🎉 Make social auth exceptions configurable

manuel-sommer · manuel-sommer · commit 8a715dd6b55b · 2025-11-03T17:29:43.000+01:00
diff --git a/dojo/middleware.py b/dojo/middleware.py
@@ -83,16 +83,16 @@ def __call__(self, request):
 class CustomSocialAuthExceptionMiddleware(SocialAuthExceptionMiddleware):
     def process_exception(self, request, exception):
         if isinstance(exception, requests.exceptions.RequestException):
-            messages.error(request, "Please use the standard login below.")
+            messages.error(request, settings.SOCIAL_AUTH_EXCEPTION_MESSAGE["SOCIAL_AUTH_EXCEPTION_MESSAGE_REQUEST_EXCEPTION"])
             return redirect("/login?force_login_form")
         if isinstance(exception, AuthCanceled):
-            messages.warning(request, "Social login was canceled. Please try again or use the standard login.")
+            messages.warning(request, settings.SOCIAL_AUTH_EXCEPTION_MESSAGE["SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_CANCELED"])
             return redirect("/login?force_login_form")
         if isinstance(exception, AuthFailed):
-            messages.error(request, "Social login failed. Please try again or use the standard login.")
+            messages.error(request, settings.SOCIAL_AUTH_EXCEPTION_MESSAGE["SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FAILED"])
             return redirect("/login?force_login_form")
         if isinstance(exception, AuthForbidden):
-            messages.error(request, "You are not authorized to log in via this method. Please contact support or use the standard login.")
+            messages.error(request, settings.SOCIAL_AUTH_EXCEPTION_MESSAGE["SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FORBIDDEN"])
             return redirect("/login?force_login_form")
         if isinstance(exception, TypeError) and "'NoneType' object is not iterable" in str(exception):
             logger.warning("OIDC login error: NoneType is not iterable")
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -174,6 +174,10 @@
     DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, ""),
     DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, ""),
     DD_SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL=(bool, True),
+    DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_REQUEST_EXCEPTION=(str, "Please use the standard login below."),
+    DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_CANCELED=(str, "Social login was canceled. Please try again or use the standard login."),
+    DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FAILED=(str, "Social login failed. Please try again or use the standard login."),
+    DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FORBIDDEN=(str, "You are not authorized to log in via this method. Please contact support or use the standard login."),
     DD_SAML2_ENABLED=(bool, False),
     # Allows to override default SAML authentication backend. Check https://djangosaml2.readthedocs.io/contents/setup.html#custom-user-attributes-processing
     DD_SAML2_AUTHENTICATION_BACKENDS=(str, "djangosaml2.backends.Saml2Backend"),
@@ -645,6 +649,13 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
 if value := env("DD_SOCIAL_AUTH_OIDC_LOGIN_BUTTON_TEXT"):
     SOCIAL_AUTH_OIDC_LOGIN_BUTTON_TEXT = value
 
+SOCIAL_AUTH_EXCEPTION_MESSAGE = {
+    "SOCIAL_AUTH_EXCEPTION_MESSAGE_REQUEST_EXCEPTION": env("DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_REQUEST_EXCEPTION"),
+    "SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_CANCELED": env("DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_CANCELED"),
+    "SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FAILED": env("DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FAILED"),
+    "SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FORBIDDEN": env("DD_SOCIAL_AUTH_EXCEPTION_MESSAGE_AUTH_FORBIDDEN"),
+    }
+
 AUTH0_OAUTH2_ENABLED = env("DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED")
 SOCIAL_AUTH_AUTH0_KEY = env("DD_SOCIAL_AUTH_AUTH0_KEY")
 SOCIAL_AUTH_AUTH0_SECRET = env("DD_SOCIAL_AUTH_AUTH0_SECRET")
