Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Social user creation override other user account information #19

Open
cyril36 opened this issue Mar 26, 2020 · 1 comment
Open

Social user creation override other user account information #19

cyril36 opened this issue Mar 26, 2020 · 1 comment

Comments

@cyril36
Copy link

cyril36 commented Mar 26, 2020
edited
Loading

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

  1. create a superuser with the django command :
    $ manage.py createsuperuser

  2. use the graphQL social auth to create your user :
    mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

  • root user (created with the createsuperuser command)
  • user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

  • My dockerfile to have my django environment ready
  • settings file
  • schema file
  • url file

Thank you for your help

django-graphql-social-auth_bug.zip
@cyril36 cyril36 changed the title Social user create override other user account information Social user creation override other user account information Mar 26, 2020
@IgorMalyga
Copy link

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

  1. create a superuser with the django command :
    $ manage.py createsuperuser

  2. use the graphQL social auth to create your user :
    mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

  • root user (created with the createsuperuser command)
  • user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

  • My dockerfile to have my django environment ready
  • settings file
  • schema file
  • url file

Thank you for your help

django-graphql-social-auth_bug.zip

Hi! I met the same problem. Try to delete token and other data of current user on client side before you send socialAuth mutation. It solved my problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cyril36 @IgorMalyga