I have a user that is authenticated with SAML. That user has the ability to create other users via Drupal admin. Problem is if they create a user, they get an Integrity constraint violation because it uses the logged in user's username instead of the new username.

Here is the problem:

    if ($_simplesamlphp_auth_as->isAuthenticated()) {
      // Get name from default attributes.
      try {
        _simplesaml_auth_debug(t('Registering user [%acctname]', array('%acctname' => $account->name)));
        $account->name = _simplesamlphp_auth_get_default_name($account->uid);
      }
      catch (Exception $e) {
        drupal_set_message(t('Your user name was not provided by your identity provider (IDP).'), "error");
        watchdog('simplesamlphp_auth', $e->getMessage(), NULL, WATCHDOG_CRITICAL);
      }

      db_update('users')
        ->fields(array('name' => $account->name))
        ->condition('uid', $account->uid)
        ->execute();

$account->name gets converted to the logged in user because the user is authenticated already.

Comments

albertski created an issue.

veugenio’s picture

veugenio CreditAttribution: veugenio at CI&T commented

I think we could use something like the code below to avoid the interference of the simpleSAML for this flow:

 function simplesamlphp_auth_user_insert(&$edit, $account, $category = NULL) {
   global $_simplesamlphp_auth_as;
   global $_simplesamlphp_auth_saml_attributes;
+  global $user;
 
-  if (!_simplesamlphp_auth_isEnabled()) {
+  if ($user->uid || !_simplesamlphp_auth_isEnabled()) {
     // Exit without initializing.
     return;
   }
lolcode’s picture

lolcode CreditAttribution: lolcode commented

This looks like a duplicate of https://www.drupal.org/project/simplesamlphp_auth/issues/2365079