Customer data not retrieved after executing a custom login controller

[pitbulk]

Description

I customized the routes for login flow because I have a SAML SSO extension,

I'm experiencing issues the first time I try to log the user in using the SSO flow. Customer data is not loaded.

Preconditions

• Magento 2.3.4 or 2.3.5
• Custom Login controller

My login controller is similar than the PostLogin code

$customerSession->setCustomerDataAsLoggedIn($customer);
if ($this->getCookieManager()->getCookie('mage-cache-sessid')) {
    $metadata = $this->getCookieMetadataFactory()->createCookieMetadata();
    $metadata->setPath('/');
    $this->getCookieManager()->deleteCookie('mage-cache-sessid', $metadata);
}

$resultRedirect = $this->resultRedirectFactory->create();
return $resultRedirect->setUrl($targetURL);

The extension also forces sections to be invalidated after my custom login, by adding a etc/frontend/sections.xml as documented on page-caching

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Customer:etc/sections.xsd">
    <action name="sso/saml2/acs">
        <section name="*"/>
    </action>
</config>

Steps to reproduce

I implemented this simple custom login controller that will allow reproduce the issue:
https://github.com/pitbulk/magento-custom-login

If in a private browser I log in, the call to retrieve sections info does not contain the customer section.

http://example.com/customer/section/load/?sections=recently_viewed_product%2Crecently_compared_product
%2Cpersistent&force_new_section_timestamp=false&_=1590761846169

If I later log in using the normal login process and then logout and try to log again using the SSO module, the customer data is properly retrieved.
If I analyze the call done to retrieve the customer-data, it contains the customer section:

http://example.com/customer/section/load/?sections=recently_viewed_product%2Crecently_compared_product
%2Cpersistent%2Ccustomer%2Ccompare-products%2Clast-ordered-items
%2Ccart%2Cdirectory-data%2Ccaptcha%2Cinstant-purchase%2Creview%2Cwishlist%2Cproduct_data_storage
%2Cpaypal-billing-agreement&force_new_section_timestamp=false&_=1590761971410

It seems that the normal login flow set something the first time the user tries to log that is not set by my extension.

The issue I experience is similar than the one described at:
#21548

The issue exists on Magento 2.3.4, 2.3.4-p2 and 2.3.5-p1

Expected result

customer section listed on section_data_ids.
Customer data available.

Actual result

After enabling a private browser, login and logout using the SAML SSO flow, my sessions looks like:

- Cookies:
  mage-cache-sessid                                        true
  mage-cache-storage                                      %7B%7D
  mage-cache-storage-section-invalidation      %7B%7D
  private_content_version                                 b1051bef9438849ebe3f156423360282
  store                                                               default
  section_data_ids                                            %7B%22recently_viewed_product%22%3A1590766823%2C%22recently_compared_product%22%3A1590766823%2C%22persistent%22%3A1590766823%7D

- Session Storage:
 mage-cache-storage                                  {}
 mage-cache-storage-section-invalidation  {}

- Local Storage:
  mage-cache-timeout                                  "2020-05-29T16:37:08.438Z"
  mage-cache-storage-section-invalidation  {}
  mage-cache-storage                                  {"recently_viewed_product":{"count":0,"items":[],
                                                                     "data_id":1590766823},"recently_compared_product":
                                                                     {"count":0,"items":[],"data_id":1590766823},
                                                                    "persistent":{"data_id":1590766823}}

After enabling a private browser, login and logout using the normal flow, that allows me later to login with no issue via SAML, the sessions look like:

- Cookies:
  mage-cache-sessid                                        true
  mage-cache-storage                                      %7B%7D
  mage-cache-storage-section-invalidation      %7B%7D
  private_content_version                                 4366e273973e6fe629402ced87a74171
  store                                                               default
  section_data_ids                                            %7B%22customer%22%3A1590767746%2C%22compare-products%22%3A1590767746%2C%22last-ordered-items%22%3A1590767746%2C%22cart%22%3A1590767746%2C%22directory-data%22%3A1590767746%2C%22captcha%22%3A1590767746%2C%22instant-purchase%22%3A1590767746%2C%22persistent%22%3A1590767746%2C%22review%22%3A1590767746%2C%22wishlist%22%3A1590767746%2C%22recently_viewed_product%22%3A1590767746%2C%22recently_compared_product%22%3A1590767746%2C%22product_data_storage%22%3A1590767746%2C%22paypal-billing-agreement%22%3A1590767746%7D

