Contrib.social

New users are not created due to password integrity violation error

Open on Drupal.org β†’
Created on 9 January 2023, over 1 year ago
Updated 22 August 2023, 10 months ago

Problem/Motivation

When a login attempt is made with a username that doesn't match an existing Drupal user account, and setting the config to allow for user creation, a new user object is created. When this user object is saved, there is a

SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'pass' cannot be null: INSERT INTO "user_pass" ("uid", "changed", "pass") VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2); Array
(
[:db_insert_placeholder_0] => 77968
[:db_insert_placeholder_1] => 1673262646
[:db_insert_placeholder_2] =>
)

Steps to reproduce

Setup everything as normal, allow for users to be created. Try to login with a username that doesn't match any existing users.

Proposed resolution

??

πŸ› Bug report
Status

Closed: works as designed

Version

3.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium kriboogh

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 11 months ago β†’
    πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    Please give more information about your Drupal installation, so I can investigate whether I want to do something about this vs. the other contrib/custom code that you have, should fix things.

    Your SQL error shows a failing attempt to insert a recored in the user_pass table. Drupal Core has no user_pass table. So we need to know where that table comes from / what is using it.

  • Comment 10 months ago β†’
    πŸ‡§πŸ‡ͺBelgium kriboogh

    Hi, yes, indeed this is our simple_password_policy module doing that. We hook into user_insert and user_update and save the existing
    password hash into a table for lookup later (can't re-use the last x passwords).

    pseudo code:
    hook_user_insert($user) {
    ...
    $pass = $user->getPassword(); => this returns empty value.
    ...
    }

    I think the reason is that in in SamlAuth service, ExternalAuth::register is called with
    $account_data = ['name' => '...'];
    which only contains a name and not containing a password.
    Maybe a random password can be generated when the user is created ?
    $account_data = ['name' => '...', 'pass' => '???'];

  • Status changed to Closed: works as designed 10 months ago
  • Comment 10 months ago β†’
    πŸ‡³πŸ‡±Netherlands roderik Amsterdam,NL / Budapest,HU

    Rather than make samlauth accommodate simple_password_policy, simple_password_policy should IMHO accommodate the fact that passwordless users are a thing that exists in Drupal and is legal.

    • Make PasswordPolicy::store() issue a DELETE instead of an INSERT/UPDATE if $user->getPassword() is empty. (The DELETE would also accommodate cases where $old_password is nonempty - which is very unlikely but it's not hard to implement just in case.)
    • Make PasswordPolicy::applyPolicy() always return FALSE if $user->getPassword() is empty. After all, you don't want people to be issued warnings of passwords they don't have... which generating a random password would do.
  • Comment 10 months ago β†’
    πŸ‡§πŸ‡ͺBelgium kriboogh

    Indeed, thanks for the suggestions!

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024