View source
<?php
declare (strict_types=1);
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Link;
use Drupal\Core\Url;
function ldap_authentication_help($path, $arg) {
$authentication_help = t('LDAP authentication allows authentication against an LDAP server. It may be used alongside other authentication means such as built in Drupal authentication, OpenID, etc. More detailed help is available on drupal.org at !helplink.', [
'%helplink' => Link::fromTextAndUrl('http://drupal.org/node/997082', Url::fromUri('http://drupal.org/node/997082')),
]);
switch ($path) {
case 'admin/config/people/ldap/authentication':
case 'admin/help#ldap_authentication':
return '<p>' . $authentication_help . '</p>';
}
}
function ldap_authentication_form_user_pass_alter(&$form, FormStateInterface $form_state) {
array_unshift($form['#validate'], 'ldap_authentication_user_pass_validate');
}
function ldap_authentication_core_override_user_login_authenticate_validate(array $form, FormStateInterface $form_state) {
if (!empty($form_state
->get('uid'))) {
return;
}
$original_form = $form_state
->getFormObject();
$original_form
->validateAuthentication($form, $form_state);
}
function ldap_authentication_user_pass_validate(array &$form, FormStateInterface $form_state) {
$config = \Drupal::config('ldap_authentication.settings');
if ($config
->get('passwordOption') === 'allow') {
return;
}
$user_storage = \Drupal::entityTypeManager()
->getStorage('user');
$name_or_mail = trim($form_state
->getValue('name'));
$users = $user_storage
->loadByProperties([
'mail' => $name_or_mail,
]);
$account = $users ? reset($users) : FALSE;
if (!$account) {
$users = $user_storage
->loadByProperties([
'name' => $name_or_mail,
]);
$account = $users ? reset($users) : FALSE;
}
if (!$account) {
return;
}
$authmap = \Drupal::service('externalauth.authmap');
$authname = $authmap
->get($account
->id(), 'ldap_user');
if ($authname) {
if ($config
->get('ldapUserHelpLinkUrl')) {
$form_state
->setErrorByName('name', t('You may not reset your password here. You must reset your password via the directions at <a href=":url">@text</a>.', [
':url' => $config
->get('ldapUserHelpLinkUrl'),
'@text' => $config
->get('ldapUserHelpLinkText'),
]));
}
else {
$form_state
->setErrorByName('name', t("You may not reset your password here. You must reset your password via one of your organization's password management sites."));
}
}
}
function ldap_authentication_form_user_form_alter(&$form, FormStateInterface $form_state) {
$user = $form_state
->getBuildInfo()['callback_object']
->getEntity();
$config = \Drupal::config('ldap_authentication.settings');
$authmap = \Drupal::service('externalauth.authmap');
$authname = $authmap
->get($user
->id(), 'ldap_user');
if ($authname) {
if ($config
->get('emailOption') === 'remove') {
$form['account']['mail']['#access'] = FALSE;
}
elseif ($config
->get('emailOption') === 'disable') {
$form['account']['mail']['#disabled'] = TRUE;
$form['account']['mail']['#description'] = t('This email address is automatically set and may not be changed.');
}
if (!ldap_authentication_show_password_field($user)) {
if ($config
->get('passwordOption') === 'hide') {
$form['account']['current_pass']['#access'] = FALSE;
$form['account']['pass']['#access'] = FALSE;
}
elseif ($config
->get('emailOption') === 'disable') {
$form['account']['current_pass']['#disabled'] = TRUE;
$form['account']['pass']['#disabled'] = TRUE;
if ($config
->get('ldapUserHelpLinkUrl')) {
$form['account']['current_pass']['#description'] = Link::fromTextAndUrl($config
->get('ldapUserHelpLinkText'), Url::fromUri($config
->get('ldapUserHelpLinkUrl')));
}
else {
$form['account']['current_pass']['#description'] = t('The password cannot be changed using this website.');
}
}
}
}
}
function ldap_authentication_show_password_field($user = NULL) : bool {
if (!$user) {
$user = \Drupal::currentUser();
}
if ($user
->hasPermission('administer users')) {
return TRUE;
}
$authmap = \Drupal::service('externalauth.authmap');
$authname = $authmap
->get($user
->id(), 'ldap_user');
if ($authname) {
$password_option = \Drupal::config('ldap_authentication.settings')
->get('passwordOption');
return $password_option === 'allow';
}
return TRUE;
}
function ldap_authentication_form_user_login_form_alter(&$form, FormStateInterface $form_state, $form_id) {
_ldap_authentication_login_form_alter($form, $form_state, 'user_login');
}
function ldap_authentication_form_user_login_block_alter(&$form, FormStateInterface $form_state) {
_ldap_authentication_login_form_alter($form, $form_state, 'user_login_block');
}
function ldap_authentication_user_login_authenticate_validate(array $form, FormStateInterface $form_state) {
if ($form_state
->getValue('pass') && $form_state
->getValue('name')) {
$validator = \Drupal::service('ldap_authentication.login_validator');
$form_state = $validator
->validateLogin($form_state);
}
}
function _ldap_authentication_login_form_alter(array &$form, FormStateInterface $form_state, string $form_id) {
$authentication_servers = \Drupal::service('ldap_authentication.servers');
if (!$authentication_servers
->authenticationServersAvailable()) {
return;
}
$config = \Drupal::config('ldap_authentication.settings');
if (is_array($form['#validate']) && $config
->get('authenticationMode')) {
$key = array_search('::validateAuthentication', $form['#validate'], TRUE);
if ($key !== FALSE) {
$form['#validate'][$key] = 'ldap_authentication_core_override_user_login_authenticate_validate';
array_splice($form['#validate'], $key + 1, 0, 'ldap_authentication_user_login_authenticate_validate');
}
}
if ($config
->get('loginUIUsernameTxt')) {
$form['name']['#description'] = $config
->get('loginUIUsernameTxt');
}
if ($config
->get('loginUIPasswordTxt')) {
$form['pass']['#description'] = $config
->get('loginUIPasswordTxt');
}
if ($config
->get('emailTemplateUsageRedirectOnLogin')) {
$form['#submit'][] = 'Drupal\\ldap_authentication\\Routing\\EmailTemplateService::checkForEmailTemplate';
}
}