stages/email: use uuid for email confirmation token instead of username (#7581) Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>
This commit is contained in:
parent
8d95612287
commit
41eb965350
|
@ -1,5 +1,6 @@
|
||||||
"""authentik multi-stage authentication engine"""
|
"""authentik multi-stage authentication engine"""
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
from uuid import uuid4
|
||||||
|
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
|
@ -71,7 +72,7 @@ class EmailStageView(ChallengeStageView):
|
||||||
valid_delta = timedelta(
|
valid_delta = timedelta(
|
||||||
minutes=current_stage.token_expiry + 1
|
minutes=current_stage.token_expiry + 1
|
||||||
) # + 1 because django timesince always rounds down
|
) # + 1 because django timesince always rounds down
|
||||||
identifier = slugify(f"ak-email-stage-{current_stage.name}-{pending_user}")
|
identifier = slugify(f"ak-email-stage-{current_stage.name}-{str(uuid4())}")
|
||||||
# Don't check for validity here, we only care if the token exists
|
# Don't check for validity here, we only care if the token exists
|
||||||
tokens = FlowToken.objects.filter(identifier=identifier)
|
tokens = FlowToken.objects.filter(identifier=identifier)
|
||||||
if not tokens.exists():
|
if not tokens.exists():
|
||||||
|
|
Reference in New Issue