Social user creation override other user account information

[cyril36]

Hi, The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow : 1) create a superuser with the django command : $ manage.py createsuperuser

• root
• email@gmail.com
• password

2) use the graphQL social auth to create your user : mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected : A User is created thanks to the social auth module. So we should have 2 users in the database :

• root user (created with the createsuperuser command)
• user1 (created with the socialauthToken mutation)

Real Behavior : The social user is not created. The information from the social user override the missing root user information. Root user information before user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

• My dockerfile to have my django environment ready
• settings file
• schema file
• url file

Thank you for your help

django-graphql-social-auth_bug.zip

[IgorMalyga]

Hi, The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

1. create a superuser with the django command : $ manage.py createsuperuser

   • root
   • email@gmail.com
   • password
2. use the graphQL social auth to create your user : mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected : A User is created thanks to the social auth module. So we should have 2 users in the database :

• root user (created with the createsuperuser command)
• user1 (created with the socialauthToken mutation)

Real Behavior : The social user is not created. The information from the social user override the missing root user information. Root user information before user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

• My dockerfile to have my django environment ready
• settings file
• schema file
• url file

Thank you for your help

django-graphql-social-auth_bug.zip

Hi! I met the same problem. Try to delete token and other data of current user on client side before you send socialAuth mutation. It solved my problem.