entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 33 Releases Activity

auth_fc: store id_token in session when linking (#69989) 

Password change view is hidden only if the current session was opened
with FranceConnect and if the id_token is visible in the session, this
change will enforce the second condition when during the same session
the account is unlinked and linked again to FranceConnect.

It will also permit to launch a logout if the link fails.
This commit is contained in:
Benjamin Dauvergne 2022-11-22 15:08:07 +01:00
parent 5a821a8883
commit 89b526066d
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/authentic2_auth_fc/views.py
View File

@ -334,6 +334,10 @@ class LoginOrLinkView(View):
def link(self, request):
'''Request an access grant code and associate it to the current user'''
# keep id_token around for logout
request.session['fc_id_token'] = self.id_token
request.session['fc_id_token_raw'] = self.token['id_token']
try:
self.fc_account, created = models.FcAccount.objects.get_or_create(
sub=self.sub,