search

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS
https://saml-sp.flipboxfactory.com/
Other
19 stars 5 forks source link

User save failed with Email existing #176

Closed p1uymi closed 1 year ago

p1uymi commented 2 years ago

Hello,

we use the plugin to let user use our site. We run into the issue with a handfull of accounts where we get the following exception:

`2022-09-08 10:50:17 [-][-][dd8su6n5nd3jeb594mbjfhc3fu][error][saml-sp] User save failed: {"email":["E-mail \"yyyy.yyyyy@yyyyy.yy\" is already in use."]} 2022-09-08 10:50:17 [-][-][dd8su6n5nd3jeb594mbjfhc3fu][error][yii\base\UserException] yii\base\UserException: User save failed: {"email":["E-mail \"yyyy.yyyyy@yyyyy.yy\" is already in use."]} in /var/www/craft/vendor/flipboxfactory/saml-sp/src/services/login/User.php:172 Stack trace:

0 /var/www/craft/vendor/flipboxfactory/saml-sp/src/services/login/User.php(145): flipbox\saml\sp\services\login\User->save()

1 /var/www/craft/vendor/flipboxfactory/saml-sp/src/services/Login.php(68): flipbox\saml\sp\services\login\User->sync()

2 /var/www/craft/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(118): flipbox\saml\sp\services\Login->transformToUser()

3 [internal function]: flipbox\saml\sp\controllers\LoginController->actionIndex()

4 /var/www/craft/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()

5 /var/www/craft/vendor/yiisoft/yii2/base/Controller.php(178): yii\base\InlineAction->runWithParams()

6 /var/www/craft/vendor/yiisoft/yii2/base/Module.php(552): yii\base\Controller->runAction()

7 /var/www/craft/vendor/craftcms/cms/src/web/Application.php(293): yii\base\Module->runAction()

8 /var/www/craft/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction()

9 /var/www/craft/vendor/craftcms/cms/src/web/Application.php(278): yii\web\Application->handleRequest()

10 /var/www/craft/vendor/yiisoft/yii2/base/Application.php(384): craft\web\Application->handleRequest()

11 /var/www/craft/web/index.php(26): yii\base\Application->run()

12 {main}`

This happens, when a user tries to log in for the second time. The first time it works (and a database entry is created), yet the second time we get this error.

Yes, the Email Adress is already in our database, shouldn't it then just sync the Email with the existing account, as it does with the rest of our Users?

We use Craft Pro 3.7.48 We use PHP 8.1.2

Please let me know, if you need more information or how we could go on an debug this further. Any advice is appreciated.

dsmrt commented 2 years ago

👋 @p1uymi

Are they created with plugin or by other means? Same IdP or from a different IdP?

This error means, the plugin is using the NameID (username in SAML terms) and doing a look up in the db for this user. If you are using Azure AD, they use UUIDs for this which is great because if the user changes their email, the user is still link to the same Craft user element.

Turn on info logging and tail to the logs to see what is different in the NameID. Here is a handy unixy command:

tail -f storage/logs/web*.log | grep '\[saml-' -A 10

Or if you can repeat it yourself with your user, install this handy chrome extension to view the payload when you are getting the error: https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace?hl=en

You can also change the field in which the username is selected, from the NameID to another (like email), by using the following field on the IdP Configure tab:

Screen Shot 2022-09-09 at 6 34 51 AM

Let me know how this goes.

dsmrt commented 1 year ago

Closing due to no recent activity. If you are still having issues, let me know and we can open this back up.