shib_auth doesn't call user_module_invoke('login')

Did you have any luck with it?

Here is a patch for that. It s not against the version on drupal.org because we have some other patches applied to it but you should be able to do the patching manualy.

Fixed in 4.0-rc1.

Unfortunately this still does not mean that user module can deny user registration or login. I think, this is a more general problem of using user_external_login_register. There needs to be a separate issue for that.

Please reopen (or reactivate) this issue only if you think user_module_invoke is incorrectly called, or if invoking other user modules breaks your installation.

I think user_module_invoke() is called incorrectly ;)

I've implemented external user registration in a different context recently, and AFAIK, the correct way would be to call user_authenticate_finalize() after user_external_login_register(). That function will call user_module_invoke() in the end, but also log the login to watchdog, update the login time in the database and regenerate the session for security reasons!

So calling that function instead of invoking the hook directly should provide the same fix, with some additional benefits :)

(I've answered a related question over at stackoverflow (some more details there), but the questioner did not follow up, which is why I checked back here to see if the fix got reported back.)

Preemptive sorry, should this have been addressed already in a different issue in the meantime!

Thanks for reporting, your fix was committed to git.