Merge branch 'fix-orphan-tokens' into 'master'

Fix orphan tokens and remove unused messages from backends Closes #1391 See merge request allianceauth/allianceauth!1570
2025-07-09 12:30:15 +02:00 · 2023-12-25 09:48:15 +00:00 · 2023-12-25 09:48:15 +00:00 · 3de988369f
commit 3de988369f
parent 20fcf5efa4 c15b955d5e
2 changed files with 9 additions and 8 deletions
--- a/allianceauth/authentication/backends.py
+++ b/allianceauth/authentication/backends.py
@ -2,7 +2,6 @@ import logging

 from django.contrib.auth.backends import ModelBackend
 from django.contrib.auth.models import User, Permission
-from django.contrib import messages

 from .models import UserProfile, CharacterOwnership, OwnershipRecord

@ -41,9 +40,7 @@ class StateBackend(ModelBackend):
                if ownership.user.profile.main_character:
                    if ownership.user.profile.main_character.character_id == token.character_id:
                        return ownership.user
-                    else:  ## this is an alt, enforce main only.
-                        if request:
-                            messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account.")
+                    else:  # this is an alt, enforce main only.
                        return None
            else:
                logger.debug(f'{token.character_name} has changed ownership. Creating new user account.')
@ -66,9 +63,7 @@ class StateBackend(ModelBackend):
                    user = records[0].user
                    if user.profile.main_character:
                        if user.profile.main_character.character_id != token.character_id:
-                            ## this is an alt, enforce main only due to trust issues in SSO.
-                            if request:
-                                messages.error("Unable to authenticate with this Character, Please log in with the main character associated with this account. Then add this character from the dashboard.")
+                            # this is an alt, enforce main only due to trust issues in SSO.
                            return None

                    token.user = user
--- a/allianceauth/authentication/views.py
+++ b/allianceauth/authentication/views.py
@ -171,7 +171,13 @@ def sso_login(request, token):
            request.session['registration_uid'] = user.pk
            # Go to Step 2
            return redirect('registration_register')
-    messages.error(request, _('Unable to authenticate as the selected character.'))
+    # Logging in with an alt is not allowed due to security concerns.
+    token.delete()
+    messages.error(
+        request,
+        _('Unable to authenticate as the selected character. '
+        'Please log in with the main character associated with this account.')
+    )
    return redirect(settings.LOGIN_URL)