SocialLoginSerializer ValidationError doesn't block login

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

www.tivix.com

MIT License

2.41k stars 661 forks source link

SocialLoginSerializer ValidationError doesn't block login #604

Open steverecio opened 4 years ago

steverecio commented 4 years ago

If a ValidationError is raised from the SocialLoginSerializer (or a subclass thereof), the request will return a 400 status code but will still log the user in. For example, in an attempt to add two-factor authentication logic on top of the SocialLoginSerializer, I raise a validation error after the super class validate function. The request returns a 400 bad request, but subsequent calls to the api are still authenticated.

BarnabasSzabolcs commented 4 years ago

Hi,

this repo is not maintained anymore, so the development moved to dj-rest-auth. (reference: #568) It may be best, if you move this PR there. (and upgrade to using dj_rest_auth)

new repo link: https://github.com/jazzband/dj-rest-auth (I'm not the upkeeper of that repo, it just makes sense for me to help you write where it brings value.)

Best, Barney