Projet

Général

Profil

0001-auth_fc-store-id_token-in-session-when-linking-69989.patch

Benjamin Dauvergne, 22 novembre 2022 21:20

Télécharger (1,28 ko)

Voir les différences:

Subject: [PATCH 1/3] auth_fc: store id_token in session when linking (#69989)

Password change view is hidden only if the current session was opened
with FranceConnect and if the id_token is visible in the session, this
change will enforce the second condition when during the same session
the account is unlinked and linked again to FranceConnect.

It will also permit to launch a logout if the link fails.
 src/authentic2_auth_fc/views.py | 4 ++++
 1 file changed, 4 insertions(+)
src/authentic2_auth_fc/views.py
334 334

  
335 335
    def link(self, request):
336 336
        '''Request an access grant code and associate it to the current user'''
337
        # keep id_token around for logout
338
        request.session['fc_id_token'] = self.id_token
339
        request.session['fc_id_token_raw'] = self.token['id_token']
340

  
337 341
        try:
338 342
            self.fc_account, created = models.FcAccount.objects.get_or_create(
339 343
                sub=self.sub,
340
-