User appears to be created multiple times on sign in

Apr 22, 2011 at 1:01 PM

Hi, 

I'm running 0.40 on Orchard 1.020.

When you sign in via facebook, the user gets created every time you sign in.

I haven't had time to look massively into it, but I did manage to fix it. Its probably not the ideal place to put it - mainly because a class named "Authorizer" should not be creating accounts - it should be authorizing only - its breaking SRP big time.

However, here is the fix that seems to work for now :

NGM.OpenAuthentication.Core.Authorizer.cs :

        private IUser CreateUser(OpenAuthenticationParameters parameters) {
            var details = new RegistrationDetails(parameters);
            // begin fix
            // added this to stop account being created every time it's authenticated
            var user = _membershipService.GetUser(details.UserName);
            if (user != null)
            {
                _authenticationService.SignIn(user, true);
                return user;
            }
            // end fix
            return _membershipService.CreateUser(new CreateUserParams(details.UserName, new Byte[10].ToString(), details.EmailAddress, null, null, true));
        }

Coordinator
Apr 22, 2011 at 5:14 PM

Thanks for the fix, your absolutly right that this class is breaking the SRP big time!... I wanted to get a stable release out so that I could start refactoring this class...

The name of this class and other are wrong... They should be 'Authenticators' not 'Authorizers'.

Whats wierd is this senario shouldnt be happening anyways, hmm.. I will have a look and see what I can find.

thanks again for reporting and providing a temp fix :)

Jul 7, 2011 at 10:03 PM

Thanks for that fix Ben...I applied to the latest release to fix a problem with Google authentication. It would appear that Google is creating their ID using something from the specific computer. So if I logged in using Google from the same computer every time, I didn't have a problem, but when I logged in from a different computer, another account was created.

This was not the case with Yahoo though...I was able to login using Yahoo from different computers and it didn't create another account. I didn't try Facebook or Twitter before applying your patch though.

The cool thing now is that someone can login using either Google or Facebook if the email addresses are the same and it associates both with their Orchard account. This is a huge fix for me because my gaming module is tied to the Orchard userId and if a separate account is created, the new account doesn't have any of the gaming information.