Facebook auth callback crashing

(Michael - DiscourseHosting.com) #1

On one particular forum, Facebook auth is not working for some (!) users upon signing up.

After clicking Ok on the Facebook popup , a black screen appears, and in the error log file we see the following.

Started GET "/auth/facebook" for 214.26.xx.xx at 2014-01-19 09:23:54 +0000
Started GET "/auth/facebook/callback?code=AQ....Oo&state=71...5e" for 214.26.xx.xx at 2014-01-19 09:23:55 +0000
Processing by Users::OmniauthCallbacksController#complete as HTML
  Parameters: {"code"=>"AQ..Oo", "state"=>"71..5e", "provider"=>"facebook"}
Completed 500 Internal Server Error in 49ms

NoMethodError (undefined method `length' for nil:NilClass):
  lib/email.rb:12:in `is_valid?'
  lib/email.rb:20:in `downcase'
  lib/auth/facebook_authenticator.rb:23:in `after_authenticate'
  app/controllers/users/omniauth_callbacks_controller.rb:39:in `complete'
  lib/middleware/anonymous_cache.rb:102:in `call'
  config/initializers/quiet_logger.rb:10:in `call_with_quiet_assets'
  config/initializers/silence_logger.rb:19:in `call'

(some parts replaced by … or xx for brievity and security)

Seems like a bug (it should not be crashing) but maybe caused by a configuration issue somewhere.

Running v0.9.8.2, problem also appeared before on v0.9.8.1.

(Sam Saffron) #2

Somehow an email is not being returned? What is the raw data being sent to the auth controller?

(Vikhyat Korrapati) #3

Could be related to pressing cancel on this screen?

It isn’t redirecting correctly here but while investigating a similar issue in our Rails application (which also uses Omniauth) I found that when you ask for the user’s email Facebook occasionally asks the user to authorize the application first and then asks if they want to share their email, if they say no to the second prompt the authentication proceeds normally except that no email address is returned.

(Edit: Relevant - Facebook not always returning email for user? · Issue #61 · mkdynamic/omniauth-facebook · GitHub)

(Michael - DiscourseHosting.com) #4

do you mean the code and state fields I left out above? They’re base64, and they decode to binary mumbo jumbo. But they look good (i.e. they’re not exceptionally short or something).

(mrsentinel) #5

I brought this issue up to @michaeld Note that I am unable to use the facebook login on ANY discourse forum. This is also the case on my spouses account on a different computer and different ISP. What is interesting is if I clear my web cache and go back to login, it will allow me to get to the facebook login page. If I try to login, it goes to a blank screen and doesn’t finish. If I am already logged in on Facebook, it presents the app screen to accept the app, but then it goes to blank screen.

(Jeff Atwood) #6

Are you able to reproduce this in a different web browser?

(Sam Saffron) #7

This is likely server side, sometimes facebook will not return an email, we should allow for it.

(mrsentinel) #8

Yes, I am able to reproduce this in IE, chrome, and firefox. Let me know if screenshots, links, or other information I can provide that might assist. Note that I am in Afghanistan and my spouse is in Germany, if that helps. I tried running a VPN with an american IP to see if something was blocking it over here to no avail.

(Kevin P. Fleming) #9

How would you match up the Facebook identity with the Discourse identity if Facebook does not supply an email address?

(Jeff Atwood) #10

We improved a few areas of the code here where we would get unexpected values back from Facebook. Sorry about that.

(Jeff Atwood) #11