Check users aren't using an alias as their link email address for partner links (#1724)

(cherry picked from commit 93e24cb4239b812d46f119a982edd12de2406802) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2023-05-08 18:47:10 +02:00 · 2023-05-08 18:47:10 +02:00 · 5ddbca05b2
parent 6c33e0d986
commit 5ddbca05b2
1 changed files with 2 additions and 1 deletions
--- a/app/account_linking.py
+++ b/app/account_linking.py
@ -207,13 +207,14 @@ def process_login_case(
 ) -> LinkResult:
    # Sanitize email just in case
    link_request.email = sanitize_email(link_request.email)
-    check_alias(link_request.email)
    # Try to find a SimpleLogin user registered with that partner user id
    partner_user = PartnerUser.get_by(
        partner_id=partner.id, external_user_id=link_request.external_user_id
    )
    if partner_user is None:
        # We didn't find any SimpleLogin user registered with that partner user id
+        # Make sure they aren't using an alias as their link email
+        check_alias(link_request.email)
        # Try to find it using the partner's e-mail address
        user = User.get_by(email=link_request.email)
        return get_login_strategy(link_request, user, partner).process()