def selectively_associate_by_email(backend, details, user=None, *args, **kwargs): """ Associate current auth with a user with the same email address in the DB. This pipeline entry is not 100% secure unless you know that the providers enabled enforce email verification on their side, otherwise a user can attempt to take over another user account by using the same (not validated) email address on some provider. Not using Facebook or Twitter to authenticate a user. """ if backend.name in ('twitter', 'facebook'): return None return associate_by_email(backend, details, user=None, *args, **kwargs)
def associate_by_email_if_login_api(auth_entry, backend, details, user, *args, **kwargs): """ This pipeline step associates the current social auth with the user with the same email address in the database. It defers to the social library's associate_by_email implementation, which verifies that only a single database user is associated with the email. This association is done ONLY if the user entered the pipeline through a LOGIN API. """ if auth_entry == AUTH_ENTRY_LOGIN_API: association_response = associate_by_email(backend, details, user, *args, **kwargs) if (association_response and association_response.get('user') and association_response['user'].is_active): # Only return the user matched by email if their email has been activated. # Otherwise, an illegitimate user can create an account with another user's # email address and the legitimate user would now login to the illegitimate # account. return association_response
def associate_by_email_if_login_api(auth_entry, backend, details, user, *args, **kwargs): """ This pipeline step associates the current social auth with the user with the same email address in the database. It defers to the social library's associate_by_email implementation, which verifies that only a single database user is associated with the email. This association is done ONLY if the user entered the pipeline through a LOGIN API. """ if auth_entry == AUTH_ENTRY_LOGIN_API: association_response = associate_by_email(backend, details, user, *args, **kwargs) if ( association_response and association_response.get('user') and association_response['user'].is_active ): # Only return the user matched by email if their email has been activated. # Otherwise, an illegitimate user can create an account with another user's # email address and the legitimate user would now login to the illegitimate # account. return association_response