Submitting Pull Requests

This pull request adding Apple provider to allauth package PR has a breaking change now — update to store Apple config in the SocialApp model

General

• [x] Make sure you use semantic commit messages.
• [x] All Python code must be 100% pep8 and isort clean.
• [x] JavaScript code should adhere to StandardJS.
• [x] If your changes are significant, please update ChangeLog.rst.
• [x] Feel free to add yourself to AUTHORS.

Provider Specifics

In case you add a new provider:

• [x] Make sure unit tests are available.
• [x] Add an entry of your provider in test_settings.py::INSTALLED_APPS and docs/installation.rst::INSTALLED_APPS.
• [x] Add documentation to docs/providers.rst.
• [x] Add an entry to the list of supported providers over at docs/overview.rst.

Hi, i've been using django-allauth for a rest api, it works very good but i found that this use case has a problem: the email being sent contains an url to the api itself instead of the front end. This was solvable via subclassing, of course, but i thought it would be nice to have it supported inside the module.

A user whose account has been deactivated can use the reset password form to log in. They have to update their password every time, but they can get in that way.

Presumably filter_users_by_email() should exclude inactive users. Or it might need to be an additional filter in ResetPasswordForm.clean_email() depending on how widespread filter_users_by_email() is used. I'm on an older version, but the current version doesn't fix it.

Alrighty, now that 8dc2f2d5cc3ce0e5e1b999129ceaa57ed4e75390 has landed I can go ahead with this :)

The first commit starts addressing #1442. It doesn't outright remove the adapter but it makes it way less nasty. The current adapter always causes the "user", "user1"... mechanism because the battletag is never saved. Additionally, the current adapter always forces at least two sql writes (first the user, then re-saves the user's battletag).

So we first allow overriding the username_regex attribute. Rather than make it a setting, we allow specifying it in the adapter, which I believe to be a reasonable solution. With that done, we can change the Battle.net adapter to use that and get the battletag as the username data.

The next commits address the china issue:

• valid_region is simply a list of the valid region inputs for battlenet_region
• Appending -cn to the UIDs matching cn region is required because the UIDs can clash between US and China; if we don't do that, an account in china can take over an account in the US if running both on the same server.
• Finally, the last commit allows overriding the region in /account/battlenet/login/ by specifying, for example, ?region=cn. I'm not sure if there is existing functionality for this but I think it's acceptable.

After making this question in StackOverflow, I've just discovered this comment in the source code helpers.py file:

            if account_settings.UNIQUE_EMAIL:
                if email_address_exists(email):
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap.  We cannot check
                    # on 'email_address.verified' either, because
                    # 'email_address' is not guaranteed to be verified.

I want to argue that this would be a nice feature, and I'd like to offer myself to implement it if there is a reasonable chance that my patch will be accepted in the main trunk.

First, I agree that it is a security risk and that it should be turned off by default. There should be an configuration option to turn on the automatic connection.

Not all social providers are equal. Some of them, like Facebook, verify the user email and account. Facebook even sends a "verified_email": true that is saved in the extra_data column of socialaccount_socialaccount table. If the email if from Gmail, Google provider is who created the account! It can't be more verified than this.

Automatically connecting, would be a great usability enhancement. Just one click authenticating. Less friction to use my site.

Automatically connecting the accounts is a reasonable security/usability tradeoff for some selected providers.

Ultimately, I believe the security tradeoffs should be made by the site owner. The user of the library decides which risks are acceptable to run, and if a improved user experience is more important than a remote probability security exploit.

Just using myself as an example. I plan to offer just Facebook and Google as login options. My site is a hobby site, there is nothing worth to hack their user accounts. I want just an easy way to manage the identity of my users. As I said before, both FB and Google check the users email. I really think that if someone wants to hack my users accounts, it would be easier to directly hack my site than to hack FB and to use to it hack my site. The better user experience would be a greater benefit.

Please give me a "go forward" signal before I start implementing it.

All new applications created on the LinkedIn Developer Platform as of January 14, 2019 can use LinkedIn's v2 APIs. Starting March 1, 2019, LinkedIn will deprecate use of its v1 APIs.

Will django-allauth be updated to handle this deprecation?

Hello!

