Skip to content

Commit

Permalink
Add more verbosity to state validation
Browse files Browse the repository at this point in the history 
Add PSA hack to state validation
  • Loading branch information
@pszpetkowski
pszpetkowski committed Nov 22, 2017
1 parent 78516a6 commit 8f27398
Showing 1 changed file with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions djoser/social/serializers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ def create(self, validated_data):
return settings.SOCIAL_AUTH_TOKEN_STRATEGY.obtain(user)

def validate_state(self, value):
strategy = load_strategy(self.context['request'])
# Dirty hack because PSA does not respect request.data
request = self.context['request']
request.GET = request.data

strategy = load_strategy(request)
redirect_uri = strategy.session_get('redirect_uri')

backend_name = self.context['view'].kwargs['provider']
Expand All @@ -30,8 +34,20 @@ def validate_state(self, value):

try:
backend.validate_state()
except exceptions.AuthException:
raise serializers.ValidationError('State could not be verified.')
except exceptions.AuthMissingParameter:
raise serializers.ValidationError(
'State could not be found in request data.'
)
except exceptions.AuthStateMissing:
raise serializers.ValidationError(
'State could not be found in server-side session data.'
)
except exceptions.AuthStateForbidden:
raise serializers.ValidationError(
'Invalid state has been provided.'
)

return value

def validate(self, attrs):
# Dirty hack because PSA does not respect request.data
Expand Down

0 comments on commit 8f27398

Please sign in to comment.