Facebook Auth breaks when trying to login again after logout of facebook.
| Project: | Facebook - Auth |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Managed to crash my Drupal site with the error:
Fatal error: Uncaught exception 'FacebookRestClientException' with message 'Session key invalid or no longer valid' in /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php:1673 Stack trace: #0 /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php(606): FacebookRestClient->call_method('facebook.users....', Array) #1 /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook_auth.module(92): FacebookRestClient->users_getInfo('660763022', Array) #2 [internal function]: facebook_auth() #3 /var/www/html/drupal-6/includes/menu.inc(348): call_user_func_array('facebook_auth', Array) #4 /var/www/html/drupal-6/index.php(18): menu_execute_active_handler() #5 {main} thrown in /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php on line 1673
To re-produce this I did:
* click 'facebook' button to auth with facebook from my drupal site.
* logged in to facebook
* approved drupal site app to access facebook data.
* redirected back to drupal site (got access denied error - see other issue)
* logged out of drupal site.
* visited facebook.com directly in another tab and logged out of facebook completely.
* back on the drupal site clicked facebook login image again
* provided login details at facebook.com
* redirects back to drupal site and gives the above error message -- halting the site. :-(
A user of my site reported this, and he's not trying to break things, just paranoid about privacy i think!
#1
Interesting.
This only happends with the drupal6 version, and not the drupal5 version.
#2
I've fixed it, i'm about to commit a fix.
#3
Is it fixed in 6.x.1.1? I'm still getting the same error even after upgrading facebook platform.
Fatal error: Uncaught exception 'FacebookRestClientException' with message 'Session key invalid or no longer valid' in /home1/*****/public_html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php:1673 Stack trace: #0 /home1/*****/public_html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php(606): FacebookRestClient->call_method('facebook.users....', Array) #1 /home1/*****/public_html/sites/all/modules/facebook_auth/facebook_auth.module(104): FacebookRestClient->users_getInfo('1318716788', Array) #2 [internal function]: facebook_auth() #3 /home1/****/public_html/includes/menu.inc(348): call_user_func_array('facebook_auth', Array) #4 /home1/*****/public_html/index.php(18): menu_execute_active_handler() #5 {main} thrown in /home1/*****/public_html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php on line 1673
Thanks
=gk
#4
I tried 6.1.1 and got the error:
Fatal error: Uncaught exception 'FacebookRestClientException' with message 'Session key invalid or no longer valid' in /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php:1673 Stack trace: #0 /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php(218): FacebookRestClient->call_method('facebook.auth.e...', Array) #1 /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebook.php(127): FacebookRestClient->auth_expireSession() #2 /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook_auth.module(156): Facebook->expire_session() #3 [internal function]: facebook_auth_user('logout', NULL, Object(stdClass)) #4 /var/www/html/drupal-6/includes/module.inc(471): call_user_func_array('facebook_auth_u...', Array) #5 /var/www/html/drupal-6/modules/user/user.pages.inc(151): module_invoke_all('user', 'logout', NULL, Object(stdClass)) #6 [internal function]: user_logout() #7 /var/www/html in /var/www/html/drupal-6/sites/quiz/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php on line 1673The steps I took to get this were:
* click facebook logo on drupal site
* fill in facebook login details on facebook.com
* redirect back to drupal site.
* logout of facebook.com
* logout of drupal site.
So during the logout of Drupal the process dies. Stack trace seems to indicate...
drupal calls hook_user -> facebook_auth_user() which uses the facebook library to expire a facebook session which no longer exists. So probably just need to handle the call to the lib better to prevent it exploding if no session exists.
Is it correct to expire a facebook.com session if the drupal site user logs out though?
#5
Okay, i seem to have it functioning stabily now with two changes to the module code.
The first change handles the problem of an expired session during authentication:
function facebook_auth() {
global $user;
$api_key = variable_get('facebook_apikey', '');
$secret = variable_get('facebook_secretkey', '');
// initiate class
$facebook = @new Facebook($api_key, $secret);
$u = @$facebook->require_login();
# http://developers.facebook.com/documentation.php?v=1.0&method=users.getI... if (@$facebook->api_client->error_code) {
return t('Unable to load profile from facebook');
}
try {
$info = @$facebook->api_client->users_getInfo($u, array('first_name', 'last_name'));
$username = $info[0]['first_name'] .' '. $info[0]['last_name'];
} catch (Exception $ex) {
//this will clear cookies for your app and redirect them to a login prompt
$facebook->set_user(null, null);
$facebook->redirect('/facebook');
exit;
}
The code redirects to facebook on exception from trying to get the users info. This is covered in point 3 of http://20bits.com/articles/5-facebook-application-gotchas/
Next fix was during logout to catch the exception:
function facebook_auth_user($op, &$edit, &$account, $category = NULL) {
if ($op == 'logout') {
$count = db_result(db_query("SELECT count(*) FROM {authmap} WHERE module='facebook_auth' AND uid=%d", $account->uid));
if ($count) {
$api_key = variable_get('facebook_apikey', '');
$secret = variable_get('facebook_secretkey', '');
// initiate class
$facebook = @new Facebook($api_key, $secret);
try {
$facebook->expire_session();
} catch (Exception $e) {
}
Sorry the code changes aren't supplied as patches - I don't have the facility on my slob-in-front-of-the-TV laptop this afternoon :-)
#6
I'll try and patch and release those later tonight.
