From b0347c60e94945f93e9644abd6ec939d3ee387fd Mon Sep 17 00:00:00 2001
From: Sharad Heft <stephenswat@gmail.com>
Date: Mon, 6 Nov 2017 00:38:52 +0100
Subject: [PATCH] Correctly handle disallowed logins.

---
 test_oauth/views.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/test_oauth/views.py b/test_oauth/views.py
index ae82c2a..9aeb5e3 100644
--- a/test_oauth/views.py
+++ b/test_oauth/views.py
@@ -1,5 +1,5 @@
 from django.shortcuts import redirect
-from django.contrib import auth
+from django.contrib import auth, messages
 from django.views.decorators.cache import never_cache
 from django.conf import settings
 
@@ -29,6 +29,11 @@ def callback(request):
         .fetch_token(code=request.GET['code'])
     )
 
-    auth.login(request, auth.authenticate(token=token))
+    user = auth.authenticate(token=token)
+
+    if user is not None:
+        auth.login(request, user)
+    else:
+        messages.error(request, 'Login failed.')
 
     return redirect(getattr(settings, 'TEST_OAUTH_REDIRECT', '/'))
-- 
GitLab