2

I have a Django application which uses python-social-auth for authentication.

I have this in my django settings:

SOCIAL_AUTH_PIPELINE = (
    ...
    'my.app.my.custom.pipeline',
)

How do I stop the whole user creation process in my custom pipeline?

I have tried throwing various exceptions including ValueError and AuthException but the created users remain in the database. Doesn't throwing an exception reverse the database transaction?

Babken Vardanyan
  • 14,090
  • 13
  • 68
  • 87
  • your custom pipeline comes before or after the create_user function? If the user has been already created you'll need to remove it manually, throwing an exception will cause the pipeline to stop, but already saved data still remains. – abidibo Oct 17 '17 at 15:17
  • @abidibo My custom pipeline comes at the very end. Deleting the user manually could work, but the pipeline creates some other data in the database as well. I am looking for a cleaner solution that is implementation independent, for example reversing the whole transaction would the trick, but how do I do that? – Babken Vardanyan Oct 18 '17 at 10:06
  • maybe you can wrap the login view in a transaction (https://docs.djangoproject.com/en/1.11/topics/db/transactions/), but I've never done it before – abidibo Oct 18 '17 at 13:57

1 Answers1

1

Define a view in one of your Django app and don't forget to register a path for it:

def access_denied(request):
    return HttpResponse("<h1>Access denied</h1>")

And then, the function registered in your custom pipeline just needs to return the view :

if not allowed_email(fields["email"]):
    return redirect(access_denied)
Vincent Lambert
  • 11
  • 1