It seems someone has asked this question before. However it is focus on the username, which I don't care about.
I have added a real email address to my test user and confirmed it by clicking on the verification email. However the test user is still marked as unverified.
This is a big problem when unit testing with test users.
graph = facebook.GraphAPI(oauth_access_token)
me = graph.get_object("me")
if 'verified' not in me or not me['verified']:
return False
I can't pass this line in my unit test, since test users are always unverified.
Any advice please?
https://developers.facebook.com/docs/graph-api/reference/v2.1/user:
Someone is considered verified if they take any of the following actions:
- Register for mobile
- Confirm their account via SMS
- Enter a valid credit card
… so simply confirming an email address does not even qualify as a “verified” criterion according to this.
If you do get an email back from the API, it should be confirmed by the user already. (Otherwise FB will not give it out in the first place.)
But you will not get an email address for every user. The user does not necessarily even have an email address on file with FB, so don’t rely on getting one to use in your app in the first place.
Related
I need to provide password recovery token in order to test it's functionality with integration test. But I can't trace the place its stored.
Apparently it doesn't. It hashes the user's current password [hash] and their id and sends that as token. Which is entirely reasonable, since that's already user-specific information stored in the database, no need to generate yet another token. And it will even invalidate itself once the password has been changed. I'd probably add a timestamp somewhere in there though so the link isn't valid forever.
Is it possible to get someone's user ID who you know their username and discrim, but is not in a mutual server with you?
Thanks.
I don't think so. It makes sense since this can easily be abused. Imagine all the spam bots if bots can see all discord users.
Below are two ways to get user info using discord.py, but note that they cannot be used as you ask.
client.get_user_info can be used to get user info even if you don't share a server, but it takes the unique ID as an argument.
server.get_member_named returns the unique user ID and takes username plus the optional discriminator as input, but requires that you share server/guild with the user to work.
I'm doing some research, where I have a facebook app, that asks for some permissions on the users facebook to get some basic information.
I can see that my app has about 600 users, and I'd like to query them, to see some patterns in the users. i.e. how many friends do they have, how long messages do they post in updates etc.
My question is: Do I have to copy the data when the user first visits my app and grants access to his information, or can I query it as long as the user hasn't "removed" my app.
I hope the second option will be true, since I have a lot of considerations about "copying" user data, and storing it in a database - primarily ethical but also related to security issues, compliance, resources so on and so forth.
the programming language is not important, but if anyone needs to exemplify, lets say it's python.
NO. You don't have to copy the data.
You can query Facebook as long as you have a valid access token regardless of whether the user is online or offline.
However, the only thing you need to take care of is handling of expired access token, because in that case the user will need to re-authorize your application for you to get the access_token.
I'm interested in improving security of my TurboGears 2.2 application so that when user changes his password, it logs him out from all sessions and he must login again. The goal is when user changes password on browser 1, he must relogin on browser 2, too. Experiments show that this is not the case, especially if browser 2 had "remember me" enabled.
It's standard quickstarted app using repoze.who. It seems maybe I need to change AuthTktCookiePlugin, but don't see a way to do it without much rewiring.
Storing a timestamp of the last time password got changed inside request.identity['userdata'] should make possible to check it whenever the user gets back and log him out if it's different from the last time the password got changed for real.
I am writing an application in GAE. In order to link the currently logged in user to data in my application I have been relying on equality between users.get_current_user() and members.user (see model below). Where I run into trouble is when the user signs in with an email address using different capitalization than his/her initial login (janeDoe#example.com != janedoe#example.com). What is the most reliable way to link the current user to application specific data?
class members(db.Model):
firstName=db.StringProperty(verbose_name='First Name',required=True)
lastName=db.StringProperty(verbose_name='Last Name',required=True)
user=db.UserProperty()
Don't use the username - call user.user_id(), and compare on that. It's guaranteed to remain the same, even if nickname or email address change.
Always convert username to lowercase and then do operations on it: when storing the first time and on later comparisons.