From e46ffd7341e270b9b4e0b6f540eb4976bf0d2a78 Mon Sep 17 00:00:00 2001 From: Christopher Dignam Date: Sun, 28 Jan 2018 13:51:53 -0500 Subject: [PATCH] Return 403 instead of 500 error for disconnect view When a user only has a social account associated with them and they attempt to disconnect it, we should return a 403 error, not a 500 error. --- rest_auth/registration/views.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rest_auth/registration/views.py b/rest_auth/registration/views.py index 0e0ab0d..c666fb1 100644 --- a/rest_auth/registration/views.py +++ b/rest_auth/registration/views.py @@ -1,4 +1,5 @@ from django.conf import settings +from django.core.exceptions import ValidationError from django.utils.decorators import method_decorator from django.utils.translation import ugettext_lazy as _ from django.views.decorators.debug import sensitive_post_parameters @@ -6,7 +7,8 @@ from django.views.decorators.debug import sensitive_post_parameters from rest_framework.views import APIView from rest_framework.response import Response from rest_framework.permissions import (AllowAny, - IsAuthenticated) + IsAuthenticated, + PermissionDenied) from rest_framework.generics import CreateAPIView, ListAPIView, GenericAPIView from rest_framework.exceptions import NotFound from rest_framework import status @@ -174,7 +176,10 @@ class SocialAccountDisconnectView(GenericAPIView): if not account: raise NotFound - get_social_adapter(self.request).validate_disconnect(account, accounts) + try: + get_social_adapter(self.request).validate_disconnect(account, accounts) + except ValidationError as e: + raise PermissionDenied(detail=e.args[0]) account.delete() signals.social_account_removed.send(