Sunday, January 9, 2022

[FIXED] Flexi auth with Facebook login

Issue

I am using Flexi auth User authentication library in my project. Now client wants Facebook, Twitter user login. I am using facebook sdk 4 and have been able to make user logged in by Facebook.

But now facing an issue. For every controller there is a function in construct is_logged_in_via_password().

I cannot bypass this function. I tried to set the session value is_logged_in_via_password as 1 after user login via facebook.

But still the function is_logged_in_via_password returns false when its comes to constuct.

The session that is made with flexi auth User logged is:

Array
(
[user_identifier] =xxxxxx@gmail.com
[user_id] = 255
[admin] = 
[group] = Array
    (
        [5] = Employer Individual
    )

[privileges] = Array
    (
    )

[logged_in_via_password] = 1
[login_session_token] => 805ad8cdfdfd49ad309dcc3837a762159e855c649
)

And the session that I created after facebook login:

Array
(
[user_identifier] =xxxxxx@gmail.com
[user_id] => 129
[admin] => 
[group] => Array
    (
        [5] => Employer Individual
    )

[privileges] => Array
    (
    )

[logged_in_via_password] => 1
[login_session_token] => 8306cd89be76082caa0b15fd53a2b22f7965e6434
)

Still the function returns false. Question: How can I overcome this issue. The flexi auth documentation does not provide any details on this.


Solution

According to Flexi auth documentation:

The flexi auth library does not include any features to login via a third party api like Facebook, Twitter and OpenID.

But I a wrote a function similar to public function login($identity = FALSE, $password = FALSE, $remember_user = FALSE) in flexi_auth_model.php to handle Facebook login situation.

In this function I removed verify password function since its facebook login and does not have password.

My code looks like this:

public function facebooklogin($fbprofiledata = FALSE)
 {
   // Facebook Email Or Facebook ID
    $identity=$fb_fbprofiledata['email']; 
    if (empty($identity) || (!$identity = this->get_primary_identity($identity)))
    {
        return FALSE;
    }
    $sql_select = array(
        $this->auth->primary_identity_col, 
        $this->auth->tbl_col_user_account['id'], 
        $this->auth->tbl_col_user_account['password'], 
        $this->auth->tbl_col_user_account['group_id'], 
        $this->auth->tbl_col_user_account['activation_token'], 
        $this->auth->tbl_col_user_account['active'], 
        $this->auth->tbl_col_user_account['suspend'], 
        $this->auth->tbl_col_user_account['last_login_date'], 
        $this->auth->tbl_col_user_account['failed_logins'],
        $this->auth->tbl_col_user_account['uacc_type'],
    );

    $sql_where = array($this->auth->primary_identity_col => $identity);

    // Set any custom defined SQL statements.
    $this->flexi_auth_lite_model->set_custom_sql_to_db();

    $query = $this->db->select($sql_select)
        ->where($sql_where)
        ->get($this->auth->tbl_user_account);

    ###+++++++++++++++++++++++++++++++++###

    // User exists, now validate credentials.
    if ($query->num_rows() == 1)
    {   
        $user = $query->row();



        // If an activation time limit is defined by config file and account hasn't been activated by email.
        if ($this->auth->auth_settings['account_activation_time_limit'] > 0 &&  !empty($user->{$this->auth->database_config['user_acc']['columns']['activation_token']}))
        {
            if (!$this->validate_activation_time_limit($user->{$this->auth->database_config['user_acc']['columns']['last_login_date']}))
            {
                $this->set_error_message('account_requires_activation', 'config');
                return FALSE;
            }
        }

        // Check whether account has been activated.
        if ($user->{$this->auth->database_config['user_acc']['columns']['active']} == 0)
        {
            $this->set_error_message('account_requires_activation', 'config');
            return FALSE;
        }

        // Check if account has been suspended.
        if ($user->{$this->auth->database_config['user_acc']['columns']['suspend']} == 1)
        {
            $this->set_error_message('account_suspended', 'config');
            return FALSE;
        }

        // Verify submitted password matches database.
        if ($identity)
        {
            // Reset failed login attempts.
            if ($user->{$this->auth->database_config['user_acc']['columns']['failed_logins']} > 0)
            {
                $this->reset_login_attempts($identity);
            }

            // Set user login sessions.
            if ($this->set_login_sessions($user, TRUE))
            {
                // Set 'Remember me' cookie and database record if checked by user.
                if ($remember_user)
                {
                    $this->remember_user($user->{$this->auth->database_config['user_acc']['columns']['id']});
                }
                // Else, ensure any existing 'Remember me' cookies are deleted.
                // This can occur if the user logs in via password, whilst already logged in via a "Remember me" cookie. 
                else
                {
                    $this->flexi_auth_lite_model->delete_remember_me_cookies();
                }
                return TRUE;
            }
        }
        // Password does not match, log the failed login attempt if defined via the config file.
        else if ($this->auth->auth_security['login_attempt_limit'] > 0)
        {               
            $attempts = $user->{$this->auth->database_config['user_acc']['columns']['failed_logins']};

            // Increment failed login attempts.
            $this->increment_login_attempts($identity, $attempts);
        }
    }

    return FALSE;




}

PS:If anyone use or think there will be security bug, please comment. Hope this helps others too...



Answered By - jones
at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.