SingleSignOnRecord.destroy_all - Imported users not usable (User {:primary_email=>"has already been taken"})

(Kaleb) #1

To test SingleSignOnRecord.destroy_all (documentation), I backed up my site and put it on a separate container.

After running SingleSignOnRecord.destroy_all, I receive the error when logging on with imported users: Verbose SSO log: Record was invalid: User {:primary_email=>"has already been taken"}, which makes sense because the user already exists.

Shouldn’t it login using the email, though? Has anybody else ran into this issue? This is my first time using destroy_all to migrate my records.

(Richard - #2

Are you passing require_activation=false ?
Otherwise the emails are not trusted and not being used to match the user.

Note that you should have validated the email addresses on the side of your SSO provider before passing this option, otherwise you’re creating a huge security leak.

(Kaleb) #3

Yeah, so this worked. Is this considered better practice or something? Previously I was using it with true and it worked fine before the migration.

(Richard - #4

That was before you ran SingleSignOnRecord.destroy_all

Why did you do that anyway? What do you mean when you say ‘to migrate my records’ ?

(Kaleb) #5

I built a new schema and migrated it since I wrote it a long time ago. My user IDs changed.

(Richard - #6

I now see the documentation you referred to

@sam @supermathie I think ‘safely’ might be a bit too optimistic? This will lead to trouble when require_activation is false.