[英]social-auth-app-django: how to disconnect a user without password
On my site ( www.raptors.ru ) I'm using social-auth-app-django to authorize users from Facebook.在我的网站 ( www.raptors.ru ) 上,我使用 social-auth-app-django 来授权来自 Facebook 的用户。 To make their logging in easier I made following setting:
为了让他们更容易登录,我做了以下设置:
ACCOUNT_PASSWORD_INPUT_RENDER_VALUE = True
so that users do not need to enter their password.使用户无需输入密码。 When the FB user logs in the first time, a record is created in the table
users
.当 FB 用户第一次登录时,会在表
users
中创建一条记录。 What is important, this user has no password on my site.重要的是,这个用户在我的网站上没有密码。 However, this user is fully functional: he is able to publish posts, make comments, etc. The problems begin if the user wants to disconnect from his social account.
但是,该用户功能齐全:他能够发布帖子、发表评论等。如果用户想要断开与他的社交帐户的连接,问题就开始了。 First, if one tries to disconnect his account via the LoginCancelledView (direct link is https://raptors.ru/accounts/social/login/cancelled/ , he gets a message that he successfully disconnected, but it's not truth since his username is still on the page header (see the the screenshot).
首先,如果有人试图通过 LoginCancelledView 断开他的帐户(直接链接是https://raptors.ru/accounts/social/login/cancelled/ ,他会收到一条消息说他已成功断开连接,但这不是事实,因为他的用户名是仍然在页面 header 上(见截图)。
Second way to disconnect is from the connections page ( https://raptors.ru/accounts/social/connections/ ).断开连接的第二种方法是从连接页面( https://raptors.ru/accounts/social/connections/ )。
However, if the user clicks the Remove button, Django doesn't do it and report following error: Your account has no password set up.但是,如果用户单击删除按钮,Django 不会这样做并报告以下错误:您的帐户没有设置密码。
Please tell me, which is the correct and working way to disconnect (or completely remove) the Facebook user from my site?请告诉我,从我的站点断开(或完全删除)Facebook 用户的正确且有效的方法是什么? FB insists that I should provide this option.
FB 坚持我应该提供这个选项。
Allauth provides a view for setting an existing user's password, which can be used to add a password to a user that previously only had a social login. Allauth 提供了一个设置现有用户密码的视图,可用于为以前只有社交登录的用户添加密码。 From the documentation :
从文档中:
Authenticated users can manage their password account using the
allauth.account.views.PasswordSetView
andallauth.account.views.PasswordChangeView
views, over at /accounts/password/set/ respectively /accounts/password/change/ (URL namesaccount_set_password
andaccount_change_password
respectively).经过身份验证的用户可以使用
allauth.account.views.PasswordSetView
和allauth.account.views.PasswordChangeView
视图管理他们的密码帐户,分别位于 /accounts/password/set/ /accounts/password/change/(URL 名称分别为account_set_password
和account_change_password
)。Users are redirected between these views, according to whether or not they have setup a password (
user.has_usable_password()
).根据用户是否设置密码(
user.has_usable_password()
),在这些视图之间重定向用户。 Typically, when users signup via a social provider they will not have a password set.通常,当用户通过社交提供商注册时,他们不会设置密码。
So what you can do is first have the user set a password (by going to /accounts/password/set/), then disconnect the social account.因此,您可以首先让用户设置密码(通过转到 /accounts/password/set/),然后断开社交帐户。
There is a logout (django.contrib.auth) method which can be used for this, for eg in my views.py:有一个注销(django.contrib.auth)方法可用于此,例如在我的views.py中:
from django.contrib.auth import logout
from django.shortcuts import redirect
...
def logout_request(request)
logout(request)
return redirect('/')
and in my urls.py, to trigger this method:在我的 urls.py 中,触发这个方法:
urlpatterns =[
...,
path('logout', views.logout_request, name="logout),
]
and this works for me这对我有用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.