backend: Handle GitHub authentication failure.

In case of AuthFailed exception return None.
2025-11-03 13:33:24 +00:00 · 2017-02-28 15:58:03 +05:00
parent f140810ad9
commit 802de53ede
2 changed files with 25 additions and 1 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -508,6 +508,18 @@ class GitHubAuthBackendTest(ZulipTestCase):
        result = self.client_get('/accounts/login/social/github')
        self.assertIn(reverse('social:begin', args=['github']), result.url)

+    def test_github_complete(self):
+        # type: () -> None
+        from social_django import utils
+        utils.BACKENDS = ('zproject.backends.GitHubAuthBackend',)
+        with mock.patch('social_core.backends.oauth.BaseOAuth2.process_error',
+                        side_effect=AuthFailed('Not found')):
+            result = self.client_get(reverse('social:complete', args=['github']))
+            self.assertEqual(result.status_code, 302)
+            self.assertIn('login', result.url)
+
+        utils.BACKENDS = settings.AUTHENTICATION_BACKENDS
+
 class ResponseMock(object):
    def __init__(self, status_code, data):
        # type: (int, Any) -> None
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -178,6 +178,14 @@ class SocialAuthMixin(ZulipAuthMixin):

        return redirect_and_log_into_subdomain(realm, full_name, email_address)

+    def auth_complete(self, *args, **kwargs):
+        # type: (*Any, **Any) -> Optional[HttpResponse]
+        try:
+            # Call the auth_complete method of BaseOAuth2 is Python Social Auth
+            return super(SocialAuthMixin, self).auth_complete(*args, **kwargs)  # type: ignore
+        except AuthFailed:
+            return None
+
 class ZulipDummyBackend(ZulipAuthMixin):
    """
    Used when we want to log you in but we don't know which backend to use.
@@ -425,7 +433,11 @@ class GitHubAuthBackend(SocialAuthMixin, GithubOAuth2):
        org_name = settings.SOCIAL_AUTH_GITHUB_ORG_NAME

        if (team_id is None and org_name is None):
-            user_profile = GithubOAuth2.do_auth(self, *args, **kwargs)
+            try:
+                user_profile = GithubOAuth2.do_auth(self, *args, **kwargs)
+            except AuthFailed:
+                logging.info("User authentication failed.")
+                user_profile = None

        elif (team_id):
            backend = GithubTeamOAuth2(self.strategy, self.redirect_uri)