Exemplo n.º 1
def get_username(strategy, details, backend, user=None, *args, **kwargs):
    """Check if the username already exists. Raise an exception if yes."""
    if "username" not in backend.setting("USER_FIELDS", USER_FIELDS):
        return None

    storage = strategy.storage

    if user:
        # The user already exists return its username.
        return {"username": storage.user.get_username(user)}

    email_as_username = strategy.setting("USERNAME_IS_FULL_EMAIL", False)

    if email_as_username and details.get("email"):
        username = details["email"]
    elif details.get("username"):
        username = details["username"]
        raise AuthFailed(backend, "Failed to retrieve a valid username.")

    if storage.user.user_exists(username=username):
        raise AuthAlreadyAssociated(
            backend, f"user with username {username} already exists."

    return {"username": username}
Exemplo n.º 2
def verify_username(strategy, backend, details, user=None, **kwargs):
    """Verified whether username is still free.

    It can happen that user has registered several times or other user has
    taken the username meanwhile.
    if user or 'username' not in details:
    if User.objects.filter(username__iexact=details['username']).exists():
        raise AuthAlreadyAssociated(backend, 'Username exists')
Exemplo n.º 3
def verify_username(strategy, backend, details, user=None, **kwargs):
    """Verified whether username is still free.

    It can happen that user has registered several times or other user has
    taken the username meanwhile.
    if not user and 'username' in details:
        if User.objects.filter(username__iexact=details['username']).exists():
            raise AuthAlreadyAssociated(
                _('This username is already taken. Please choose another.'))
Exemplo n.º 4
def ensure_valid(strategy, backend, user, registering_user, weblate_action,
                 weblate_expires, new_association, details, **kwargs):
    """Ensure the activation link is still."""

    # Didn't the link expire?
    if weblate_expires < time.time():
        raise AuthMissingParameter(backend, 'expires')

    # We allow password reset for unauthenticated users
    if weblate_action == 'reset':
        if strategy.request.user.is_authenticated:
                _('You can not complete password reset while logged in!'),
                             _('The registration link has been invalidated.'))
            raise AuthMissingParameter(backend, 'user')

    # Add e-mail/register should stay on same user
    if user and user.is_authenticated:
        current_user = user.pk
        current_user = None

    if current_user != registering_user:
        if registering_user is None:
                _('You can not complete registration while logged in!'),
                _('You can confirm your registration only while logged in!'),
                         _('The registration link has been invalidated.'))

        raise AuthMissingParameter(backend, 'user')

    # Verify if this mail is not used on other accounts
    if new_association:
        same = VerifiedEmail.objects.filter(email=details['email'])
        if user:
            same = same.exclude(social__user=user)

        if same.exists():
            AuditLog.objects.create(same[0].social.user, strategy.request,
            raise AuthAlreadyAssociated(backend, 'E-mail exists')
Exemplo n.º 5
def social_user(backend, uid, user=None, *args, **kwargs):
    provider = backend.name
    social = backend.strategy.storage.user.get_social_auth(provider, uid)
    if social:
        if user and social.user != user:
            msg = 'This account is already in use.'
            raise AuthAlreadyAssociated(backend, msg)
        elif not user:
            user = social.user
    return {'social': social,
            'user': user,
            'is_new': user is None,
            'new_association': social is None}
Exemplo n.º 6
def selective_social_user(backend, uid, user=None, *args, **kwargs):
    provider = backend.name
    social = backend.strategy.storage.user.get_social_auth(provider, uid)
    if social:
        if user and social.user != user:
            if backend.name not in ('twitter', 'facebook'):
                msg = 'This {0} account is already in use.'.format(provider)
                raise AuthAlreadyAssociated(backend, msg)
        elif not user:
            user = social.user
    return {'social': social,
            'user': user,
            'is_new': user is None,
            'new_association': False}
Exemplo n.º 7
    def test_initialize_engine_object_AuthAlreadyAssociated(self):
        input_engine = 'tethys_dataset_services.engines.HydroShareDatasetEngine'
        input_end_point = 'http://localhost/api/3/action'

        mock_user = mock.MagicMock()
        mock_request = mock.MagicMock(user=mock_user, path='path')

        mock_social = mock.MagicMock()

        mock_user.social_auth.get.side_effect = [AuthAlreadyAssociated(mock.MagicMock(), mock.MagicMock()), mock_social]

        self.assertRaises(AuthAlreadyAssociated, initialize_engine_object, engine=input_engine,
                          endpoint=input_end_point, request=mock_request)

