DB Error: already exists

Created on 18 June 2024, 6 months ago
Updated 19 June 2024, 6 months ago

Problem/Motivation

Recently, one of my Drupal (10.2.7) installations using samlauth declined authenticating users with the following error message:

Error encountered while processing SAML authentication response; details have been logged.

On the side of the IdP nothing seems at odd, but the Drupal log contains two entries for every failed (but actually valid) login attempt:

  1. user: Civi\Core\Exception\DBQueryException: DB Error: already exists in CRM_Core_Error::exceptionHandler() (line 974 of /var/www/[HOST]/vendor/civicrm/civicrm-core/CRM/Core/Error.php).
  2. samlauth: Drupal\Core\Entity\EntityStorageException encountered while processing SAML authentication response: DB Error: already exists in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 817 of /var/www/[HOST]/web/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).

Steps to reproduce

I am running CiviCRM 5.74, but only one of two very similar servers experiences this error, so I currently don't know how to reproduce it.

Proposed resolution

Do you have any hint or idea where I can look further to resolve this problem?

🐛 Bug report
Status

Needs work

Version

3.9

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @fkohrt
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    The "DB error: already exists" suggests that it is being generated while saving a new user. But that's just a guess, it could be anything.

    This error is thrown during SAML authentication, but past experience suggests it is likely not thrown by the SAML authentication module.

    Your problem is that the error doesn't give enough information. "already exists" doesn't say much

    Line 816 in SqlContentEntityStorage.php suggests that the "user" in your message is actually the entity type. So it seems like "it" is trying to save the same new user twice.

    Now, the question is: what is "it"? I think it's not the samlauth module because that's quite careful to save the user only once.

    Do you maybe have an event subscriber for the SamlauthEvents::USER_SYNC event, that saves the user? (It shouldn't - it should wait until samlauth saves the user.)

  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
  • Status changed to Closed: works as designed 6 months ago
  • Thanks, your comment led me on the right track! With the help of the people at CiviCRM's issue tracker I identified the root cause to be a centralized change of user's email addresses that we performed earlier (months ago, but as only one user was affected, I didn't make the immediate connection).

  • Status changed to Needs work 6 months ago
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    Thanks for the report!

    But that means I was wrong / I presumed too much. You have no custom code, and you're still getting this non-descriptive error. Sure you should 'just' be getting an error, but it shouldn't be non-descriptive.

    Per the CiviCRM issue tracker:

    On the failing site we had changed the users' email addresses (on the side of the IdP), and the email address for the failing user was already in use by another CiviCRM contact. I changed the email address from the other contact so the user can now successfully authenticate.

    the SAMLAuth code should give some error when the e-mail already exists, because we are sure the new/other-user-save will fail. It is doing this for a clashing name, but not for a clashing e-mail (I believe, from a quick read).

    That should be fixed sometime. With unit tests, because this piece of code is trying to take care of too many situations at once. Linking another bug in the same code, and changing status.

  • Well, you definitively helped me finding the cause :)

    If it's of any further interest I shared the full backtrace in the CiviCRM issue #5302 linked above.

Production build 0.71.5 2024