Habitica: can't delete account if you use Facebook or Google authentication
The delete account button now requires that you enter your password.
Players who use only Facebook authentication don't have a password. The delete feature needs to have an exception for them where they need to enter only "DELETE" (localised) as previously.
Alys
All 12 comments
For what it's worth, I believe "DELETE" hasn't been localised yet in this very case...
ghost
on 22 May 2016
This may be addressed by #7969.
khipkin
on 9 Sep 2016
@khipkin I don't think #7969 is addressing this (the ability to delete an account that only has social authentication)
paglias
on 9 Sep 2016
@paglias Oh oops, my bad!
khipkin
on 9 Sep 2016
Just double checking, could I go ahead and work on this issue? I don't see a PR for it, and any recent updates. Thanks! I'll also update the Blacksmith Guild Page. I will be working with @rachel-ftw on this.
pllearns
on 17 Jan 2017
Go for it. :D
TheHollidayInn
on 17 Jan 2017
Hey! We are making progress, we have created a condition that allows the user to enter the word 'DELETE' and that deletes their account. We intend for this to be the command for anyone who has logged in with Facebook and Google without creating a local user. We will write a test for this and should have a PR for review either later today or tomorrow. Thanks again for letting us take this on!
pllearns
on 19 Jan 2017
Oh, we did have a question, how have you mock logged in through the local dev site a Facebook or Google login? We would like to be able to test all edge cases. I didn't see anything on this in the wikia. Thank you!
pllearns
on 19 Jan 2017
@pllearns the only way that comes to my mind is to register an app with google and / or facebook in order to get api keys that then you can use. But probably it's easier to just change the values into your local database to simulate the existence of google / facebook auth
paglias
on 20 Jan 2017
@pllearns Below are examples of the auth object for user accounts created using the Facebook and Google authentication methods. The auth object is at the top level of the player's document in the "users" collection in the mongodb database. You can create two user accounts in your test database using the username and password method, and then change the login method for each of them by using an "update" command like this (the "_id" value is the account's User ID):
db.users.update({"_id":"12345678-336b-4e53-9949-2c09150b4035"}, {$set:{
"auth": {
"timestamps": {
"loggedin": "2017-01-22T06:40:18.321Z",
"created": "2015-10-21T22:59:01.582Z"
},
..... etc .....
}
}});
Facebook authentication:
"auth": {
"timestamps": {
"loggedin": "2017-01-22T06:40:18.321Z",
"created": "2015-10-21T22:59:01.582Z"
},
"local": {},
"facebook": {
"id": "12345123456789012",
"username": null,
"displayName": "Chris Smith",
"name": {
"familyName": "Smith",
"givenName": "Chris",
"middleName": null
},
"gender": null,
"profileUrl": "https://www.facebook.com/app_scoped_user_id/12345123456789012/",
"emails": [
{
"value": "[email protected]"
}
],
"provider": "facebook",
"_raw": "{\"id\":\"12345123456789012\",\"verified\":true}",
"_json": {
"id": "12345123456789012",
"email": "[email protected]",
"first_name": "Chris",
"last_name": "Smith",
"link": "https://www.facebook.com/app_scoped_user_id/12345123456789012/",
"locale": "en_GB",
"name": "Chris Smith",
"timezone": 10,
"updated_time": "2016-11-05T08:41:01+0000",
"verified": true
}
},
"google": {}
}
Google authentication:
"auth": {
"timestamps": {
"loggedin": "2017-01-22T06:36:17.391Z",
"created": "2017-01-21T06:20:23.955Z"
},
"local": {},
"google": {
"_json": {
"verified": false,
"circledByCount": 152,
"language": "en_GB",
"isPlusUser": true,
"placesLived": [],
"organizations": [],
"image": { },
"url": "https://plus.google.com/123451234567890121234",
"name": {
"givenName": "Chris",
"familyName": "Smith"
},
"displayName": "Chris Smith",
"id": "123451234567890121234",
"objectType": "person",
"urls": [],
"emails": [
{
"type": "account",
"value": "[email protected]"
}
],
"occupation": "Elephant Herder",
"etag": "\"ALKSJDsalkdjjfSDJJsalfdjas9/sal_lskdflakjsflfjkjdaslfd2\"",
"kind": "plus#person"
},
"_raw": "{\n \"kind\": \"plus#person\",\n \"verified\": false\n}\n",
"provider": "google",
"gender": null,
"photos": [],
"emails": [
{
"type": "account",
"value": "[email protected]"
}
],
"name": {
"givenName": "Chris",
"familyName": "Smith"
},
"displayName": "Chris Smith",
"id": "123451234567890121234"
},
"facebook": {}
}
For comparison, here's what "local" authentication (username and password, plus email address) looks like:
"auth": {
"timestamps": {
"loggedin": "2017-01-21T16:00:56.520Z",
"created": "2015-01-10T06:34:12.804Z"
},
"local": {
"email": "[email protected]",
"hashed_password": "...",
"salt": "...",
"username": "SmithC12345",
"lowerCaseUsername": "smithc12345"
},
"facebook": {},
"google": {},
}
Note that it's possible for an account to have two or more of the authentication methods at the same time. I.e., a single user account can be accessed with a username and password, and with Google sign-in, and with Facebook sign-in.
For any account that has a password assigned, the delete feature must require the user to enter that password, even if the account also uses Google / Facebook authentication. "DELETE" can be used only when the account has no username and password.
Alys
on 22 Jan 2017
馃憦
rachel-ftw
on 23 Jan 2017
Related issues
mikean92
路
3Comments
thebadwolfgirl
路
4Comments
evanostroski
路
4Comments
Alys
路
3Comments
audiolion
路
4Comments
Most helpful comment
Just double checking, could I go ahead and work on this issue? I don't see a PR for it, and any recent updates. Thanks! I'll also update the Blacksmith Guild Page. I will be working with @rachel-ftw on this.