Exemplo n.º 8
def social_user(backend, uid, user=None, *args, **kwargs):
    provider = backend.name

    social = backend.strategy.storage.user.get_social_auth(provider, uid)

    if social:
        # can happen when user has multiple accounts with same email (apply email uniqueness strictly)
        if user and social.user != user:
            msg = 'This {0} account is already in use.'.format(provider)
            raise AuthAlreadyAssociated(backend, msg)
        elif not user:
            user = social.user
    return {'social': social,
            'user': user,
            'is_new': user is None,
            'new_association': social is None}
Exemplo n.º 9
def social_user(backend, uid, user=None, *args, **kwargs):
    Search for UserSocialAuth.
    provider = backend.name
    social = backend.strategy.storage.user.get_social_auth(provider, uid)
    if social:
        if user and social.user != user and not user.groups.filter(name='Temporary').exists():
            if not_allowed_to_merge(user, social.user):
                msg = 'Merge aborted due to providers intersection.'
                raise AuthAlreadyAssociated(backend, msg)
        elif not user or user.groups.filter(name='Temporary').exists():
            user = social.user
    return {'social': social,
            'user': user,
            'is_new': user is None,
            'new_association': False}
Exemplo n.º 10
def associate_by_email(*args, **kwargs):
    """Check if a user with this email already exists. If they do, don't create an account."""
    backend = kwargs['backend']
    if backend.name in ['google-oauth2', 'github'] or kwargs.get('user'):
        # We provide and exception here for users upgrading.
        return super_associate_by_email(*args, **kwargs)

    email = kwargs['details'].get('email')

    if email:
        User = get_user_model()
        if User.objects.filter(email=email).exists():
            msg = (
                f"This email (associated with {backend.name}) from is already in use. "
                "First login with your other account and under the top right menu "
                "click add account.")

            raise AuthAlreadyAssociated(msg)
Exemplo n.º 11
def test_process_exception(rf, settings):
    """Tests that a process_exception handles auth exceptions correctly"""
    settings.DEBUG = False
    msg = "error message"
    request = rf.get(reverse("social:complete", args=("email", )))
    # social_django depends on request.sesssion, so use the middleware to set that
    strategy = load_strategy(request)
    backend = load_backend(strategy, "email", None)
    request.social_strategy = strategy
    request.backend = backend

    middleware = SocialAuthExceptionRedirectMiddleware()
    result = middleware.process_exception(request,
                                          AuthAlreadyAssociated(backend, msg))
    assert result.status_code == status.HTTP_302_FOUND
    assert result.url == "{}?message={}&backend={}".format(
        reverse("login"), urlquote(msg), backend.name)
Exemplo n.º 12
    def test_ensure_oauth2_AuthAlreadyAssociated(self, mock_redirect, mock_reverse):
        from social_core.exceptions import AuthAlreadyAssociated

        mock_user = mock.MagicMock()

        mock_request = mock.MagicMock(user=mock_user, path='path')

        mock_redirect_url = mock.MagicMock()

        mock_reverse.return_value = mock_redirect_url

        mock_user.social_auth.get.side_effect = AuthAlreadyAssociated(mock.MagicMock(), mock.MagicMock())

        self.assertRaises(AuthAlreadyAssociated, enforced_controller, mock_request)

        mock_reverse.assert_called_once_with('social:begin', args=['hydroshare'])

Exemplo n.º 13
def social_user_uid_swap(backend, uid, user=None, *args, **kwargs):
    This pipeline function migrates UserSocialAuth.uid from an email address to using the 'large int' UID,
    as provided by Google OAuth2. This is specifically intended for use where a production instance was started with
    `settings.SOCIAL_AUTH_GOOGLE_OAUTH2_USE_UNIQUE_USER_ID = False` (the default) and then was switched to `True`.
    It will transparently migrate the existing UserSocialAuth record upon login to use the correct uid, maintaining
    User foreign key associations.

