PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001859PacketFencecaptive portalpublic2015-01-19 08:042015-01-19 10:10
Reporterrepitah 
Assigned Tojsemaan.inverse 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformAllOSAllOS VersionAll
Product Version4.5.0 
Target VersionFixed in Version 
Summary0001859: User account creation for Oauth2 Facebook users is missing identifier
DescriptionWhen a user registers on the Capitive portal, using their facebook account, PacketFence creates the account '@facebook', wihout any further identification of which facebook user.

This can create an issue when limiting the amount of devices a user can connect with.
Steps To ReproduceSign in to the captive portal with a facebook account.
Go to users in the administration portal and check username created for facebook login.
Additional InformationSuggest a patch to /html/captive-portal/lib/captiveportal/PacketFence/ControllerOauth2.pm:

--- Oauth2.pm.bak 2015-01-19 12:05:03.425793650 +0200
+++ Oauth2.pm 2015-01-19 14:41:46.346816447 +0200
@@ -196,7 +196,7 @@
                 if ($provider eq 'google' || $provider eq 'github') {
                     $pid = $json_text->{email};
                 } elsif ($provider eq 'facebook') {
- $pid = $json_text->{username} . '@facebook.com';
+ $pid = $json_text->{id} . '@facebook';
                 } elsif ($provider eq 'windowslive'){
                     $pid = $json_text->{emails}->{account};
                 }
TagsNo tags attached.
fixed in git revisiond6e278a
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003633)
jsemaan.inverse (administrator)
2015-01-19 08:14

It seems like the code was bugged (probably username doesn't exist in the hash).

We usually want the PID to be an e-mail address (so the user can be contacted).

Assuming id contains the username of the user, I think this would fit better :
--- Oauth2.pm.bak 2015-01-19 12:05:03.425793650 +0200
+++ Oauth2.pm 2015-01-19 14:41:46.346816447 +0200
@@ -196,7 +196,7 @@
                 if ($provider eq 'google' || $provider eq 'github') {
                     $pid = $json_text->{email};
                 } elsif ($provider eq 'facebook') {
- $pid = $json_text->{username} . '@facebook.com';
+ $pid = $json_text->{id} . '@facebook.com';
                 } elsif ($provider eq 'windowslive'){
                     $pid = $json_text->{emails}->{account};
                 }

Can you confirm that this would give : username@facebook.com and that it's a contactable e-mail address
I'll correct it in our codebase after
(0003634)
repitah (reporter)
2015-01-19 08:59
edited on: 2015-01-19 09:01

The json I see looks like the following, which has an email field: {"id":"101XXXX5391XXXX17","email":"repXXXX\u0040XXXXil.com","first_name":"myFirstname","gender":"male","last_name":"myLastname","link":"https:\/\/www.facebook.com\/app_scoped_user_id\/101XXXX5391XXXX17\/","locale":"en_GB","name":"myFirstname myLastname","timezone":2,"updated_time":"2014-04-01T14:29:08+0000","verified":true}

Sending email directly to {userid}@facebook.com returns 550 5.1.1 RCP-P1 http://postmaster.facebook.com/response_codes?ip=209.85.XXX.54#rcp [^] Recipient address does not exist

Sending emails with regards to account creation with password, could/would perhaps fall under ticket 0001860, where the email field would become populated.

(0003635)
jsemaan.inverse (administrator)
2015-01-19 09:04

That means it would now be :


diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
index 568f9e1..4033eae 100644
--- a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
+++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
@@ -193,10 +193,8 @@ sub oauth2Result : Path : Args(1) {
                 # Grab JSON content
                 my $json = new JSON;
                 my $json_text = $json->decode($response->content());
- if ($provider eq 'google' || $provider eq 'github') {
+ if ($provider eq 'google' || $provider eq 'github' || $provider eq 'facebook') {
                     $pid = $json_text->{email};
- } elsif ($provider eq 'facebook') {
- $pid = $json_text->{username} . '@facebook.com';
                 } elsif ($provider eq 'windowslive'){
                     $pid = $json_text->{emails}->{account};
                 }

It seems they're not sending the username anymore so we can't build the facebook address. That means we need to use the real e-mail address of the user which is the same behavior as linkedin.

Can you confirm the above code works and it will be merged into the codebase.
(0003638)
repitah (reporter)
2015-01-19 09:22

Patch works. Device registered to the email address that is linked to the Facebook account.
(0003639)
jsemaan.inverse (administrator)
2015-01-19 10:10

Patch added to devel, maintenance/4.4 and maintenance/4.5

Closing.

- Issue History
Date Modified Username Field Change
2015-01-19 08:04 repitah New Issue
2015-01-19 08:14 jsemaan.inverse Note Added: 0003633
2015-01-19 08:14 jsemaan.inverse Assigned To => jsemaan.inverse
2015-01-19 08:14 jsemaan.inverse Status new => assigned
2015-01-19 08:59 repitah Note Added: 0003634
2015-01-19 09:00 repitah Note Edited: 0003634 View Revisions
2015-01-19 09:01 repitah Note Edited: 0003634 View Revisions
2015-01-19 09:04 jsemaan.inverse Note Added: 0003635
2015-01-19 09:22 repitah Note Added: 0003638
2015-01-19 10:10 jsemaan.inverse fixed in git revision => d6e278a
2015-01-19 10:10 jsemaan.inverse Note Added: 0003639
2015-01-19 10:10 jsemaan.inverse Status assigned => closed
2015-01-19 10:10 jsemaan.inverse Resolution open => fixed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker