You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.3 » LoginValidator.php » LoginValidator

private function LoginValidator::processLogin in Lightweight Directory Access Protocol (LDAP) 8.3

Perform the actual logging in.

@TODO: Return values aren't actually reviewed, can be simplified.

Return value

bool Success or failure of authentication.

1 call to LoginValidator::processLogin()
LoginValidator::validateLogin in ldap_authentication/src/Controller/LoginValidator.php
Starts login process.

File

ldap_authentication/src/Controller/LoginValidator.php, line 114

Class

LoginValidator
Handles the actual testing of credentials and authentication of users.

Namespace

Drupal\ldap_authentication\Controller

Code

private function processLogin() {
  if (!$this
    ->validateAlreadyAuthenticated()) {
    return FALSE;
  }
  if (!$this
    ->validateCommonLoginConstraints()) {
    return FALSE;
  }
  $credentialsAuthenticationResult = $this
    ->testCredentials($this->formState
    ->getValue('pass'));
  if ($credentialsAuthenticationResult == self::AUTHENTICATION_FAILURE_FIND && $this->config
    ->get('authenticationMode') == LdapAuthenticationConfiguration::MODE_EXCLUSIVE) {
    $this->formState
      ->setErrorByName('non_ldap_login_not_allowed', $this
      ->t('User disallowed'));
  }
  if ($credentialsAuthenticationResult != self::AUTHENTICATION_SUCCESS) {
    return FALSE;
  }
  if (!$this
    ->deriveDrupalUserName()) {
    return FALSE;
  }

  // We now have an LDAP account, matching username and password and the
  // reference Drupal user.
  if (!$this->drupalUser && $this->serverDrupalUser) {
    $this
      ->updateAuthNameFromPuid();
  }

  // Existing Drupal but not mapped to LDAP.
  if ($this->drupalUser && !$this->drupalUserAuthMapped) {
    if (!$this
      ->matchExistingUserWithLdap()) {
      return FALSE;
    }
  }

  // Existing Drupal account with incorrect email. Fix email if appropriate.
  $this
    ->fixOutdatedEmailAddress();

  // No existing Drupal account. Consider provisioning Drupal account.
  if (!$this->drupalUser) {
    if (!$this
      ->provisionDrupalUser()) {
      return FALSE;
    }
  }

  // All passed, log the user in by handing over the UID.
  if ($this->drupalUser) {
    $this->formState
      ->set('uid', $this->drupalUser
      ->id());
  }
  return TRUE;
}