process_login() in SocialConnectView try to issue a new session tied to the specified social account (when REST_SESSION_LOGIN is True), but I think this behavior is not expected especially when the social account already exists in the DB:
Signup and login as a User 1 tied to a SocialAccount 1
Logout
Signup and login as a User 2 tied to a SocialAccount 2
Run a /connect API for User 2 with SocialAccount 1
process_login()
inSocialConnectView
try to issue a new session tied to the specified social account (whenREST_SESSION_LOGIN
isTrue
), but I think this behavior is not expected especially when the social account already exists in the DB:/connect
API for User 2 with SocialAccount 1_add_social_account
will reject the operationSocialConnectView
runsdjango_login()
and refreshes the user's session with a new one tied to User 1 even if the connection is failedRef. #25.