protected function LoginValidatorBase::verifyUserAllowed in Lightweight Directory Access Protocol (LDAP) 8.4

Verifies whether the user is available or can be created.

@todo This duplicates DrupalUserProcessor->excludeUser().

Return value

bool Whether to allow user login.

1 call to LoginValidatorBase::verifyUserAllowed()

LoginValidatorBase::validateCommonLoginConstraints in ldap_authentication/src/Controller/LoginValidatorBase.php

Validate common login constraints for user.

File

ldap_authentication/src/Controller/LoginValidatorBase.php, line 307

Class

LoginValidatorBase

Handles the actual testing of credentials and authentication of users.

Namespace

Drupal\ldap_authentication\Controller

Code

protected function verifyUserAllowed() : bool {
  if ($this->config
    ->get('skipAdministrators')) {
    $admin_roles = $this->entityTypeManager
      ->getStorage('user_role')
      ->getQuery()
      ->condition('is_admin', TRUE)
      ->execute();
    if (!empty(array_intersect($this->drupalUser
      ->getRoles(), $admin_roles))) {
      $this->detailLog
        ->log('%username: Drupal user name maps to an administrative user and this group is excluded from LDAP authentication.', [
        '%username' => $this->authName,
      ], 'ldap_authentication');
      return FALSE;
    }
  }

  // Exclude users who have been manually flagged as excluded.
  if ($this->drupalUser
    ->get('ldap_user_ldap_exclude')
    ->getString() === '1') {
    $this->detailLog
      ->log('%username: User flagged as excluded.', [
      '%username' => $this->authName,
    ], 'ldap_authentication');
    return FALSE;
  }

  // Everyone else is allowed.
  $this->detailLog
    ->log('%username: Drupal user account found. Continuing on to attempt LDAP authentication.', [
    '%username' => $this->authName,
  ], 'ldap_authentication');
  return TRUE;
}