出于某种原因 google oauth2 可以使用不同的 gmail 电子邮件注册到同一用户
For some reason google oauth2 can signup into same user with different gmail emails
有时,当用户使用他的 gmail 帐户注册到我的服务,然后他使用他的 G Suite 帐户注册时,两封电子邮件都会在 UserSocialAuth 模型中创建记录,但对同一个 django 用户。有人可以帮助我理解为什么会发生这种情况以及如何避免这种情况吗?我需要两个 gmail 帐户都有单独的 django 帐户。
我正在使用 social-auth-app-django https://github.com/python-social-auth/social-app-django
我的管道
SOCIAL_AUTH_PIPELINE = [
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
# request consent if no refresh_token
'contrib.pipelines.redirect_if_no_refresh_token',
'social_core.pipeline.user.get_username',
# http://python-social-auth.readthedocs.io/en/latest/use_cases.html#associate-users-by-email
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'contrib.pipelines.get_avatar',
# create default data for user
'contrib.pipelines.dummy_data.create',
]
这是它在我的数据库中的样子
In [7]: for uu in UserSocialAuth.objects.filter(user__email='me@mydomain.com').values():
...: print(uu)
...:
{'user_id': 133, 'uid': 'me@mydomain.com', 'provider': 'google-oauth2', 'id': 125, 'extra_data': {'auth_time': 1523347209, 'access_token': '...', 'expires': 3600, 'token_type': 'Bearer', 'refresh_token': '...'}}
{'user_id': 133, 'uid': 'me@gmail.com', 'provider': 'google-oauth2', 'id': 401, 'extra_data': {'auth_time': 1522379769, 'access_token': '...', 'expires': 3598, 'token_type': 'Bearer'}}
问题似乎与管道中的 associate_by_email 配置有关。
删除该配置将为所有新的社交登录创建一个新用户。
根据文档:
if a user signed up with his Facebook account, then logged out and
next time tries to use Google OAuth2 to login, it could be nice (if
both social sites have the same email address configured) that the
user gets into his initial account created by Facebook backend.
在此处阅读更多内容:http://python-social-auth.readthedocs.io/en/latest/use_cases.html#associate-users-by-email
得到@omab 本人的答复
https://github.com/python-social-auth/social-core/issues/232
if the user doesn't logout from your app, and then proceeds to login with the second GSuit account, then the new social account is associated to the currently logged in user. If you want to enforce separated accounts, then you need to force that no user is currently logged in in your site.
有时,当用户使用他的 gmail 帐户注册到我的服务,然后他使用他的 G Suite 帐户注册时,两封电子邮件都会在 UserSocialAuth 模型中创建记录,但对同一个 django 用户。有人可以帮助我理解为什么会发生这种情况以及如何避免这种情况吗?我需要两个 gmail 帐户都有单独的 django 帐户。
我正在使用 social-auth-app-django https://github.com/python-social-auth/social-app-django
我的管道
SOCIAL_AUTH_PIPELINE = [
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
# request consent if no refresh_token
'contrib.pipelines.redirect_if_no_refresh_token',
'social_core.pipeline.user.get_username',
# http://python-social-auth.readthedocs.io/en/latest/use_cases.html#associate-users-by-email
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'contrib.pipelines.get_avatar',
# create default data for user
'contrib.pipelines.dummy_data.create',
]
这是它在我的数据库中的样子
In [7]: for uu in UserSocialAuth.objects.filter(user__email='me@mydomain.com').values():
...: print(uu)
...:
{'user_id': 133, 'uid': 'me@mydomain.com', 'provider': 'google-oauth2', 'id': 125, 'extra_data': {'auth_time': 1523347209, 'access_token': '...', 'expires': 3600, 'token_type': 'Bearer', 'refresh_token': '...'}}
{'user_id': 133, 'uid': 'me@gmail.com', 'provider': 'google-oauth2', 'id': 401, 'extra_data': {'auth_time': 1522379769, 'access_token': '...', 'expires': 3598, 'token_type': 'Bearer'}}
问题似乎与管道中的 associate_by_email 配置有关。
删除该配置将为所有新的社交登录创建一个新用户。
根据文档:
if a user signed up with his Facebook account, then logged out and next time tries to use Google OAuth2 to login, it could be nice (if both social sites have the same email address configured) that the user gets into his initial account created by Facebook backend.
在此处阅读更多内容:http://python-social-auth.readthedocs.io/en/latest/use_cases.html#associate-users-by-email
得到@omab 本人的答复 https://github.com/python-social-auth/social-core/issues/232
if the user doesn't logout from your app, and then proceeds to login with the second GSuit account, then the new social account is associated to the currently logged in user. If you want to enforce separated accounts, then you need to force that no user is currently logged in in your site.