Sometimes Facebook doesn't provide email field and then FBOAuth creates users with empty mail field.

It should be way to fill mail field username@facebook.com or something like it.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mrded’s picture

Issue summary: View changes
Status: Active » Needs review
FileSize
1.23 KB
mrded’s picture

FileSize
1.29 KB

Some users has not 'username' as well. In this case use Facebook id instead.

david_garcia’s picture

+1 works great and makes sense

Andre-B’s picture

Status: Needs review » Reviewed & tested by the community

+1 works

klidifia’s picture

Just to note that in February 2014 Facebook retired its email service.

If you email the @facebook.com address it will forward it to the users primary email address, however; they can disable this.

mrded’s picture

Please also notice that you can send emails only to people who have usernames claimed. Facebook doesn't allow sending emails to IDs.
However in our case we cannot leave it blank, that's why we use fbid.

DarrellDuane’s picture

If the user doesn't have an e-mail available from Facebook and they don't have a Facebook username, then we don't have an e-mail address to use, and the module will perform as it does in https://www.drupal.org/node/2422091

DarrellDuane’s picture

Status: Reviewed & tested by the community » Patch (to be ported)

Will be in the Dev release for February 14th, 2015

DarrellDuane’s picture

Will be in the Dev release for February 14th, 2015

  • DarrellDuane committed 8dadd05 on 7.x-1.x
    The following four issues were added in a previous commit but...
mrded’s picture

@DarrellDuane, that's really sad that you didn't set me as an author of my patch. whatever

DarrellDuane’s picture

Hi Mrded, This omission is because of my confusion with the system, not because I wanted to claim responsibility for it.

I very much want to give you credit for your work.

I assumed that you would be given credit because of the first line in the second paragraph of the commit notes which appear here, with your username in it.
https://www.drupal.org/commitlog/commit/21448/8dadd058aeead44435413ae204...

Can you advise what else I need to do to give you credit for this patch? Is there any way for me to update this so that you get what you're looking for ?

I'm bumming that I don't understand Drupal's credit system very well.

david_garcia’s picture

@DarrellDuane: recently drupal.org solved these situations by creating automatic commit commands, you will find them at the end of this page:

git commit -m 'Issue #2149661 by mrded: Users with empty mail field' --author="mrded "

(the copy-paste command is not showing properly because the e-mail address is being hidden)

I guess that to fix the situation, you would need to revert the commit (then commit), and commit the changes again with the correct author in the commit command.

  • DarrellDuane committed 6e59ee3 on 7.x-1.x authored by mrded
    Issue #2007922 by mrded: Store and manage access_token per user\n Issue...
DarrellDuane’s picture

Version: 7.x-1.x-dev » 7.x-1.7
Status: Patch (to be ported) » Closed (fixed)
mrded’s picture

Yay! Thank you :)

mrded’s picture

Status: Closed (fixed) » Needs work

Doesn't work with 7.x-1.7.

AlexKirienko’s picture

1) This patch affected fboauth_create_user() function and checking if email is empty.

But fboauth_create_user() not even executed with empty email. In fboauth_action_connect() I can see

function fboauth_action_connect() {
  if (!empty($fbuser->email)) {
    ...
    fboauth_create_user() 
    ...
  }
}

2) This patch use username to create facebook email. But in v2 FB API there is no username available. Check related issue https://www.drupal.org/node/2274151

AlexKirienko’s picture

Status: Needs work » Needs review
FileSize
11.02 KB

Temp patch.

I have used fbid instead of username. Yes, it's not valid email fbid@facebook.com. But we can create account for facebook user and ask his email after registration.

quicksketch’s picture

Thanks @AlexKirienko, this is a good start and looks like it'll do the job.

+        drupal_set_message(t('Your Facebook e-mail address does not match
+          any existing accounts. If you have an account, you must first
+          log in before you can connect your account to Facebook.
+          Creation of new accounts on this site is disabled.'));

This should all be on one line. Otherwise translators will need to include the new lines and spaces in their translations. Personally, I find it better to use one line instead of trying to split it up with concatenations like the code did before.

AlexKirienko’s picture

Thank you for review, @quicksketch
I will fix this patch.

