You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use Auth0 as my provider. Everything works well except when someone tries to login with same email address created in Auth0. In Auth0, you can use social login (say with Microsoft account) with an email [email protected]. At the same time, we can manually create a user with this very same email by click "create user" option in Auth0. No issues in Auth0, all it sees is two users.
How above issue with Auth0 affects me
I already have an account which was created when i had used "Login with Microsoft" option. Now, when i use the email-password account that i've created with "create user" in Auth0, my API should say, "A user with this email already exist", which it does, but not returning the error.
Error that i get when tries to login with an account with same email
IP:127.0.0.1 for /oauth/auth0/
>>> self.serializer: SocialLoginSerializer(context={'request': <rest_framework.request.Request: POST '/oauth/auth0/'>, 'format': None, 'view': <eboost.oauth_providersettings.Auth0Login object>}, data=<QueryDict: {'code': ['8KMR7PcOGZFJAxfcs4u9asEH5Cp5FxrPlUmfHTOrMQcor']}>):
access_token = CharField(allow_blank=True, required=False)
code = CharField(allow_blank=True, required=False)
id_token = CharField(allow_blank=True, required=False)
Traceback (most recent call last):
File ".venv/lib/python3.12/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".venv/lib/python3.12/site-packages/dj_rest_auth/views.py", line 129, in post
self.serializer.is_valid(raise_exception=True)
File ".venv/lib/python3.12/site-packages/rest_framework/serializers.py", line 235, in is_valid
raise ValidationError(self.errors)
rest_framework.exceptions.ValidationError: {'non_field_errors': [ErrorDetail(string='User is already registered with this e-mail address.', code='invalid')], 'status_code': 400}
[26/Sep/2024 07:48:23] "POST /oauth/auth0/ HTTP/1.1" 200 773
Okay, it found that there's a user already existing with this email address which i just tried to login with, so account is not created which is totally expected.
Let's also look into SocialLoginSerializer, we'll see where above exception is raised:
if not login.is_existing:
# We have an account already signed up in a different flow
# with the same email address: raise an exception.
# This needs to be handled in the frontend. We can not just
# link up the accounts due to security constraints
if allauth_account_settings.UNIQUE_EMAIL:
# Do we have an account already with this email address?
account_exists = get_user_model().objects.filter(
email=login.user.email,
).exists()
if account_exists:
raise serializers.ValidationError(
_('User is already registered with this e-mail address.'),
)
login.lookup()
try:
login.save(request, connect=True)
except IntegrityError as ex:
raise serializers.ValidationError(
_('User is already registered with this e-mail address.'),
) from ex
Here, it says the unique email must be handled in the front-end. But, how does the frontend know if it's not returning this "'User is already registered with this e-mail address" error with some bad response code? That's my whole question is.
What's the actual issue / What do i expect
The question that I have is simply, why does SocialLoginView returns 200 when there's an exception in the SocialLoginSerializer class raising validation error. If it returns the error with a bad response code, all is good.
Some context of the issue
I use Auth0 as my provider. Everything works well except when someone tries to login with same email address created in Auth0. In Auth0, you can use social login (say with Microsoft account) with an email
[email protected]. At the same time, we can manually create a user with this very same email by click "create user" option in Auth0. No issues in Auth0, all it sees is two users.How above issue with Auth0 affects me
I already have an account which was created when i had used "Login with Microsoft" option. Now, when i use the email-password account that i've created with "create user" in Auth0, my API should say, "A user with this email already exist", which it does, but not returning the error.
More about my API
I use a custom user model
Below is my view for the endpoint
/oauth/auth0/Error that i get when tries to login with an account with same email
Okay, it found that there's a user already existing with this email address which i just tried to login with, so account is not created which is totally expected.
Let's also look into
SocialLoginSerializer, we'll see where above exception is raised:Here, it says the unique email must be handled in the front-end. But, how does the frontend know if it's not returning this "'User is already registered with this e-mail address" error with some bad response code? That's my whole question is.
What's the actual issue / What do i expect
The question that I have is simply, why does
SocialLoginViewreturns 200 when there's an exception in theSocialLoginSerializerclass raising validation error. If it returns the error with a bad response code, all is good.Quick question, does this ans say about anything i can do here: https://stackoverflow.com/a/63211074
Please feel free to tell me if i need to expand this issue in more verbose or if i need to add more info
Thanks for reading!
The text was updated successfully, but these errors were encountered: