ISSUE SUMMARY:
Just setting up this component for a home owners association website and we do not want NON-residential members joining so we have the administrator set to approve all requests to join. We are also migrating to this platform from a Facebook Group now. Having the Facebook Connect option is awesome and so we configured this too. The problem is there appears to be a BREAK in the workflow of how you all implemented this. It seems you all engineered this without this use case in mind (administrator approves all new registrations). As it stands now if a user logs in with Facebook they are in immediately thus compromising the security of this component and my entire site. Being version 4 of this product I find this disturbing as it should have been discovered previously. I am hoping I am missing something elementary as disabling this feature will negatively impact user uptake and slow our transition and adoption rates.

STEPS TO REPLICATE:
1 setup your Joomla security "New User Account Activation" to "Administrator"
2 Enable Facebook connect and configure as shown (plus fix the code there as there is a bug in that too - documented here )
3 now try a normal registration and you will see it work as expected
4 then try a Facebook login

RESULT
Facebook login and you will immediately gain access bypassing the admins approval

EXPECTED RESULT
the use of Facebook connect should simply create the user and then obey the underlying Joomla security configuration from that point forward. if it can not be programatically achieved then program the workflow to match that of Joomla's current workflow

BROWSER
does not matter - browser agnostic

Hi David,

Thank you for reporting, I will add this issue to our bug list.

cheers!

Hi David,

To fix this download my file here www.dropbox.com/s/9nzhfgoma2s8jn8/connect.php?dl=0 and copy to components/com_community/controllers/

I hope it will work

thank you