diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-07-12 15:07:07 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-07-12 15:07:07 +0200 |
commit | c9007522aad0fd81d22866c9a4eb783d8819ffbf (patch) | |
tree | df92f441933df77f0049f7c1ed0541d5d3241896 | |
parent | Support mail address choice for OpenID SReg. (diff) | |
download | identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.gz identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.bz2 identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.zip |
Assert for valid value choice in OpenID/SReg.
This is to avoid people trying to hack in a different e-mail than ones
listed in LDAP.
-rw-r--r-- | okupy/accounts/views.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py index 7f72c5b..a9a6de8 100644 --- a/okupy/accounts/views.py +++ b/okupy/accounts/views.py @@ -402,7 +402,9 @@ def openid_auth_site(request): elif not send: del sreg_data[fn] elif isinstance(sreg_data[fn], list): - sreg_data[fn] = form.cleaned_data['which_%s' % fn] + val = form.cleaned_data['which_%s' % fn] + assert(val in sreg_data[fn]) + sreg_data[fn] = val oresp = oreq.answer(True, identity=request.build_absolute_uri( reverse(user_page, args=(request.user.username,)))) |