With connected accounts the email is lost

[MaxjTechno]

I see that the email is lost when I want to share a unique q2a account logging in with 2 social account having the same email. I think the email should be kept. I can notice this behaviour with the following steps. On the _qausers table there are no records with email=user@gmail.com. When I register/login with my first account (e.g. : linkedin account, email : user@gmail.com), the fields in the _qausers table are correctly populated (userid=123, email=user@gmail.com, oemail=user@gmail.com). Also in the _qauserlogins table I think that everythink is ok. There is one row with userid=123, and source=linkedin, oemail=user@gmail.com.

When I login with my second account (e.g. google account, email : user@gmail.com), I have the notice : "Confirm the connected accounts". I check the option to connect to my previous Linkedin account (I want to share the profile), and click on the button "Connect selected account". The userid = 123 has been deleted from the _qausers table and a new userid (the connected one) has been created : userid=124. The _qauserlogins table has now 2 rows, both with userid=124, and oemail field (=user@gmail.com) : ok, correct. But in the qa_users table the email field is '"" (empty string) (while oemail is correctly = user@gmail.com). I think that this is not correct. It should be email=user@gmail.com also in the _qausers table, should't it ? If I connect again with linkedin, my email has been lost.....

(there is the same behaviour if I register first the google account and then the linkedin account...)

[alixandru]

This is a valid point. Will be fixed.

[alixandru]

This should be fixed now on the development branch. Let me know if it works as expected. Will now start looking into the other issues. Thanks!

[MaxjTechno]

Thanks ! After my tests : still lost.... :-(

[alixandru]

Hmm, OK, will perform further tests. I will try to follow step-by-step the workflow you described above.

[MaxjTechno]

I 'll do some other test. Now I have a doubt... The q2a setting that does not allow 2 users to be registered with the same email... Could it interfere ? I try to disable this setting

[alixandru]

It should not intefere. The plugin code never puts the same email address to 2 user accounts, no matter how that setting is configured. It always checks if the email address is used before updating a user account.

On Wed, Oct 30, 2013 at 2:17 PM, Maxj Ihad notifications@github.com wrote:

I 'll do some other test. Now I have a doubt... The q2a setting that does not allow 2 users to be registered with the same email... Could it interfere ? I try to disable this setting

— Reply to this email directly or view it on GitHubhttps://github.com/alixandru/q2a-open-login/issues/12#issuecomment-27384069 .

[MaxjTechno]

ok To be sincere I've looked for that setting and I've not found it anymore !! Maybe I dreamed about it ! However it's a feature of q2a to "Prevent registration from an external user identity provider if the email already matches an account", but maybe it's related to the default facebook plugin....

[alixandru]

Issue should be fixed now in the development branch. Thanks again for all the feedback!

[MaxjTechno]

Thanks alixandru. I've done some tests. I can see that when I connect the accounts, the email now is kept.

I still notice a couple of (related) strange behaviours :

1) Cancel button does not work anymore if you do not select anything (a "regression" ?) when there is the page where I have to "Confirm the connected accounts", if I do not want to connect them, the cancel button does not work anymore (with nothing selected). Even the connect button (with nothing selected) does not work. They both redirect on the same page. And I cannot move from that page anymore (using the 2 buttons; I have to click somewhere else....). I've checked what was happening in the previous version : if I clicked cancel or if I clicked to confirm the selected account (but with nothing selected), I could create 2 "distinct" account. If I click cancel (with the account selected), it creates 2 connected accounts. Something wrong with the links ? I think that cancel should work even if I do not have selected anything. For the confirmation, if nothing is selected I do not know; there should be a warning : you have not selected the account to connect (or I should be redirect to the same page, or create however 2 "distinct" account without any warning ?).

2) When 2 distinct account are created is it correct that the 2nd one does not have the email associated ? In case I want to create 2 distinct account (and the cancel button works and I click on it), is it correct that the second account has not the email ? (I can notice it using the previous version of the code, master branch). The first account has the email in the "oemail" field of the "userlogins" table and in the "email" and "oemail" fields of the "users" table, while the second has it only in the "oemail" field of the "userlogins" and the "oemail" field of the "users" table, but does not have it in the "email" field of the "users" table. Shouldn't the second user have also the "email" field of the "users" table populated ?

About the 2nd point however I'm not so sure.... In fact in q2a it seems to be a general rule, if I'm not wrong, that 2 distinct users must not have the same email (or not ?) In fact if I try to register separately another account with the same email I'm not allowed to do it...

[alixandru]

Hello,

For the email observation, yes, it is correct to have the email removed for the second account. As you mentioned, 2 users must not have the same email address, and for this reason I have created the oemail field, to be able to store somehow the original email address in these situations. The reason for this restriction is that even an user who created the account thru Gmail or Facebook can create a password and log in to Q2A using the standard login form by typing in the email address and password. This would not be possible if the email address is not unique.

For the first point, with the button behavior, I will look into it.

I also plan to extend the functionality of that screen, as you suggested, to give the user the possibility to choose whether to create a new distinct account and not, and to select which account to choose in case of merging logins.

Thanks!

[MaxjTechno]

Hello, I see that there is a new 2.1.0, with this change : "Fix issue with email which was lost when connecting a new login" Referring to our discussion above, have you fixed it ? Thanks :-)

[alixandru]

I thought I closed this ticket, but it looks like I missed it. Indeed, the new release (2.1.0) should fix this issue. Thanks!

[alixandru]

Also, please note that on the development branch, there is a new version, not released yet: 3.0.0. It has some new stuff, and a different approach of displaying duplicate accounts. You might want to try that. I will release it to master branch once I am able to perform more tests on it.