Assert for valid value choice in OpenID/SReg.

This is to avoid people trying to hack in a different e-mail than ones listed in LDAP.
author: Michał Górny <mgorny@gentoo.org> 2013-07-12 15:07:07 +0200
committer: Michał Górny <mgorny@gentoo.org> 2013-07-12 15:07:07 +0200
commit: c9007522aad0fd81d22866c9a4eb783d8819ffbf (patch)
tree: df92f441933df77f0049f7c1ed0541d5d3241896
parent: Support mail address choice for OpenID SReg. (diff)
download: identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.gz
identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.bz2
identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py
index 7f72c5b..a9a6de8 100644
--- a/okupy/accounts/views.py
+++ b/okupy/accounts/views.py
@@ -402,7 +402,9 @@ def openid_auth_site(request):
                 elif not send:
                     del sreg_data[fn]
                 elif isinstance(sreg_data[fn], list):
-                    sreg_data[fn] = form.cleaned_data['which_%s' % fn]
+                    val = form.cleaned_data['which_%s' % fn]
+                    assert(val in sreg_data[fn])
+                    sreg_data[fn] = val
 
             oresp = oreq.answer(True, identity=request.build_absolute_uri(
                 reverse(user_page, args=(request.user.username,))))
author	Michał Górny <mgorny@gentoo.org>	2013-07-12 15:07:07 +0200
committer	Michał Górny <mgorny@gentoo.org>	2013-07-12 15:07:07 +0200
commit	c9007522aad0fd81d22866c9a4eb783d8819ffbf (patch)
tree	df92f441933df77f0049f7c1ed0541d5d3241896
parent	Support mail address choice for OpenID SReg. (diff)
download	identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.gz identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.tar.bz2 identity.gentoo.org-c9007522aad0fd81d22866c9a4eb783d8819ffbf.zip