FriendsOfFlarum OAuth

heyitsritesh

Tried Facebook login and signup, and it just refreshes the login/signup dialogue box and fills no details, nor logs in or signs up.

clarkwinkelmann

heyitsritesh for Twitter, when you create the Twitter Application in the Twitter dev dashboard, make sure to enable email sharing. I don't remember how the option is named exactly.

heyitsritesh

clarkwinkelmann Thanks for your reply. I already did that, still, it's happening 🙁

heyitsritesh

I can confirm that the issue I've with Twitter exists with Google as well. When it returns to the site, the sign up dialogue just refreshes with blank username field and locked email field.

mskian

heyitsritesh I can confirm that the issue I've with Twitter exists with Google as well. When it returns to the site, the sign up dialogue just refreshes with blank username field and locked email field.

i too noticed this issue
on facebook and twitter

Walys

Installed this extension in my first community but...

Stay now with Google configuration and view this:

1- OK!
2- Really?? Need to had a video to explian this? 🤣
3- Puff...
4- OK!

This is necesary to Outh with Google?

datitisev

Walys I've never seen that before. The modal says you set up the app in a way that requires verification - so how did you set up the app exactly?

matteocontrini

Walys I tried to go through that process and didn't succeed... Instructions on how to proceed are unclear and conflicting, I gave up.

Walys

datitisev OAuth consent screen in Google Cloud Platform. An need to approve 3-5 days.

1Dot

I found that this extension can be dangerous as If the user is not using social login or he didn't used social login to signup then also social log in logs the user into account and It is dangerous as yesterday I was playing with a demo forum and I installed this extension there is someone who told me it can be dangerous I told how he told me that If you are not using Google account to log in then also it will log into my account right and that is admin account so if someone get access to my google account or any other acc they can simply hack my forum too! and even he told me it is possible to make a localhost server and point the domain ip to localhost with hosts file like accounts.google.com points to 127.0.0.1, and then send a fake oauth request. I am expecting a fix or If I am wrong feel free to correct me and also share your thoughts what do you think!

matteocontrini

1Dot 1) use punctuation.

2) there's no fix to do, your OAuth secret must be kept secret. If you don't disclose it, there's no risk.

davwheat

1Dot if someone get access to my google account or any other acc they can simply hack my forum

Yes, that's exactly how oauth works.

1Dot it is possible to make a localhost server and point the domain ip to localhost with hosts file like accounts.google.com points to 127.0.0.1, and then send a fake oauth request

No. The forum does backend verification of the oauth token returned by the front-end. Without this backend verification, the tokens are never validated so won't work.

If you redirect your browser to use another server instead of Google, it'll work and send your own token back to Flarum, but when Flarum sends that token back to Google, Google won't recognise it and will fail your login attempt.

The OAuth extension also only accepts verified email addresses, so if you create an account with someone's email and attempt to log in, it won't combine the accounts unless the email was verified with the provider.

Hari

matteocontrini I got scared by reading above post. Thanks for the clarification. 🙏

1Dot

matteocontrini But what if facebook data leaked, I have trust on all platforms but not sure about Facebook as in previous times we seen this type of cases https://www.ubisecure.com/security/facebook-exploit-oauth/

matteocontrini

Hari to clarify I was actually referring to the possibility of faking OAuth requests, which is not possible if you don't have the secret, and Google doesn't allow you to download the secret after the first time.

If someone gets access to your Google account, you have a bigger problem. They can simply do a password reset, and that's not something you can fix. You should prevent that from happening by using 2-factor authentication, and you should then be reasonably safe.

1Dot as far as I remember that was a vulnerability in the "view as" feature, and it might have exposed access tokens. You can fake OAuth requests only if you have the consumer key and secret, if that's the concern. You can revoke and rotate those credentials periodically if you feel it's a risk.

Then the same reasoning as above applies: protect your account with 2FA and you'll be safe.

Hari

1Dot please start a new discussion, after reading such posts others may think that this extension might have a bug. (if you take me I follow this extension so I get notified about every post)

matteocontrini thanks again for an elaborated explaination.

Walys

One question.
I testing this extension and have a dude.
When anyone signup with (example: Facebook) not have any possibility to take a username, the system assigned directly the same name have in facebook.
It would not be possible for the user to choose the name with which he wants to participate in the forum?

clarkwinkelmann

Walys when you connect with a social login, a default username will be provided, but the user should be able to change it in the registration modal before confirming the creation of the new account.

