views: forbid automatic linking based on email if multiples users are found or if target user has already a link (fixes #20078)
This commit is contained in:
parent
2b99011027
commit
e9b7ed137a
|
@ -373,17 +373,27 @@ class LoginOrLinkView(PopupViewMixin, FcOAuthSessionViewMixin, View):
|
|||
qs = User.objects.filter(email=email)
|
||||
if not a2_app_settings.A2_EMAIL_IS_UNIQUE and default_ou.email_is_unique:
|
||||
qs = qs.filter(ou=default_ou)
|
||||
|
||||
if qs.exists():
|
||||
# there should not be multiple accounts with the same mail
|
||||
if len(qs) > 1:
|
||||
self.logger.warning(u'multiple accounts with the same mail %s, %s', email,
|
||||
list(qs))
|
||||
# link existing user to received sub
|
||||
models.FcAccount.objects.get_or_create(
|
||||
defaults={'token': json.dumps(self.token)},
|
||||
sub=self.sub, user=qs[0])
|
||||
user = authenticate(sub=self.sub, user_info=self.user_info,
|
||||
token=self.token)
|
||||
self.logger.error(u'multiple accounts with the same mail %s, %s', email,
|
||||
list(qs))
|
||||
# ok we have one account
|
||||
elif len(qs) == 1:
|
||||
user = qs[0]
|
||||
# but does he have already a link to an FC account ?
|
||||
if not user.fc_accounts.exists():
|
||||
fc_account, created = models.FcAccount.objects.get_or_create(
|
||||
defaults={'token': json.dumps(self.token)},
|
||||
sub=self.sub, user=user)
|
||||
self.logger.info(u'fc link created sub %s user %s', self.sub, user)
|
||||
user = authenticate(sub=self.sub, user_info=self.user_info,
|
||||
token=self.token)
|
||||
else:
|
||||
self.logger.warning(u'account with email %s already linked to another sub '
|
||||
u'%s',
|
||||
email, user.fc_accounts.values_list('sub', flat=True))
|
||||
if user:
|
||||
a2_utils.login(request, user, 'france-connect')
|
||||
self.fc_account = models.FcAccount.objects.get(sub=self.sub, user=user)
|
||||
|
|
Reference in New Issue