    It is intended to be inserted in settings.SOCIAL_AUTH_PIPELINE after 'social_core.pipeline.social_auth.social_uid'.

    provider = backend.name
    email = kwargs.get('response', {}).get('email', None)
    # logger.debug(f'social_user_lookup_and_uid_swap uid: {uid}')
    # logger.debug(f'social_user_lookup_and_uid_swap email: {email}')
    # logger.debug(f'social_user_lookup_and_uid_swap args: {args}')
    # logger.debug(f'social_user_lookup_and_uid_swap kwargs: {kwargs}')
    # logger.debug(f'social_user_lookup_and_uid_swap backend: {dir(backend)}')

    social = backend.strategy.storage.user.get_social_auth(provider, uid)
    if not social and backend.setting('USE_UNIQUE_USER_ID',
                                      False) and email is not None:
        social = backend.strategy.storage.user.get_social_auth(provider, email)
        if social:
            social.uid = uid

    if social:
        if user and social.user != user:
            msg = 'This account is already in use.'
            raise AuthAlreadyAssociated(backend, msg)
        elif not user:
            user = social.user
    return {
        'social': social,
        'user': user,
        'is_new': user is None,
        'new_association': social is None
Exemplo n.º 14
    def process_exception(self, request, exception):
        Handle exceptions raised during the authentication process.
        referer_url = request.META.get('HTTP_REFERER', '')
        referer_url = urlparse(referer_url).path

        if referer_url != reverse('signin_user') and request.view_name not in [
                'auth', 'complete'
            return super().process_exception(request, exception)

        if isinstance(exception, EoxTenantAuthException):
            new_exception = AuthFailed(
            LOG.error("%s", exception)
            return super().process_exception(request, new_exception)

        if isinstance(exception, IntegrityError):
            backend = getattr(request, 'backend', None)
            new_exception = AuthAlreadyAssociated(
                "The given email address is associated with another account",
            LOG.error("%s", exception)
            return super().process_exception(request, new_exception)

        if isinstance(exception, HTTPError):
            backend = getattr(request, 'backend', None)
            new_exception = AuthUnreachableProvider(
                "Unable to connect with the external provider",
            LOG.error("%s", exception)
            return super().process_exception(request, new_exception)

        return super().process_exception(request, exception)
Exemplo n.º 15
def signup(backend, strategy, is_signup=False, is_new=False, **kwargs):
    if is_signup:  # Signup
        if is_new:
            try:  # Check if already signed up or not
                user = User.objects.get(
            except User.DoesNotExist:
                return strategy.redirect(
                            args=(kwargs.get('current_partial').token, )))
                strategy.session_pop('account_verified_email', None)
                return {'user': user}
        else:  # User existed
            msg = _("This {} account is already registered.".format(
            raise AuthAlreadyAssociated(backend, msg)
    else:  # Login
        if is_new:  # User does not exist
            raise AuthForbidden(backend)
        else:  # All is good, continue
            return None
Exemplo n.º 16
def social_user(backend, uid, user=None, *args, **kwargs):
    provider = backend.name
    unionid = kwargs.get('unionid')
    social = backend.strategy.storage.user.get_social_auth(provider, uid)
    # 如果这个uid未能找到, 需要查看他关联的unionid
    # 是否有其他微信使用
    if not social and unionid:
        social_auth_unionids = SocialAuthUnionID.objects.filter(unionid=unionid)
        for each in social_auth_unionids:
            if each.uid == uid and each.provider == provider:
            social = backend.strategy.storage.user.get_social_auth(each.provider, each.uid)
            if social:
    if social:
        if user and social.user != user:
            msg = 'This {0} account is already in use.'.format(provider)
            raise AuthAlreadyAssociated(backend, msg)
        elif not user:
            user = social.user
    return {'social': social,
            'user': user,
            'is_new': user is None,
            'new_association': social is None}