Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Steps to reproduce
- Go to user/register and register an account named 'example'.
- Go back to user/register and register an account named 'example'.
Expected outcome
Drupal displays an error message, which could be "that user name is already in use".
Actual outcome
[Sun Jun 07 14:08:33.269535 2015] [:error] [pid 27883] [client ::1:60767] Uncaught PHP Exception Drupal\\Core\\Entity\\EntityStorageException: "SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'example-en' for key 'user__name': INSERT INTO {users_field_data} (uid, langcode, preferred_langcode, preferred_admin_langcode, name, pass, mail, timezone, status, created, changed, access, login, init, default_langcode) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7, :db_insert_placeholder_8, :db_insert_placeholder_9, :db_insert_placeholder_10, :db_insert_placeholder_11, :db_insert_placeholder_12, :db_insert_placeholder_13, :db_insert_placeholder_14); Array\n(\n [:db_insert_placeholder_0] => 4\n [:db_insert_placeholder_1] => en\n [:db_insert_placeholder_2] => en\n [:db_insert_placeholder_3] => en\n [:db_insert_placeholder_4] => example\n [:db_insert_placeholder_5] => $S$foo\n [:db_insert_placeholder_6] => example@example.com\n [:db_insert_placeholder_7] => America/New_York\n [:db_insert_placeholder_8] => 0\n [:db_insert_placeholder_9] => 1433700487\n [:db_insert_placeholder_10] => 1433700487\n [:db_insert_placeholder_11] => 0\n [:db_insert_placeholder_12] => 0\n [:db_insert_placeholder_13] => example@example.com\n [:db_insert_placeholder_14] => 1\n)\n" at /Library/WebServer/Documents/drupal8x/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php line 930, referer: http://localhost/drupal8x/user/register
Proposed resolution
Handle the exception gracefully.
Remaining tasks
User interface changes
API changes
Beta phase evaluation
Issue category | Bug because a php error is thrown when anonymous users try to register with a username or email address that is already taken. It is caused by an access restriction for anonymous users. |
---|---|
Issue priority | Major because there is a PHP error which is only triggered under rare circumstances or which affects only a small percentage of all users. |
Prioritized changes | The main goal of this issue is fixing a bug which causes a PHP error. |
Disruption | None. |
Comment | File | Size | Author |
---|---|---|---|
#45 | registration_update-2502021-45.patch | 2.69 KB | willzyx |
#45 | interdiff-41-45.txt | 2.84 KB | willzyx |
#33 | registration_exception-2502021-33.patch | 2.53 KB | Anonymous (not verified) |
#30 | registration_exception-2502021-30.patch | 2.43 KB | willzyx |
#21 | registration_exception-2502021-21.patch | 2.34 KB | DuaelFr |
Comments
Comment #1
cilefen CreditAttribution: cilefen commentedComment #2
cilefen CreditAttribution: cilefen commentedAccording to priority levels of issues, this is "a PHP error which is only triggered under rare circumstances or which affects only a small percentage of all users", so it is major.
Comment #3
dawehnerOh, what certainly should happen is some form of validation, which certainly exists, but somehow doesn't work, see core/modules/user/src/Entity/User.php:463
Comment #4
willzyx CreditAttribution: willzyx commentedthis issue seems to be introduced by #2395831: Entity forms skip validation of fields that are not in the EntityFormDisplay
Comment #5
larowlanDamn
Comment #6
dawehnerWorking on test coverage ...
Comment #7
dawehnerThere we go.
Comment #8
larowlanTest looks good, you've left the test > ptest changes in a few places
Comment #9
dawehnerwrong comment
Comment #10
dawehnerSo the actual problem is that the anonymous user is not allowed to edit the username
Comment #12
larowlan%s/usernamae/username - and needs a trailing .
Is this hunk still needed, shouldn't the first hunk cover the issue? Surely anonymous users shouldn't have access to all operations on the name field?
