From 8f2739857f33ecd15f54c7fc88cb2b28adbd482b Mon Sep 17 00:00:00 2001 From: Piotr Szpetkowski Date: Wed, 22 Nov 2017 19:05:17 +0100 Subject: [PATCH] Add more verbosity to state validation Add PSA hack to state validation --- djoser/social/serializers.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/djoser/social/serializers.py b/djoser/social/serializers.py index 5be03d4d..923aa658 100644 --- a/djoser/social/serializers.py +++ b/djoser/social/serializers.py @@ -20,7 +20,11 @@ def create(self, validated_data): return settings.SOCIAL_AUTH_TOKEN_STRATEGY.obtain(user) def validate_state(self, value): - strategy = load_strategy(self.context['request']) + # Dirty hack because PSA does not respect request.data + request = self.context['request'] + request.GET = request.data + + strategy = load_strategy(request) redirect_uri = strategy.session_get('redirect_uri') backend_name = self.context['view'].kwargs['provider'] @@ -30,8 +34,20 @@ def validate_state(self, value): try: backend.validate_state() - except exceptions.AuthException: - raise serializers.ValidationError('State could not be verified.') + except exceptions.AuthMissingParameter: + raise serializers.ValidationError( + 'State could not be found in request data.' + ) + except exceptions.AuthStateMissing: + raise serializers.ValidationError( + 'State could not be found in server-side session data.' + ) + except exceptions.AuthStateForbidden: + raise serializers.ValidationError( + 'Invalid state has been provided.' + ) + + return value def validate(self, attrs): # Dirty hack because PSA does not respect request.data