Fix vulnerability (#5521)

3 years ago · 75b338b549
parent 3c8ac1ef7d
commit 75b338b549
2 changed files with 3 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -22,7 +22,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Helm: Empty password for Redis (<https://github.com/opencv/cvat/pull/5520>)

 ### Security
- TDB
+- Fixed vulnerability with social authentication (<https://github.com/opencv/cvat/pull/5521>)

 ## \[2.3.0] - 2022-12-22
 ### Added
--- a/cvat/apps/engine/views.py
+++ b/cvat/apps/engine/views.py
@ -251,12 +251,12 @@ class ServerViewSet(viewsets.ViewSet):
    def advanced_authentication(request):
        use_social_auth = settings.USE_ALLAUTH_SOCIAL_ACCOUNTS
        integrated_auth_providers = settings.SOCIALACCOUNT_PROVIDERS.keys() if use_social_auth else []
-        google_auth_is_enabled = (
+        google_auth_is_enabled = bool(
            'google' in integrated_auth_providers
            and settings.SOCIAL_AUTH_GOOGLE_CLIENT_ID
            and settings.SOCIAL_AUTH_GOOGLE_CLIENT_SECRET
        )
-        github_auth_is_enabled = (
+        github_auth_is_enabled = bool(
            'github' in integrated_auth_providers
            and settings.SOCIAL_AUTH_GITHUB_CLIENT_ID
            and settings.SOCIAL_AUTH_GITHUB_CLIENT_SECRET