bstein/bstein-dev-home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

portal: require Keycloak VERIFY_EMAIL

Browse Source
This commit is contained in:
Brad Stein 2026-01-04 00:40:48 -03:00
parent 24fc02ff1f
commit 6375e87d2a
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/atlas_portal/provisioning.py
View File

@ -181,15 +181,14 @@ def provision_access_request(request_code: str) -> ProvisionResult:
email = contact_email.strip() email = contact_email.strip()
if not email: if not email:
raise RuntimeError("missing verified email address") raise RuntimeError("missing verified email address")
email_is_verified = bool(email_verified_at) # Always enforce email verification in Keycloak itself (even if the portal
required_actions = ["UPDATE_PASSWORD", "CONFIGURE_TOTP"] # already verified an external email before approval).
if not email_is_verified: required_actions = ["UPDATE_PASSWORD", "VERIFY_EMAIL", "CONFIGURE_TOTP"]
required_actions.append("VERIFY_EMAIL")
payload = { payload = {
"username": username, "username": username,
"enabled": True, "enabled": True,
"email": email, "email": email,
"emailVerified": email_is_verified, "emailVerified": False,
"requiredActions": required_actions, "requiredActions": required_actions,
"attributes": {MAILU_EMAIL_ATTR: [mailu_email]}, "attributes": {MAILU_EMAIL_ATTR: [mailu_email]},
} }