beenull/Moonlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed oauth2 account spoofing using unverified discord accounts for claiming identity

Browse source
This commit is contained in:
Marcel Baumgartner 2023-06-24 22:15:04 +02:00
parent faebaa59dd
commit 389ded9b77
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs
View file

@ -86,6 +86,13 @@ public class DiscordOAuth2Provider : OAuth2Provider
var email = getData.GetValue<string>("email");
var id = getData.GetValue<ulong>("id");
var verified = getData.GetValue<bool>("verified");
if (!verified)
{
Logger.Warn("A user tried to use an unverified discord account to login", "security");
throw new DisplayException("You can only use verified discord accounts for oauth signin");
}
// Handle data