Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
On the user edit page, the password fields are still there for a SAML account even if the module is configured not to allow users to set Drupal passwords.
To reproduce:
- Make sure "Allow SAML users to set Drupal passwords" is unchecked on the "Local authentication" settings page
- Log in with a SAML-enabled account and go to the user profile edit page ( ex: /user/2/edit )
- All three password fields are still visible (Current Password, Password, Confirm Password).
(Expected them to be hidden for SAML accounts if that box is left unchecked.)
Looks like $form['#user']->init
is returning the email address of the account, which doesn't get a match in the authmap table. $form['#user']->name
returns the username, which does match in the authmap table and results in correctly hidden password fields.
Comment | File | Size | Author |
---|---|---|---|
#2 | simplesamlphp_auth-password_field_not_hidden-2683699.patch | 843 bytes | larcher |
Comments
Comment #2
larcher CreditAttribution: larcher commentedComment #3
larcher CreditAttribution: larcher commentedComment #5
snufkin CreditAttribution: snufkin at Acquia commentedGood catch. We broke some of the authmap related stuff when we rearchitected from 2.x, I guess this was one of them. Thanks for the patch, committed.