Skip to content

🐛 Robustify create_user to handle None value #13572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mtesauro merged 5 commits into from
Nov 3, 2025
Merged

🐛 Robustify create_user to handle None value #13572

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6fb65a2
:bug: Robustify create_user to handle None value
manuel-sommer Oct 30, 2025
5fa87c7
fix
manuel-sommer Oct 30, 2025
667edbb
update
manuel-sommer Oct 30, 2025
3db4f3c
Merge branch 'bugfix' into usernameNone
manuel-sommer Oct 31, 2025
fe01743
update according to review
manuel-sommer Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions dojo/middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,11 @@ def process_exception(self, request, exception):
if isinstance(exception, AuthForbidden):
messages.error(request, "You are not authorized to log in via this method. Please contact support or use the standard login.")
return redirect("/login?force_login_form")
if isinstance(exception, TypeError) and "'NoneType' object is not iterable" in str(exception):
logger.warning("OIDC login error: NoneType is not iterable")
messages.error(request, "An unexpected error occurred during social login. Please use the standard login.")
return redirect("/login?force_login_form")
logger.error(f"Unhandled exception during social login: {exception}")
return super().process_exception(request, exception)


Expand Down
7 changes: 6 additions & 1 deletion dojo/pipeline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,5 +183,10 @@ def sanitize_username(username):
def create_user(strategy, details, backend, user=None, *args, **kwargs):
if not settings.SOCIAL_AUTH_CREATE_USER:
return None
details["username"] = sanitize_username(details.get("username"))
username = details.get("username")
if not username:
username = details.get("email")
if not username:
username = details.get("fullname")
details["username"] = sanitize_username(username)
Comment thread
manuel-sommer marked this conversation as resolved.
Outdated
return social_core.pipeline.user.create_user(strategy, details, backend, user, args, kwargs)
10 changes: 10 additions & 0 deletions unittests/test_social_auth_failure_handling.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,16 @@ def test_non_social_auth_path_redirects_on_auth_forbidden(self):
storage = list(messages.get_messages(request))
self.assertTrue(any("You are not authorized to log in via this method." in str(msg) for msg in storage))

def test_type_error_none_type_iterable_redirect(self):
"""Ensure middleware catches 'NoneType' object is not iterable TypeError and redirects."""
request = self._prepare_request("/login/oidc/")
exception = TypeError("'NoneType' object is not iterable")
response = self.middleware.process_exception(request, exception)
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, "/login?force_login_form")
storage = list(messages.get_messages(request))
self.assertTrue(any("An unexpected error occurred during social login." in str(msg) for msg in storage))


@override_settings(
AUTHENTICATION_BACKENDS=(
Expand Down