Skip to Content Skip to Menu

🎃 Happy Halloween! Treat yourself with an awesome discount on memberships! Get 20% off now with code SPOOKY-2024!

Problems with CB Connect

11 years 7 months ago - 11 years 7 months ago #222255 by whitetigeritaly
Replied by whitetigeritaly on topic Problems with CB Connect

krileon wrote:

For a simple user is not friendly to think a three-step process: first a normal login; then he must link his CB account with his social networks account and, third, only from this moment he is able to login with the social network account.

It's done this way so someone doesn't link to an account that isn't theirs. How is Facebook supposed to know what CB user to link to? It doesn't. You can't use email either as most of the social sites don't give you an email address. When they do you can specify a different email to send to the application in the login dialog so it'd be easy to hijack an admins account if someone wanted so such a feature was not and will not be added. Once the user has linked accounts they can use either/or login to login fine.


I should like to continue again the issue looking back a little.
A user can know my user profile in Facebook, for example, but he cannot know my email in Facebook and he cannot know if this is the same email in Joomla.
Also if he knows these, surely he cannot know my password in facebook.
If he knows all about these I think that I have a security problem a little bigger than the login in CB. :P

So, can you explain what is your worry?

I think that CB Connect with a only button is more easy to manage for users.

-It ask the SN email
-It verifies if the email is already present in Joomla
-If yes, it create the connection
-If no, it create a new user.

But also now, using this CB Connect, with a new registration why it is not able to open the page of registration filling the fields with the data of the SN?
In this manner the user can complete the form with other fields, approve the terms, etc.
When the user save the form, only in this moment it is create the connection with SN.
Last edit: 11 years 7 months ago by whitetigeritaly.

Please Log in or Create an account to join the conversation.

11 years 7 months ago #222256 by whitetigeritaly
Replied by whitetigeritaly on topic Problems with CB Connect

krileon wrote:

The big problem is that I'm not able to register new users and I don't understand why.

PM backend super administrator login credentials and will take a look.


Ok, I thank you a lot in advance

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48459
  • Thanks: 8280
  • Karma: 1443
11 years 7 months ago - 11 years 7 months ago #222293 by krileon
Replied by krileon on topic Problems with CB Connect

No captcha? And how do I avoid spam?

I'm asking to disable it for testing purposes only to confirm an issue. I will then test locally and confirm. The issue is then marked as a bug, investigated, and fixed for next release. I've created the below bug ticket for investigation.

forge.joomlapolis.com/issues/3920

-It ask the SN email
-It verifies if the email is already present in Joomla
-If yes, it create the connection
-If no, it create a new user.

No, I will never implement this. Email address alone is not a secured way to know a user is who they say they are. This would be a massive security vulnerability. During Facebook authentication dialog I could simply tell it I want to give a different email address to the application and Facebook gives me a nice input to supply one. I would then supply the email address of the Super Administrator of the website and am instantly connected to the account. I then change the password in profile edit and have taken over the site.

To link an account the user must first login to Joomla then use the Link button. This is the only way to properly guarantee proper security. This is how all other sites do it. This is even how Youtube does it. It's a secure method to link existing accounts. The only issue is there is no way for you to delete your own account encase you mess up or at least disable it, but next CB Privacy release will solve that issue.

Ok, I thank you a lot in advance

Ok, will take a look; thank you.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 11 years 7 months ago by krileon.

Please Log in or Create an account to join the conversation.

11 years 7 months ago #222295 by whitetigeritaly
Replied by whitetigeritaly on topic Problems with CB Connect

krileon wrote: During Facebook authentication dialog I could simply tell it I want to give a different email address to the application and Facebook gives me a nice input to supply one. I would then supply the email address of the Super Administrator of the website and am instantly connected to the account. I then change the password in profile edit and have taken over the site.


Only for my personal knowledge, can you explain me better?
When I login with FB (after the link) I have always write the FB email/password.
Where I would put the email of superadmin? IN FB or in my profile?

I understand that there is a security issue, but I don't understand where/how.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48459
  • Thanks: 8280
  • Karma: 1443
11 years 7 months ago #222296 by krileon
Replied by krileon on topic Problems with CB Connect

Only for my personal knowledge, can you explain me better?
When I login with FB (after the link) I have always write the FB email/password.
Where I would put the email of superadmin? IN FB or in my profile?

It's during the authentication dialog when reviewing details of data requested. Some of the other social sites let you do this too. There is no security issue, because I don't allow what you're wanting; nor will I ever, if you want/need it then you need to implement at your own risk.

Have reviewed your site. Please see my below findings. None of your issues had anything to do with CB or CB Connect.

Your first issue with the Captcha error is due to "User - K2" Joomla plugin. This is causing the Joomla user that is stored during CB registration to be passedo to K2, which is failing due to K2 Captcha not present and used. This should cause issues for both CB and CB Connect registrations. I've disabled it and confirmed resolves the Captcha error issue.

The next issue is the white page after clicking the button. This is the final registration and login process. This fails due to "jNews User Synchronization" causing Fatal PHP errors, which is breaking the registration and login workflows of CB Connect. I've also disabled this for you which fixes the blank page fatal errors.

The bottom line is your site is riddled with errors from 3rd party extensions that have nothing to do with CB or CB Connect. Please be careful and mindful of what you install and ensure you test everything before and after installing something. During your tests debug mode and maximum error reporting should always be enabled so you can expose silent errors.

I've confirmed Facbeook login is working fine now. Please also test. The other social sites should also be ok. Please note your site is still riddled with issues, but they're just Notices at this point (should still be fixed!).


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

11 years 7 months ago - 11 years 7 months ago #222302 by whitetigeritaly
Replied by whitetigeritaly on topic Problems with CB Connect
Jnews it is only installed and never configured because the project is in stand-by.
I didn't saw this syncro plugin.

User-K2 was installed from K2.
Meanwhile I asked me if it is need also to disable K2 login (K2-User).

I've actived both debug and I've write here the error, but don't remember nothing about K2 or Jnews. Maybe I saw badly.

You speak continuosly about "maximum error reporting", but where is this option?

However, thank a lot for the support.
Last edit: 11 years 7 months ago by whitetigeritaly.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum