0001-do-not-consider-FC-as-reliable-email-verification-so.patch
src/authentic2_auth_fc/app_settings.py | ||
---|---|---|
57 | 57 |
'if-empty': True, |
58 | 58 |
'tag': 'email', |
59 | 59 |
}, |
60 |
'email_verified': { |
|
61 |
'ref': 'email', |
|
62 |
'translation': 'notempty', |
|
63 |
'if-tag': 'email', |
|
64 |
}, |
|
65 | 60 |
}, |
66 | 61 |
) |
67 | 62 |
src/authentic2_auth_fc/utils.py | ||
---|---|---|
158 | 158 |
continue |
159 | 159 |
verified = mapping.get('verified', False) |
160 | 160 |
accessor = user.verified_attributes if verified else user.attributes |
161 |
accessor._set_sourced_attr(attribute, value, 'fc') |
|
161 |
# email verification should only be handled through dedicated 'email_verified' attribute |
|
162 |
# yet we explicitly exclude it here, better safe than sorry. |
|
163 |
if attribute == 'email': |
|
164 |
setattr(accessor, attribute, value) |
|
165 |
else: |
|
166 |
accessor._set_sourced_attr(attribute, value, 'fc') |
|
162 | 167 |
elif hasattr(user, attribute): |
163 | 168 |
save_user = True |
164 | 169 |
if mapping.get('if-empty') and getattr(user, attribute): |
165 |
- |