Handle social auth exception in auth_complete.

In case of an exception, we log it and return None which results in a redirect to the login page.
2025-11-11 01:16:19 +00:00 · 2017-03-07 12:32:40 +05:00
parent fa9b8d8114
commit 1f60baba6b
2 changed files with 18 additions and 2 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -37,7 +37,7 @@ from zproject.backends import ZulipDummyBackend, EmailAuthBackend, \
 from zerver.views.auth import maybe_send_to_registration
 from version import ZULIP_VERSION

-from social_core.exceptions import AuthFailed
+from social_core.exceptions import AuthFailed, AuthStateForbidden
 from social_django.strategy import DjangoStrategy
 from social_django.storage import BaseDjangoStorage
 from social_core.backends.github import GithubOrganizationOAuth2, GithubTeamOAuth2, \
@@ -521,6 +521,19 @@ class GitHubAuthBackendTest(ZulipTestCase):

        utils.BACKENDS = settings.AUTHENTICATION_BACKENDS

+    def test_github_complete_when_base_exc_is_raised(self):
+        # type: () -> None
+        from social_django import utils
+        utils.BACKENDS = ('zproject.backends.GitHubAuthBackend',)
+        with mock.patch('social_core.backends.oauth.BaseOAuth2.auth_complete',
+                        side_effect=AuthStateForbidden('State forbidden')), \
+                mock.patch('zproject.backends.logging.exception'):
+            result = self.client_get(reverse('social:complete', args=['github']))
+            self.assertEqual(result.status_code, 302)
+            self.assertIn('login', result.url)
+
+        utils.BACKENDS = settings.AUTHENTICATION_BACKENDS
+
 class ResponseMock(object):
    def __init__(self, status_code, data):
        # type: (int, Any) -> None
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -19,7 +19,7 @@ from apiclient.sample_tools import client as googleapiclient
 from oauth2client.crypt import AppIdentityError
 from social_core.backends.github import GithubOAuth2, GithubOrganizationOAuth2, \
    GithubTeamOAuth2
-from social_core.exceptions import AuthFailed
+from social_core.exceptions import AuthFailed, SocialAuthBaseException
 from django.contrib.auth import authenticate
 from zerver.lib.users import check_full_name
 from zerver.lib.request import JsonableError
@@ -185,6 +185,9 @@ class SocialAuthMixin(ZulipAuthMixin):
            return super(SocialAuthMixin, self).auth_complete(*args, **kwargs)  # type: ignore
        except AuthFailed:
            return None
+        except SocialAuthBaseException as e:
+            logging.exception(e)
+            return None

 class ZulipDummyBackend(ZulipAuthMixin):
    """