-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
link of oauth account to nomal account #9
base: develop
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing that really jumps out to me is that there is nothing to create a link. It's great that you can check for links but those links won't exist unless you have some way to merge those (user side).
The next thing that sticks out to me is that you removed the
} else {
$authenticated = $user->authenticate($password);
}
and the reason you had issues with that is you we had the else statement in the wrong "place." It was originally with the if (!$user->exists()) {
statement but now follows a seperate statement.
I love the concept and would love to see what else you can do to implement this.
@Vivalldi Actually, I recognised the actual location of if (!$user->exists()) {
// Create the user
$user = $this->createUser([
'id' => $data['id'],
'fullname' => $data['fullname'],
'username' => $username,
'email' => $data['email'],
'lang' => $language,
]);
// $authenticated = true;
// $user->authenticated = true;
$user->save();
// } else {
// $authenticated = $user->authenticate($password);
}
// Check linked user
$linked_username = $this->grav['config']->get('accounts.linked_accounts.'.$username);
if( $linked_username ){
$linked_user = User::load($linked_username);
if( $linked_user->exists() ){
$user = $linked_user;
}
}
// flag authenticated
if( $user->exists() ){
$authenticated = true;
$user->authenticated = true;
} So still I think that
Since I'm not quite good for internals of Grav, I'm not quite sure but my current understanding is that "no" for both. Even in 'first visiting and creating account', |
@Vivalldi If I understood it correctly, you are pointing out that there is no routines to create a link between oauth and normal account in config/accounts.yaml. I think you saw it correctly and this was actually intended by the first design.
Of course, it will be great if there are any user interfaces to create 'links' and it can be done with
|
I jump into the discussion here, too, since I was heavily involved in this plugin. First of all, I like your idea @qgp9 , but I have serious security concerns about removing the authentication procedure in L342. It is there for purpose. In case a user exists, it should check if the requested password is the same as the stored user ones. As long as user id = password you are right to skip it, but better to keep it in-place. Another question: Why not add an option directly in the users account file like |
@Sommerregen And the reason I choose
|
@Sommerregen I have committed new codes. How is it? |
Hi @qgp9, your PR looks good so far. @Vivalldi Are you here to check? You are right |
Yes, I agree with the speed issues. I didn't count it seriously too :). And also I got same a problem about id. Yes, the id is different from what user know, even not universal but per APP ( as I know ). But fortunately I could add email scope on oauth and am using email information. p.s. also we have full-name but I don't like use it as an identifier. |
I like the new changes @qgp9 . I am currently unavailable and will test in about 5 hours. But it looks like it's coming along. And regarding the first/last name identification, you are right in that it's best to not use that for obvious security reasons. I think however you should try to implement @Sommerregen's suggestion of using |
I'll have to read over this PR in detail and examine the actual use case. The validity and security issues concern me most. Ie, how can you be sure the user should be linked, how is this validated? |
@Sommerregen Actually there are indirect way to get a real username. Since Facebook redirect In conclusion, my suggestion is that
|
I think there is no concrete automatic ways to verify an user or hard to do. For example , one can request ( by offline ) same email address. Basically, normal account user can't do nothing with linked oauth account. But possibly an facebook user can request with a fake information to get link to other's normal account. But in this stage, everything should be done, and could be done manually by admin. |
Or an strict mode to check an identity of email addresses? |
@qgp9 I'm not sure what file I need to create to test this. and what to put in that file |
The file is
|
@qgp9 Authenticating against usernames and email addresses, where a user is not involved concerns me a bit. What OAuth makes special, is that a user can connect a social media account to a service and can disconnect it at any time. It is done by the user and by the knowledge what kind of security risks it can bring. In your approach @qgp9 however the admin or whoever is responsible has to take care of the right "linking" and that everything is fine. What I'd like to see is an extension in the user account information page: an oauth entry, where you can connect your account to your social media accounts. This has the advantage, that (1) the user is authenticated against Grav, (2) it is initiated by the user and (3) the connection can be established without the user has to know the oauth id. This works because once the user hits the "connect" button and logins into his/her social media account and grant access to the request made by Grav, we automatically get the oauth id and know which user belongs this id. If you browse through the code, you can see that this plugin already does this to authenticate a user (but without storing the credentials). |
@Sommerregen I agree with you on that. One thing I was thinking was that the user page in that admin panel could be edited to allow the user to link themselves. (presuming an option is set to true). The other thing I was thinking was have a "linking" specific route. This route would require that the user be logged into their account based on a username and then when they visit the route they are given the option to log into an OAuth provider. @qgp9 Your code functions as it should though putting my id in the file caused me to realize the same thing that Benny has mentioned. |
Basically, I totally agree with you. It would be better if users has own decision and handling.
So, now another issue in my mind is that,
|
@Sommerregen |
Hi @qgp9 , no problem. If something is unclear, just ask 😄
Both connect and disconnect an OAuth provider can be added as a field in the users account blueprint: one need to extend the blueprint and programmatically add the content (a list of OAuth providers with links to connect and disconnect the services with the current status). That's not a big deal, but requires a little CSS for styling, too (since no form field exists for it yet). If the user log outs, then the session cookie is invalidated and the OAuth authentication connect/disconnect route will be unavailable. This way, no additional config file is needed, all information are stored in the respective user account yamls, the user don't need to know their OAuth account ids, the user has the full control, and the identification and authentication are secure. Since a user (except the admin or whoever have the rights) cannot modify the user accounts data of other users this approach is secure for multiple users, too. If someone have access to the account data, then believe me, you have other problems. |
Hi! I am not good enough to contribute to the code unfortunately but if you need help testing the code, running tests, etc. I would love to help (-: |
This is for a feature to link an oauth account to a normal account.
There were many way what I could imagine for this.
Specially, Link informations could be stored in
Each has own pros and cons, but I chosen (3) with some reasons (curious? :-) )
The format of accounts.yaml should be
Also I removed
$user->authenticate($password)
, because$user->authenticated = true
would be enough here and I think that there is no difference in security-wise.( Frankly, it was hard to implement this while keeping
$user->authenticate($password)
:-) )Any comments?