9

Does anyone know how I would go about bypassing the signup page when using a social account in django allauth?

I've got the authentication side of things working with Google but when the user accepts the request from Google, it redirects to a page which asks them to enter their email address before they can log in.

But surely it will have retrieved this information from the Google login and should be able to simply log the user in so that they can use the site?

How would I go about doing that?

Thanks.

bodger
  • 1,112
  • 6
  • 24

4 Answers4

7

If you redirect the user to

{% provider_login_url 'google' %}

and allauth shows the user an intermediate page with

You are about to sign in using a third party account from Google.

when there is no other user associated with the same email address, then you need to add this configuration to bypass the intermediate page:

SOCIALACCOUNT_LOGIN_ON_GET=True

This was added in version 0.47.0, because of a potential vulnerability described in the change notes:

Automatically signing in users into their account and connecting additional third party accounts via a simple redirect ("/accounts/facebook/login/") can lead to unexpected results and become a security issue especially when the redirect is triggered from a malicious web site. For example, if an attacker prepares a malicious website that (ab)uses the Facebook password recovery mechanism to first sign into his/her own Facebook account, followed by a redirect to connect a new social account, you may end up with the attacker's Facebook account added to the account of the victim. To mitigate this, SOCIALACCOUNT_LOGIN_ON_GET is introduced.

I realise this is answering a slightly different question, because in this case the user isn't confirming an email, but it's related, because the user still doesn't directly sign up/log in.

Rok Strniša
  • 6,781
  • 6
  • 41
  • 53
6

Simple solution is to add

SOCIALACCOUNT_LOGIN_ON_GET=True

to your settings.py and it should skip/bypass the sign up form.

Tyler2P
  • 2,324
  • 26
  • 22
  • 31
daniellambert
  • 109
  • 1
  • 8
3

This is an old question with many views, but I faced the same issue today and thought I would share my solution.

The key to resolving this is to follow the django-allauth 'Advanced Usage' docs, with the example presented by the custom redirects: https://django-allauth.readthedocs.io/en/latest/advanced.html#custom-redirects

Except in this instance, what you need to configure is the SOCIALACCOUNT_ADAPTER in settings.py with a subclassed DefaultSocialAccountAdapter, overriding the 'pre_social_login' method as such:

from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
from django.conf import settings
from django.contrib.auth import get_user_model

User = get_user_model()


class CustomSocialAccountAdapter(DefaultSocialAccountAdapter):
    """
    Override the DefaultSocialAccountAdapter from allauth in order to associate
    the social account with a matching User automatically, skipping the email
    confirm form and existing email error
    """
    def pre_social_login(self, request, sociallogin):
        user = User.objects.filter(email=sociallogin.user.email).first()
        if user and not sociallogin.is_existing:
            sociallogin.connect(request, user)

'pre_social_login' is not super well documented, but in the source is a docstring which will help: https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py

Gary Burgmann
  • 193
  • 2
  • 5
-2

You need to explicitly define the 'email' scope for google in your SOCIALACCOUNT_PROVIDERS settings

'google': { 'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email'],
            'AUTH_PARAMS': { 'access_type': 'online' },
}
james
  • 4,150
  • 2
  • 30
  • 36