def validate_state(self, value):
"""Validate the state is equal to the one stored in the session."""
try:
SocialLogin.verify_and_unstash_state(
self.context['request'],
value,
)
# Allauth raises PermissionDenied if the validation fails
except PermissionDenied:
raise ValidationError(_('State did not match.'))
return value
def validate_state(self, value):
"""
Checks that the state is equal to the one stored in the session.
Since we are validating state against information stored in
the session, the Login and CreateCallback requests must
originate from the same endpoint and must be authenticated.
"""
try:
SocialLogin.verify_and_unstash_state(
self.context['request'],
value,
)
# Allauth raises PermissionDenied if the validation fails
except PermissionDenied:
raise ValidationError(_('State did not match.'))
return value
def dispatch(self, request, *args, **kwargs):
auth_error = get_request_param(request, "error")
code = get_request_param(request, "code")
if auth_error or not code:
# Distinguish cancel from error
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(self.request, app)
try:
token_data = self.adapter.get_access_token_data(self.request,
app=app,
client=client)
token = self.adapter.parse_token(data=token_data)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=token_data)
login.token = token
state = get_request_param(request, "state")
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(
request, state)
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (
PermissionDenied,
OAuth2Error,
RequestException,
ProviderException,
) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request, *args, **kwargs):
"""
This overloading is necessary to manage the case
when the user clicks on "Cancel" once on the "Mire de connexion PE Connect".
Original code:
https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/providers/oauth2/views.py#L113
"""
if "error" in request.GET or "code" not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get("error", None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
elif auth_error is None and "state" in request.GET:
# This custom case happens when the user clicks "Cancel" on the
# "Mire de connexion PE Connect".
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
logger.error("Unknown error in PEAMU dispatch.")
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(
request, get_request_param(request, "state"))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error, RequestException,
ProviderException) as e:
# This log is useful, 3.6k events for 75 users in 18 days but we have to disable it
# to not reach the Sentry limit. The issue is tracked in Trello.
# logger.error("Unknown error in PEAMU dispatch with exception '%s'.", e)
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
if "error" in request.GET or not "code" in request.GET:
# TODO: Distinguish cancel from error
return render_authentication_error(request)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request, app, token, response=access_token)
token.account = login.account
login.token = token
login.state = SocialLogin.verify_and_unstash_state(request, request.REQUEST.get("state"))
return complete_social_login(request, login)
except OAuth2Error:
return render_authentication_error(request)
def dispatch(self, request, *args, **kwargs):
if "error" in request.GET or "code" not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get("error", None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request,
self.adapter.provider_id,
error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(self.request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request,
app,
token,
response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(
request, get_request_param(request, "state"))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (
PermissionDenied,
OAuth2Error,
RequestException,
ProviderException,
) as e:
return render_authentication_error(request,
self.adapter.provider_id,
exception=e)
def dispatch(self, request):
if "error" in request.GET or "code" not in request.GET:
# Distinguish cancel from error
auth_error = request.GET.get("error", None)
if auth_error == self.adapter.login_cancelled_error:
error = AuthError.CANCELLED
else:
error = AuthError.UNKNOWN
return render_authentication_error(request, self.adapter.provider_id, error=error)
app = self.adapter.get_provider().get_app(self.request)
client = self.get_client(request, app)
try:
access_token = client.get_access_token(request.GET["code"])
token = self.adapter.parse_token(access_token)
token.app = app
login = self.adapter.complete_login(request, app, token, response=access_token)
login.token = token
if self.adapter.supports_state:
login.state = SocialLogin.verify_and_unstash_state(request, get_request_param(request, "state"))
else:
login.state = SocialLogin.unstash_state(request)
return complete_social_login(request, login)
except (PermissionDenied, OAuth2Error, RequestException, ProviderException) as e:
return render_authentication_error(request, self.adapter.provider_id, exception=e)
