github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: 安全设置开启仅已存在用户登录,企业微信等扫描登录,如果用户不存在,还是会自动创建用户登录成功。 (#11651) 

Co-authored-by: feng <1304903146@qq.com>
pull/11636/head
fit2bot 2023-09-21 17:01:03 +08:00 committed by GitHub
parent d102db7a7b
commit 91dce82b38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/authentication/views/base.py
View File

@ -12,6 +12,7 @@ from authentication.mixins import AuthMixin
from common.utils import get_logger from common.utils import get_logger
from common.utils.django import reverse, get_object_or_none from common.utils.django import reverse, get_object_or_none
from users.models import User from users.models import User
from users.signal_handlers import check_only_allow_exist_user_auth
from .mixins import FlashMessageMixin from .mixins import FlashMessageMixin
logger = get_logger(__file__) logger = get_logger(__file__)
@ -49,6 +50,11 @@ class BaseLoginCallbackView(AuthMixin, FlashMessageMixin, View):
user, create = User.objects.get_or_create( user, create = User.objects.get_or_create(
username=user_attr['username'], defaults=user_attr username=user_attr['username'], defaults=user_attr
) )
if not check_only_allow_exist_user_auth(create):
user.delete()
return user, (self.msg_client_err, self.request.error_message)
setattr(user, f'{self.user_type}_id', user_id) setattr(user, f'{self.user_type}_id', user_id)
if create: if create:
setattr(user, 'source', self.user_type) setattr(user, 'source', self.user_type)