The module uses email as a primary key in the authmap table for the users. This is generally a bad idea because the user can change their login in the Netforum site, then on the next Drupal login they will have a new account created.
This probably doesn't apply to SSO, but for direct logins (logins inside of Drupal, without cookies) it duplicates the account if the email is changed externally.
I have some small changes to load users on the cst_id instead of the name/email, but wanted to check if this was addressed elsewhere first.
Comments
Comment #1
james.michael-hill commentedI don't think it's addressed anywhere else, when you have a patch ready please submit it.
Comment #2
djdevinPatch attached. Solution is to not use user_external_login_register() if the account already exists, because it will only attempt to load the user by the username (the email, which may have changed), and otherwise create a duplicate user. If the account exists we load the user by the cst_id, then update the user's name/mail and finalize the login.
Comment #3
james.michael-hill commentedI've applied a version of this patch - there is a lot that happens on user save and I'd like to avoid starting that process unless there is an actual change. With that idea I've moved it around a bit in a bid to only save if the email has changed, and to only go through this process for netFORUM Team customers. At this point in the login cycle for Enterprise customers I don't think there is a full customer object to inspect. When you see the newest dev build please take a look and let me know if it works as expected.
Comment #4
djdevinSounds like a good idea, I will run it through some testing - thanks!
Comment #5
djdevin