I'm new to Django. And sorry advance that I'm not good at speaking English.
I spent a whole day searching for relevant information on Google. But I can't solve my problem.
First, my goal is: I try to make social-login enable in my apps using django. With my Googling, I would find a code which I can refer to. (link - above mentioned code)
(and Naver Social Login API Refference - You may need a translator. )
Following this code, I try ...
STEP I. Sending user to login page which Social company provide.
login_form.html
<a href="#" onclick="naverLogin()">
And at that time, attach csrf_token to params "state"
// user/static/user/js/social_login.js
function buildQuery(params) {
return Object.keys(params).map(function (key) {return key + '=' + encodeURIComponent(params[key])}).join('&')
}
function buildUrl(baseUrl, queries) {
return baseUrl + '?' + buildQuery(queries)
}
function naverLogin() {
params = {
response_type: 'code',
client_id:'lkfcHFxyz5UGC0gF81Ym',
redirect_uri: location.origin + '/user/login/social/naver/callback/' + location.search,
state: document.querySelector('[name=csrfmiddlewaretoken]').value
}
url = buildUrl('https://nid.naver.com/oauth2.0/authorize', params)
location.replace(url)
}
STEP II. User(Client) try to login on Social Login Page.
STEP III. Making SocialLoginCallbackView(NaverMixins, View):
class SocialLoginCallbackView(NaverLoginMixin, View):
success_url = settings.LOGIN_REDIRECT_URL
failure_url = settings.LOGIN_URL
required_profiles = ['email', 'nickname']
model = get_user_model()
def get(self, request, *args, **kwargs):
provider = kwargs.get('provider')
success_url = request.GET.get('next', self.success_url)
if provider == 'naver':
csrf_token = request.GET.get('state')
code = request.GET.get('code')
if not _compare_salted_tokens(csrf_token, request.COOKIES.get('csrftoken')):
messages.error(request, 'Login Failed ......', extra_tags='danger')
return HttpResponseRedirect(self.failure_url)
is_success, error = self.login_with_naver(csrf_token, code)
if not is_success: # login failed
messages.error(request, error, extra_tags='danger')
return HttpResponseRedirect(success_url if is_success else self.failure_url)
return HttpResponseRedirect(self.failure_url)
def set_session(self, **kwargs):
for key, value in kwargs.items():
self.request.session[key] = value
I can't continue to... beacause of this function (_compare_salted_tokens). My django ver. 4.2 But, above django ver. 2.1.3
In django ver. 4.2, I can't find _compare_salted_tokens function. I finally reallized much difference between django.middleware.csrf (in django ver 4.2) and (in django ver 2.1).
if not _compare_salted_tokens(csrf_token, request.COOKIES.get('csrftoken')):
How could i achieve this purpose ? (in Django 4.2 ways or alternative ways or ? )
Thank you for your attention to this matter.
I want to replace function (_compare_salted_tokens) to any method suitable for Django 4.2