Reader beware, this is a significant change but I hope to maintain all existing functionality.

I have a use case where I want the person's full name as their username and their email as their unique identifier. It is understood that full names are not always unique so I have added additional handling to support generation of a unique name if a collision should arise. As I went through trying to achieve this functionality I ran in to a few other bugs and will list them below.

_simplesaml_auth_login_register()
* Added a hook call based on discussion here: https://www.drupal.org/node/2635152 to allow for matching users based on other options than authname
* Added a mail lookup for a user when 'simplesamlphp_auth_autoenablesaml' is set to true
* Always set authmaps on user. There were a couple of scenarios where the authmap was not being set.
* Maintained simplesamlphp_auth_pre_login hook
* Some general cleanup

_simplesaml_auth_user_register()
* removed $authname param and forced it to use _simplesamlphp_auth_get_authname() to avoid any issues with what user is being worked on.
* Added authname validation for instances where the authname was already taken by another Drupal account.
* Removed direct db_query writes to the database so that other modules may act upon the data on user_save()

hook_user_insert -> hook_user_presave
* Changed this hook to act earlier in the process so that account values can be modified before saving the user to the database.
* Added authname validation
* Added account name option where the user's settings for account name are set so it is not forcing authname to be the users name. If the account name is not unique it falls back to authname. If the authname is not unique the _simplesamlphp_auth_get_valid_authname function will be called to provide one.
* Updated mail key before user save so we don't have to db_update later
* Updated init key so that it is an email as Drupal expects it
* Removed the call to _simplesaml_auth_user_login() as it was circumventing the rest of the hooks to fire and did not allow other modules to implement hook_pre_save or hook_user_insert(). The user gets logged in on register instead.

_simplesamlphp_auth_valid_username()
* Validation function to check to see if the data from the IDP is valid and that the name does not already exist.

_simplesamlphp_auth_get_valid_authname()
* Generates a valid name when a username already exists and the fallback to authname is not unique enough.

_simplesamlphp_auth_get_authname()
* Modified function to not throw expections but to always return something because with the new validation functions there should always be something to return.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

sherakama created an issue. See original summary.

sherakama’s picture

FileSize
22.15 KB
22.15 KB
sherakama’s picture

sherakama’s picture

FileSize
22.28 KB
sherakama’s picture

FileSize
22.26 KB
sherakama’s picture

FileSize
22.26 KB
sherakama’s picture

FileSize
23.91 KB
sherakama’s picture

FileSize
24.29 KB
sherakama’s picture

Status: Active » Closed (won't fix)

I decided to go a completely different direction with this after all. I have rolled most of the functionality of simplesamlphp_auth in to this module with a number of adjustments for greater flexibility around which properties are the username, email, and unique id. It may be of some use to someone else:

https://github.com/SU-SWS/stanford_ssp

irinaz’s picture

Do you know if these issues are also in version 8 of the module?
Thanks!