This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
With normal login (POST /rest-auth/login/), when the user is disabled (is_active = False), I get Unable to log in with provided credentials., which is expected.
But with social login (POST rest-auth/github/ or similiar), I get no error, and get the user token.
Not exactly sure if this is not a security issue, but at the very least the behaviour is inconsistent.
Cheers,
Olivier
Here's my setup (taken from the docs) :
urls.py:
...
from allauth.socialaccount.providers.github.views import GitHubOAuth2Adapter
from allauth.socialaccount.providers.oauth2.client import OAuth2Client
from rest_auth.registration.views import SocialLoginView
class GithubLogin(SocialLoginView):
adapter_class = GitHubOAuth2Adapter
callback_url = "http://127.0.0.1:8000/oauth_callback"
client_class = OAuth2Client
urlpatterns = [
...
url(r"^rest-auth/github/$", GithubLogin.as_view(), name="github_login"),
...
]
Hi,
With normal login (
POST /rest-auth/login/), when the user is disabled (is_active = False), I getUnable to log in with provided credentials., which is expected.But with social login (
POST rest-auth/github/or similiar), I get no error, and get the user token.Not exactly sure if this is not a security issue, but at the very least the behaviour is inconsistent.
Cheers,
Olivier
Here's my setup (taken from the docs) :
urls.py: