search

splendido / meteor-accounts-emails-field

A Meteor package to keep user.email up to date with email addresses used for 3rd-party account services
19 stars 9 forks source link

test accounts-twitter #30

Closed splendido closed 10 years ago

splendido commented 10 years ago

I tried to create a new account without verifying the provided email address and then use this new account to login to a test application. The access is granted and no email address is provided! This is what I got into the db after login:

{
    "_id" : "C8f99fde8i9BJR2CX",
    "createdAt" : ISODate("2014-06-11T05:41:23.651Z"),
    "profile" : {
        "name" : "Pippo Pippo"
    },
    "services" : {
        "twitter" : {
            "accessToken" : "1276256064-ZudO7I4gKINIrNYx4VC3KanE2rGiC6XEJIzWTlE",
            "accessTokenSecret" : "QLPNdzyd3w6LpU7EBXNdJmFw95CLE1xdwFwQtxQiYqpzc",
            "id" : "2564127660",
            "lang" : "en",
            "profile_image_url" : "http://abs.twimg.com/sticky/default_profile_images/default_profile_4_normal.png",
            "profile_image_url_https" : "https://abs.twimg.com/sticky/default_profile_images/default_profile_4_normal.png",
            "screenName" : "PippoPippo"
        }
    }
}

Please note there is no email address!!! And it seems twitter never provides it... This could be a problem for any application relying on email addresses, but does not hamper the functioning of accounts-emails-field.

Besides this, the access is granted even without having verified the email!!! Bad!!!