将现有用户与 Facebook 帐户关联时要采取哪些预防措施
我正在查看 deviseomniauth 文档 并发现了以下代码片段。
它显示了一个示例,但在注释中建议对于实际的实时应用程序,必须采取预防措施。
对于实际的现场应用,可以采取什么样的预防措施?
def self.find_for_facebook_oauth(access_token, signed_in_resource=nil)
data = access_token['extra']['user_hash']
if user = User.find_by_email(data["email"])
user
else # Create a user with a stub password.
User.create(:email => data["email"], :password => Devise.friendly_token[0,20])
end
end
注意:这只是一个例子。您的申请必须经过 使用 User.find_by_email 将现有用户链接到的注意事项 一个 Facebook 帐户。
I was going through devise omniauth documentation and came across the below snippet.
It shows an example but in the note suggests that for an actual live app, precautions must be taken.
What kind of precautions could be taken here for an actual live application?
def self.find_for_facebook_oauth(access_token, signed_in_resource=nil)
data = access_token['extra']['user_hash']
if user = User.find_by_email(data["email"])
user
else # Create a user with a stub password.
User.create(:email => data["email"], :password => Devise.friendly_token[0,20])
end
end
note: This is simply an example. your application must take
precautions if using User.find_by_email to link an existing User with
a facebook account.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
该警告奇怪地含糊其辞,但代码片段表明,他们指的是尝试将现有用户帐户(直接在网站上或通过某些非 Facebook 注册创建)与 Facebook 帐户仅基于找到匹配的帐户进行匹配的危险。电子邮件。许多用户可能最终会创建一个新帐户,即使他们已经拥有一个帐户。
The warning is strangely cryptic, but the code snippet suggests that they are referring to the danger of trying to match an existing user account (created directly on the website or through some non-Facebook registration) with a Facebook account based solely on finding a matching email address. Many users would probably end up with a new account created even though they already had one.