• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How to 'reset' external authentications?

Chris D

XenForo developer
Staff member
#4
You've kind of answered your own question really. I can't see any other way around it other than truncating the table.

Though don't forget this will effectively lock out all of those users who have registered new accounts via the process and therefore don't have a password...

You could write a custom script to do this in the same way the controller handles this. This would allocate passwords to those users who do not have passwords...

PHP:
$users = array() // Build a custom query that selects all user_id and facebook_auth_id and forms them into an array. Maybe fetchPairs would work.

foreach ($users AS $key => $user)
{
	$auth = $this->_getUserModel()->getUserAuthenticationObjectByUserId($user['user_id']);
	$this->getModelFromCache('XenForo_Model_UserExternal')->deleteExternalAuthAssociation(
		'facebook', $user['facebook_auth_id'], $user['user_id']
	);

	if (!$auth->hasPassword())
	{
		$this->getModelFromCache('XenForo_Model_UserConfirmation')->resetPassword($user['user_id']);
	}	
}
That should loop through all users with external authentication (only considers Facebook), deletes the association and finally if they have no password set, then one is e-mailed to them.
 

Chris D

XenForo developer
Staff member
#8
I thought you set the password once you authenticate through facebook? :confused:
Nope.

If you register via the Facebook Integration feature (without first having an existing account) you do not have a password.

You cannot login with a password, you can only login via the external provider, e.g. Facebook.

This means if you disable Facebook Integration, you may have a load of accounts who can no longer log in to your forum.

Likewise, if you delete your external auth table, you will have a load of accounts again who cannot log in.

If you have an existing forum account and you associate your account with Facebook this isn't an issue because you have a password AND you have external authentication tokens. So removing those tokens won't be a problem.

The only time a password is involved with External Auth is when you associate your existing account with Facebook, it asks you to confirm your forum password if you currently have one. This is just for verification purposes.