Fix refresh bug

There was a bug where the session would not retain data correctly after a hard refresh. This fixes that
2025-05-16 01:27:03 +02:00 · 2024-05-23 10:02:59 -06:00 · 2024-05-23 10:02:59 -06:00 · 0c86311982
commit 0c86311982
parent 5e9db8f1db
2 changed files with 5 additions and 1 deletions
--- a/src/djangooidc/oidc.py
+++ b/src/djangooidc/oidc.py
@ -250,6 +250,8 @@ class Client(oic.Client):
        # Define vtm/vtr information on the user dictionary so we can track this in one location.
        # If a user has this information, then they are bumped up in terms of verification level.
        if session.get("needs_step_up_auth") is True:
+            if "ial" in info_response_dict:
+                info_response_dict.pop("ial")
            info_response_dict["vtm"] = session.get("vtm", "")
            info_response_dict["vtr"] = session.get("vtr", "")

--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@ -165,7 +165,9 @@ def _requires_step_up_auth(userinfo) -> bool:
    """
    uuid = userinfo.get("sub", "")
    email = userinfo.get("email", "")
-    if not userinfo.get("vtm") or not userinfo.get("vtr"):
+    # This value is returned after successful auth
+    user_verified = userinfo.get("vot", "")
+    if not userinfo.get("vtm") or not userinfo.get("vtr") or not user_verified:
        # The acr of this attempt is not at the highest level
        # so check if the user needs the higher level
        return User.needs_identity_verification(email, uuid)