Merge pull request #226 from johngian/fix-222

Return `None` when authenticate() request has no `state` or `code`
mozilla · Apr 24, 2018 · 6fe0347 · 6fe0347
2 parents feab268 + 25c34e4
commit 6fe0347
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/mozilla_django_oidc/auth.py b/mozilla_django_oidc/auth.py
@@ -157,7 +157,7 @@ def authenticate(self, **kwargs):
         session = self.request.session
 
         if not code or not state:
-            raise SuspiciousOperation('Code or state not found.')
+            return None
 
         reverse_url = import_from_settings('OIDC_AUTHENTICATION_CALLBACK_URL',
                                            'oidc_authentication_callback')

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -317,8 +317,7 @@ def test_authenticate_no_code_no_state(self):
         # there are no GET params
         request = RequestFactory().get('/foo')
         request.session = {}
-        with self.assertRaisesMessage(SuspiciousOperation, 'Code or state not found'):
-            self.backend.authenticate(request=request)
+        self.assertIsNone(self.backend.authenticate(request=request))
 
     @override_settings(OIDC_USE_NONCE=False)
     @patch('mozilla_django_oidc.auth.OIDCAuthenticationBackend._verify_jws')