Contrib.social

New user should be validated before save

Open on Drupal.org →
Created on 3 June 2019, about 6 years ago
Updated 11 July 2025, 18 days ago

Problem

\Drupal\social_auth\User\UserManager::createUser() does not call $new_user->validate(); and checks for validation errors before it tries to save the new user with $new_user->save();. Thanks for the current approach nothing ensures that a social auth plugin saves a valid user object, also, hook_user_presave() hooks get called even if the user object is "incomplete".

Proposed solution

The module should validate the new user before it tries to save it and if validation fails it should gracefully abort the SSO login (registration) process and log the reason for the failure.

🐛 Bug report
Status

Needs work

Version

2.0

Component

Code

Created by

🇭🇺Hungary mxr576 Hungary

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 18 days ago
    🇬🇧United Kingdom scott_euser

    Hmmm I'm not sure we should actually prevent validation. I tested this out and with required fields, its impossible to register via social auth as you hit these validation failures.

    Instead without this patch we are having to do event subscriber KernelEvents::RESPONSE to check if

    1. user logged in
    2. route is not logout
    3. and user has violations (like the MR validates)

    And if so, redirect to edit profile with warning message (and continue to force it until user has satisfied the violdations

    If this route was to go ahead, at least it should be opt in via a settings form.

    Marking as NW for discussion.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024