mirror of
https://github.com/penpot/penpot.git
synced 2025-01-09 00:10:11 -05:00
✨ Trust oidc providers which provides email_verified claim
This commit is contained in:
parent
7e20cf10c5
commit
a969550aa4
2 changed files with 18 additions and 13 deletions
|
@ -520,17 +520,22 @@
|
|||
|
||||
(redirect-response uri)))
|
||||
|
||||
(defn- provider-matches-profile?
|
||||
[{:keys [::provider] :as cfg} {:keys [props] :as profile}]
|
||||
(or (= (:auth-backend profile) (:name provider))
|
||||
(let [email-prop (qualify-prop-key provider :email)]
|
||||
(contains? props email-prop))))
|
||||
|
||||
(defn- provider-has-email-verified?
|
||||
[{:keys [::provider] :as cfg} {:keys [props] :as info}]
|
||||
(let [prop (qualify-prop-key provider :email_verified)]
|
||||
(true? (get props prop))))
|
||||
|
||||
(defn- profile-has-provider-props?
|
||||
[{:keys [::provider] :as cfg} profile]
|
||||
(let [prop (qualify-prop-key provider :email)]
|
||||
(contains? (:props profile) prop)))
|
||||
|
||||
(defn- provider-matches-profile?
|
||||
[{:keys [::provider] :as cfg} profile info]
|
||||
(or (= (:auth-backend profile) (:name provider))
|
||||
(profile-has-provider-props? cfg profile)
|
||||
(provider-has-email-verified? cfg info)))
|
||||
|
||||
(defn- process-callback
|
||||
[cfg request info profile]
|
||||
(cond
|
||||
|
@ -539,7 +544,7 @@
|
|||
(:is-blocked profile)
|
||||
(redirect-with-error "profile-blocked")
|
||||
|
||||
(not (provider-matches-profile? cfg profile))
|
||||
(not (provider-matches-profile? cfg profile info))
|
||||
(redirect-with-error "auth-provider-not-allowed")
|
||||
|
||||
(not (:is-active profile))
|
||||
|
|
|
@ -83,17 +83,17 @@
|
|||
|
||||
(defmethod process-token :auth
|
||||
[{:keys [conn] :as cfg} _params {:keys [profile-id] :as claims}]
|
||||
(let [profile (profile/get-profile conn profile-id {::sql/for-update true})
|
||||
props (merge (:props profile)
|
||||
(:props claims))
|
||||
profile (assoc profile :props props)]
|
||||
|
||||
(let [profile (profile/get-profile conn profile-id {::sql/for-update true})
|
||||
props (merge (:props profile)
|
||||
(:props claims))]
|
||||
(when (not= props (:props profile))
|
||||
(db/update! conn :profile
|
||||
{:props (db/tjson props)}
|
||||
{:id profile-id}))
|
||||
|
||||
(assoc claims :profile profile)))
|
||||
|
||||
(let [profile (assoc profile :props props)]
|
||||
(assoc claims :profile profile))))
|
||||
|
||||
;; --- Team Invitation
|
||||
|
||||
|
|
Loading…
Reference in a new issue