From 569765639d59da69d18c6a63f41c3160500c4a15 Mon Sep 17 00:00:00 2001 From: Philippe Luickx Date: Fri, 27 May 2016 14:26:44 +0300 Subject: [PATCH 1/2] Checking for pre-existing accounts from a different flow when using social connect --- rest_auth/registration/serializers.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py index 9056164..899e74b 100644 --- a/rest_auth/registration/serializers.py +++ b/rest_auth/registration/serializers.py @@ -1,6 +1,7 @@ from django.http import HttpRequest from django.conf import settings from django.utils.translation import ugettext_lazy as _ +from django.contrib.auth import get_user_model try: from allauth.account import app_settings as allauth_settings @@ -109,6 +110,20 @@ class SocialLoginSerializer(serializers.Serializer): raise serializers.ValidationError(_('Incorrect value')) if not login.is_existing: + # We have an account already signed up in a different flow + # with the same email address: raise an exception. + # This needs to be handled in the frontend. We can not just + # link up the accounts due to security constraints + if(allauth_settings.UNIQUE_EMAIL): + # Do we have an account already with this email address? + existing_account = get_user_model().objects.filter( + email=login.user.email, + ).count() + if(existing_account != 0): + # There is an account already + raise serializers.ValidationError( + _("A user is already registered with this e-mail address.")) + login.lookup() login.save(request, connect=True) attrs['user'] = login.account.user From a2f9ca73ee38b038ebda0a4b50c9d5721ee7dbdd Mon Sep 17 00:00:00 2001 From: Philippe Luickx Date: Fri, 27 May 2016 14:26:44 +0300 Subject: [PATCH 2/2] Checking for pre-existing accounts from a different flow when using social connect --- rest_auth/registration/serializers.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py index 9056164..899e74b 100644 --- a/rest_auth/registration/serializers.py +++ b/rest_auth/registration/serializers.py @@ -1,6 +1,7 @@ from django.http import HttpRequest from django.conf import settings from django.utils.translation import ugettext_lazy as _ +from django.contrib.auth import get_user_model try: from allauth.account import app_settings as allauth_settings @@ -109,6 +110,20 @@ class SocialLoginSerializer(serializers.Serializer): raise serializers.ValidationError(_('Incorrect value')) if not login.is_existing: + # We have an account already signed up in a different flow + # with the same email address: raise an exception. + # This needs to be handled in the frontend. We can not just + # link up the accounts due to security constraints + if(allauth_settings.UNIQUE_EMAIL): + # Do we have an account already with this email address? + existing_account = get_user_model().objects.filter( + email=login.user.email, + ).count() + if(existing_account != 0): + # There is an account already + raise serializers.ValidationError( + _("A user is already registered with this e-mail address.")) + login.lookup() login.save(request, connect=True) attrs['user'] = login.account.user