From 9cd3579b7cb0d37c7121d5a7e52ede869a154dce Mon Sep 17 00:00:00 2001
From: =?utf8?q?Mat=C3=ADas=20Aguirre?= <matiasaguirre@gmail.com>
Date: Mon, 9 Jul 2012 01:50:42 -0300
Subject: [PATCH] Default SOCIAL_AUTH_ASSOCIATE_BY_EMAIL to False to avoid some
 secury risks (while it's not removed). Closes #356

---
 README.rst                                 | 4 ++--
 doc/configuration.rst                      | 4 ++--
 social_auth/backends/pipeline/associate.py | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.rst b/README.rst
index 9abd274..1dc3282 100644
--- a/README.rst
+++ b/README.rst
@@ -335,9 +335,9 @@ Configuration
 
   It is also possible to associate multiple user accounts with a single email
   address, set value as True to enable, otherwise set as False to disable.
-  This behavior is enabled by default (True) unless specifically set::
+  This behavior is disabled by default (False) unless specifically set::
 
-      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = False
+      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True
 
 - You can send extra parameters on auth process by defining settings per
   provider, example to request Facebook to show Mobile authorization page,
diff --git a/doc/configuration.rst b/doc/configuration.rst
index c10a335..3837a56 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -216,9 +216,9 @@ Configuration
 
   It is also possible to associate multiple user accounts with a single email
   address, set value as True to enable, otherwise set as False to disable.
-  This behavior is enabled by default (True) unless specifically set::
+  This behavior is disabled by default (False) unless specifically set::
 
-      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = False
+      SOCIAL_AUTH_ASSOCIATE_BY_MAIL = True
 
 - You can send extra parameters on auth process by defining settings per
   provider, example to request Facebook to show Mobile authorization page,
diff --git a/social_auth/backends/pipeline/associate.py b/social_auth/backends/pipeline/associate.py
index 4679c06..2d2e5dd 100644
--- a/social_auth/backends/pipeline/associate.py
+++ b/social_auth/backends/pipeline/associate.py
@@ -15,7 +15,7 @@ def associate_by_email(details, user=None, *args, **kwargs):
 
     warn_setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', 'associate_by_email')
 
-    if email and setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', True):
+    if email and setting('SOCIAL_AUTH_ASSOCIATE_BY_MAIL', False):
         # try to associate accounts registered with the same email address,
         # only if it's a single object. AuthException is raised if multiple
         # objects are returned
-- 
2.39.5