stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584)

stages/email: use uuid for email confirmation token instead of username (#7581)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L <jens@goauthentik.io>
This commit is contained in:
gcp-cherry-pick-bot[bot] 2023-11-15 21:57:05 +01:00 committed by GitHub
parent 8d95612287
commit 41eb965350
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions

View File

@ -1,5 +1,6 @@
"""authentik multi-stage authentication engine""" """authentik multi-stage authentication engine"""
from datetime import timedelta from datetime import timedelta
from uuid import uuid4
from django.contrib import messages from django.contrib import messages
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
@ -71,7 +72,7 @@ class EmailStageView(ChallengeStageView):
valid_delta = timedelta( valid_delta = timedelta(
minutes=current_stage.token_expiry + 1 minutes=current_stage.token_expiry + 1
) # + 1 because django timesince always rounds down ) # + 1 because django timesince always rounds down
identifier = slugify(f"ak-email-stage-{current_stage.name}-{pending_user}") identifier = slugify(f"ak-email-stage-{current_stage.name}-{str(uuid4())}")
# Don't check for validity here, we only care if the token exists # Don't check for validity here, we only care if the token exists
tokens = FlowToken.objects.filter(identifier=identifier) tokens = FlowToken.objects.filter(identifier=identifier)
if not tokens.exists(): if not tokens.exists():