mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2025-07-22 05:29:46 +03:00
Merge d6ff813e7a into 42d039b473
This commit is contained in:
Philippe Luickx
GitHub
commit
7302524d75
|
|
@ -1,6 +1,7 @@
|
||||||
from django.http import HttpRequest
|
from django.http import HttpRequest
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from django.contrib.auth import get_user_model
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from allauth.account import app_settings as allauth_settings
|
from allauth.account import app_settings as allauth_settings
|
||||||
|
|
@ -111,6 +112,20 @@ class SocialLoginSerializer(serializers.Serializer):
|
||||||
raise serializers.ValidationError(_('Incorrect value'))
|
raise serializers.ValidationError(_('Incorrect value'))
|
||||||
|
|
||||||
if not login.is_existing:
|
if not login.is_existing:
|
||||||
|
# We have an account already signed up in a different flow
|
||||||
|
# with the same email address: raise an exception.
|
||||||
|
# This needs to be handled in the frontend. We can not just
|
||||||
|
# link up the accounts due to security constraints
|
||||||
|
if(allauth_settings.UNIQUE_EMAIL):
|
||||||
|
# Do we have an account already with this email address?
|
||||||
|
existing_account = get_user_model().objects.filter(
|
||||||
|
email=login.user.email,
|
||||||
|
).count()
|
||||||
|
if(existing_account != 0):
|
||||||
|
# There is an account already
|
||||||
|
raise serializers.ValidationError(
|
||||||
|
_("A user is already registered with this e-mail address."))
|
||||||
|
|
||||||
login.lookup()
|
login.lookup()
|
||||||
login.save(request, connect=True)
|
login.save(request, connect=True)
|
||||||
attrs['user'] = login.account.user
|
attrs['user'] = login.account.user
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ from rest_auth.views import LoginView
|
||||||
from .app_settings import RegisterSerializer, register_permission_classes
|
from .app_settings import RegisterSerializer, register_permission_classes
|
||||||
|
|
||||||
sensitive_post_parameters_m = method_decorator(
|
sensitive_post_parameters_m = method_decorator(
|
||||||
sensitive_post_parameters('password1', 'password2')
|
sensitive_post_parameters('password', 'old_password', 'new_password1', 'new_password2', 'password1', 'password2')
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -53,14 +53,21 @@ class RegisterView(CreateAPIView):
|
||||||
return TokenSerializer(user.auth_token).data
|
return TokenSerializer(user.auth_token).data
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
def create(self, request, *args, **kwargs):
|
||||||
serializer = self.get_serializer(data=request.data)
|
# Check if registration is open
|
||||||
serializer.is_valid(raise_exception=True)
|
if get_adapter(self.request).is_open_for_signup(self.request):
|
||||||
user = self.perform_create(serializer)
|
serializer = self.get_serializer(data=request.data)
|
||||||
headers = self.get_success_headers(serializer.data)
|
serializer.is_valid(raise_exception=True)
|
||||||
|
user = self.perform_create(serializer)
|
||||||
|
headers = self.get_success_headers(serializer.data)
|
||||||
|
|
||||||
return Response(self.get_response_data(user),
|
return Response(self.get_response_data(user),
|
||||||
status=status.HTTP_201_CREATED,
|
status=status.HTTP_201_CREATED,
|
||||||
headers=headers)
|
headers=headers)
|
||||||
|
else:
|
||||||
|
return Response(
|
||||||
|
data={'message': 'Registration is not open.'},
|
||||||
|
status=status.HTTP_403_FORBIDDEN,
|
||||||
|
)
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
user = serializer.save(self.request)
|
user = serializer.save(self.request)
|
||||||
|
|
@ -110,8 +117,8 @@ class SocialLoginView(LoginView):
|
||||||
|
|
||||||
class FacebookLogin(SocialLoginView):
|
class FacebookLogin(SocialLoginView):
|
||||||
adapter_class = FacebookOAuth2Adapter
|
adapter_class = FacebookOAuth2Adapter
|
||||||
client_class = OAuth2Client
|
client_class = OAuth2Client
|
||||||
callback_url = 'localhost:8000'
|
callback_url = 'localhost:8000'
|
||||||
-------------
|
-------------
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,3 +2,4 @@ django-allauth>=0.25.0
|
||||||
responses>=0.3.0
|
responses>=0.3.0
|
||||||
flake8==2.4.0
|
flake8==2.4.0
|
||||||
djangorestframework-jwt>=1.7.2
|
djangorestframework-jwt>=1.7.2
|
||||||
|
djangorestframework>=3.6.2
|
||||||
|
|
@ -275,8 +275,12 @@ class TestSocialAuth(TestsMixin, TestCase):
|
||||||
'access_token': 'abc123'
|
'access_token': 'abc123'
|
||||||
}
|
}
|
||||||
|
|
||||||
self.post(self.fb_login_url, data=payload, status_code=200)
|
# You should not have access to an account created through register
|
||||||
self.assertIn('key', self.response.json.keys())
|
# by loging in through FB with an account that has the same
|
||||||
|
# email address.
|
||||||
|
self.post(self.fb_login_url, data=payload, status_code=400)
|
||||||
|
# self.post(self.fb_login_url, data=payload, status_code=200)
|
||||||
|
# self.assertIn('key', self.response.json.keys())
|
||||||
|
|
||||||
@responses.activate
|
@responses.activate
|
||||||
@override_settings(
|
@override_settings(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user