fix: 安全设置开启仅已存在用户登录，企业微信等扫描登录，如果用户不存在，还是会自动创建用户登录成功。 (#11651)

Co-authored-by: feng <1304903146@qq.com>
2023-09-21 17:01:03 +08:00 · 2023-09-21 17:01:03 +08:00 · 91dce82b38
parent d102db7a7b
commit 91dce82b38
1 changed files with 6 additions and 0 deletions
--- a/apps/authentication/views/base.py
+++ b/apps/authentication/views/base.py
@ -12,6 +12,7 @@ from authentication.mixins import AuthMixin
 from common.utils import get_logger
 from common.utils.django import reverse, get_object_or_none
 from users.models import User
+from users.signal_handlers import check_only_allow_exist_user_auth
 from .mixins import FlashMessageMixin

 logger = get_logger(__file__)
@ -49,6 +50,11 @@ class BaseLoginCallbackView(AuthMixin, FlashMessageMixin, View):
            user, create = User.objects.get_or_create(
                username=user_attr['username'], defaults=user_attr
            )
+
+            if not check_only_allow_exist_user_auth(create):
+                user.delete()
+                return user, (self.msg_client_err, self.request.error_message)
+
            setattr(user, f'{self.user_type}_id', user_id)
            if create:
                setattr(user, 'source', self.user_type)