You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.4 » ldap_authentication.module

function ldap_authentication_user_pass_validate in Lightweight Directory Access Protocol (LDAP) 8.4

Same name and namespace in other branches
  1. 8.2 ldap_authentication/ldap_authentication.module \ldap_authentication_user_pass_validate()
  2. 8.3 ldap_authentication/ldap_authentication.module \ldap_authentication_user_pass_validate()
  3. 7.2 ldap_authentication/ldap_authentication.module \ldap_authentication_user_pass_validate()
  4. 7 ldap_authentication/ldap_authentication.module \ldap_authentication_user_pass_validate()

Change how password is validated.

Prevents changing of password for LDAP-associated accounts, these fields are already blocked in the form but for password reset this is a necessary check. Non-LDAP accounts should not be affected.

Parameters

array $form: The form.

\Drupal\Core\Form\FormStateInterface $form_state: The form state.

1 string reference to 'ldap_authentication_user_pass_validate'
ldap_authentication_form_user_pass_alter in ldap_authentication/ldap_authentication.module
Implements hook_form_FORM_ID_alter().

File

ldap_authentication/ldap_authentication.module, line 72

Code

function ldap_authentication_user_pass_validate(array &$form, FormStateInterface $form_state) {
  $config = \Drupal::config('ldap_authentication.settings');
  if ($config
    ->get('passwordOption') === 'allow') {

    // Password field has not been disabled, reset is generally allowed.
    return;
  }
  $user_storage = \Drupal::entityTypeManager()
    ->getStorage('user');
  $name_or_mail = trim($form_state
    ->getValue('name'));
  $users = $user_storage
    ->loadByProperties([
    'mail' => $name_or_mail,
  ]);
  $account = $users ? reset($users) : FALSE;
  if (!$account) {
    $users = $user_storage
      ->loadByProperties([
      'name' => $name_or_mail,
    ]);
    $account = $users ? reset($users) : FALSE;
  }
  if (!$account) {

    // Fall through to regular user-not-found message and associated checks.
    return;
  }

  /** @var \Drupal\externalauth\Authmap $authmap */
  $authmap = \Drupal::service('externalauth.authmap');
  $authname = $authmap
    ->get($account
    ->id(), 'ldap_user');
  if ($authname) {

    // It's an LDAP account and hide/disable is on, throw a validation error.
    if ($config
      ->get('ldapUserHelpLinkUrl')) {
      $form_state
        ->setErrorByName('name', t('You may not reset your password here. You must reset your password via the directions at <a href=":url">@text</a>.', [
        ':url' => $config
          ->get('ldapUserHelpLinkUrl'),
        '@text' => $config
          ->get('ldapUserHelpLinkText'),
      ]));
    }
    else {
      $form_state
        ->setErrorByName('name', t("You may not reset your password here. You must reset your password via one of your organization's password management sites."));
    }
  }
}