From c0b725c0756eabeb944ef72b03268d45a65715d0 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Fri, 15 Aug 2025 14:26:43 +0200
Subject: [PATCH] Give better error message when invalid data is passed to
 cauth in d param

Int he sample cauth provider for django, the incoming data in the 'd'
parameter is supposed to be the three parts required to do a SIV
decryption of it. But if somebody is sitting on an old link or ends up
going through history or something like that it can end up with just two
parameters since that's what the old version of the plugin uses. Instead
of crashing on that, give an error message so the user can just retry.
---
 tools/communityauth/sample/django/auth.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/communityauth/sample/django/auth.py b/tools/communityauth/sample/django/auth.py
index c3756902..06cc609c 100644
--- a/tools/communityauth/sample/django/auth.py
+++ b/tools/communityauth/sample/django/auth.py
@@ -211,7 +211,10 @@ We apologize for the inconvenience.
     # Finally, check of we have a data package that tells us where to
     # redirect the user.
     if 'd' in data:
-        (nonces, datas, tags) = data['d'][0].split('$')
+        splitdata = data['d'][0].split('$')
+        if len(splitdata) != 3:
+            return HttpResponse("Invalid login pass-through data received, likely because of an old link. Please try again.")
+        (nonces, datas, tags) = splitdata
         decryptor = AES.new(
             SHA256.new(settings.SECRET_KEY.encode('ascii')).digest()[:32],
             AES.MODE_SIV,
-- 
2.39.5