Contrib.social

Blocked user can still log in

Open on Drupal.org →
Created on 13 April 2023, almost 2 years ago
Updated 18 April 2023, almost 2 years ago

Problem/Motivation

After installing and configuring this module (both its settings and permissions), blocked users can still log in. The module tries to prevent them from logging in, but the call to user_logout() does not seem to work.

Steps to reproduce

- Install Drupal core 9.5.7 with Standard profile
- Install this module version 1.5.0
- Visit /admin/config/system/limit_domain_access_by_role to set the whitelisted domains.
- Visit /admin/people/permissions/module/limit_domain_access_by_role to set permission Block access on non-technical domain on the Content editor role.
- In a different browser session (i.e., incognito window), try to log into Drupal with a user with that role. Observe that you can still log in, even though you get this error message:

Warning: session_destroy(): Trying to destroy uninitialized session in Drupal\Core\Session\SessionManager->destroy() (line 255 of core/lib/Drupal/Core/Session/SessionManager.php).
Drupal\Core\Session\SessionManager->destroy() (Line: 1237)
user_logout() (Line: 43)
limit_domain_access_by_role_user_login(Object)
...

Screenshot: https://www.drupal.org/files/issues/2023-04-13/Screen%20Shot%202023-04-1...

Proposed resolution

Instead of calling user_logout(), maybe you could just clear the session, so that their authentication attempt gets stopped.

🐛 Bug report
Status

RTBC

Version

1.5

Component

Code

Created by

🇺🇸United States krisahil

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @krisahil
  • @krisahil opened merge request.
  • Status changed to Needs review almost 2 years ago
  • Comment almost 2 years ago
    🇺🇸United States krisahil
  • Comment almost 2 years ago
    🇮🇳India Raveen Kumar

    @Krisahil, I was not able to reproduce it. I am using Drupal 9.5, and PHP - version: 8.1. I installed the module and added a user with content editor role. After that, I went to admin/config/system/limit_domain_access_by_role to set the whitelisted domains. After that, I went to permissions and set permission for the content editor role. (Please see attached). But in my Incognito window, I was still able to log in from that user. (Please see attached). And thank you.

  • Comment almost 2 years ago
    🇺🇸United States krisahil

    Was your test user allowed to log in because the domain was in the whitelisted domains? Just want to be sure.

  • Status changed to RTBC almost 2 years ago
  • Comment almost 2 years ago
    🇵🇭Philippines kenyoOwen

    Hi krisahil

    I applied your MR in my local with Drupal 9.5.7, it worked for me the issue is now resolved.

    Please look at the screenshots attached for your reference.

    For your review.
    Thank you.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024