If a website works via HTTPS, the redirection links are still generated with HTTP.

Cause of the issue:
The module still uses the $is_https global variable from D7. When social_login_get_current_url() uses the variable resolves as FALSE the $request_protocol.

Based on issue #1960344 8 this global no longer exists on Drupal 8 since Symfony's Request::isSecure() method replaces this functionality.

Solution:
Replace D7 global variable with call to Request::isSecure().

CommentFileSizeAuthor
#2 fix-is-https-implementation-2842850-1.patch1015 bytesgerzenstl

Comments

gerzenstl created an issue. See original summary.

gerzenstl’s picture

gerzenstl commented
StatusFileSize
new fix-is-https-implementation-2842850-1.patch1015 bytes

I submitted a patch for this issue.

gerzenstl’s picture

gerzenstl commented
Status: Active » Needs review
gerzenstl’s picture

gerzenstl commented

Ping

  • ClaudeSchlesser committed b00ed2b on 8.x-1.x 
    Issue #2842850 by gerzenstl: Wrong callback uri on site working via...
ClaudeSchlesser’s picture

ClaudeSchlesser commented
Status: Needs review » Fixed

Thank you very much for the patch and reminder ;) I have now added a new version with the bugfix!

ClaudeSchlesser’s picture

ClaudeSchlesser commented
Status: Fixed » Closed (fixed)
gerzenstl’s picture

gerzenstl commented

Cool! Thanks!

andinorthrop’s picture

andinorthrop commented

I think I'm still running in to this (or something similar),

So long as https redirects are turned off, then the social logins/registrations work as expected.

But as soon as rewrites are turned on the callback fails and the user is dumped back to the homepage.

This is the URL that fails:

https://pastoralcare.citygatechurch.net/social_login/callback?origin=htt...

And this is my current htaccess rewrite (though I've tried every combination under the sun to get it working):

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

I'm running Drupal 8.3.5 and OneAll Social Login 8.x-1.6

ClaudeSchlesser’s picture

ClaudeSchlesser commented

Hello,

is your web server behind a proxy or loadbalancer?

Regards,

andinorthrop’s picture

andinorthrop commented

Hi Claude, no, it's not sitting behind either.

The URL lists "callback?origin=http" could that be the problem as the origin was https?

ClaudeSchlesser’s picture

ClaudeSchlesser commented

Yes, that is probably the problem. Could you try to clear your Drupal cache? Drupal might have cached the icons with the old url.

andinorthrop’s picture

andinorthrop commented

Flushed all caches (Drupal and browser), unfortunately with no success; the callback origin is still http.

ClaudeSchlesser’s picture

ClaudeSchlesser commented

Hello,

please try this:

- Open this file:
modules/social-login/social_login.module

- Locate this line:
if ($widget_enabled === TRUE) {

- Add this line below:
\Drupal::service('page_cache_kill_switch')->trigger();

Then please once again clear your Drupal cache in Manage \ Configuration \ Performance

andinorthrop’s picture

andinorthrop commented

Thanks, I added it in and flushed all caches so it now looks like this:

// Enabled.
  if ($widget_enabled === TRUE) {
    \Drupal::service('page_cache_kill_switch')->trigger();
    // Container to add the buttons to.
    $containerid = 'social_login_providers_' . rand(99999, 9999999);

But doesn't seem to have made any difference.

ClaudeSchlesser’s picture

ClaudeSchlesser commented

Hello,

please try this:

- Open this file:
modules/social-login/src/Form/SocialLoginBlockForm.php

- Find this code
// Are we using HTTPs?
$is_https = Drupal::request()->isSecure();

- Add this line below:
\Drupal::service('page_cache_kill_switch')->trigger();

Sorry for the hassle!

andinorthrop’s picture

andinorthrop commented

That's OK, bizarre that it won't work (and still isn't with that tweak).

I take it it's working for other people over https?

Is this the best place for this discussion? I don't want to hijack an unrelated thread if this would be better served over on the OneAll support forum.

Thanks for your help - hope we get there!

ClaudeSchlesser’s picture

ClaudeSchlesser commented

The problem is that the code used to display the icons is simply not being updated.

It has very likely been generated when your page was still reachable over http and has the following callback:
_oneall.push(["social_login", "set_callback_uri", "http://pastoralcare.citygatechurch.net/social_login/callback?origin=http%3A//pastoralcare.citygatechurch.net/"]);

The button does not get updated. If you look at the sourcode you can see this div:
<div id="social_login_providers_174603">

The number is a random number, it changes when the code is generated.
In your case the number never changes. So this means that the code is served from cache.

andinorthrop’s picture

andinorthrop commented

Interesting, with that in mind I just removed the module (uninstalled, deleted the files, cleared caches) before re-installing it but still with no luck: _oneall.push is still setting the callback as http even though this time the whole setup was done in https.

ClaudeSchlesser’s picture

ClaudeSchlesser commented

Hello,

the callback url is generated using the following Drupal function:

    $callback_uri = Url::fromRoute('social_login.core', [], array(
      'absolute' => TRUE,
      'query' => array(
        'origin' => $current_uri,
      ),
    ))->toString();

So it's in fact Drupal which returns the wrong protocol.
This is sometimes the case when the webserver is behind a loadbalancer or proxy which is wrongly configurated.

The easiest solution might be to simply hardcode the callback.

Please open this file in your Drupal directory:
./modules/social-login/templates/provider-container.html.twig

And then replace {{ callbackuri }} by https://pastoralcare.citygatechurch.net/social_login/callback?origin=https%3A//pastoralcare.citygatechurch.net/

andinorthrop’s picture

andinorthrop commented

Ah well, might try and figure out why the site is misbehaving later but for now that's sorted it.
Many thanks for your help!