Recently, during test process, I have received email in my inbox and in TO was FB address 1352430336@facebook.com
So looks like proxy email address works. But more tests need to be done. Maybe it's just emails from test users.

quicksketch’s picture

Recently, during test process, I have received email in my inbox and in TO was FB address 1352430336@facebook.com

As I understand it, those IDs are now *per application*, so each application will get different IDs from now on (though in the past, there was only one universal Facebook ID). It's not clear if the new IDs are scoped or not, but from the sound of things, they may just be random numbers. If that is the case, multiple users will have the same "ID" between different applications, and the forwarding mechanism would not be possible to function.

https://developers.facebook.com/docs/apps/upgrading#upgrading_v2_0_user_ids

  • DarrellDuane committed 8dadd05 on 7.x-2.x
    The following four issues were added in a previous commit but...
  • DarrellDuane committed 6e59ee3 on 7.x-2.x authored by mrded
    Issue #2007922 by mrded: Store and manage access_token per user\n Issue...
mrded’s picture

Version: 7.x-1.7 » 7.x-2.x-dev
DarrellDuane’s picture

I would really hope that Facebook would the FBID would be unique to the user and application, but I can't find anything indicating this either way. I can't find a place to ask this question on Facebook's developer site, except perhaps the Facebook Developers group which I'm still a pending member on.

Will Alex's patch with Quicksketch's fix suggestion be enough to make this patch work in a production environment, or do we need to do more work to account for the vagaries of the FBID ? I can't tell without digging in more and I'm hopeful someone else can provide guidance.

AlexKirienko’s picture

I have done small research.

from: WikiJob
to: 1352430336@facebook.com
date: 26 March 2015 at 13:12

Last email from FB. At this time we migrate site to v2.

1352430336 - is my actual ID on fb. FB connection was done before update to v2.
After migration to v2 new FB id have much more digits, for example - 529309100540254 or 10206378145836467

I have tried to send email to 1352430336@facebook.com or 10206378145836467@facebook.com and have same response:

Delivery to the following recipient failed permanently

Looks like @quicksketch was right. There is no way to deliver emails on {fb_id}@facebook.com in FB API v2.

So what we have in the end ?
In FB API v2 user can restrict access to email. {fb_id}@facebook.com not valid proxy email address anymore.
Without email system can't register user in Drupal.

Why system need user email?
- to send auto generated password
- to send new password if user can't remember password
- to send notifications
- to match users from third-party services
- etc ...

In this list really critical items connected with user password.

What we can do?
User don't know own password in Drupal site when user come from FB.
In profile settings user will see message:

Please set a password to secure your account details.

I think we can use same approach for email. FB_ID now are app specific, but still unique within same app. FB_ID can be used to create fake machine email {fb_id}@facebook.com. Users with @facebook.com mails will see message like this:

Please set a actual email to get access to all features of site.

Also if user want to use site feature where actual email needed, we can ask him to grant permissions for email once again. In FB API v2 we can request additional permission at any time after initial permissions request.

Your app can ask for additional permissions at any time, even after a person logs in for the first time. For example, the publish_actions permission lets you post to a person's Facebook Timeline. It's recommended you ask for this permission only when a person is ready to publish a story to Facebook. When you ask for new permissions, the person using your app will be asked about those new permissions and has the ability to opt out.

https://developers.facebook.com/docs/facebook-login/permissions/v2.3#ove...

Alternatives?
On the other hand we can refuse FB sing-in without actual email. If user don't want grant access to his actual email we can display message "Real email required. Go to regular registration form". I doubt that such user will go to site registration page and registered there. I think 99% such users will not register at all.

Do we really need real emails if FB user don't want to give it ?
My answer is NO. I think we can use fake email {fb_id}@facebook.com for user registration from FB. Users with fake emails still can easily login on site.
Yes, there is a drawbacks when we have only fake email. But they can be avoided as much as possible:
- display warning message "Please set your real email to get site notifications"
- new ask for email permissions when it really needed.

P.S.
Facebook testing anonymous login - https://developers.facebook.com/products/anonymous-login/
Solution with with fake email is a step in this way.

AlexKirienko’s picture

FileSize
2.52 KB

I have redone patch #19. Only necessary changes was done, without reformatting code.

For overall refactoring of fboauth_action_connect() I have created separate task #2471158: Allow other modules alter account before user creation.

mrded’s picture

Status: Needs review » Reviewed & tested by the community

As long as fid is unique, I think it's fine.

AlexKirienko’s picture

Better patch with same functionality.

In future we can add settings to restrict registration for users without email, if needed.

AlexKirienko’s picture

Status: Reviewed & tested by the community » Fixed

  • AlexKirienko committed 8ed3fe4 on 7.x-2.x
    Issue #2149661 by AlexKirienko, mrded: Users with empty mail field
    

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.