Check users aren't using an alias as their link email address for partner links

This commit is contained in:
Adrià Casajús 2023-05-08 18:29:54 +02:00
parent be70e49596
commit 0aa7b426f5
No known key found for this signature in database
GPG key ID: F0033226A5AFC9B9

View file

@ -207,13 +207,14 @@ def process_login_case(
) -> LinkResult:
# Sanitize email just in case
link_request.email = sanitize_email(link_request.email)
check_alias(link_request.email)
# Try to find a SimpleLogin user registered with that partner user id
partner_user = PartnerUser.get_by(
partner_id=partner.id, external_user_id=link_request.external_user_id
)
if partner_user is None:
# We didn't find any SimpleLogin user registered with that partner user id
# Make sure they aren't using an alias as their link email
check_alias(link_request.email)
# Try to find it using the partner's e-mail address
user = User.get_by(email=link_request.email)
return get_login_strategy(link_request, user, partner).process()