Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.
ISSUE SUMMARY:
Just setting up this component for a home owners association website and we do not want NON-residential members joining so we have the administrator set to approve all requests to join. We are also migrating to this platform from a Facebook Group now. Having the Facebook Connect option is awesome and so we configured this too. The problem is there appears to be a BREAK in the workflow of how you all implemented this. It seems you all engineered this without this use case in mind (administrator approves all new registrations). As it stands now if a user logs in with Facebook they are in immediately thus compromising the security of this component and my entire site. Being version 4 of this product I find this disturbing as it should have been discovered previously. I am hoping I am missing something elementary as disabling this feature will negatively impact user uptake and slow our transition and adoption rates.
STEPS TO REPLICATE:
1 setup your Joomla security "New User Account Activation" to "Administrator"
2 Enable Facebook connect and configure as shown (plus fix the code there as there is a bug in that too - documented
here
)
3 now try a normal registration and you will see it work as expected
4 then try a Facebook login
RESULT
Facebook login and you will immediately gain access bypassing the admins approval
EXPECTED RESULT
the use of Facebook connect should simply create the user and then obey the underlying Joomla security configuration from that point forward. if it can not be programatically achieved then program the workflow to match that of Joomla's current workflow