I have Django==1.6.1 and django-allauth==0.15.0. I use custom user model

class User(AbstractBaseUser, PermissionsMixin):
    name = models.CharField('Name', max_length=255)
    email = models.EmailField(verbose_name="E-Mail", max_length=255, unique=True, db_index=True)
    photo = StdImageField(verbose_name="Photo", upload_to="photos", blank=True, size=(290, 290), thumbnail_size=(90, 90, True))
...
    USERNAME_FIELD = "email"
    REQUIRED_FIELDS = ["name", ]

After sign in with Twitter I got

TypeError at /accounts/twitter/login/callback/
<ImageFieldFile: None> is not JSON serializable

Traceback

Traceback:
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  114.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/providers/oauth/views.py" in view
  35.             return self.dispatch(request, *args, **kwargs)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/providers/oauth/views.py" in dispatch
  91.             return complete_social_login(request, login)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/helpers.py" in complete_social_login
  119.         return _complete_social_login(request, sociallogin)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/helpers.py" in _complete_social_login
  130.         ret = _process_signup(request, sociallogin)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/helpers.py" in _process_signup
  28.         request.session['socialaccount_sociallogin'] = sociallogin.serialize()
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/socialaccount/models.py" in serialize
  166.                    user=serialize_instance(self.account.user),
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/allauth/utils.py" in serialize_instance
  151.     return json.loads(json.dumps(ret, cls=DjangoJSONEncoder))
File "/opt/python2.7/lib/python2.7/json/__init__.py" in dumps
  250.         sort_keys=sort_keys, **kw).encode(obj)
File "/opt/python2.7/lib/python2.7/json/encoder.py" in encode
  207.         chunks = self.iterencode(o, _one_shot=True)
File "/opt/python2.7/lib/python2.7/json/encoder.py" in iterencode
  270.         return _iterencode(o, 0)
File "/home/www/.virtualenvs/site/lib/python2.7/site-packages/django/core/serializers/json.py" in default
  104.             return super(DjangoJSONEncoder, self).default(o)
File "/opt/python2.7/lib/python2.7/json/encoder.py" in default
  184.         raise TypeError(repr(o) + " is not JSON serializable")

Exception Type: TypeError at /accounts/twitter/login/callback/
Exception Value: <ImageFieldFile: None> is not JSON serializable

Advice with SESSION_SERIALIZER dont help me. Result is the same.

Submitting Pull Requests

General

• [x] Make sure you use semantic commit messages. Examples: "fix(google): Fixed foobar bug", "feat(accounts): Added foobar feature".
• [x] All Python code must formatted using Black, and clean from pep8 and isort issues.
• [x] JavaScript code should adhere to StandardJS.
• [x] If your changes are significant, please update ChangeLog.rst.
• [x] If your change is substantial, feel free to add yourself to AUTHORS.

Provider Specifics

In case you add a new provider:

• [x] Make sure unit tests are available.
• [x] Add an entry of your provider in test_settings.py::INSTALLED_APPS and docs/installation.rst::INSTALLED_APPS.
• [x] Add documentation to docs/providers.rst.
• [x] Add an entry to the list of supported providers over at docs/overview.rst.

I have been using django-allauth for a while now and every time i create a new instance i wonder why the data required for a social connection is hold into a model instead of the settings. This makes somewhat difficult having several instances and complicates the automated deployment of new instances. I know that some additional data is stored and related to the socialaccount object, but that is not something that cannot be done with settings. Is there any specific reason that i am missing for this design decision? PD. not complaining, just curious.

This is what I would consider for an email timeout system to help prevent someone from sending too many emails.

Currently the ResetPasswordForm will send a potentially unlimited number of emails every time someone fills out the form. This PR adds an option to limit how often someone can request the reset thereby limiting the number of emails they could potentially send.

At this time its only available for use on ResetPasswordForm, and ResendEmailVerification as I'm not overly sure of its usefulness anywhere else. There is a note in configuration docs stating if someone has overridden this form in particular they may need to apply the necessary code themselves.

There is a new model called EmailTimeout in the account app. If someone was malicious enough to use a bot they could very well avoid the session system thereby avoiding any sort of session storage for the limiting of emails. The model has been built under the premise of being able to be used in other locations based on the action field.

Resolves #2595 resolves #2167

This commit adds possibility to specify data you want to request from openid provider. The returned data will be stored in extra_data attribute of socialaccount.

