From c8d7c7c56f454bcdfadd4d4a409b81116ff41f0d Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Wed, 18 May 2022 18:32:53 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Doidc=E8=AE=A4=E8=AF=81?=
 =?UTF-8?q?=E4=B8=8D=E5=8C=BA=E5=88=86=E5=A4=A7=E5=B0=8F=E5=86=99=20(#8267?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng626 <1304903146@qq.com>
---
 apps/authentication/backends/oidc/backends.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/apps/authentication/backends/oidc/backends.py b/apps/authentication/backends/oidc/backends.py
index 8d4f2f629..daa614ec8 100644
--- a/apps/authentication/backends/oidc/backends.py
+++ b/apps/authentication/backends/oidc/backends.py
@@ -281,6 +281,11 @@ class OIDCAuthPasswordBackend(OIDCBaseBackend):
         try:
             claims_response.raise_for_status()
             claims = claims_response.json()
+            preferred_username = claims.get('preferred_username')
+            if preferred_username and \
+                    preferred_username.lower() == username.lower() and \
+                    preferred_username != username:
+                return
         except Exception as e:
             error = "Json claims response error, claims response " \
                     "content is: {}, error is: {}".format(claims_response.content, str(e))
@@ -309,5 +314,3 @@ class OIDCAuthPasswordBackend(OIDCBaseBackend):
             openid_user_login_failed.send(
                 sender=self.__class__, request=request, username=username, reason="User is invalid"
             )
-            return None
-