From: Matías Aguirre <matiasaguirre@gmail.com>
Date: Mon, 9 Jul 2012 04:50:42 +0000 (-0300)
Subject: Default SOCIAL_AUTH_ASSOCIATE_BY_EMAIL to False to avoid some secury risks (while... 
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=9cd3579b7cb0d37c7121d5a7e52ede869a154dce;p=django-social-auth.git

Default SOCIAL_AUTH_ASSOCIATE_BY_EMAIL to False to avoid some secury risks (while it's not removed). Closes #356
---

diff --git a/README.rst b/README.rst
index 9abd274..1dc3282 100644
--- a/README.rst
+++ b/README.rst
@@ -335,9 +335,9 @@ Configuration
 
   It is also possible to associate multiple user accounts with a single email
   address, set value as True to enable, otherwise set as False to disable.
-  This behavior is enabled by default (True) unless specifically set::
+  This behavior is disabled by default (False) unless specifically set::
 
-      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = False
+      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True
 
 - You can send extra parameters on auth process by defining settings per
   provider, example to request Facebook to show Mobile authorization page,
diff --git a/doc/configuration.rst b/doc/configuration.rst
index c10a335..3837a56 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -216,9 +216,9 @@ Configuration
 
   It is also possible to associate multiple user accounts with a single email
   address, set value as True to enable, otherwise set as False to disable.
-  This behavior is enabled by default (True) unless specifically set::
+  This behavior is disabled by default (False) unless specifically set::
 
-      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = False
+      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True
 
 - You can send extra parameters on auth process by defining settings per
   provider, example to request Facebook to show Mobile authorization page,
diff --git a/social_auth/backends/pipeline/associate.py b/social_auth/backends/pipeline/associate.py
index 4679c06..2d2e5dd 100644
--- a/social_auth/backends/pipeline/associate.py
+++ b/social_auth/backends/pipeline/associate.py
@@ -15,7 +15,7 @@ def associate_by_email(details, user=None, *args, **kwargs):
 
     warn_setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', 'associate_by_email')
 
-    if email and setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', True):
+    if email and setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', False):
         # try to associate accounts registered with the same email address,
         # only if it's a single object. AuthException is raised if multiple
         # objects are returned