fix loophole when MASTODON_ALLOW_ANY_SITE is off

2021-09-18 12:09:45 -04:00 · 2021-09-18 12:09:45 -04:00 · cbe4555dfd
commit cbe4555dfd
parent b4e3dda09e
1 changed files with 2 additions and 0 deletions
--- a/users/views.py
+++ b/users/views.py
@ -98,6 +98,8 @@ def login(request):
        return HttpResponseBadRequest()

 def connect(request):
+    if not settings.MASTODON_ALLOW_ANY_SITE:
+        return redirect(reverse("users:login"))
    domain = request.GET.get('domain').strip().lower()
    app = MastodonApplication.objects.filter(domain_name=domain).first()
    if app is None: