AuthException account is already in use
483 views
Skip to first unread message
Peter Bittner
Aug 18, 2012, 7:07:22 PM8/18/12
to django-so...@googlegroups.com
Hi,
I'm finally playing with dsa authentication allowing a user to
authenticate with several social services. Of course, when I try to
associate a django account to a service which is already in use by
another django account, AuthException is thrown:
AuthException at /complete/dropbox/
This dropbox account is already in use.
Request Method: GET
Request URL: http://mydomain.tld/complete/dropbox/?uid=84703928&oauth_token=1uqdesv8hkd8bx5
Django Version: 1.4
Exception Type: AuthException
Exception Value: This dropbox account is already in use.
Exception Location: build/bdist.linux-armv5tel/egg/social_auth/backends/pipeline/social.py
in social_auth_user, line 27
Python Executable: /usr/bin/python
Python Version: 2.6.2
Question 1: Where do I catch this exception? -- The traceback shows a
route which does not reach my django code; execution terminates at
social_auth/backends/pipeline/social.py
Googling for this you find a hint saying to modify the authentication
pipeline and create your own version of a related function [1]. Is
this the way to go?
[1] http://stackoverflow.com/questions/10294657/how-to-use-social-auth-process-exceptions-setting
Question 2: This is more workflow / user experience /security related:
What would you offer to the user in such a case?
a) Tell them which account already uses that social service, and
offer to switch to that account?
b) Tell them which account already uses that social service, and
offer them to merge the two accounts? (with the active one being the
master of the merger)
c) Tell them that there is an account using the service, but not
disclosing more information about it?
Thanks for any thoughts and ideas,
Peter
I'm finally playing with dsa authentication allowing a user to
authenticate with several social services. Of course, when I try to
associate a django account to a service which is already in use by
another django account, AuthException is thrown:
AuthException at /complete/dropbox/
This dropbox account is already in use.
Request Method: GET
Request URL: http://mydomain.tld/complete/dropbox/?uid=84703928&oauth_token=1uqdesv8hkd8bx5
Django Version: 1.4
Exception Type: AuthException
Exception Value: This dropbox account is already in use.
Exception Location: build/bdist.linux-armv5tel/egg/social_auth/backends/pipeline/social.py
in social_auth_user, line 27
Python Executable: /usr/bin/python
Python Version: 2.6.2
Question 1: Where do I catch this exception? -- The traceback shows a
route which does not reach my django code; execution terminates at
social_auth/backends/pipeline/social.py
Googling for this you find a hint saying to modify the authentication
pipeline and create your own version of a related function [1]. Is
this the way to go?
[1] http://stackoverflow.com/questions/10294657/how-to-use-social-auth-process-exceptions-setting
Question 2: This is more workflow / user experience /security related:
What would you offer to the user in such a case?
a) Tell them which account already uses that social service, and
offer to switch to that account?
b) Tell them which account already uses that social service, and
offer them to merge the two accounts? (with the active one being the
master of the merger)
c) Tell them that there is an account using the service, but not
disclosing more information about it?
Thanks for any thoughts and ideas,
Peter
Matías Aguirre
Aug 18, 2012, 9:04:12 PM8/18/12
to django-social-auth
Excerpts from Peter Bittner's message of 2012-08-18 20:07:22 -0300:
basically you add a middleware that inherits from
social_auth.middleware.SocialAuthExceptionMiddleware and override the method
get_redirect_uri() where you can define the destination page for that case. The
method receives the exception raised so you can redirect to different places
based on the exception type if needed.
> Googling for this you find a hint saying to modify the authentication
> pipeline and create your own version of a related function [1]. Is
> this the way to go?
> [1] http://stackoverflow.com/questions/10294657/how-to-use-social-auth-process-exceptions-setting
That post is a bit old already, the middleware is the preferred method now.
> Question 2: This is more workflow / user experience /security related:
> What would you offer to the user in such a case?
> a) Tell them which account already uses that social service, and
> offer to switch to that account?
> b) Tell them which account already uses that social service, and
> offer them to merge the two accounts? (with the active one being the
> master of the merger)
> c) Tell them that there is an account using the service, but not
> disclosing more information about it?
It's not easy to merge accounts usually because there is to many data tied to
a user, usually. Also, disclosing other users information is not a good
practice IMO. So, I'll go with option C and offer a some contact details to try
to fix the user case.
Hope this helps.
[1]: http://django-social-auth.readthedocs.org/en/latest/configuration.html
Regards,
Matías
--
Matías Aguirre (matias...@gmail.com)
> Hi,
>
> I'm finally playing with dsa authentication allowing a user to
> authenticate with several social services. Of course, when I try to
> associate a django account to a service which is already in use by
> another django account, AuthException is thrown:
>
> AuthException at /complete/dropbox/
> This dropbox account is already in use.
> Request Method: GET
> Request URL: http://mydomain.tld/complete/dropbox/?uid=84703928&oauth_token=1uqdesv8hkd8bx5
> Django Version: 1.4
> Exception Type: AuthException
> Exception Value: This dropbox account is already in use.
> Exception Location: build/bdist.linux-armv5tel/egg/social_auth/backends/pipeline/social.py
> in social_auth_user, line 27
> Python Executable: /usr/bin/python
> Python Version: 2.6.2
>
> Question 1: Where do I catch this exception? -- The traceback shows a
> route which does not reach my django code; execution terminates at
> social_auth/backends/pipeline/social.py
The preferred place is the middleware, check [1] for some details, but
>
> I'm finally playing with dsa authentication allowing a user to
> authenticate with several social services. Of course, when I try to
> associate a django account to a service which is already in use by
> another django account, AuthException is thrown:
>
> AuthException at /complete/dropbox/
> This dropbox account is already in use.
> Request Method: GET
> Request URL: http://mydomain.tld/complete/dropbox/?uid=84703928&oauth_token=1uqdesv8hkd8bx5
> Django Version: 1.4
> Exception Type: AuthException
> Exception Value: This dropbox account is already in use.
> Exception Location: build/bdist.linux-armv5tel/egg/social_auth/backends/pipeline/social.py
> in social_auth_user, line 27
> Python Executable: /usr/bin/python
> Python Version: 2.6.2
>
> Question 1: Where do I catch this exception? -- The traceback shows a
> route which does not reach my django code; execution terminates at
> social_auth/backends/pipeline/social.py
basically you add a middleware that inherits from
social_auth.middleware.SocialAuthExceptionMiddleware and override the method
get_redirect_uri() where you can define the destination page for that case. The
method receives the exception raised so you can redirect to different places
based on the exception type if needed.
> Googling for this you find a hint saying to modify the authentication
> pipeline and create your own version of a related function [1]. Is
> this the way to go?
> [1] http://stackoverflow.com/questions/10294657/how-to-use-social-auth-process-exceptions-setting
> Question 2: This is more workflow / user experience /security related:
> What would you offer to the user in such a case?
> a) Tell them which account already uses that social service, and
> offer to switch to that account?
> b) Tell them which account already uses that social service, and
> offer them to merge the two accounts? (with the active one being the
> master of the merger)
> c) Tell them that there is an account using the service, but not
> disclosing more information about it?
a user, usually. Also, disclosing other users information is not a good
practice IMO. So, I'll go with option C and offer a some contact details to try
to fix the user case.
Hope this helps.
[1]: http://django-social-auth.readthedocs.org/en/latest/configuration.html
Regards,
Matías
--
Matías Aguirre (matias...@gmail.com)
Peter Bittner
Aug 22, 2012, 6:20:26 PM8/22/12
to django-so...@googlegroups.com
Thanks Matías,
I saw that this very solution is already implemented in the example
application of the project! [1]
As a newbee I also had to consult the Django documentation on
middleware [2], now I know more.
Thanks again,
Peter
[1] https://github.com/omab/django-social-auth/blob/master/example/middleware.py
[2] https://docs.djangoproject.com/en/dev/topics/http/middleware/
2012/8/19 Matías Aguirre <matias...@gmail.com>:
I saw that this very solution is already implemented in the example
application of the project! [1]
As a newbee I also had to consult the Django documentation on
middleware [2], now I know more.
Thanks again,
Peter
[1] https://github.com/omab/django-social-auth/blob/master/example/middleware.py
[2] https://docs.djangoproject.com/en/dev/topics/http/middleware/
2012/8/19 Matías Aguirre <matias...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages