[Solved]-Bypass signup form using allauth

8👍

If you redirect the user to

{% provider_login_url 'google' %}

and allauth shows the user an intermediate page with

You are about to sign in using a third party account from Google.

when there is no other user associated with the same email address, then you need to add this configuration to bypass the intermediate page:

SOCIALACCOUNT_LOGIN_ON_GET=True

This was added in version 0.47.0, because of a potential vulnerability described in the change notes:

Automatically signing in users into their account and connecting additional third party accounts via a simple redirect ("/accounts/facebook/login/") can lead to unexpected results and become a security issue especially when the redirect is triggered from a malicious web site. For example, if an attacker prepares a malicious website that (ab)uses the Facebook password recovery mechanism to first sign into his/her own Facebook account, followed by a redirect to connect a new social account, you may end up with the attacker’s Facebook account added to the account of the victim. To mitigate this, SOCIALACCOUNT_LOGIN_ON_GET is introduced.

I realise this is answering a slightly different question, because in this case the user isn’t confirming an email, but it’s related, because the user still doesn’t directly sign up/log in.

8👍

Simple solution is to add

SOCIALACCOUNT_LOGIN_ON_GET=True

to your settings.py and it should skip/bypass the sign up form.

3👍

This is an old question with many views, but I faced the same issue today and thought I would share my solution.

The key to resolving this is to follow the django-allauth ‘Advanced Usage’ docs, with the example presented by the custom redirects:
https://django-allauth.readthedocs.io/en/latest/advanced.html#custom-redirects

Except in this instance, what you need to configure is the SOCIALACCOUNT_ADAPTER in settings.py with a subclassed DefaultSocialAccountAdapter, overriding the ‘pre_social_login’ method as such:

from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
from django.conf import settings
from django.contrib.auth import get_user_model

User = get_user_model()


class CustomSocialAccountAdapter(DefaultSocialAccountAdapter):
    """
    Override the DefaultSocialAccountAdapter from allauth in order to associate
    the social account with a matching User automatically, skipping the email
    confirm form and existing email error
    """
    def pre_social_login(self, request, sociallogin):
        user = User.objects.filter(email=sociallogin.user.email).first()
        if user and not sociallogin.is_existing:
            sociallogin.connect(request, user)

‘pre_social_login’ is not super well documented, but in the source is a docstring which will help:
https://github.com/pennersr/django-allauth/blob/master/allauth/socialaccount/adapter.py

-2👍

You need to explicitly define the ’email’ scope for google in your SOCIALACCOUNT_PROVIDERS settings

'google': { 'SCOPE': ['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email'],
            'AUTH_PARAMS': { 'access_type': 'online' },
}
👤james

Leave a comment