Welcome to Geeklog Wednesday, November 22 2017 @ 01:44 pm EST


Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
I start to reed geeklog wiki about OAuth.

To activate OAuth support there are several steps.

First you must go to the Configuration Admin panel:

Configuration > Geeklog > Users and Submissions > Users > User Login Method[OAuth]

Set this option to "true". Just below this configuration option you will find the other OAuth settings. Currently Geeklog supports logging in via Facebook, LinkedIn and Twitter via OAuth. For each of these three login methods you will find an option to enable it and two text boxes for you to enter an Application Id and Application Secret Key (see below to find out how to get an Id and Secret Key). Each of these items needs to be filled out before the login button for it will be enabled. Once you have filled out the required information remember to then save the configuration changes.

Other requirements needed to enable Geeklogs OAuth Login process is you must have the PHP extension OpenSSL loaded on your web server.

When you log out, you will see one or more new login buttons in your site's User Functions block, below the normal login options


So everything is set: User Login Method[OAuth], Application Id and Application Secret Key, SSL support for PHP is enabled:

SSL Support => enabled
OpenSSL support => enabled
OpenSSL Version => OpenSSL 0.9.7a Feb 19 2003


but when I log out I do not see a new login button.

Ben


I'm available to customise your themes or plugins for your Geeklog CMS

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
I have OAuth enabled on my test 1.8.0b1 site fine so something must be missing in your install...

If you upgraded from a previous version of Geeklog you will also need to include some new pear libraries. These libraries are included with the 1.8.0b1 download.

You could also open up and check out the function SEC_collectRemoteOAuthModules in lib-security.php. That is where all the checks are done before the OAuth login buttons are displayed (every thing from OPENSSL to finding the required template files).

Tom
One of the Geeklog Core Developers.

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
Do we need a loginform_facebook.thtml file in the layout folder?


From lib-security.php line 1767
$thtml = $_CONF['path_layout'] . 'loginform_' . $mod . '.thtml';


Ben
I'm available to customise your themes or plugins for your Geeklog CMS

Status: offline

Roccivic

Forum User
Moderator
Registered: 19/05/2010
Posts: 136
Just login_oauth.thtml is required, I think.

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
Ok I can see the image now and I can log in. I forgot to allow user registration Oops!

Allow users to change their username will be necessary because the account I created with login from facebook give a login name like 100001018010901

Ben
I'm available to customise your themes or plugins for your Geeklog CMS

Status: offline

Roccivic

Forum User
Moderator
Registered: 19/05/2010
Posts: 136
Quote by: cordiste

Ok I can see the image now and I can log in. I forgot to allow user registration Oops!

Allow users to change their username will be necessary because the account I created with login from facebook give a login name like 100001018010901

Ben



From an email from Tom some time ago:

Tom:
That's the name of the Facebook account (LinkedIn are weird as well).
The user can change it after if they want (the option has to be turned on in the config though).

Rouslan:
Maybe it should be on by default? Is there any reason why this may be a bad idea?

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
Why could we retrieve the facebook account name to set the login name after checking it is a unique one?

Ben
I'm available to customise your themes or plugins for your Geeklog CMS

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
I know only certain information can be retrieved due to privacy settings. That is the id that Facebook sends us for the account. I am not sure if the "account name" can be retrieved though.

I would put a feature request in the bug tracker and if I have time I can take a look at it. You could also contact contact ivy at Geeklog.jp to see what she says since they did develop the original hack for Geeklog.

Tom
One of the Geeklog Core Developers.

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
Tom,

The full name for the account I created on my test site was nicely set by facebook with my facebook account name. Idea

Ben
I'm available to customise your themes or plugins for your Geeklog CMS

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
Actually the Full Name is from Facebook's Real Name field. I would think we would want the Facebook Username field here.
One of the Geeklog Core Developers.

Status: offline

masodo

Forum User
Junior
Registered: 13/11/2012
Posts: 34
Location:Indiana US
cheerful
Quote by: Laugh

I have OAuth enabled on my test 1.8.0b1 site fine so something must be missing in your install... If you upgraded from a previous version of Geeklog you will also need to include some new pear libraries. These libraries are included with the 1.8.0b1 download. You could also open up and check out the function SEC_collectRemoteOAuthModules in lib-security.php. That is where all the checks are done before the OAuth login buttons are displayed (every thing from OPENSSL to finding the required template files). Tom

Thanks Laugh for pointing me towards function SEC_collectRemoteOAuthModules in lib-security.php.That is how I discovered that I was not seeing the [Login with Facebook] button because I had "User Submission Queue?" set to True. I was afraid when I saw Facebook was using OAuth v2 and GL is OAuth v1, but the Facebook requirement for legacy support is built-in to Geeklog. It's working like a charm on my GLv-1.8.1. http://BlogDogIt.com

nice_idea_but_I_cant_use_it

Anonymous
I want the Facebook OAuth usage (and have set it up) but it wasn't working because User Submission Queue was set false (there really should be something in the Geeklog Oauth wiki that warns people of this).

