Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2025-07-22 13:39:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge d6ff813e7a into 42d039b473

Browse Source
This commit is contained in:
Philippe Luickx 2017-10-03 14:53:24 +00:00 committed by GitHub
commit 7302524d75
4 changed files with 39 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
rest_auth/registration/serializers.py
View File

@ -1,6 +1,7 @@
from django.http import HttpRequest from django.http import HttpRequest
from django.conf import settings from django.conf import settings
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.contrib.auth import get_user_model
try: try:
from allauth.account import app_settings as allauth_settings from allauth.account import app_settings as allauth_settings
@ -111,6 +112,20 @@ class SocialLoginSerializer(serializers.Serializer):
raise serializers.ValidationError(_('Incorrect value')) raise serializers.ValidationError(_('Incorrect value'))
if not login.is_existing: if not login.is_existing:
# We have an account already signed up in a different flow
# with the same email address: raise an exception.
# This needs to be handled in the frontend. We can not just
# link up the accounts due to security constraints
if(allauth_settings.UNIQUE_EMAIL):
# Do we have an account already with this email address?
existing_account = get_user_model().objects.filter(
email=login.user.email,
).count()
if(existing_account != 0):
# There is an account already
raise serializers.ValidationError(
_("A user is already registered with this e-mail address."))
login.lookup() login.lookup()
login.save(request, connect=True) login.save(request, connect=True)
attrs['user'] = login.account.user attrs['user'] = login.account.user

27
rest_auth/registration/views.py
View File

@ -25,7 +25,7 @@ from rest_auth.views import LoginView
from .app_settings import RegisterSerializer, register_permission_classes from .app_settings import RegisterSerializer, register_permission_classes
sensitive_post_parameters_m = method_decorator( sensitive_post_parameters_m = method_decorator(
sensitive_post_parameters('password1', 'password2') sensitive_post_parameters('password', 'old_password', 'new_password1', 'new_password2', 'password1', 'password2')
) )
@ -53,14 +53,21 @@ class RegisterView(CreateAPIView):
return TokenSerializer(user.auth_token).data return TokenSerializer(user.auth_token).data
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data) # Check if registration is open
serializer.is_valid(raise_exception=True) if get_adapter(self.request).is_open_for_signup(self.request):
user = self.perform_create(serializer) serializer = self.get_serializer(data=request.data)
headers = self.get_success_headers(serializer.data) serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(self.get_response_data(user), return Response(self.get_response_data(user),
status=status.HTTP_201_CREATED, status=status.HTTP_201_CREATED,
headers=headers) headers=headers)
else:
return Response(
data={'message': 'Registration is not open.'},
status=status.HTTP_403_FORBIDDEN,
)
def perform_create(self, serializer): def perform_create(self, serializer):
user = serializer.save(self.request) user = serializer.save(self.request)
@ -110,8 +117,8 @@ class SocialLoginView(LoginView):
class FacebookLogin(SocialLoginView): class FacebookLogin(SocialLoginView):
adapter_class = FacebookOAuth2Adapter adapter_class = FacebookOAuth2Adapter
client_class = OAuth2Client client_class = OAuth2Client
callback_url = 'localhost:8000' callback_url = 'localhost:8000'
------------- -------------
""" """

1
rest_auth/tests/requirements.pip
View File

@ -2,3 +2,4 @@ django-allauth>=0.25.0
responses>=0.3.0 responses>=0.3.0
flake8==2.4.0 flake8==2.4.0
djangorestframework-jwt>=1.7.2 djangorestframework-jwt>=1.7.2
djangorestframework>=3.6.2

8
rest_auth/tests/test_social.py
View File

@ -275,8 +275,12 @@ class TestSocialAuth(TestsMixin, TestCase):
'access_token': 'abc123' 'access_token': 'abc123'
} }
self.post(self.fb_login_url, data=payload, status_code=200) # You should not have access to an account created through register
self.assertIn('key', self.response.json.keys()) # by loging in through FB with an account that has the same
# email address.
self.post(self.fb_login_url, data=payload, status_code=400)
# self.post(self.fb_login_url, data=payload, status_code=200)
# self.assertIn('key', self.response.json.keys())
@responses.activate @responses.activate
@override_settings( @override_settings(