Social user creation override other user account information

[cyril36]

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

1. create a superuser with the django command :
   $ manage.py createsuperuser

   • root
   • email@gmail.com
   • password

2. use the graphQL social auth to create your user :
   mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

• root user (created with the createsuperuser command)
• user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

• My dockerfile to have my django environment ready
• settings file
• schema file
• url file

Thank you for your help

django-graphql-social-auth_bug.zip

[IgorMalyga]

Hi,
The issue i have discovered is that when i create a createsuperuser with incomplete information (firstname , lastname... missing) the social user creation just override the superuser account with his missing information.

Step to follow :

1. create a superuser with the django command :
   $ manage.py createsuperuser

   • root
   • email@gmail.com
   • password

2. use the graphQL social auth to create your user :
   mutation token_authentication { socialAuthToken(accessToken: "xxxxBiBQGGLzTUwZD", provider: "facebook") { social { id uid user { username email firstName lastName } provider extraData } token } }

Expected :
A User is created thanks to the social auth module.
So we should have 2 users in the database :

• root user (created with the createsuperuser command)
• user1 (created with the socialauthToken mutation)

Real Behavior :
The social user is not created.
The information from the social user override the missing root user information.
Root user information before user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="" |lastname=""

Root user information after user social connection :

• username = root | email = email@gmail.com | password = xxxx | firstname="user1_firstname" |lastname="user1_lastname"

The 2 accounts are merged

To reproduce it, you can find in attachment :

• My dockerfile to have my django environment ready
• settings file
• schema file
• url file

Thank you for your help

django-graphql-social-auth_bug.zip

Hi! I met the same problem. Try to delete token and other data of current user on client side before you send socialAuth mutation. It solved my problem.