Return 403 instead of 500 error for disconnect view

When a user only has a social account associated with them and they attempt to disconnect it, we should return a 403 error, not a 500 error.
2024-11-22 00:56:34 +03:00 · 2018-01-28 13:51:53 -05:00 · 2018-01-28 13:51:53 -05:00 · e46ffd7341
commit e46ffd7341
parent a3057b7aa1
1 changed files with 7 additions and 2 deletions
--- a/rest_auth/registration/views.py
+++ b/rest_auth/registration/views.py
@ -1,4 +1,5 @@
 from django.conf import settings
+from django.core.exceptions import ValidationError
 from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.debug import sensitive_post_parameters
@ -6,7 +7,8 @@ from django.views.decorators.debug import sensitive_post_parameters
 from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework.permissions import (AllowAny,
-                                        IsAuthenticated)
+                                        IsAuthenticated,
+                                        PermissionDenied)
 from rest_framework.generics import CreateAPIView, ListAPIView, GenericAPIView
 from rest_framework.exceptions import NotFound
 from rest_framework import status
@ -174,7 +176,10 @@ class SocialAccountDisconnectView(GenericAPIView):
        if not account:
            raise NotFound

-        get_social_adapter(self.request).validate_disconnect(account, accounts)
+        try:
+            get_social_adapter(self.request).validate_disconnect(account, accounts)
+        except ValidationError as e:
+            raise PermissionDenied(detail=e.args[0])

        account.delete()
        signals.social_account_removed.send(