studio/people
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🚑️(backend) fix claim contains non user field

Browse Source 
When we use the feature to get Organization registration
number, the claim contains this value and it does not
match with any user field.
I switched to a whitelist instead of a blacklist (and two
loops, with an if condition on each)
This commit is contained in:
Quentin BEY
2024-11-21 23:06:49 +01:00
committed by BEY Quentin
parent a57070bfb8
commit 0227231370
3 changed files with 80 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/core/authentication/backends.py
View File

@@ -220,13 +220,11 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend):
def update_user_if_needed(self, user, claims):
"""Update user claims if they have changed."""
has_changed = any(
value and value != getattr(user, key)
for key, value in claims.items()
if key != "sub"
)
if has_changed:
updated_claims = {
key: value for key, value in claims.items() if value and key != "sub"
}
updated_claims = {}
for key in ["email", "name"]:
claim_value = claims.get(key)
if claim_value and claim_value != getattr(user, key):
updated_claims[key] = claim_value
if updated_claims:
self.UserModel.objects.filter(sub=user.sub).update(**updated_claims)