devise_saml_authenticatable icon indicating copy to clipboard operation
devise_saml_authenticatable copied to clipboard

Undefined local variable or method `current_user' after upgrading to 1.6.1

Open stephenrichards opened this issue 5 years ago • 4 comments

We are unable to sign out without getting this error in app/controllers/devise/saml_sessions_controller.rb:62 after upgrading from 1.5.0 to 1.6.1.

Our user is based on the Provider model, so normally we would refer to the current user as current_provider.

It seems to be happening in a before action, as it happens before it gets to the first line of this method in our controller derived from Devise::SamlSessionsController

def destroy
  sign_out current_provider
  redirect_to new_feedback_path
end

Are you able to provider some pointers as to what is going on?

stephenrichards avatar Sep 24 '20 11:09 stephenrichards

Great catch! We are using current_user in that method as of #149. We probably need to make the current_user method configurable.

In the meantime, is SP-initiated logout working for you? That method short-circuits if the name_identifier_format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient—what value are you using?

adamstegman avatar Sep 24 '20 14:09 adamstegman

no, our name_identifier_format is urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

Incidentally, I tried adding a current_user method to return current_provider in our subclass, but it failed on the next line with NoMethodError - undefined method session_index' for #Provider:0x00007fa25150a2a8`

stephenrichards avatar Sep 24 '20 15:09 stephenrichards

Setting name_identifier_format to the value I mentioned would prevent these errors by not attempting to read the value from the current user.

For the second error, it seems like you've configured saml_session_index_key but it's not actually a valid method on your class. It seems like you can remove the line that sets that value.

adamstegman avatar Sep 24 '20 16:09 adamstegman

OK, will take a look, thanks.

stephenrichards avatar Sep 25 '20 08:09 stephenrichards