Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fix for bug that connects multiple profiles to users in some instances. #142

Closed
wants to merge 3 commits into from

2 participants

@wesc

Here's the situation:

  1. I log into Facebook as Alice
  2. I log into the Django app using Facebook
  3. I log out of Facebook
  4. I log into Facebook as Bob
  5. The app exposes a "connect with facebook" button, even though I'm logged in as Alice. I click on it.

The result: both Alice and Bob's Facebook profiles are linked with Alice's account in the app.

What this patch does is check to see if request.user does not match the user associated with the profile. If this is the case, log in as the user associated with the profile, rather than connect the profile with request.user.

@flashingpumpkin

Makes sense. Could you add a testcase for this too?

@flashingpumpkin

Ah well, looks like I'm doing some updates again so I might add the tests myself

@wesc

I'm a bit occupied at the moment, but will hopefully be free to write the test after a week or so.

@wesc

Just added another fix to this pull request.

(Forgive me, I'm not a real git or github user. I would have preferred to make a separate pull request for this commit, but apparently that's not how it works)

Steps:

  1. User logs in, not via FB
  2. User connects with FB
  3. socialregistration connects the FB profile to the User, but does not re-authenticate or login.

This patch changes step 3 so that we re-authenticate and login. It might seem arbitrary, but the reason we should do this is because Django keeps track of which authentication backend a user authenticated with. I think the right thing to do is to set the authentication backend in this case to be FB.

This commit solves a problem with my use case, which is mixing django-lazysignup with socialregistration.

@flashingpumpkin flashingpumpkin referenced this pull request from a commit
@flashingpumpkin Fixed: #143 #142 #127 #79 c773adf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 17, 2012
  1. @wesc
  2. @wesc
Commits on Feb 23, 2012
  1. @wesc
This page is out of date. Refresh to see the latest.
Showing with 9 additions and 1 deletion.
  1. +9 −1 socialregistration/views.py
View
10 socialregistration/views.py
@@ -240,13 +240,21 @@ def get(self, request):
# Get the lookup dictionary to find the user's profile
lookup_kwargs = self.get_lookup_kwargs(request, client)
+ try:
+ profile_user = self.get_profile(**lookup_kwargs)
+ connect_profile = (not profile_user) or (profile_user == request.user)
+ except self.get_model().DoesNotExist:
+ connect_profile = True
+
# Logged in user connecting an account
- if request.user.is_authenticated():
+ if connect_profile and request.user.is_authenticated():
profile, created = self.get_or_create_profile(request.user,
save=True, **lookup_kwargs)
# Profile existed - but got reconnected. Send the signal and
# send the 'em where they were about to go in the first place.
+ user = self.authenticate(**lookup_kwargs)
+ self.login(request, user)
self.send_connect_signal(request, request.user, profile, client)
return self.redirect(request)
Something went wrong with that request. Please try again.