Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

twitter.views.authorize doesn't deal with user who authenticates with two services. #9

Open
dpnova opened this issue Aug 21, 2011 · 1 comment
Open

twitter.views.authorize doesn't deal with user who authenticates with two services. #9

dpnova opened this issue Aug 21, 2011 · 1 comment

Comments

@dpnova
Copy link
Collaborator

dpnova commented Aug 21, 2011

Just opening this up as a place to discuss this issue. I believe it's something that requires a design decision. Consider this scenario:

  1. User arrives at site and signs in with Twitter (/authenticate)
  2. User disappears for some time, and returns after cookie has expired.
  3. User signs in again, this time with Facebook.
  4. User decides to take an action that requires twitter auth
  5. User signs in with twitter which triggers /authorize
  6. The uniqueness on TwitterService.unique_id is violated in the get_or_create call.

Perhaps this can solved by changing:

service, created = TwitterService.objects.get_or_create(user=request.user, defaults={
    'token': access_token['oauth_token'],
    'secret': access_token['oauth_token_secret'],
    'unique_id': helper.get_unique_id(access_token),
})

to:

service, created = TwitterService.objects.get_or_create(unique_id=helper.get_unique_id(access_token), defaults={
    'token': access_token['oauth_token'],
    'secret': access_token['oauth_token_secret'],
    'user': request.user,
})

I'm not entirely sure of the behaviour of defaults in this situation... will it update the TwitterService to point at the new user account? This will leave an old and redundant user account in the db if I understand correctly. Maybe that's not a huge issue. If this is the case we should have some kind of callback to allow the user of the library the option of merging data between the user accounts.

Thoughts?

EDIT: Not sure why GFM isn't picking up the synxtax highlighting request.
@dpnova
Copy link
Collaborator Author

dpnova commented Sep 30, 2011

Having discussed this a little more in the context of a project I have more discussion to add.

The issue outlined above will happen on any site that allows people to both authorize AND authenticate with social sign ins. My suggestion is we allow the programmer to take some particular action at the time where this error happens. Perhaps there should be some signal that allows a merge or custom logging to take place.

This is certainly an edge case, but it is not totally outside the realms if possibility.

@dpnova dpnova closed this as completed Sep 30, 2011
@dpnova dpnova reopened this Sep 30, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dpnova