Fix errors when authenticated user has no associated email address

2025-07-22 05:29:46 +03:00 · 2016-10-14 10:25:59 +02:00 · 2016-10-14 10:25:59 +02:00 · 1fc84ce03e
commit 1fc84ce03e
parent 26b264adac
3 changed files with 35 additions and 26 deletions
--- a/rest_auth/locale/de/LC_MESSAGES/django.mo
+++ b/rest_auth/locale/de/LC_MESSAGES/django.mo
--- a/rest_auth/locale/de/LC_MESSAGES/django.po
+++ b/rest_auth/locale/de/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-02-02 14:11+0100\n"
+"POT-Creation-Date: 2016-10-14 10:21+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -18,82 +18,78 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"

-#: registration/serializers.py:54
+#: registration/serializers.py:52
 msgid "View is not defined, pass it as a context variable"
 msgstr "\"View\" ist nicht definiert, übergib es als Contextvariable"

-#: registration/serializers.py:59
+#: registration/serializers.py:57
 msgid "Define adapter_class in view"
 msgstr "Definier \"adapter_class\" in view"

-#: registration/serializers.py:78
+#: registration/serializers.py:76
 msgid "Define callback_url in view"
 msgstr "Definier \"callback_url\" in view"

-#: registration/serializers.py:82
+#: registration/serializers.py:80
 msgid "Define client_class in view"
 msgstr "Definier \"client_class\" in view"

-#: registration/serializers.py:102
+#: registration/serializers.py:100
 msgid "Incorrect input. access_token or code is required."
 msgstr "Falsche Eingabe. \"access_token\" oder \"code\" erforderlich."

-#: registration/serializers.py:111
+#: registration/serializers.py:109
 msgid "Incorrect value"
 msgstr "Falscher Wert."

-#: registration/serializers.py:140
+#: registration/serializers.py:138
 msgid "A user is already registered with this e-mail address."
 msgstr "Ein User mit dieser E-Mail Adresse ist schon registriert."

-#: registration/serializers.py:148
+#: registration/serializers.py:146
 msgid "The two password fields didn't match."
 msgstr "Die beiden Passwörter sind nicht identisch."

-#: registration/views.py:64
+#: registration/views.py:79
 msgid "ok"
 msgstr "Ok"

-#: serializers.py:29
+#: serializers.py:30
 msgid "Must include \"email\" and \"password\"."
 msgstr "Muss \"email\" und \"password\" enthalten."

-#: serializers.py:40
+#: serializers.py:41
 msgid "Must include \"username\" and \"password\"."
 msgstr "Muss \"username\" und \"password\" enthalten."

-#: serializers.py:53
+#: serializers.py:54
 msgid "Must include either \"username\" or \"email\" and \"password\"."
 msgstr "Muss entweder \"username\" oder \"email\" und password \"password\""

-#: serializers.py:94
+#: serializers.py:95
 msgid "User account is disabled."
 msgstr "Der Useraccount ist deaktiviert."

-#: serializers.py:97
+#: serializers.py:98
 msgid "Unable to log in with provided credentials."
 msgstr "Kann nicht mit den angegeben Zugangsdaten anmelden."

-#: serializers.py:106
+#: serializers.py:105
 msgid "E-mail is not verified."
 msgstr "E-Mail Adresse ist nicht verifiziert."

-#: serializers.py:152
-msgid "Error"
-msgstr "Fehler"
-
-#: views.py:71
+#: views.py:120
 msgid "Successfully logged out."
 msgstr "Erfolgreich ausgeloggt."

-#: views.py:111
+#: views.py:161
 msgid "Password reset e-mail has been sent."
 msgstr "Die E-Mail zum Zurücksetzen des Passwortes wurde verschickt."

-#: views.py:132
+#: views.py:182
 msgid "Password has been reset with the new password."
 msgstr "Das Passwort wurde mit dem neuen Passwort ersetzt."

-#: views.py:150
+#: views.py:200
 msgid "New password has been saved."
 msgstr "Das neue Passwort wurde gespeichert."
--- a/rest_auth/serializers.py
+++ b/rest_auth/serializers.py
@ -2,6 +2,7 @@ from django.contrib.auth import get_user_model, authenticate
 from django.conf import settings
 from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm
 from django.contrib.auth.tokens import default_token_generator
+from django.core.exceptions import ObjectDoesNotExist
 from django.utils.http import urlsafe_base64_decode as uid_decoder
 from django.utils.translation import ugettext_lazy as _
 from django.utils.encoding import force_text
@ -100,10 +101,22 @@ class LoginSerializer(serializers.Serializer):
        # If required, is the email verified?
        if 'rest_auth.registration' in settings.INSTALLED_APPS:
            from allauth.account import app_settings
+
+            email_not_verified_msg = _('E-mail is not verified.')
+
            if app_settings.EMAIL_VERIFICATION == app_settings.EmailVerificationMethod.MANDATORY:
-                email_address = user.emailaddress_set.get(email=user.email)
+                # The authenticated user must not strictly be an instance of AUTH_USER_MODEL,
+                # depending on used authentication backends
+                if not hasattr(user, 'emailaddress_set'):
+                    raise serializers.ValidationError(email_not_verified_msg)
+
+                try:
+                    email_address = user.emailaddress_set.get(email=user.email)
+                except ObjectDoesNotExist:
+                    raise serializers.ValidationError(email_not_verified_msg)
+
                if not email_address.verified:
-                    raise serializers.ValidationError(_('E-mail is not verified.'))
+                    raise serializers.ValidationError(email_not_verified_msg)

        attrs['user'] = user
        return attrs