Undefined local variable or method `current_user' after upgrading to 1.6.1

[stephenrichards]

We are unable to sign out without getting this error in app/controllers/devise/saml_sessions_controller.rb:62 after upgrading from 1.5.0 to 1.6.1.

Our user is based on the Provider model, so normally we would refer to the current user as current_provider.

It seems to be happening in a before action, as it happens before it gets to the first line of this method in our controller derived from Devise::SamlSessionsController

def destroy
  sign_out current_provider
  redirect_to new_feedback_path
end

Are you able to provider some pointers as to what is going on?

[adamstegman]

Great catch! We are using current_user in that method as of #149. We probably need to make the current_user method configurable.

In the meantime, is SP-initiated logout working for you? That method short-circuits if the name_identifier_format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient—what value are you using?

[stephenrichards]

no, our name_identifier_format is urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Incidentally, I tried adding a current_user method to return current_provider in our subclass, but it failed on the next line with NoMethodError - undefined method session_index' for #Provider:0x00007fa25150a2a8`

[adamstegman]

Setting name_identifier_format to the value I mentioned would prevent these errors by not attempting to read the value from the current user.

For the second error, it seems like you've configured saml_session_index_key but it's not actually a valid method on your class. It seems like you can remove the line that sets that value.

[stephenrichards]

OK, will take a look, thanks.