chipy.org icon indicating copy to clipboard operation
chipy.org copied to clipboard

Published 20 hours ago verified publisher icon chicagopython

Associate by Email Removed from Python Social Auth Pipeline

Open elmq0022 opened this issue 4 years ago • 0 comments

@raymondberg, this issue is in reference to commit 0d79b92 which removed the chipy lib custom pipeline from the settings.py file.

Here's a link to the associate_by_email doc.

The short version is: associate_by_email prevents user with multiple social accounts from generating multiple users with the same email address.

I believe you have two or more existing users with the same email address in the chipy DB. As Python Social Auth's associate_by_email barfs if you have 2 or more users with the same email account elif len(users) > 1: raise AuthException

Can you the confirm above hypothesis by checking the DB for multiple occurrences of you email(s) in the Users table?

    email = details.get('email')
    if email:
        # Try to associate accounts registered with the same email address,
        # only if it's a single object. AuthException is raised if multiple
        # objects are returned.
        users = list(backend.strategy.storage.user.get_users_by_email(email))
        if len(users) == 0:
            return None
        elif len(users) > 1:
            raise AuthException(
                backend,
                'The given email address is associated with another account'
            )
        else:
            return {'user': users[0],
                    'is_new': False}

The chipy pipeline that's supposed to deal with this situation just basically calls associate_by_email. Unless a person is has an OpenID account they'll likely never see the if email block below.

from django.contrib.auth import get_user_model
from django.utils.translation import ugettext
from social_core.exceptions import AuthAlreadyAssociated
from social_core.pipeline.social_auth import associate_by_email as super_associate_by_email

def associate_by_email(*args, **kwargs):
    """Check if a user with this email already exists. If they do, don't create an account."""
    backend = kwargs['backend']
    if backend.name in ['google-oauth2', 'github'] or kwargs.get('user'):
        # We provide and exception here for users upgrading.
        return super_associate_by_email(*args, **kwargs)

    email = kwargs['details'].get('email')

    if email:
        User = get_user_model()
        if User.objects.filter(email=email).exists():
            msg = ugettext('This email is already in use. First login with your other account and '
                           'under the top right menu click add account.')
            raise AuthAlreadyAssociated(backend, msg % {
                'provider': backend.name
            })

Do we want to added associate_by_email back to the pipeline? How do we handle users who already have 2 or more users in the DB with the same email?

elmq0022 avatar Dec 03 '19 05:12 elmq0022