From 96641f273eb21f047a5f2d607896785f922d31bc Mon Sep 17 00:00:00 2001
From: Vincent Danjean <Vincent.Danjean@ens-lyon.org>
Date: Sun, 28 Dec 2025 21:26:47 +0100
Subject: [PATCH] bugfix: correctly handles error in register_user()

If register_user() fails (existing login, existing email, etc.),
do not record $sub with NULL/empty id
and add error message (in logs and in the webapp for the user that just successully authenticate)
---
 oidc.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/oidc.php b/oidc.php
index 524ae85..2090fc8 100644
--- a/oidc.php
+++ b/oidc.php
@@ -126,9 +126,18 @@ function oidc_retrieve(OpenIDConnectClient $oidc, $force_registration = false) {
 	// If the user is not found, try to register
 	if (empty($row['id'])) {
 		if ($config['register_new_users'] || $force_registration) {
-			// Registration is allowed, overwrite $row
+			// Registration is allowed, overwrite $row on success
 			$errors = [];
-			$row['id'] = register_user($name, random_pass(), $email, $config['notify_admins_on_register'], $errors, $config['notify_user_on_register']);
+			$id = register_user($name, random_pass(), $email, $config['notify_admins_on_register'], $errors, $config['notify_user_on_register']);
+			if (!empty($errors) or !$id) {
+				if (!isset($_SESSION['page_errors'])) {
+					$_SESSION['page_errors'] = [];
+				}
+				$_SESSION['page_errors'] += $errors;
+				trigger_error("A problem occurred during OIDC user '".$name."' registration. Local user already existing?");
+				return null;
+			}
+			$row['id'] = $id;
 			single_insert(OIDC_TABLE, [
 				'sub' => $sub,
 				'user_id' => $row['id'],