Form validation not called [#2320279]

Hi,

It looks like shib_auth_custom_data_validate() in file shib_auth_forms.inc does not get called at all. That would explain why no errors are thrown when custom emails are left blank, ToS are not accepted etc.

Where should the validation get called?

Thanks, J.

Comments

Comment #1

meyerrob CreditAttribution: meyerrob commented 24 February 2016 at 14:33

Validation during the first login is still not working properly. The user can´t log in if the terms & conditions are not selected the user. shib_auth_custom_data_validate seems not to be called after clicking the submit button.

Comment #2

jelo CreditAttribution: jelo commented 28 May 2016 at 05:30

I have the following settings enabled:
- user-defined usernames
- user-defined e-mail addresses
- Force users to accept Terms of Use

If IDP does not provide an email address and user tries to submit (ToS accepted) without adding an email, the error message reads "Email is already in use" instead of "An email address is required". The empty email belongs to UID 0. I am reasonably sure that this should have been caught before calling function shib_auth_save_authmap, but in the absence of finding where, I replaced the following:

if ($email_already_used && !(!empty($_SESSION['shib_auth_account_linking']) && $email_already_used->uid == $user->uid)) {
    shib_auth_error('[shib_auth_save_authmap] Error saving user account. E-mail address is already used.');
  }

with

  if ($umail_single=='' OR !valid_email_address($umail_single)) {
    shib_auth_error('A valid email address is required.');
  }
  elseif ($email_already_used && !(!empty($_SESSION['shib_auth_account_linking']) && $email_already_used->uid == $user->uid)) {
    shib_auth_error('[shib_auth_save_authmap] Error saving user account. E-mail address is already used.');
  }

If IDP provides a value and user tries to submit (ToS accepted) while just leaving the prefilled email address from IDP, the form does not submit. Instead, the page reloads without error message being displayed and ToS box gets unticked. However, if email is removed the form submits (and internally the email address from the CWL mail attribute is used for account creation).

To fix this issue I replaced

//check if any of the customization options are enabled
  if (shib_auth_config('enable_custom_mail') ||
      ($umail_single && shib_auth_config('define_username')) ||
      (shib_auth_config('enable_custom_mail') || $umail_single) && shib_auth_config('terms_accept')) {
    // if there already is a POST-ed form, save received values as a variable
    if (isset($_POST['form_id']) && $_POST['form_id'] == 'shib_auth_custom_data') {
      if (!empty($_POST['custom_mail'])) {
        $custom_mail = filter_xss($_POST['custom_mail']);
      }
      if (!empty($_POST['custom_username'])) {
        $custom_username = filter_xss($_POST['custom_username']);
      }
      if (!empty($_POST['accept'])) {
        $consent_accepted = filter_xss($_POST['accept']);
      }
    }
    //If the consent is accepted or it isn't configured
    if (!shib_auth_config('terms_accept') || (!empty($consent_accepted) && shib_auth_config('terms_accept')) ) {
      // ****** CUSTOM MAIL **********
      //if the user provided the custom mail string on the custom data form, and it is not empty
      if ($custom_mail) {
        shib_auth_custom_mail($uname, $custom_username, $custom_mail);
      }
      // ****** CUSTOM USERNAME **********
      //if there is no custom email option, but the user can define custom username
      elseif (shib_auth_config('define_username') && !empty($custom_username)) {
        shib_auth_custom_username($uname, $custom_username, $umail_single);
      }
      // ****** USER CONSENT **********
      elseif (shib_auth_config('terms_accept') && !empty($consent_accepted)) {
        //register user
        shib_auth_save_authmap($uname, $uname, $umail_single);
      }
      // ****** NO SUBMISSION - SHOW FORM, AND REMEMBER WHERE TO GO ********
      //We want to show the custom mail input form, and save the node, he wanted to go
      else {
        shib_auth_goto_custom_form();
      }
    }
    else {
      shib_auth_goto_custom_form();
    }

with

$options = array();
  //check if any of the customization options are enabled
  if (shib_auth_config('enable_custom_mail') ||
      ($umail_single && shib_auth_config('define_username')) ||
      (shib_auth_config('enable_custom_mail') || $umail_single) && shib_auth_config('terms_accept')) {
    // if there already is a POST-ed form, save received values as a variable
    if (isset($_POST['form_id']) && $_POST['form_id'] == 'shib_auth_custom_data') {
      if (!empty($_POST['custom_mail'])) {
        $options['mail'] = filter_xss($_POST['custom_mail']);
      }
      if (!empty($_POST['custom_username'])) {
        $options['username'] = filter_xss($_POST['custom_username']);
      }	else $options['username'] = $uname;
      if (!empty($_POST['accept'])) {
        $options['consent'] = filter_xss($_POST['accept']);
      }
      $_SESSION['shib_custom_form'] = $options;
	}
    //If the consent is accepted or it isn't configured
    if (!shib_auth_config('terms_accept') || (isset($options['consent']) && shib_auth_config('terms_accept')) ) {
      // ****** CUSTOM MAIL **********
      //if the user provided the custom mail string on the custom data form, and it is not empty
      if (isset($options['mail'])) {
        shib_auth_custom_mail($uname, $options['username'], $options['mail']);
      }
      // ****** CUSTOM USERNAME **********
      //if there is no custom email option, but the user can define custom username
      elseif (shib_auth_config('define_username') && isset($options['username'])) {
        shib_auth_custom_username($uname, $options['username'], $umail_single);
      }
      // ****** USER CONSENT **********
      elseif (shib_auth_config('terms_accept') && isset($options['consent'])) {
        //register user
        shib_auth_save_authmap($uname, $uname, $umail_single);
      }
      // ****** NO SUBMISSION - SHOW FORM, AND REMEMBER WHERE TO GO ********
      //We want to show the custom mail input form, and save the node, he wanted to go
      else {
        shib_auth_goto_custom_form();
      }
    }
    else {
      shib_auth_error('If you do not agree to our Terms of Service you may not use this site.');
      shib_auth_goto_custom_form();
    }

Form validation not called

Comments

Comment #1

Comment #2

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community