feat(account): Prevent connections from some categories of users

2024-09-18 23:00:36 +02:00 · 2024-09-18 23:00:36 +02:00 · 5af8e2fd24
commit 5af8e2fd24
parent c3f0e70384
1 changed files with 12 additions and 0 deletions
--- a/src/shared/account.py
+++ b/src/shared/account.py
@ -1,5 +1,7 @@
+from allauth.core.exceptions import ImmediateHttpResponse
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
 from allauth.socialaccount.models import SocialLogin
+from django.http import HttpResponseRedirect

 from dgsi.models import User

@ -15,6 +17,16 @@ class SharedAccountAdapter(DefaultSocialAccountAdapter):
            case "ens_cas":
                # In this case, the username is located in extra_data["uid"]
                username = sociallogin.account.extra_data["uid"]
+
+                # Validate that the user is a regular one
+                home = sociallogin.account.extra_data["homeDirectory"].split("/")
+
+                if (home[1] != "users") or (
+                    home[2]
+                    in ["absint", "algo", "grecc", "guests", "spi", "spi1", "staffs"]
+                ):
+                    raise ImmediateHttpResponse(HttpResponseRedirect("/"))
+
            case "kanidm":
                username = sociallogin.account.extra_data["preferred_username"]
            case _p: