Facebook login wont login

1
1

We have the facebook api setup to login. In my OSQA account on our site I have authorized facebook and twitter already, so we know it's "working". So I log out and then attempt to login. When clicking the facebook icon it will pop open, and show the login page at facebook, however once you login and facebook closes the pop-up nothing happens on the OSQA site.

asked 02 May '11, 13:39

Levi's gravatar image

Levi
1314713
accept rate: 25%

I'm noticing the same thing. I'm running OSQA from svn revision 989. When I click the facebook button on the login page, nothing appears to happen.

(02 May '11, 14:33) dharmatech

That's not the same thing. Go over to facebook and logout and then go back to your site click the facebook button, it should pop open and let you login to facebook. My problem is it's doing nothing after the pop-up opens and I login to facebook. It's just not translating back to my site to login the user, just sitting there after I login to FB unlike Twitter which redirects and logs them into my site.

(02 May '11, 14:44) Levi
1

Levi - what version of OSQA are you running? Do you have Firebug? If so, can you look at the ajax exchange in the console tab, and see what's happening in the responses when you try to do the facebook login?

(02 May '11, 16:45) Andrew_S ♦

Levi - That's exactly what's happening over here as well. First I log out of Facebook. On my site, after clicking on the Facebook button, I do get the popup. I login and the popup goes away. But I'm not then logged into my site.

(02 May '11, 20:08) dharmatech

Andrew_S - We are at revision 1012. Under Firebug Net > JS > I get URL 0 Request, SIZE 0, after attempting logging in. Additionally as dharmatech points out you must logout of facebook before you can get the popup.

(continued), I'm also noticing a; 403 forbidden, if I have a session already with facebook or not.

Forbidden (403) - CSRF verification failed. Request aborted. - More information is available with DEBUG=True.

(02 May '11, 20:43) Levi

(continued) If one attempts to click on the facebook icon after logging into it, or already having a session it will not popup and firebox reports POST user_is_registered 403 FORBIDDEN seonky.com. I now see I get that same notice in firebox when I kill the session and login with FB connect.

(02 May '11, 20:49) Levi

(continued), I'm also noticing a; 403 forbidden seonky.com, if I have a session already with facebook or not.

(02 May '11, 20:57) Levi

Googled around, related to django I think. One needs to have some settings within settings.py, which the default install already does.

(02 May '11, 21:23) Levi
showing 5 of 8 show 3 more comments
2 Answers:
oldestnewestmost voted
4

Ah, ok, it looks like another CSRF-AJAX problem - see also this open ticket and this other meta question

In that case, the fix should be the same. Your workaround to disable CSRF will do the job, but will reduce the application's security. To get it working securely, find where in the code the AJAX request is made, and insert the CSRF tag into it - something like:

postvars['csrfmiddlewaretoken'] = $('#csrfmiddlewaretoken').val();
link

answered 02 May '11, 23:50

Andrew_S's gravatar image

Andrew_S ♦
5.6k45674
accept rate: 21%

Thanks for the suggestion Andrew_S! My concern is that, if I tweak the source, this might cause a conflict if I do an 'svn update' in the future. Would it be better to wait for the official version in svn to be fixed and just update to that?

I like Levi's suggestion as it's simply a tweak of the settings file. However, as you mentioned, there are security implications to that workaround.

(03 May '11, 01:19) dharmatech
2

Go it! In settings.py comment out the two lines within MIDDLEWARE_CLASSES

'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfResponseMiddleware',

After that I can click and login with success. Best and thanks for the question that got me thinking better.

My current updated settings.py file, I updated some other items that are deprecated according to error logs:

TEMPLATE_LOADERS = [
    ##'django.template.loaders.filesystem.load_template_source',
    'django.template.loaders.filesystem.Loader',
    ##'django.template.loaders.app_directories.load_template_source',
    'django.template.loaders.app_directories.Loader',
    'forum.modules.template_loader.module_templates_loader',
    'forum.skins.load_template_source',
]

MIDDLEWARE_CLASSES = [
    ##'django.middleware.csrf.CsrfViewMiddleware',
    ##'django.middleware.csrf.CsrfResponseMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'forum.middleware.extended_user.ExtendedUser',
    'forum.middleware.anon_user.ConnectToSessionMessagesMiddleware',
    'forum.middleware.request_utils.RequestUtils',
    'forum.middleware.cancel.CancelActionMiddleware',
    'forum.middleware.admin_messages.AdminMessagesMiddleware',
    'django.middleware.transaction.TransactionMiddleware',
]

TEMPLATE_CONTEXT_PROCESSORS = [
    'django.core.context_processors.request',
    'forum.context.application_settings',
    'forum.user_messages.context_processors.user_messages',
    ##'django.core.context_processors.auth',
    'django.contrib.auth.context_processors.auth',
]
link

answered 02 May '11, 22:13

Levi's gravatar image

Levi
1314713
accept rate: 25%

@levi Just wanted to confirm that this works on my site as well. Thanks for the tip! This also solves another CSRF related problem. Before this workaround, I was unable to post comments to questions (mentioned in the open ticket below).

(03 May '11, 02:48) dharmatech
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×298
×40

Asked: 02 May '11, 13:39

Seen: 2,355 times

Last updated: 03 May '11, 02:48

Related questions

Why does Facebook login use proxymail email, even when user selects to share their actual email?

[closed] Twitter and Facebook login doesn't work

Is there a way to add Facebook share like Stackexchange has?

Can I pay somebody to get osqa working on centos

OSQA latest update and version

How many developers are working on the OSQA core?

Does OSQA support SendMail?

How do I get a proper link in the email for a question?

Best Web-Framework for OSQA?

Can search terms be highlighted in results?

about | faq | privacy | contact

powered by OSQA