mirror of
https://github.com/simple-login/app.git
synced 2024-09-29 21:21:29 +02:00
Check users aren't using an alias as their link email address for partner links (#1724)
(cherry picked from commit 93e24cb4239b812d46f119a982edd12de2406802) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
6c33e0d986
commit
5ddbca05b2
@ -207,13 +207,14 @@ def process_login_case(
|
|||||||
) -> LinkResult:
|
) -> LinkResult:
|
||||||
# Sanitize email just in case
|
# Sanitize email just in case
|
||||||
link_request.email = sanitize_email(link_request.email)
|
link_request.email = sanitize_email(link_request.email)
|
||||||
check_alias(link_request.email)
|
|
||||||
# Try to find a SimpleLogin user registered with that partner user id
|
# Try to find a SimpleLogin user registered with that partner user id
|
||||||
partner_user = PartnerUser.get_by(
|
partner_user = PartnerUser.get_by(
|
||||||
partner_id=partner.id, external_user_id=link_request.external_user_id
|
partner_id=partner.id, external_user_id=link_request.external_user_id
|
||||||
)
|
)
|
||||||
if partner_user is None:
|
if partner_user is None:
|
||||||
# We didn't find any SimpleLogin user registered with that partner user id
|
# We didn't find any SimpleLogin user registered with that partner user id
|
||||||
|
# Make sure they aren't using an alias as their link email
|
||||||
|
check_alias(link_request.email)
|
||||||
# Try to find it using the partner's e-mail address
|
# Try to find it using the partner's e-mail address
|
||||||
user = User.get_by(email=link_request.email)
|
user = User.get_by(email=link_request.email)
|
||||||
return get_login_strategy(link_request, user, partner).process()
|
return get_login_strategy(link_request, user, partner).process()
|
||||||
|
Loading…
Reference in New Issue
Block a user