Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When a user that's been authenticated through SSO tries to create other users, those users have the name & email address of the admin applied to them. This results in a DB constraint error on the user name.
Comment | File | Size | Author |
---|---|---|---|
#13 | user-data-leaks-when-editing-2365079-13.patch | 3.65 KB | bkosborne |
#13 | interdiff.txt | 483 bytes | bkosborne |
Comments
Comment #1
richburke CreditAttribution: richburke commentedComment #2
richburke CreditAttribution: richburke commentedThe attached patch addresses the issue detailed above.
Comment #3
m.abdulqader CreditAttribution: m.abdulqader commentedI have the same bug I will try the patch and let you now
Comment #4
m.abdulqader CreditAttribution: m.abdulqader commentedOK the patch works for me. Thank you.
Comment #5
tbsiqueiraI've tested this patch and it works very well, the code is precise and clean. Thank you "richburke" for your patch. This is ready to commited!
Comment #6
snufkin CreditAttribution: snufkin commentedHey, which version have you tested this against? 2.x?
Comment #7
chrisgross CreditAttribution: chrisgross commentedFor some reason,
git apply simplesamlphp_auth-admin-users-cannot-other-users-9291915-1.patch
does not work for me, butpatch -p1 < simplesamlphp_auth-admin-users-cannot-other-users-9291915-1.patch
does. I am going to test this out, and if it works, I will try re-roll the patch in a way that works withgit apply
. Due to the other active branches that are newer, I assume this is not going to get committed to an alpha branch anytime soon. If I'm wrong, please commit it.Comment #8
chrisgross CreditAttribution: chrisgross commentedRe-rolled the patch. This successfully applies against alpha2 and works perfectly.
Comment #9
chgasparoto CreditAttribution: chgasparoto as a volunteer and at CI&T commentedI think the solution is simpler, because we need to compare on
line 361
and not assign the$category
variable.Please review.
Thanks.
P.s.: I attached a version of the patch with early return approach. For me, is more readable.
Comment #10
chgasparoto CreditAttribution: chgasparoto as a volunteer and at CI&T commentedComment #11
vmachado CreditAttribution: vmachado as a volunteer and at CI&T commentedThe uploaded patch #8 has an issue when creating a new user during user first login. The user is created with success however it's email isn't set correctly. The same issue continues happening in patch #9, since it didn't fix this issue.
I'm uploading a new patch combining the correction from #8 and #9 and fixing all issues.
Comment #12
bkosborneWow, what a big, awful, bug. The method taken here to set the username and email address on users during hook_user_insert makes no sense. It should be done during hook_user_login or somewhere else.
Anyway, patches should be made against the dev branch, which I what I did here. I also cleaned it up further.
Comment #13
bkosborneFound a small bug in this, where the
$_simplesamlphp_auth_as
is not always defined in hook_user_insert. Fixed.Comment #14
xs2bharat CreditAttribution: xs2bharat commentedI am still having same issue that newly created user have email and name from signed in user after apply patch # 13
Comment #15
sguglielmo CreditAttribution: sguglielmo commentedTested #11 against 7.x-2.0-alpha2: Working well so far!
+1 RTBC
Comment #16
larynI took the patch from #11 and manually worked it into a PR for the Backdrop version of this module and can confirm that the basic logic works well.