nikdoof/test-auth
1
0
Fork 0
mirror of https://github.com/nikdoof/test-auth.git synced 2025-12-14 06:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added validation to stop exploiting the multi-character hole

Browse Source
This commit is contained in:
Andrew Williams
2010-03-12 13:12:17 +00:00
parent 2d8856c742
commit d25d53273d
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sso/forms.py
View File

@@ -37,6 +37,12 @@ def UserServiceAccountForm(user):
character = forms.ChoiceField(chars)
service = forms.ChoiceField(services)
def clean(self):
if not self.cleaned_data['character'].corporation.group in self.cleaned_data['service'].groups.all():
raise form.ValidationError("%s is not in a corporation allowed to access %s" % (self.cleaned_data['character'].name, self.cleaned_data['service'])
return self.cleaned_data
return ServiceAccountForm
class RedditAccountForm(forms.Form):