From d25d53273d62886a8a83fb07dd0f6f8f6cbf8783 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Fri, 12 Mar 2010 13:12:17 +0000
Subject: [PATCH] Added validation to stop exploiting the multi-character hole

---
 sso/forms.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sso/forms.py b/sso/forms.py
index 43e58fb..758b34b 100644
--- a/sso/forms.py
+++ b/sso/forms.py
@@ -37,6 +37,12 @@ def UserServiceAccountForm(user):
         character = forms.ChoiceField(chars)
         service = forms.ChoiceField(services)
 
+        def clean(self):
+            if not self.cleaned_data['character'].corporation.group in self.cleaned_data['service'].groups.all():
+                raise form.ValidationError("%s is not in a corporation allowed to access %s" % (self.cleaned_data['character'].name, self.cleaned_data['service'])
+
+            return self.cleaned_data
+
     return ServiceAccountForm
 
 class RedditAccountForm(forms.Form):