Skip to content
This repository was archived by the owner on Nov 9, 2017. It is now read-only.

Added integration of existing account.#149

Open
daFish wants to merge 6 commits intoFriendsOfSymfony:masterfrom
daFish:doc/integration
Open

Added integration of existing account.#149
daFish wants to merge 6 commits intoFriendsOfSymfony:masterfrom
daFish:doc/integration

Conversation

@daFish
Copy link

@daFish daFish commented May 23, 2012

Fixes #145

@daFish
Copy link
Author

daFish commented May 23, 2012

Looks like I screwed the PR. Maybe my commit (a369a1d) can be cherry picked.

arnaud-lb
arnaud-lb reviewed Jun 20, 2012
View reviewed changes
README.md
Copy link
Member

@arnaud-lb arnaud-lb Jun 20, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure, but since one can create a facebook account with any email address, wouldn't this allow any one to login to any account ?

Copy link
Author

@daFish daFish Jun 20, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would indeed be a security issue.

One solution could be a notice to the user to login with his credentials and merge the Facebook information with the existing account. That way we are sure the user is really in possession of the account.

Copy link
Author

@daFish daFish Jun 20, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct if I'm wrong but I think my implementation is valuable security wise.

If you create an Facebook account you need to verify this account before you can use it. So the Facebook account is sufficiently authenticated. If a user has access to the email address then the account itself is already compromised.

Copy link

@jbergler jbergler Aug 13, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$fbdata['verified'] is true if facebook has verified the account.

Not sure if this means the email address they've given is valid or just if one of the emails on the account has been verified / user has verified a mobile number.

I think redirecting to another login form is probably the way to go.

@alex88
Copy link

alex88 commented Nov 5, 2012

It would be nice to add the feature of merging a logged account with a facebook account instead of just checking the same email, because someone can use different emails

@stof
Copy link
Member

stof commented Nov 5, 2012

@alex88 this is the readme. Your code can modify this example in the way you want to implement more complex use cases.

@alex88
Copy link

alex88 commented Nov 6, 2012

@stof which readme? I just given an advice in something else to add as feature.

@stof
Copy link
Member

stof commented Nov 6, 2012

@alex88 The whole description of storing users in the database when using this bundle, both in the current state of the bundle and in this PR. FOSFacebookBundle does not provide any sort of user persistence, so why should it try to implement the merging of a user with a persistent one (which is not implemented) ?

@alex88
Copy link

alex88 commented Nov 7, 2012

So this pull request has no sense since it relies on persistent users?

@stof
Copy link
Member

stof commented Nov 7, 2012

@alex88 This PR does not rely on anything. It improves the README showing you how you can persist users. But it is only an example. Each project can adapt it to their own needs.

@alex88
Copy link

alex88 commented Nov 8, 2012

Oh, sorry for that!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

in progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using FOSFacebookBundle to bind "fosuserbundle users" to facebook accounts

7 participants

@daFish @alex88 @stof @arnaud-lb @jbergler @lsmith77 @MattKetmo