Posted by wsherliker on October 17, 2007 at 4:43pm
Jump to:
| Project: | Facebook - Auth |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
If the facebook users account has the same name as their drupal account and they have not yet been linked, when the person attempts to login using facebook the checking does not pick up that an account with the same name already exists. It tries to therefore create a new account under this name, which fails, and then it goes into a loop.
The attached file is a fix for this which allows the user to attach the facebook id to this existing account rather than the above issue happening. I have marked the change which starts with
// WS: Bug fix...
and ends with
// WS: End patch
Feel free to use this code, acknowledge me if you want but no problems if not! Great bit of coding by the way - very useful.
All the best
Warren
| Attachment | Size |
|---|---|
| facebook_auth.module.patch | 9.84 KB |
Comments
#1
yea, good bug report, but the patch opens up a huge security hole.
1) User a signs up for drupal using "A A"
2) User b signs up for facebook with "A A"
3) User b tries drupal site, logs in, gets associated with with user a's account.
That doesn't seem right..
I think this is the same problem as 2 facebook users using the same "name" trying to register for the site.
I have a fix in my head but I havn't gotten time to write it yet.
#2
and you might want to read http://drupal.org/patch for patches.
#3
I have a beta fix available if you want to try it.
http://groups.drupal.org/node/6683 for more details.
#4
i wasn't able to reproduce that, but the new code should take care of anything like this.
#5
Automatically closed -- issue fixed for two weeks with no activity.