do not consider FC as reliable email verification source (#73148)

2023-01-17 16:24:10 +01:00 · 2023-01-17 16:24:10 +01:00 · 8702e2a6da
parent 782290516f
commit 8702e2a6da
2 changed files with 6 additions and 6 deletions
--- a/src/authentic2_auth_fc/app_settings.py
+++ b/src/authentic2_auth_fc/app_settings.py
@ -57,11 +57,6 @@ class AppSettings:
                    'if-empty': True,
                    'tag': 'email',
                },
-                'email_verified': {
-                    'ref': 'email',
-                    'translation': 'notempty',
-                    'if-tag': 'email',
-                },
            },
        )

--- a/src/authentic2_auth_fc/utils.py
+++ b/src/authentic2_auth_fc/utils.py
@ -158,7 +158,12 @@ def apply_user_info_mappings(user, user_info):
                continue
            verified = mapping.get('verified', False)
            accessor = user.verified_attributes if verified else user.attributes
-            accessor._set_sourced_attr(attribute, value, 'fc')
+            # email verification should only be handled through dedicated 'email_verified' attribute
+            # yet we explicitly exclude it here, better safe than sorry.
+            if attribute == 'email':
+                setattr(accessor, attribute, value)
+            else:
+                accessor._set_sourced_attr(attribute, value, 'fc')
        elif hasattr(user, attribute):
            save_user = True
            if mapping.get('if-empty') and getattr(user, attribute):