Is this not what happens?

Only the email cannot be changed as it will match with the social login.

Walys

clarkwinkelmann Sorry Clark, working perfect.
It´s my fault, now view that when register with social login have the possibility be able to write a personal username.

fakruzaruret

I get this error.
SELECT failed: NOAUTH Authentication required. [tcp://127.0.0.1:6379]

Also I get this error when I try to create discussion.

POST https://domain.com/api/discussions

Predis\Connection\ConnectionException: `SELECT` failed: NOAUTH Authentication required. [tcp://127.0.0.1:6379] in /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/AbstractConnection.php:155
Stack trace:
#0 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/StreamConnection.php(263): Predis\Connection\AbstractConnection->onConnectionError()
#1 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/AbstractConnection.php(180): Predis\Connection\StreamConnection->connect()
#2 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/StreamConnection.php(288): Predis\Connection\AbstractConnection->getResource()
#3 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/StreamConnection.php(394): Predis\Connection\StreamConnection->write()
#4 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Connection/AbstractConnection.php(110): Predis\Connection\StreamConnection->writeRequest()
#5 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Client.php(331): Predis\Connection\AbstractConnection->executeCommand()
#6 /home/username/web/domain.com/public_html/vendor/predis/predis/src/Client.php(314): Predis\Client->executeCommand()
#7 /home/username/web/domain.com/public_html/vendor/illuminate/redis/Connections/Connection.php(116): Predis\Client->__call()
#8 /home/username/web/domain.com/public_html/vendor/illuminate/redis/Connections/Connection.php(220): Illuminate\Redis\Connections\Connection->command()
#9 /home/username/web/domain.com/public_html/vendor/illuminate/queue/RedisQueue.php(140): Illuminate\Redis\Connections\Connection->__call()
#10 /home/username/web/domain.com/public_html/vendor/illuminate/queue/RedisQueue.php(124): Illuminate\Queue\RedisQueue->pushRaw()
#11 /home/username/web/domain.com/public_html/vendor/illuminate/queue/Queue.php(313): Illuminate\Queue\RedisQueue->Illuminate\Queue\{closure}()
#12 /home/username/web/domain.com/public_html/vendor/illuminate/queue/RedisQueue.php(125): Illuminate\Queue\Queue->enqueueUsing()
#13 /home/username/web/domain.com/public_html/vendor/flarum/subscriptions/src/Listener/SendNotificationWhenReplyIsPosted.php(31): Illuminate\Queue\RedisQueue->push()
#14 /home/username/web/domain.com/public_html/vendor/illuminate/events/Dispatcher.php(412): Flarum\Subscriptions\Listener\SendNotificationWhenReplyIsPosted->handle()
#15 /home/username/web/domain.com/public_html/vendor/illuminate/events/Dispatcher.php(237): Illuminate\Events\Dispatcher->Illuminate\Events\{closure}()
#16 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Foundation/DispatchEventsTrait.php(33): Illuminate\Events\Dispatcher->dispatch()
#17 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Post/Command/PostReplyHandler.php(104): Flarum\Post\Command\PostReplyHandler->dispatchEventsFor()
#18 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Notification/NotificationSyncer.php(148): Flarum\Post\Command\PostReplyHandler->Flarum\Post\Command\{closure}()
#19 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Post/Command/PostReplyHandler.php(105): Flarum\Notification\NotificationSyncer->onePerUser()
#20 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(122): Flarum\Post\Command\PostReplyHandler->handle()
#21 /home/username/web/domain.com/public_html/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}()
#22 /home/username/web/domain.com/public_html/vendor/illuminate/pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#23 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(132): Illuminate\Pipeline\Pipeline->then()
#24 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(78): Illuminate\Bus\Dispatcher->dispatchNow()
#25 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Discussion/Command/StartDiscussionHandler.php(82): Illuminate\Bus\Dispatcher->dispatch()
#26 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(122): Flarum\Discussion\Command\StartDiscussionHandler->handle()
#27 /home/username/web/domain.com/public_html/vendor/illuminate/pipeline/Pipeline.php(128): Illuminate\Bus\Dispatcher->Illuminate\Bus\{closure}()
#28 /home/username/web/domain.com/public_html/vendor/illuminate/pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(132): Illuminate\Pipeline\Pipeline->then()
#30 /home/username/web/domain.com/public_html/vendor/illuminate/bus/Dispatcher.php(78): Illuminate\Bus\Dispatcher->dispatchNow()
#31 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Api/Controller/CreateDiscussionController.php(61): Illuminate\Bus\Dispatcher->dispatch()
#32 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Api/Controller/AbstractSerializeController.php(110): Flarum\Api\Controller\CreateDiscussionController->data()
