Render authentication error in case of state issue (closes pennersr#583)

pennersr · pennersr · commit b517654a4272 · 2014-08-08T14:44:30.000+02:00
diff --git a/allauth/socialaccount/providers/oauth2/views.py b/allauth/socialaccount/providers/oauth2/views.py
@@ -2,6 +2,7 @@
 
 from datetime import timedelta
 
+from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect
 from django.utils import timezone
@@ -83,7 +84,7 @@ def dispatch(self, request):
 
 class OAuth2CallbackView(OAuth2View):
     def dispatch(self, request):
-        if 'error' in request.GET or not 'code' in request.GET:
+        if 'error' in request.GET or 'code' not in request.GET:
             # TODO: Distinguish cancel from error
             return render_authentication_error(request)
         app = self.adapter.get_provider().get_app(self.request)
@@ -106,5 +107,5 @@ def dispatch(self, request):
             else:
                 login.state = SocialLogin.unstash_state(request)
             return complete_social_login(request, login)
-        except OAuth2Error:
+        except (OAuth2Error, PermissionDenied):
             return render_authentication_error(request)
