How to prevent user creation for user not allowed in the systems?

[chanondb]

Is there anyway to prevent user provider auto create user???

[chanondb]

Nevermind my bad, confusing of some part

[KevinSleegers]

@chanondb How have you been able to prevent the user creation?

[chanondb]

Can't remember exactly, I run dump and debug step for a while. What i found through my code is.

• class UserCreator : I just return new User();

  public function createUser(Response $response) { return new User(); }

• AcsController : when we got callback request from google

`

/**
 *
 * @Route("/saml-acs", name="saml-acs", methods={"POST"})
 */
public function index(SessionInterface $session, Request $request, UserPasswordEncoderInterface $passwordEncoder, LoggerInterface $dblogger)
{
    $bindingFactory = new \LightSaml\Binding\BindingFactory();
    $binding = $bindingFactory->getBindingByRequest($request);
    $messageContext = new \LightSaml\Context\Profile\MessageContext();
    /** @var \LightSaml\Model\Protocol\Response $response */
    $response = $binding->receive($request, $messageContext);
    if (!is_null($messageContext) && !is_null($messageContext->asResponse())) {
        $nameAttr = $messageContext->asResponse()
            ->getFirstAssertion()
            ->getFirstAttributeStatement()
            ->getFirstAttributeByName("FirstName");
        $lastnameAttr = $messageContext->asResponse()
            ->getFirstAssertion()
            ->getFirstAttributeStatement()
            ->getFirstAttributeByName("LastName");
        $emailAttr = $messageContext->asResponse()
            ->getFirstAssertion()
            ->getFirstAttributeStatement()
            ->getFirstAttributeByName("Email");
        $clientName = $nameAttr->getFirstAttributeValue() . ' ' . $lastnameAttr->getFirstAttributeValue();
        $email = $emailAttr->getFirstAttributeValue();
        // found user : login if user is admin++
        $userRepo = $this->getDoctrine()->getRepository(User::class);
        $foundUser = $userRepo->findOneBy([
            "email" => $email, 'deletedAt' => null
        ]);
        if (!is_null($foundUser)) {
            if ($foundUser->getStatus() == User::STATUS_ACTIVE) {
                $this->manualAuthenUser($foundUser);
                if ($this->isGranted('ROLE_ADMIN')) {
                    $dblogger->info('login user: "' . $email, ["authen" => "saml", "backend" => true]);
                    return $this->redirectToRoute('easyadmin');
                } else {
                    $dblogger->info('login user: "' . $email, ["authen" => "saml", "backend" => false]);
                    return $this->redirectToRoute('app_security_login');
                }
            } else {
                $dblogger->info('login user inactive: "' . $email, ["authen" => "saml", "backend" => false]);
                return $this->redirectToRoute('app_security_login');
            }
        } else {
            // not found user : create user as normal user
            // prevent create user
            return $this->redirectToRoute('app_security_login');
        }
    } else {
        //             dump($messageContext->asResponse()
        //                         ->getFirstAssertion()
        //                         ->getAllItems());
        // error login
        //             die();
        return $this->redirectToRoute('app_security_login');
    }
    //         die();
}
private function manualAuthenUser($foundUser)
{
    $token = new UsernamePasswordToken($foundUser, $foundUser->getPassword(), 'main', $foundUser->getRoles());
    $this->get('security.token_storage')->setToken($token);
    $this->get('session')->set('_security_main', serialize($token));
}

`

[KevinSleegers]

@chanondb Thanks! Returning a new User seems to have solved my issue.