flavors/django-graphql-social-auth

Social user creation override other user account information

cyril36 opened this issue · 1 comments

cyril36 commented

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

  1. create a superuser with the django command :
    $ manage.py createsuperuser

  2. use the graphQL social auth to create your user :
    mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

  • root user (created with the createsuperuser command)
  • user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

  • My dockerfile to have my django environment ready
  • settings file
  • schema file
  • url file

Thank you for your help

django-graphql-social-auth_bug.zip

IgorMalyga commented

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

  1. create a superuser with the django command :
    $ manage.py createsuperuser

  2. use the graphQL social auth to create your user :
    mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

  • root user (created with the createsuperuser command)
  • user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

  • username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

  • My dockerfile to have my django environment ready
  • settings file
  • schema file
  • url file

Thank you for your help

django-graphql-social-auth_bug.zip

Hi! I met the same problem. Try to delete token and other data of current user on client side before you send socialAuth mutation. It solved my problem.