But why? I'd love to have the Facebook login but there's no way I can set the queue to false.... with all the latest captcha stuff working I still get an obvious spammer every day try to sign up. There's also a person (serial pest) I choose to block as well.

So disappointing, I was excitedly telling my fellow writers how we'll get more interaction from our readers with the facebook login.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
Yes the user submission queue has to be disabled (we currently cannot add remote users to the submission queue). The docs should be updated with this information and I have just updated the wiki.

You can set the user submission queue to false in the Geeklog configuration.

Tom
One of the Geeklog Core Developers.

nice_idea_but_I_cant_use_it

Anonymous
Any plans on fixing that in future GL versions? It's going to prevent me using this otherwise really nice feature.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
You should add a feature request for this so we don't forget in the bug tracker: http://project.geeklog.net/


One of the Geeklog Core Developers.

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/2009
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
I definitely want to allow the facebook login but when I turned it on (and thus had to turn off user account request queuing) I went from 1 spam sign up per day to about 10.

I've got GL 1.8.2 and latest captcha with the slider. So not sure if they are bots getting through or just human spammers. Note they aren't using the facebook login, they've just pounced on not having to be queued (presumably one got through and passes the info on or does multiple accounts themselves). A lot are email addresses of the form AbSurname@yahoo.com (i.e. capital, lower case, Surname) but I've seen plenty of other domains over time.

Quote by: Laugh

You should add a feature request for this so we don't forget in the bug tracker: http://project.geeklog.net/



I had a look and my reading of it is that you've already requested this yourself (but no one assigned). At least, to send oauth requests to the queue, so presumably that means allowing the queue and oauth to coexist.

I'll trial this for a few more days but looks like it's just letting way too many spammers through. Or is there something else I should also employ against them?

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
It can be done but it will require a few changes. Basically we will have to check not only the user table but the user submission table when seeing if an oauth account exists. If it doesn't exist we will also have to save the new account to the user submission table if so required. We would also need a page explaining to users that tried to login with oauth that they got added to the submission queue for the website. They will still be logged into the oauth service (like Facebook) but not to the Geeklog site.

The regular Captcha doesn't work with Remote logins because the buttons are links to the providers who do the main authentication.

When using the oauth services (or any remote login service really) you are already saying that you trust accounts from this provider. Of course this is the ideal world and we all know that Facebook and Google+ is full of spammer profiles.

This feature will get added at some point but I know I do not have anytime until the fall to work on Geeklog. Frown
One of the Geeklog Core Developers.

Status: offline

worldfooty

Forum User
Full Member
Registered: 13/01/2009
Posts: 156
Location:Mostly Adelaide, South Australia, Australia
What you describe is a full solution, i.e. forcing oauth users to go on the queue too. I'd be happy just to have a partial solution that assumes facebook users are legit but still forces normal sign ups to be queued.

I'm getting about 1 fake email address sign up every hour. None of them are oauth/facebook. It's purely regular sign ups. Strangely no spam from them yet (i.e. nothing from them in submissions).

Unfortunately if I set them all banned rather than deleted I'm going to have a massive database of banned users.... at this rate 5000 in a month.

Meanwhile no one logging in using facebook as yet, so I guess I should just disable it and remove the issue.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/2005
Posts: 1240
Everyone has a Facebook account, I would leave it if you can.

Even with the slider you are getting one spam user an hour? I found the slider captcha to be a real good deterrent.

You should upgrade to Geeklog 2.1.0 beta 1 if you can. The Spam-X plugin does a much better job at blocking spam posts and users. (I can't remember if Geeklog 1.8.2 uses the SFS module or not).

Tom
One of the Geeklog Core Developers.

Status: offline

::Ben

Forum User
Full Member
Registered: 14/01/2005
Posts: 1569
Location:la rochelle, France
Brett,

You could also give a try to the monitor plugin. A new tool is available in version 1.2 to auto ban IP of users trying to abuse the user creation, the contact form of user profile and the captcha plugin.

Ben
I'm available to customise your themes or plugins for your Geeklog CMS

All times are EST. The time is now 01:44 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content