ADmad
Consider scope
I set up the FB auth with
'scope' => 'email'
as the app at least requires an email to register successfully. But, upon FB auth confirmation one can de-select the email, providing basically no data then back to the application. The callback then can run into errors, exceptions and fatals depending on how the code is set up. Or it could silently log you in without the required scope.
I managed to workaround it by throwing a custom exception and catching it in the controller to circumvent an invalid user create + login:
/**
* @param \Cake\Event\Event $event
*
* @return \Cake\ORM\Entity
*/
public function createUser(Event $event) {
// Entity representing record in social_profiles table
$profile = $event->data()['profile'];
if (empty($profile->email)) {
throw new IncompleteProfileException('No email provided');
}
...
return $savedUser;
}
and
$error = __('invalidLoginCredentials');
try {
$userArray = $this->Auth->identify();
} catch (IncompleteProfileException $e) {
$userArray = [];
$error = __($e->getMessage());
}
But it would be nice if such a scope would be part of the plugin itself and then just returned the empty array etc.
But, upon FB auth confirmation one can de-select the email, providing basically no data then back to the application.
That's effing stupid of FB. What's the point of having scopes if user can still prevent that info from being accessed by the app?
Isn't this something that should rather be taken care of by HybridAuth itself?
Probably, but with the plugin being the direct link from and to CakePHP this could for the time being maybe be sth we could support here.
PS: no data is not quite true, you still always submit gender, language and the profile pic if applicable.
I am working on twitter login. I have used every step of login with twitter but find same error every time. Find error in attachment and pull out from this error
@SunilNoto It looks like you are trying to load UsersController/login method from ADmad/HybridAuth plugin. as there is no such controller / method present inside the plugin hence you are getting this error.
I can see you have just joined github from next time kindly create a separate issue.
you can also join cakephp community on slack from http://cakesf.herokuapp.com/ & ask your queries and questions their
@dereuromark Doing that solved your issue? I am facing a similar problem (and not just with Facebook) but I tried that workaround without success. I tried to capture the exception but even so, all the pages get stuck in the same exception (like as if it was not being catched on all possible flows). After some further changes I manage to workaround this (very ugly) but then I am unable to sign in with the social network that presented the problem (unless I attempt another one or login directly), as if something was still open. Any ideas?
In your solution did you change anything else? Thanks!
@urionlinejudge The IncompleteProfileException shown in example code above is a custom exception. Have you actually created that exception class and added "use" statement for it? If not just use \RuntimeException() instead.
@ADmad Yes, I tried both ways, first with an existing exception and then with the created IncompleteProfileException . From what I could tell the exception itself is found since it it thrown (I can see that in the logs). However, that did not solve the problem. Just to be sure, try...catch around the identify() is placed in which file?
The try/catch hack is in the login to make sure it just flashes out an error message that it failed. The exception is necessary to bail out of the event and the whole login part here.
Ok, so I am putting the hack in the right places... The issue is then that after the exception is thrown something is left 'open' as further clicks on the link to sign in with Facebook, for instance, do not redirect the user to Facebook, but rather does nothing... other links work ok. On the other hand if I try Google login (or other social network), logout, and try again with Facebook only then I am redirected to FB as excepted. That did not happened to you?
@dereuromark How can I be sure that the entire login part is being skipped properly? I am positive that the try/catch itself is working because of the logs.. so I not quite sure what could be causing this.
@urionlinejudge If you are using cake 3.4 you can try my new plugin https://github.com/ADmad/cakephp-social-auth It's still not battle tested but you can help doing so :)
@ADmad Unfortunately I am not! I will keep this noted for the next time we upgrade our system. For now I just have to find a way to fix this :)
Yep, in fact the login action is failing to catch the exception (any of of them, even the Runtime exception when it is not possible to save the user) and a session is left open, which makes subsequent attempts to connect to the same social network to fail without prompting the permission and giving 500. Is this a problem of configuration somewhere?