Unable to override create method to handle user creation validation error.

[lethunder]

Hello,
It there a way to override create method to handle validation error during user creattiln process?

Thanks in advance

[adamstegman]

Yes, you can set devise.saml_update_resource_hook to a proc. Use the default as a starting point and you can customize from there!

[lethunder]

Thanks. Let me check this Le mar. 16 juil. 2019 à 18:25, Adam ⚛ Stegman <[email protected]> a écrit :

…

Yes, you can set devise.saml_default_update_resource_hook to a proc. Use the default <https://github.com/apokalipto/devise_saml_authenticatable/blob/3934b53af92a4ea91b3d3c266535c020a4b807c9/lib/devise_saml_authenticatable.rb#L96> as a starting point and you can customize from there! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#144?email_source=notifications&email_token=ABPOAVGIUXMWHSZD2GVGK6DP7XY6VA5CNFSM4IECVFKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2BMZHQ#issuecomment-511888542>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABPOAVFHNWGTTXX5ZEPM5YDP7XY6VANCNFSM4IECVFKA> .

[lethunder]

Hey, actually I'm not sure how this can be usefull for what I intend to do. I created a saml sessions controller which inherit from devise saml sessions controller. The reason why is because after getting user infos from idp, I'll need to do some verifications or at least if validation fails to catch it without rasing error to user and redirect him to homepage. Le mar. 16 juil. 2019 à 18:36, Didier BANLOCK <[email protected]> a écrit :

…

Thanks. Let me check this Le mar. 16 juil. 2019 à 18:25, Adam ⚛ Stegman ***@***.***> a écrit : > Yes, you can set devise.saml_default_update_resource_hook to a proc. Use the > default > <https://github.com/apokalipto/devise_saml_authenticatable/blob/3934b53af92a4ea91b3d3c266535c020a4b807c9/lib/devise_saml_authenticatable.rb#L96> > as a starting point and you can customize from there! > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <#144?email_source=notifications&email_token=ABPOAVGIUXMWHSZD2GVGK6DP7XY6VA5CNFSM4IECVFKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2BMZHQ#issuecomment-511888542>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/ABPOAVFHNWGTTXX5ZEPM5YDP7XY6VANCNFSM4IECVFKA> > . >

[adamstegman]

Redirection can be tricky, depending on when you want to do it!

The basic flow is something like:

• Devise::SessionsController#create
• Devise::Strategies::SamlAuthenticatable#retrieve_resource (via warden)
• User::authenticate_with_saml - validate, then create/update user model

So that flow goes through this gem, devise, and warden at various points—if you raise an error, you might be able to catch it in the controller, in #create, but I'm not sure.

Another place you could catch it is in the FailureApp#redirect_url - this is called by warden when an unauthorized response is occurring. We use this in our app to display an error page when the wrong scope is in use.

[lethunder]

hey, thanks for your response. I did something on my side that is working. i override self.authenticate_with_saml by updating this piece of code if Devise.saml_update_user || (resource.new_record? && Devise.saml_create_user) Devise.saml_update_resource_hook.call(resource, decorated_response, auth_value) rescue nil end by adding rescue nil i avoid app to raise brutal error to user Then i my controller Auth::SamlSessionsController < Devise::SamlSessionsController i added before_action :redirect_user_if_registration_fails, on: :create private def redirect_user_if_registration_fails if current_user.new_record? redirect_to new_user_session_path, :alert => current_user.errors.full_messages.first end end It means that after create if user is saved then we redirect to root path otherwise something went wrong and me display error message Let me know if it makes sense for you. I can under my work if not Le jeu. 18 juil. 2019 à 04:38, Adam ⚛ Stegman <[email protected]> a écrit :

…

Redirection can be tricky, depending on when you want to do it! The basic flow is something like: - Devise::SessionsController#create <https://github.com/plataformatec/devise/blob/9aa17eec07719a97385dd40fa05c4029983a1cd5/app/controllers/devise/sessions_controller.rb#L19> - Devise::Strategies::SamlAuthenticatable#retrieve_resource <https://github.com/apokalipto/devise_saml_authenticatable/blob/3934b53af92a4ea91b3d3c266535c020a4b807c9/lib/devise_saml_authenticatable/strategy.rb#L48> (via warden) - User::authenticate_with_saml <https://github.com/apokalipto/devise_saml_authenticatable/blob/3934b53af92a4ea91b3d3c266535c020a4b807c9/lib/devise_saml_authenticatable/model.rb#L69> - validate, then create/update user model So that flow goes through this gem, devise, and warden at various points—if you raise an error, you might be able to catch it in the controller, in #create, but I'm not sure. Another place you could catch it is in the FailureApp#redirect_url <https://github.com/plataformatec/devise/blob/9aa17eec07719a97385dd40fa05c4029983a1cd5/lib/devise/failure_app.rb#L116> - this is called by warden when an unauthorized response is occurring. We use this in our app to display an error page when the wrong scope is in use. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#144?email_source=notifications&email_token=ABPOAVCOVZ43GQAS35PBPUDP77JSDA5CNFSM4IECVFKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2HESHA#issuecomment-512641308>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABPOAVFWCK6ETJZ22VV54NLP77JSDANCNFSM4IECVFKA> .

-- Cordialement, Didier Banlock

[luke-zhou]

I am currently having the same issue.

      if resource.nil?
        if Devise.saml_create_user
          logger.info("Creating user(#{auth_value}).")
          resource = new
        else
          logger.info("User(#{auth_value}) not found.  Not configured to create the user.")
          return nil
        end
      end
      if Devise.saml_update_user || (resource.new_record? && Devise.saml_create_user)
        Devise.saml_update_resource_hook.call(resource, decorated_response, auth_value)
      end
      resource

`
I think in the model.rb, if creating fails should return nil in the resource instead of an empty resource. In that case, the strategy can fail the authentication

[adamstegman]

Great catch! That does sound like the right response.