Drop (undeclared) support for Drupal 8; relax Email Validator type requirements

Open on Drupal.org →

Created on 25 September 2023, about 1 year ago

This issue is filed against 8.x-3.x, as 4.x does not have a recommended / security advisory covered release yet.

Problem/Motivation

Drupal 8.6 sites have been out of security support for almost 4 years now, and we're seeing an incompatibility with with the UserSyncEventSubscriber such that our custom email validation service does not match the expected type, and is thus fatally crippling authentication requests.

The modular nature of Drupal leads users to believe that components can be swapped out as needed, and still retain inter-op between subsystems and other contributed modules. Locking the UserSyncEventSubscriber to require the Egulias validator seems to be an area where some improvement can happen.

Steps to reproduce

Override the core email validation service with an implementation that is not from the Egulias package, observe fatal PHP errors when attempting to sign in.

Proposed resolution

Drop support for Drupal 8.6 and before. It's time :-)

This will allow the email validator member to be an instance of \Drupal\Component\Utility\EmailValidatorInterface, which doesn't lock the implementation to a specific vendor.

Specifically, cherry-pick https://git.drupalcode.org/project/samlauth/-/commit/888ee7c80274c0dd21b... into 8.x-3.x-dev and cut a release? :-)

🐛 Bug report

Status

Closed: outdated

Version

3.0

Component

Code

Created by

🇺🇸United States luke.leber Pennsylvania

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @luke.leber
Comment about 1 year ago →
🇺🇸United States luke.leber Pennsylvania
Comment about 1 year ago →
🇺🇸United States luke.leber Pennsylvania
Comment about 1 year ago →
🇺🇸United States luke.leber Pennsylvania
Gah! I just saw this was committed to 8.x-3.x already! We'll patch this until 8.x-3.10 is cut. Sorry for the noise :-)
Status changed to Closed: outdated about 1 year ago7:43pm 25 September 2023
Comment about 1 year ago →
🇺🇸United States luke.leber Pennsylvania
Comment about 1 year ago →
🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
I'm guessing you're the victim of confusion around 4.x not being kept up to date while I am semi actively working on 8.x-3.x.

(Sorry. That branch should not exist; I thought it was going to be the D10-compatible one but that was a mistake and now I can't remove it so it's just fast-forward-pushed whenever I do a release, until a time when there will finally be a fork in the commit tree...)

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024