I really want to remove the need for the facebook client at some point, it does some wacky things with its own data storage at points.
#7
Actually I can't do it that way as that'll mean we lose php4 compatibiliy.
I'll look into it more asap.
#8
PHP4 is still being supported? Wasn't it suggested to let it die in 2007/start of 2008? Shame...
In Drupal 6 you can specify what version of PHP is required in the info file.
#9
Fatal error: Uncaught exception 'FacebookRestClientException' with message 'A session key is required for calling this method' in /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php:1673 Stack trace: #0 /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php(218): FacebookRestClient->call_method('facebook.auth.e...', Array) #1 /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/sites/all/modules/facebook_auth/facebook-platform/client/facebook.php(127): FacebookRestClient->auth_expireSession() #2 /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/sites/all/modules/facebook_auth/facebook_auth.module(156): Facebook->expire_session() #3 [internal function]: facebook_auth_user('logout', NULL, Object(stdClass)) #4 /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/includes/module.inc(471): call_user_func_array(' in /nfs/c02/h03/mnt/28372/domains/d6.creativepropaganda.net/html/sites/all/modules/facebook_auth/facebook-platform/client/facebookapi_php5_restlib.php on line 1673
Same problem here.
Happens when I try to logout after logining in normally. If I log in with facebook button then logout is ok.
D6 and php 5
Thanks
Craig
#10
If you want a quick fix, use the try {} catch {} code in my post earlier in this thread.
#11
sorry, my dev environment went down.
i should be able to commit a patch soon.
#12
In an another case, it broke completely and didn't let other user to login using Facebook. The steps I took that create the error
Logged in using Bob Smith from Facebook.
Edited my profile and remove the Facebook ID association
Try login in (Bob Smith is still has authentication session with Facebook) and got following error
my Facebook account
* user warning: Duplicate entry 'Bob Smith' for key 2 query: INSERT INTO users (name, pass, init, status, created) VALUES (Bob Smith, '13221e49b9d0c20e1a8875c2d226af3c', 'Bob Smith', 1, 1231308971) in /home1/****/public_html/modules/user/user.module on line 325.
* warning: array_fill() [function.array-fill]: Number of elements must be positive in /home1/******/public_html/includes/database.inc on line 241.
* warning: implode() [function.implode]: Invalid arguments passed in /home1/******/public_html/includes/database.inc on line 241.
* warning: array_keys() [function.array-keys]: The first argument should be an array in /home1/******/public_html/modules/user/user.module on line 500.
* user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 query: SELECT p.perm FROM role r INNER JOIN permission p ON p.rid = r.rid WHERE r.rid IN () in /home1/******/public_html/modules/user/user.module on line 500.
* warning: array_keys() [function.array-keys]: The first argument should be an array in /home1/******/public_html/modules/block/block.module on line 406.
* warning: array_fill() [function.array-fill]: Number of elements must be positive in /home1/******/public_html/includes/database.inc on line 241.
* warning: implode() [function.implode]: Invalid arguments passed in /home1/******/public_html/includes/database.inc on line 241.
* warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home1/******/public_html/modules/block/block.module on line 407.
* user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module' at line 1 query: SELECT DISTINCT b.* FROM blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '' AND b.status = 1 AND (r.rid IN () OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module in /home1/******/public_html/modules/block/block.module on line 407.
* warning: array_keys() [function.array-keys]: The first argument should be an array in /home1/******/public_html/sites/all/modules/views/views.module on line 440.
After getting the error, I was not able to login using any other Facebook ID even after clearing cache and from different browser. I had to restore site from backup.
Thanks,
=gk
#13
Sorry folks, I don't have time right now to deal with these things right now.
First one:
If you create a patch file (see http://drupal.org/patch) i'll gladly commit it.
Second one:
This should be a different issue, not tacked on to an unrelated one (see http://drupal.org/node/358037)
#14
Are you happy to let go of supporting crappy old PHP4 Hawkeye? Everyone else stopped on January 1st 2008 :)
I can roll a patch if so ;-)
#15
yea, go ahead.
I'm hoping to get some time again to work on things starting next week.
#16
I have the edited .module file on my site, at http://www.codecaucus.com/.
Thanks for the fix, I use PHP5 so I'm smooth sailing now.. much appreciated
#17
Subscribe - Same issue - Anyone ever figure out a patch?
Thanks,
CarbonPig
#18
there were a couple possible fixes early on, but i never got a patch, and since i'm no longer doing drupal dev at my day job i don't have much time left for drupal dev.
I'll hand over maintainership with any working patch.