Comment #13
willzyx CreditAttribution: willzyx commentedas for #12
Comment #14
dawehnerRight, that was the first way how I tried to solve it ...
Comment #15
EvanSchisler CreditAttribution: EvanSchisler at Acro Commerce commentedDid some manual testing of patch #13 and it still is throwing the same exception for me. Ran git apply, purged db and re-installed. Followed the steps to re-create exactly as posted.
Comment #16
willzyx CreditAttribution: willzyx commented@EvanSchisler This is what I get running drupal HEAD version and apply patch from #13
Comment #17
cilefen CreditAttribution: cilefen commented@willzyx I see the same as you.
Comment #18
EvanSchisler CreditAttribution: EvanSchisler at Acro Commerce commentedSorry guys! I made a mistake and the patch did not apply properly to the UserAccessControlHandler.php file.
I am fairly new to patching.
Re-patched and tested and every showing up the same as @willzyx.
Comment #19
Anonymous (not verified) CreditAttribution: Anonymous at XIO commentedAdded a beta eval to the summary.
This looks good! Only a minor nitpic:
The first parameter defaults to an empty array, so explicitly setting it is not needed?
Comment #20
cilefen CreditAttribution: cilefen commentedThis function description is unclear. Is it testing the name, the mail (or email), or both?
This would be better as a sentence or remove it. It is clear from the error message what the code is doing.
The same applies with this.
Comment #21
DuaelFrI just ran into that issue so I'm glad someone already noticed it.
Here is the updated patch.
Comment #27
willzyx CreditAttribution: willzyx commentedComment #28
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedManually tested and confirmed to work.
Steps to reproduce.
go to user/register
create user XXX, with email YYY
create user XXX, with email CCC
with patch this will bring up a situation shown in screenshot at comment #16, without patch it will put you into error page with message "The website encountered an unexpected error. Please try again later."
Comment #29
alexpottNeeds a reroll.
The fix is pretty oblique - why is the anonymous user name name changing here?
Comment #30
willzyx CreditAttribution: willzyx commentedrerolled
// Anonymous users should be able to change their username.
Sure, the comment is misleading.. should be something like
// Anonymous users should be able to change their username during the registration process, otherwise the username constraints are not checked.
Comment #31
cilefen CreditAttribution: cilefen commented@alexpott I agree. I don't understand how this code fixes it, but evidently it does.
Comment #32
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedLet's make that comment bit more descriptive
Comment #33
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedadded the comment that was suggested in #30
Comment #34
dawehnerI'm not really convinced by the solution. Why does the
\Drupal\user\Plugin\Validation\Constraint\UserNameUnique
not trigger here, it really should!Comment #35
dawehnerOh I know, because it is only executed on access, nevermind.
Comment #36
lauriiiFunction description cannot be multiline
These would be cleaner if they would be put on multiple lines.
s/Safemarkup/SafeMarkup
This is over 80 characters
Comment #37
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedtagging with novice as there's a clear what is left to do
Comment #39
Saphyel CreditAttribution: Saphyel as a volunteer commentedUpdated with all lauriii's changes
Comment #41
Saphyel CreditAttribution: Saphyel as a volunteer commentedComment #42
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedSafe_M_arkup, uppercase M
"Tests registration errors when register an existing username or email." => "Tests registration errors when trying to use an existing username or email."
Comment #43
lauriiiLets create variable for these like $values = ['mail' => 'test@exmaple.com'] etc. Then we can have these on a single line.
b0unty: Whats the difference between the two strings on #42.2?
Comment #44
Anonymous (not verified) CreditAttribution: Anonymous at Druid commentedLol copy paste failed. fixd.
Comment #45
willzyx CreditAttribution: willzyx commentedComment #46
lauriiiLooks a lot better.
Comment #47
DuaelFr+1 for RTBC
Thank you all for your work on this issue !
Comment #48
alexpottThis issue addresses a major bug and is allowed per https://www.drupal.org/core/beta-changes. Committed a66929c and pushed to 8.0.x. Thanks!