw_id_fields = ("user", "source_refresh_token")
-    search_fields = ("token",) + (("user__email",) if has_email else ())
+    search_fields = ("token", f"user__{username_field}")
     list_filter = ("application",)
 
 
 class GrantAdmin(admin.ModelAdmin):
     list_display = ("code", "application", "user", "expires")
     raw_id_fields = ("user",)
-    search_fields = ("code",) + (("user__email",) if has_email else ())
+    search_fields = ("code", f"user__{username_field}")
 
 
 class IDTokenAdmin(admin.ModelAdmin):
     list_display = ("jti", "user", "application", "expires")
     raw_id_fields = ("user",)
-    search_fields = ("user__email",) if has_email else ()
+    search_fields = ("user__email", f"user__{username_field}")
     list_filter = ("application",)
     list_select_related = ("application", "user")
 
 
 class RefreshTokenAdmin(admin.ModelAdmin):
     list_display = ("token", "user", "application")
     raw_id_fields = ("user", "access_token")
-    search_fields = ("token",) + (("user__email",) if has_email else ())
+    search_fields = ("token", f"user__{username_field}")
     list_filter = ("application",)