entrouvert
/
authentic2-auth-fc
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

views: forbid automatic linking based on email if multiples users are found or if target user has already a link (fixes #20078)

This commit is contained in:
Benjamin Dauvergne 2017-11-14 11:33:57 +01:00
parent 2b99011027
commit e9b7ed137a
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/authentic2_auth_fc/views.py
View File

@ -373,17 +373,27 @@ class LoginOrLinkView(PopupViewMixin, FcOAuthSessionViewMixin, View):
qs = User.objects.filter(email=email)
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique:
qs = qs.filter(ou=default_ou)
if qs.exists():
# there should not be multiple accounts with the same mail
if len(qs) > 1:
self.logger.warning(u'multiple accounts with the same mail %s, %s', email,
list(qs))
# link existing user to received sub
models.FcAccount.objects.get_or_create(
defaults={'token': json.dumps(self.token)},
sub=self.sub, user=qs[0])
user = authenticate(sub=self.sub, user_info=self.user_info,
token=self.token)
self.logger.error(u'multiple accounts with the same mail %s, %s', email,
list(qs))
# ok we have one account
elif len(qs) == 1:
user = qs[0]
# but does he have already a link to an FC account ?
if not user.fc_accounts.exists():
fc_account, created = models.FcAccount.objects.get_or_create(
defaults={'token': json.dumps(self.token)},
sub=self.sub, user=user)
self.logger.info(u'fc link created sub %s user %s', self.sub, user)
user = authenticate(sub=self.sub, user_info=self.user_info,
token=self.token)
else:
self.logger.warning(u'account with email %s already linked to another sub '
u'%s',
email, user.fc_accounts.values_list('sub', flat=True))
if user:
a2_utils.login(request, user, 'france-connect')
self.fc_account = models.FcAccount.objects.get(sub=self.sub, user=user)