From aa1a78d7e0dcdae29cec0339367b44cedd615d0f Mon Sep 17 00:00:00 2001
From: Raymond Penners <raymond.penners@intenct.nl>
Date: Thu, 25 Apr 2024 17:15:00 +0200
Subject: [PATCH] fix(telegram): Don't crash on invalid tgAuthResult

---
 .../socialaccount/providers/telegram/views.py   | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/allauth/socialaccount/providers/telegram/views.py b/allauth/socialaccount/providers/telegram/views.py
index e7853778bf..b09b7e444f 100644
--- a/allauth/socialaccount/providers/telegram/views.py
+++ b/allauth/socialaccount/providers/telegram/views.py
@@ -1,4 +1,5 @@
 import base64
+import binascii
 import hashlib
 import hmac
 import json
@@ -41,9 +42,19 @@ def post(self, request):
                 provider=provider,
             )
 
-        result = request.POST.get("tgAuthResult")
-        padding = "=" * (4 - (len(result) % 4))
-        data = json.loads(base64.b64decode(result + padding))
+        try:
+            result = request.POST.get("tgAuthResult")
+            padding = "=" * (4 - (len(result) % 4))
+            data = json.loads(base64.b64decode(result + padding))
+            if not isinstance(data, dict) or "hash" not in data:
+                raise ValueError("Invalid tgAuthResult")
+        except (binascii.Error, json.JSONDecodeError, ValueError) as e:
+            return render_authentication_error(
+                request,
+                provider=provider,
+                exception=e,
+                extra_context={"state_id": state_id},
+            )
         hash = data.pop("hash")
         payload = "\n".join(sorted(["{}={}".format(k, v) for k, v in data.items()]))
         token = provider.app.secret