From 0aa7b426f58ebb7bcda81030cec504a8dfacd69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= Date: Mon, 8 May 2023 18:29:54 +0200 Subject: [PATCH] Check users aren't using an alias as their link email address for partner links --- app/account_linking.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/account_linking.py b/app/account_linking.py index 456d197f..57d389c1 100644 --- a/app/account_linking.py +++ b/app/account_linking.py @@ -207,13 +207,14 @@ def process_login_case( ) -> LinkResult: # Sanitize email just in case link_request.email = sanitize_email(link_request.email) - check_alias(link_request.email) # Try to find a SimpleLogin user registered with that partner user id partner_user = PartnerUser.get_by( partner_id=partner.id, external_user_id=link_request.external_user_id ) if partner_user is None: # We didn't find any SimpleLogin user registered with that partner user id + # Make sure they aren't using an alias as their link email + check_alias(link_request.email) # Try to find it using the partner's e-mail address user = User.get_by(email=link_request.email) return get_login_strategy(link_request, user, partner).process()