Django invitation login using only OAuth

Question

I'm trying to create a site with invite only login. In addition the invited users can sign in only by using some OAuth login method.

I'm using Django 1.4.

I'm using apps github.com/lizrice/django-allauth and github.com/lizrice/django-invitation

In installed_apps I have included all the apps that documentation tells me to include:

'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.google',
'invitation',

I have set up few variables in settings.py:

SOCIALACCOUNT_AUTO_SIGNUP = False
SOCIALACCOUNT_ENABLED = True
INVITE_MODE = True
ACCOUNT_INVITATION_DAYS = 10
INVITATIONS_PER_USER = 1
INVITATION_USE_ALLAUTH = True

And in urls.py I have only needed urls

url(r'^accounts/register/$', register,
        {
            'backend': 'invitation.backends.InvitationBackend',
        },
    name='registration_register'),
(r'^accounts/', include('invitation.urls')),
(r'^accounts/', include('allauth.urls')),

I can create an invitation code and with that invitation code I can proceed to registration. Now, the registration view brings up the following error (full Stacktrace):

The view invitation.views.register didn't return an HttpResponse object.

Registration view should display a registration flow where user can select OAuth provider to create an account.

Edit: with my configuration, the error comes from allauth/socialaccount/views.py

def signup(request, **kwargs):
    if request.user.is_authenticated():
        return HttpResponseRedirect(reverse(connections))
    sociallogin = request.session.get('socialaccount_sociallogin')
    if not sociallogin:
        return HttpResponseRedirect(reverse('account_login'))

There is no session item with that name, so code tries to reverse to 'account_login'. This URL is defined in allauth. Allauth is in the installed_apps list and the urls are included.

Edit: Added Stacktrace

Edit: removed registration, it is not needed.

Answer 1

It's more than possible that this code of mine is flawed :-) but let's see if we can get to the bottom of it. Also, note that pennersr suggested a better way to do this but I haven't had a chance to implement it yet.

The idea with this is that you don't let people sign up for a new account unless they've got a valid invite code - but if they're going to sign in through a social account you can't tell if they're an existing user or a new user until after they already signed in. If it turns out they're a new user, we'll tell them they need an invitation key. Time passes, they get hold of an invitation key somehow and come back to your site and enter it. If they happen to be in the same session, they'll still be logged in socially (I think that's where request.session['socialaccount_sociallogin'] comes into it). If not then they'll go to the account login page, from which they can sign in socially or create a new username/pw account.

Anyway. The call to reverse('account_login') should, I believe, resolve to allauth.account.views.login - can you check that's happening for you? On a quick inspection I can't see how that function wouldn't return an HttpResponse object so I wonder if it's being called at all.