Hey there - I am using an external authentication module (netforum_authentication) which syncs my Drupal password with my external password. In the 5.x-head user.module, where it starts trying authentication modules, I think there is a variable error.
The variable has been changed to $registered_user, but the end of the function just returns $user, this doesn't allow people who (a) are registered users of the site but (b) have changed their password at the external auth source to be logged in.
Patch is against 5.x-HEAD. I'm not sure if this is exactly the right patch, or if for some reason this behavior was intended, but to me it feels like a bug, since this is a real-world case where people are unable to log in, and should be able to.
| Comment | File | Size | Author |
|---|---|---|---|
| user.module.patch | 684 bytes | chrisfromredfin |
Comments
Comment #1
kamleshpatidar commentedthis issue is already fixed http://drupal.org/node/305902.
Kamlesh Patidar
Comment #2
damien tournoud commentedThe change was made on purpose. Please see #165642: error in SQL syntax in user.module on line 368 (or 378) and #283026: user_authenticate from external source (for existing users) not working with no server part for some background.
In a nutshell: remove authentication should not try to authenticate remotely existing local users that are not in the authmap (ie. that were not registered using remote authentication). Before we fixed this, it could happen if you are not using a @server part for your user names.
You will need to apply the patch #2 of #283026: user_authenticate from external source (for existing users) not working with no server part and rebuild your authentication map (table authmap).