1

On my site (www.raptors.ru) I'm using social-auth-app-django to authorize users from Facebook. To make their logging in easier I made following setting:

ACCOUNT_PASSWORD_INPUT_RENDER_VALUE = True

so that users do not need to enter their password. When the FB user logs in the first time, a record is created in the table users. What is important, this user has no password on my site. However, this user is fully functional: he is able to publish posts, make comments, etc. The problems begin if the user wants to disconnect from his social account. First, if one tries to disconnect his account via the LoginCancelledView (direct link is https://raptors.ru/accounts/social/login/cancelled/, he gets a message that he successfully disconnected, but it's not truth since his username is still on the page header (see the the screenshot).

Wrong success message (the user is still connected and logged in

Second way to disconnect is from the connections page (https://raptors.ru/accounts/social/connections/).

Connections page

However, if the user clicks the Remove button, Django doesn't do it and report following error: Your account has no password set up.

The error report

Please tell me, which is the correct and working way to disconnect (or completely remove) the Facebook user from my site? FB insists that I should provide this option.

Michael Romanov
  • 91
  • 7

2 Answers2

0

Allauth provides a view for setting an existing user's password, which can be used to add a password to a user that previously only had a social login. From the documentation:

Authenticated users can manage their password account using the allauth.account.views.PasswordSetView and allauth.account.views.PasswordChangeView views, over at /accounts/password/set/ respectively /accounts/password/change/ (URL names account_set_password and account_change_password respectively).

Users are redirected between these views, according to whether or not they have setup a password (user.has_usable_password()). Typically, when users signup via a social provider they will not have a password set.

So what you can do is first have the user set a password (by going to /accounts/password/set/), then disconnect the social account.

Cory
  • 22,772
  • 19
  • 94
  • 91
0

There is a logout (django.contrib.auth) method which can be used for this, for e.g. in my views.py:

from django.contrib.auth import logout
from django.shortcuts import redirect
...
def logout_request(request)
    logout(request)
    return redirect('/')

and in my urls.py, to trigger this method:

urlpatterns =[
    ...,
    path('logout', views.logout_request, name="logout),

]

and this works for me

tosa
  • 37
  • 2