github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-02 15:03:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Always apply attributes from token when registering

Browse Source 
The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value.

When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered.

Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
This commit is contained in:
Clark Winkelmann 2018-01-06 19:57:56 +10:30 committed by Toby Zerner
parent 140ae49369
commit 31b925164c
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
framework/core/src/Core/Command/RegisterUserHandler.php
View File

@ -116,9 +116,7 @@ class RegisterUserHandler
// from the get-go. // from the get-go.
if (isset($token)) { if (isset($token)) {
foreach ($token->payload as $k => $v) { foreach ($token->payload as $k => $v) {
if (in_array($user->$k, ['', null], true)) { $user->$k = $v;
$user->$k = $v;
}
} }
if (isset($token->payload['email'])) { if (isset($token->payload['email'])) {