public function LoginValidator::processSsoLogin in Lightweight Directory Access Protocol (LDAP) 8.3
Processes an SSO login.
@Todo: Postprocessing could be wrapped in a function, identical in processLogin(). @TODO: Return values aren't actually reviewed, can be simplified.
Parameters
string $authName: The provided authentication name.
File
- ldap_authentication/
src/ Controller/ LoginValidator.php, line 178
Class
- LoginValidator
- Handles the actual testing of credentials and authentication of users.
Namespace
Drupal\ldap_authentication\ControllerCode
public function processSsoLogin($authName) {
$this->authName = $authName;
if (!$this
->validateCommonLoginConstraints()) {
return FALSE;
}
$credentialsAuthenticationResult = $this
->testSsoCredentials($this->authName);
if ($credentialsAuthenticationResult == self::AUTHENTICATION_FAILURE_FIND && $this->config
->get('authenticationMode') == LdapAuthenticationConfiguration::MODE_EXCLUSIVE) {
$this->formState
->setErrorByName('non_ldap_login_not_allowed', $this
->t('User disallowed'));
}
if ($credentialsAuthenticationResult != self::AUTHENTICATION_SUCCESS) {
return FALSE;
}
if (!$this
->deriveDrupalUserName()) {
return FALSE;
}
// We now have an LDAP account, matching username and password and the
// reference Drupal user.
if (!$this->drupalUser && $this->serverDrupalUser) {
$this
->updateAuthNameFromPuid();
}
// Existing Drupal but not mapped to LDAP.
if ($this->drupalUser && !$this->drupalUserAuthMapped) {
if (!$this
->matchExistingUserWithLdap()) {
return FALSE;
}
}
// Existing Drupal account with incorrect email. Fix email if appropriate.
$this
->fixOutdatedEmailAddress();
// No existing Drupal account. Consider provisioning Drupal account.
if (!$this->drupalUser) {
if (!$this
->provisionDrupalUser()) {
return FALSE;
}
}
return TRUE;
}