FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)

Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2025-06-01 06:27:45 +08:00 · 2018-07-23 16:51:57 +01:00
parent 32062864d3
commit eda1462b3b
40 changed files with 836 additions and 240 deletions
--- a/lib/auth/facebook_authenticator.rb
+++ b/lib/auth/facebook_authenticator.rb
@ -6,7 +6,47 @@ class Auth::FacebookAuthenticator < Auth::Authenticator
    "facebook"
  end

-  def after_authenticate(auth_token)
+  def enabled?
+    SiteSetting.enable_facebook_logins
+  end
+
+  def description_for_user(user)
+    info = FacebookUserInfo.find_by(user_id: user.id)
+    info&.email || info&.username || ""
+  end
+
+  def can_revoke?
+    true
+  end
+
+  def revoke(user, skip_remote: false)
+    info = FacebookUserInfo.find_by(user_id: user.id)
+    raise Discourse::NotFound if info.nil?
+
+    if skip_remote
+      info.destroy!
+      return true
+    end
+
+    response = Excon.delete(revoke_url(info.facebook_user_id))
+
+    if response.status == 200
+      info.destroy!
+      return true
+    end
+
+    false
+  end
+
+  def revoke_url(fb_user_id)
+    "https://graph.facebook.com/#{fb_user_id}/permissions?access_token=#{SiteSetting.facebook_app_id}|#{SiteSetting.facebook_app_secret}"
+  end
+
+  def can_connect_existing_user?
+    true
+  end
+
+  def after_authenticate(auth_token, existing_account: nil)
    result = Auth::Result.new

    session_info = parse_auth_token(auth_token)
@ -20,9 +60,16 @@ class Auth::FacebookAuthenticator < Auth::Authenticator

    user_info = FacebookUserInfo.find_by(facebook_user_id: facebook_hash[:facebook_user_id])

-    result.user = user_info.try(:user)
+    if existing_account && (user_info.nil? || existing_account.id != user_info.user_id)
+      user_info.destroy! if user_info
+      result.user = existing_account
+      user_info = FacebookUserInfo.create!({ user_id: result.user.id }.merge(facebook_hash))
+    else
+      result.user = user_info&.user
+    end
+
    if !result.user && !email.blank? && result.user = User.find_by_email(email)
-      FacebookUserInfo.create({ user_id: result.user.id }.merge(facebook_hash))
+      FacebookUserInfo.create!({ user_id: result.user.id }.merge(facebook_hash))
    end

    user_info.update_columns(facebook_hash) if user_info
@ -42,7 +89,7 @@ class Auth::FacebookAuthenticator < Auth::Authenticator

  def after_create_account(user, auth)
    extra_data = auth[:extra_data]
-    FacebookUserInfo.create({ user_id: user.id }.merge(extra_data))
+    FacebookUserInfo.create!({ user_id: user.id }.merge(extra_data))

    retrieve_avatar(user, extra_data)
    retrieve_profile(user, extra_data)