I have subclass the Signup view class in the past and everything was successful, but since the last update, anytime I subclass the signup view, the url keeps redirecting to the sign-in page with the next parameter pointing to "users/signup"

To recreate this:

1. try starting a new django application and implement the all-auth package, then subclass the signup view and try calling the view from a url

So, when user logs in i would like to have an access_token with refreshin time in DB. My users logs in by Twitch. Also I've tried to mention STORE_TOKEN = True. It doesn't work

I really enjoy working on Open Source projects, and seeing my contributions being picked up by others is immensely motivating. Yet, as I am juggling 🤹 personal and professional life my time is limited and I do have to pick my battles a bit. At times, I am unable to reach that extra mile, to bring projects further, or to attend to features useful not just to me and my projects, but to the community as a whole. If you would like to help out, consider sponsoring as that definitely helps in setting the priorities straight... :heart:

https://github.com/sponsors/pennersr

After successful user login Keycloakreturns error 500 for userinfo.

provider': 'Keycloak', 'code': 'unknown', 'exception': HTTPError('500 Server Error: Internal Server Error for url: http://192.168.3.8:8080/realms/emicross/protocol/openid-connect/userinfo')}

Can anyone guide me to solve this error?

Is this a Keycloak config error? or a Django config error?

I can see bellow logs in the Keycloak:

2022-11-21 20:23:57,766 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-87) Uncaught server error: java.lang.NullPointerException at org.jboss.resteasy.plugins.server.BaseHttpRequest.getFormParameters(BaseHttpRequest.java:53) at org.jboss.resteasy.plugins.server.BaseHttpRequest.getDecodedFormParameters(BaseHttpRequest.java:74) at jdk.internal.reflect.GeneratedMethodAccessor194.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:166) at com.sun.proxy.$Proxy45.getDecodedFormParameters(Unknown Source) at org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfoPost(UserInfoEndpoint.java:146) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:564) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:830)

I am trying to use Extra Data from Social accounts but first i need to create custom user, this is my approach, fields are created but for some reason they are not set to

custom_field1 = 12
custom_field2 = "hey"

#forms.py
from allauth.socialaccount.forms import SignupForm
from django import forms 
from pprint import pprint

class MyCustomSocialSignupForm(SignupForm):
	first_name = forms.CharField(label='First Name')
	last_name = forms.CharField(label='Last Name')
	custom_field1 = forms.IntegerField(label='Custom field 1') 
	custom_field2 = forms.CharField(label='Custom field 2') 

	def save(self, request):
		pprint(vars(request))
		user = super(SignupForm, self).save(request)
		
		custom_field1 = 12
		custom_field2 = "hey"
		
		user.custom_field1 = custom_field1
		user.custom_field2 = custom_field2

		user.save()
		return user
#setting.py
AUTH_USER_MODEL = 'MyUser.User'
SOCIALACCOUNT_FORMS = {'signup': 'MyUser.forms.MyCustomSocialSignupForm'}
#models.py
from django.db import models
from django.contrib.auth.models import AbstractUser
from pprint import pprint

class User(AbstractUser):

    custom_field1 = models.IntegerField(default=10)
    custom_field2 = models.CharField(max_length=20)
#admin.py
from django.contrib import admin
from django.contrib.auth.admin import UserAdmin

from .models import User


class CustomUserAdmin(UserAdmin):
    fieldsets = (
        *UserAdmin.fieldsets,  # original form fieldsets, expanded
        (                      # new fieldset added on to the bottom
            'Custom Field Heading',  # group heading of your choice; set to None for a blank space instead of a header
            {
                'fields': (
                    'custom_field1',
					          'custom_field2'
                ),
            },
        ),
    )


admin.site.register(User, CustomUserAdmin)

with this code I get 2 custom fields, but custom_field1 is set to 10 (default) and custom_field2 is set to None (also default)

I am not trying to change the default value of the field, I am trying to set the field value depending on users discord account information, but I am still learning so currently I want to change the custom fields custom_field1 and custom_field2 to a static value 12 and hey respectively.

So the first thing that came to my mind is to add custom_field1 = 12 and custom_field2 = "hey" to MyCustomSocialSignupForm.save() in forms.py but apparently this is totally wrong.

So how can I set custom fields on user login with discord?