Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

Added integration of existing account. #149

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Added integration of existing account. #149

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
7d61fa4
Fixed path to facebook sdk.
daFish Apr 27, 2012
2ce39a0
Updated yml example.
daFish May 7, 2012
d09917c
Fixed var typo in README
MattKetmo May 10, 2012
c1ddcc2
Set the file parameter optional
MattKetmo May 12, 2012
8612e94
Merge remote-tracking branch 'upstream/master'
daFish May 23, 2012
a369a1d
Added integration of existing account.
daFish May 23, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ This Bundle enables integration of the Facebook PHP and JS SDK's. Furthermore it
also provides a Symfony2 authentication provider so that users can login to a
Symfony2 application via Facebook. Furthermore via custom user provider support
the Facebook login can also be integrated with other data sources like the
database based solution provided by FOSUserBundle.
database based solution provided by FOSUserBundle including adding Facebook data to an existing account.

Note that logging in a user requires multiple steps:

Expand Down Expand Up @@ -94,7 +94,7 @@ Installation

# application/config/config.yml
fos_facebook:
file: %kernel.root_dir%/../vendor/facebook/src/base_facebook.php
file: %kernel.root_dir%/../vendor/facebook/php-sdk/src/base_facebook.php
alias: facebook
app_id: 123456879
secret: s3cr3t
Expand All @@ -103,7 +103,7 @@ Installation

# application/config/config.xml
<fos_facebook:api
file="%kernel.root_dir%/../vendor/facebook/src/base_facebook.php"
file="%kernel.root_dir%/../vendor/facebook/php-sdk/src/base_facebook.php"
alias="facebook"
app_id="123456879"
secret="s3cr3t"
Expand Down Expand Up @@ -321,6 +321,11 @@ to the provider id in the "provider" section in the config.yml:
return $this->userManager->findUserBy(array('facebookId' => $fbId));
}

public function findUserByEmail($email)
{
return $this->userManager->findUserBy(array('email' => $email));
}

public function loadUserByUsername($username)
{
$user = $this->findUserByFbId($username);
Expand All @@ -332,7 +337,12 @@ to the provider id in the "provider" section in the config.yml:
}

if (!empty($fbdata)) {
if (empty($user)) {
// there might be already a user with the same email adress
if (null === $user) {
$user = $this->findUserByEmail($fbdata['email']);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure, but since one can create a facebook account with any email address, wouldn't this allow any one to login to any account ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would indeed be a security issue.

One solution could be a notice to the user to login with his credentials and merge the Facebook information with the existing account. That way we are sure the user is really in possession of the account.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct if I'm wrong but I think my implementation is valuable security wise.

If you create an Facebook account you need to verify this account before you can use it. So the Facebook account is sufficiently authenticated. If a user has access to the email address then the account itself is already compromised.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$fbdata['verified'] is true if facebook has verified the account.

Not sure if this means the email address they've given is valid or just if one of the emails on the account has been verified / user has verified a mobile number.

I think redirecting to another login form is probably the way to go.


if (null === $user) {
$user = $this->userManager->createUser();
$user->setEnabled(true);
$user->setPassword('');
Expand Down Expand Up @@ -365,7 +375,7 @@ to the provider id in the "provider" section in the config.yml:
}
}

Finally one also needs to add a getFacebookId() and setFBData() method to the User model.
Finally one also needs to add a getFacebookId() and setFBData() method to the User model. It also takes care of already registered users.
The following example also adds "firstname" and "lastname" properties, using the Doctrine ORM:

<?php
Expand Down Expand Up @@ -457,8 +467,10 @@ The following example also adds "firstname" and "lastname" properties, using the
public function setFacebookId($facebookId)
{
$this->facebookId = $facebookId;
$this->setUsername($facebookId);
$this->salt = '';
if (!$this->username) {
$this->setUsername($facebookId);
$this->salt = '';
}
}

/**
Expand Down