private function LoginValidator::provisionDrupalUser in Lightweight Directory Access Protocol (LDAP) 8.3
Provision the Drupal user.
Return value
bool Provisioning successful.
2 calls to LoginValidator::provisionDrupalUser()
- LoginValidator::processLogin in ldap_authentication/
src/ Controller/ LoginValidator.php - Perform the actual logging in.
- LoginValidator::processSsoLogin in ldap_authentication/
src/ Controller/ LoginValidator.php - Processes an SSO login.
File
- ldap_authentication/
src/ Controller/ LoginValidator.php, line 911
Class
- LoginValidator
- Handles the actual testing of credentials and authentication of users.
Namespace
Drupal\ldap_authentication\ControllerCode
private function provisionDrupalUser() {
// Do not provision Drupal account if another account has same email.
if ($accountDuplicateMail = user_load_by_mail($this->ldapUser['mail'])) {
$emailAvailable = FALSE;
if ($this->config
->get('emailTemplateUsageResolveConflict') && !$this->emailTemplateUsed) {
$this->detailLog
->log('Conflict detected, using template generated email for %username', [
'%duplicate_name' => $accountDuplicateMail
->getAccountName(),
], 'ldap_authentication');
$this
->replaceUserMailWithTemplate();
$this->emailTemplateUsed = TRUE;
// Recheck with the template email to make sure it doesn't also exist.
if ($accountDuplicateMail = user_load_by_mail($this->ldapUser['mail'])) {
$emailAvailable = FALSE;
}
else {
$emailAvailable = TRUE;
}
}
if (!$emailAvailable) {
/*
* Username does not exist but email does. Since
* user_external_login_register does not deal with mail attribute and
* the email conflict error needs to be caught beforehand, need to throw
* error here.
*/
$this->logger
->error('LDAP user with DN %dn has email address (%mail) conflict with a Drupal user %duplicate_name', [
'%dn' => $this->ldapUser['dn'],
'%duplicate_name' => $accountDuplicateMail
->getAccountName(),
]);
drupal_set_message($this
->t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
return FALSE;
}
}
// Do not provision Drupal account if provisioning disabled.
if (!LdapConfiguration::provisionAvailableToDrupal(self::PROVISION_DRUPAL_USER_ON_USER_AUTHENTICATION)) {
$this->logger
->error('Drupal account for authname=%authname does not exist and provisioning of Drupal accounts on authentication is not enabled', [
'%authname' => $this->authName,
]);
return FALSE;
}
/*
* New ldap_authentication provisioned account could let
* user_external_login_register create the account and set authmaps, but
* would need to add mail and any other user->data data in hook_user_presave
* which would mean requerying LDAP or having a global variable. At this
* point the account does not exist, so there is no reason not to create
* it here.
*/
if ($this->configFactory
->get('ldap_user.settings')
->get('acctCreation') == self::ACCOUNT_CREATION_USER_SETTINGS_FOR_LDAP && $this->configFactory
->get('user.settings')
->get('register') == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
// If admin approval required, set status to 0.
$user_values = [
'name' => $this->drupalUserName,
'status' => 0,
];
}
else {
$user_values = [
'name' => $this->drupalUserName,
'status' => 1,
];
}
if ($this->emailTemplateUsed) {
$user_values['mail'] = $this->ldapUser['mail'];
}
$processor = new DrupalUserProcessor();
$result = $processor
->provisionDrupalAccount($user_values);
if (!$result) {
$this->logger
->error('Failed to find or create %drupal_accountname on logon.', [
'%drupal_accountname' => $this->drupalUserName,
]);
if ($this->formState) {
$this->formState
->setErrorByName('name', $this
->t('Server Error: Failed to create Drupal user account for %drupal_accountname', [
'%drupal_accountname' => $this->drupalUserName,
]));
}
return FALSE;
}
else {
$this->drupalUser = $processor
->getUserAccount();
return TRUE;
}
}