#33 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Api/Controller/AbstractCreateController.php(22): Flarum\Api\Controller\AbstractSerializeController->handle()
#34 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/RouteHandlerFactory.php(41): Flarum\Api\Controller\AbstractCreateController->handle()
#35 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/ExecuteRoute.php(27): Flarum\Http\RouteHandlerFactory->Flarum\Http\{closure}()
#36 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\ExecuteRoute->process()
#37 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Api/Middleware/ThrottleApi.php(33): Laminas\Stratigility\Next->handle()
#38 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Api\Middleware\ThrottleApi->process()
#39 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/CheckCsrfToken.php(44): Laminas\Stratigility\Next->handle()
#40 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\CheckCsrfToken->process()
#41 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/ResolveRoute.php(67): Laminas\Stratigility\Next->handle()
#42 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\ResolveRoute->process()
#43 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/SetLocale.php(51): Laminas\Stratigility\Next->handle()
#44 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\SetLocale->process()
#45 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/AuthenticateWithHeader.php(56): Laminas\Stratigility\Next->handle()
#46 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\AuthenticateWithHeader->process()
#47 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/AuthenticateWithSession.php(31): Laminas\Stratigility\Next->handle()
#48 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\AuthenticateWithSession->process()
#49 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/RememberFromCookie.php(52): Laminas\Stratigility\Next->handle()
#50 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\RememberFromCookie->process()
#51 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/StartSession.php(61): Laminas\Stratigility\Next->handle()
#52 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\StartSession->process()
#53 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Api/Middleware/FakeHttpMethods.php(29): Laminas\Stratigility\Next->handle()
#54 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Api\Middleware\FakeHttpMethods->process()
#55 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/ParseJsonBody.php(28): Laminas\Stratigility\Next->handle()
#56 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\ParseJsonBody->process()
#57 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/HandleErrors.php(57): Laminas\Stratigility\Next->handle()
#58 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\HandleErrors->process()
#59 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/InjectActorReference.php(25): Laminas\Stratigility\Next->handle()
#60 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\InjectActorReference->process()
#61 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(76): Laminas\Stratigility\Next->handle()
#62 /home/username/web/domain.com/public_html/vendor/middlewares/request-handler/src/RequestHandler.php(84): Laminas\Stratigility\MiddlewarePipe->process()
#63 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Middlewares\RequestHandler->process()
#64 /home/username/web/domain.com/public_html/vendor/middlewares/base-path-router/src/BasePathRouter.php(101): Laminas\Stratigility\Next->handle()
#65 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Middlewares\BasePathRouter->process()
#66 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Middleware/OriginalMessages.php(36): Laminas\Stratigility\Next->handle()
#67 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Laminas\Stratigility\Middleware\OriginalMessages->process()
#68 /home/username/web/domain.com/public_html/vendor/middlewares/base-path/src/BasePath.php(73): Laminas\Stratigility\Next->handle()
#69 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Middlewares\BasePath->process()
#70 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Middleware/ProcessIp.php(24): Laminas\Stratigility\Next->handle()
#71 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/Next.php(51): Flarum\Http\Middleware\ProcessIp->process()
#72 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(76): Laminas\Stratigility\Next->handle()
#73 /home/username/web/domain.com/public_html/vendor/laminas/laminas-stratigility/src/MiddlewarePipe.php(65): Laminas\Stratigility\MiddlewarePipe->process()
#74 /home/username/web/domain.com/public_html/vendor/laminas/laminas-httphandlerrunner/src/RequestHandlerRunner.php(96): Laminas\Stratigility\MiddlewarePipe->handle()
#75 /home/username/web/domain.com/public_html/vendor/flarum/core/src/Http/Server.php(44): Laminas\HttpHandlerRunner\RequestHandlerRunner->run()
#76 /home/username/web/domain.com/public_html/public/index.php(26): Flarum\Http\Server->listen()
#77 {main}
#77 {main}

clarkwinkelmann

fakruzaruret that seems related to one of the Redis queue extensions, nothing to do with FoF OAuth.

« Previous Page Next Page »