You are here

Home » API reference » Auth0 Single Sign On 7.2 » auth0.module

function auth0_login_auth0_user in Auth0 Single Sign On 7.2

Log in an Auth0 authenticated user.

1 call to auth0_login_auth0_user()
auth0_callback in ./auth0.module
User login API callback.

File

./auth0.module, line 288

Code

function auth0_login_auth0_user($user_info, $id_token) {
  $requires_email = variable_get('auth0_requires_email', TRUE);
  $requires_verified_email = $requires_email && variable_get('user_email_verification', TRUE);

  // Allow other modules to modify the Auth0 user before processing the login.
  drupal_alter('auth0_user_pre_login', $user_info, $id_token);

  // Check that the user account has an e-mail address if one is required.
  if ($requires_email && empty($user_info['email'])) {
    return drupal_set_message(t('This account does not have an e-mail address associated with it. Please log in with a different provider.'), 'error');
  }

  // Check that the user has a verified e-mail address if that is required.
  if ($requires_verified_email && isset($user_info['email']) && empty($user_info['email_verified'])) {
    return auth0_fail_with_verify_email($id_token);
  }

  // See if there is a user in the auth0_user table with the user info client id
  function_exists('dd') && dd($user_info['user_id'], 'looking up drupal user by auth0 user_id');
  $uid = auth0_find_auth0_user($user_info['user_id']);
  if ($uid) {
    function_exists('dd') && dd($uid, 'uid of existing drupal user found');

    // The user exists. Update the auth0_user with the new userInfo object.
    auth0_update_auth0_object($user_info);

    // Update field and role mappings
    auth0_update_fields_and_roles($user_info, $uid);

    // Log in the user.
    return auth0_authenticate_user($uid);
  }
  else {
    function_exists('dd') && dd('existing drupal user NOT found');

    // If the user doesn't exist we need to either create a new one, or assign
    // him to an existing one.
    $isDatabaseUser = FALSE;

    /* Make sure we have the identities array, if not, fetch it from the user endpoint */
    $hasIdentities = is_object($user_info) && $user_info
      ->has('identities') || is_array($user_info) && array_key_exists('identities', $user_info);
    if (!$hasIdentities) {
      $mgmtClient = new Management($id_token, variable_get('auth0_domain', ''));
      $user = $mgmtClient->users
        ->get($user_info['user_id']);
      $user_info['identities'] = $user['identities'];
    }
    foreach ($user_info['identities'] as $identity) {
      if ($identity['provider'] == "auth0") {
        $isDatabaseUser = TRUE;
      }
    }
    function_exists('dd') && dd($isDatabaseUser, 'isDatabaseUser');
    $joinUser = FALSE;
    if (variable_get('auth0_join_user_by_mail_enabled', FALSE)) {
      function_exists('dd') && dd($user_info['email'], 'join user by mail is enabled, looking up user by email');

      // If the user has a verified email or is a database user try to see if there is
      // a user to join with. The isDatabase is because we don't want to allow database
      // user creation if there is an existing one with no verified email.
      if (!empty($user_info['email_verified']) || $isDatabaseUser) {
        $joinUser = user_load_by_mail($user_info['email']);
      }
    }
    else {
      function_exists('dd') && dd($user_info['email'], 'join user by mail is not enabled, skipping lookup user by email');
    }
    if ($joinUser) {
      function_exists('dd') && dd($joinUser->uid, 'drupal user found by email with uid');

      // If we are here, we have a potential join user.
      // Don't allow creation or assignation of user if the email is not verified, that would
      // be hijacking.
      if (empty($user_info['email_verified'])) {
        return auth0_fail_with_verify_email($id_token);
      }
      $uid = $joinUser->uid;
    }
    else {

      // If we are here, we need to create the user.
      // Check drupal settings to see if new users are allowed to register.
      if (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_ADMINISTRATORS_ONLY) {
        return drupal_set_message(t('Only site administrators can create new user accounts.'), 'error');
      }
      else {
        function_exists('dd') && dd('creating new drupal user from auth0 user');
        $uid = auth0_create_user_from_auth0($user_info);
      }
    }
    function_exists('dd') && dd($uid, 'inserting auth0 user with uid');
    auth0_insert_auth0_user($user_info, $uid);

    // Update field and role mappings
    auth0_update_fields_and_roles($user_info, $uid);

    // Log in the user.
    return auth0_authenticate_user($uid);
  }
  return FALSE;
}