- Session Storage:
 mage-cache-storage                                  {}
 mage-cache-storage-section-invalidation  {}

- Local Storage:
  mage-cache-timeout                                  "2020-05-29T16:54:53.287Z"
  mage-cache-storage-section-invalidation  {}
  mage-cache-storage                                  {"customer":{"data_id":1590767746},"compare-products":{"count":0,"countCaption":"0 items", ............ "persistent":{"data_id":1590767746},"review":{"nickname":"","title":"","detail":"","data_id":1590767746},"wishlist":{"counter":null,"items":[],"data_id":1590767746},"recently_viewed_product":{"count":0,"items":[],"data_id":1590767746},"recently_compared_product":{"count":0,"items":[],"data_id":1590767746},"product_data_storage":{"data_id":1590767746},"paypal-billing-agreement":{"data_id":1590767746}}

I removed the mage-cache-storage and tried to login with SAML, and it worked, so it seems that
all that is required is to include the so it seems that once customer section customer on section_data_ids. I executed again the SAML SSO process and added the customer string manually inside the section_data_ids, so logged in, logged out, edited the Cookie and the process worked.

What may I do to include "customer" inside the section_data_ids?

[m2-assistant]

Hi @pitbulk. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, please, review the Magento Contributor Assistant documentation.

Please, add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

[ksz2013]

HI,
I am having the same issue, it is exactly as you described. I am having a customized login as well, and using this one for the 1st time the customerData is not populated at all.

[Seppo-Konttinen-Solteq]

Hi.

Exactly same problem here

[pitbulk]

@vzabaznov any help?

[Seppo-Konttinen-Solteq]

I also tried by adding

`
$customerModel = $this->customerFactory->create()->updateData($customer);
$this->eventManager->dispatch(
'customer_customer_authenticated',
['model' => $customerModel, 'password' => $password]
);

$this->eventManager->dispatch('customer_data_object_login', ['customer' => $customer]);
`

which are in /vendor/magento/module-customer/Model/AccountManagement.php:authenticate but there was no difference.

[pitbulk]

@Seppo-Konttinen-Solteq This is a very simple module with the basics:
https://github.com/pitbulk/magento-custom-login

If we can fix it, we can later port to any sso module.

I was reviewing the login-as-customer module since it is kinda similar situation, not using the standard login. I see it already had which had a similar issue
magefan/module-login-as-customer#13

@pitbulk The section may be updated only by POST or PUT form submitting or AJAX request,you action sso/saml2/acs is not ajax request,so section is not load.

[pitbulk]

@n1cehua1991 Thanks for replying.
The sso/saml2/acs is a POST endpoint.

The custom login controller of the example module is right now a GET, but will update it to be a POST.

[pitbulk]

@n1cehua1991 I updated the Custom Login controller to be processed as a POST, but the issue continues.

The Private content doc mentions to create a sections.xml but not working.

I made the custom login controller similar to Customer/Controller/Account/LoginPost.php, but not working.

Can you provide a fix to my custom login module to solve the customer_data issue?

[pkarsai]

As a temporary workaround, I created a custom block that invalidates any sections that have no entry in mage-cache-storage, so they are automatically loaded:

<?php
 /** @var \Magento\Customer\Block\SectionConfig $block */
 ?>
 <script>
     require([
         'jquery',
         'Magento_Customer/js/section-config',
         'Magento_Customer/js/customer-data',
         'jquery/jquery-storageapi'
     ], function ($, sectionConfig, customerData) {
         var sections = <?= /* @noEscape */ $this->helper(\Magento\Framework\Json\Helper\Data::class)
                 ->jsonEncode($block->getData('sectionNamesProvider')->getSectionNames()) ?>,
             storage = $.initNamespaceStorage('mage-cache-storage').localStorage,
             invalidSections = [];

         $.each(sections, function (index, sectionName) {
             if (!storage.get(sectionName)) {
                 invalidSections.push(sectionName);
             }
         });

         if (invalidSections.length) {
             customerData.invalidate(invalidSections);
         }
     });
 </script>

Put this in a phtml, include it in the default.xml of the Magento_Customer module using the Magento\Customer\Block\SectionConfig as block class and you should be all set.