LoginValidatorLoginForm.php in Lightweight Directory Access Protocol (LDAP) 8.4
File
ldap_authentication/src/Controller/LoginValidatorLoginForm.php
View source
<?php
declare (strict_types=1);
namespace Drupal\ldap_authentication\Controller;
use Drupal\Core\Form\FormStateInterface;
use Drupal\user\UserInterface;
class LoginValidatorLoginForm extends LoginValidatorBase {
public function validateLogin(FormStateInterface $form_state) : FormStateInterface {
$this->authName = trim($form_state
->getValue('name') ?? '');
$this->formState = $form_state;
$this->detailLog
->log('%auth_name : Beginning authentication', [
'%auth_name' => $this->authName,
], 'ldap_authentication');
$this
->processLogin();
return $this->formState;
}
public function processLogin() : void {
if ($this
->userAlreadyAuthenticated()) {
return;
}
if (!$this
->validateCommonLoginConstraints()) {
return;
}
$credentialsAuthenticationResult = $this
->testCredentials();
if ($credentialsAuthenticationResult === self::AUTHENTICATION_FAILURE_FIND && $this->config
->get('authenticationMode') === 'exclusive') {
$this->formState
->setErrorByName('non_ldap_login_not_allowed', $this
->t('User disallowed'));
}
if ($credentialsAuthenticationResult !== self::AUTHENTICATION_SUCCESS) {
return;
}
if (!$this
->deriveDrupalUserName()) {
return;
}
if (!$this->drupalUser && $this->serverDrupalUser) {
$this
->updateAuthNameFromPuid();
}
if ($this->drupalUser && !$this->drupalUserAuthMapped) {
if (!$this
->matchExistingUserWithLdap()) {
return;
}
}
$this
->fixOutdatedEmailAddress();
if (!$this->drupalUser) {
if (!$this
->provisionDrupalUser()) {
return;
}
}
if ($this->drupalUser) {
$this->formState
->set('uid', $this->drupalUser
->id());
}
}
public function testCredentials() : int {
$authenticationResult = self::AUTHENTICATION_FAILURE_UNKNOWN;
foreach ($this->authenticationServers
->getAvailableAuthenticationServers() as $server) {
$this->serverDrupalUser = $this->entityTypeManager
->getStorage('ldap_server')
->load($server);
$this->ldapBridge
->setServer($this->serverDrupalUser);
$this->detailLog
->log('%username: Trying server %id with %bind_method', [
'%username' => $this->authName,
'%id' => $this->serverDrupalUser
->id(),
'%bind_method' => $this->serverDrupalUser
->getFormattedBind(),
], 'ldap_authentication');
$bindResult = $this
->bindToServer();
if ($bindResult !== self::AUTHENTICATION_SUCCESS) {
$authenticationResult = $bindResult;
continue;
}
$this->ldapUserManager
->setServer($this->serverDrupalUser);
$entry = $this->ldapUserManager
->queryAllBaseDnLdapForUsername($this->authName);
if ($entry) {
$this->ldapUserManager
->sanitizeUserDataResponse($entry, $this->authName);
}
$this->ldapEntry = $entry;
if (!$this->ldapEntry) {
$authenticationResult = self::AUTHENTICATION_FAILURE_FIND;
continue;
}
if (!$this
->checkAllowedExcluded($this->authName, $this->ldapEntry)) {
$authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;
break;
}
if (!$this
->testUserPassword()) {
$authenticationResult = self::AUTHENTICATION_FAILURE_CREDENTIALS;
continue;
}
$authenticationResult = self::AUTHENTICATION_SUCCESS;
break;
}
$this->detailLog
->log('%username: Authentication result is "%err_text"', [
'%username' => $this->authName,
'%err_text' => $this
->authenticationHelpText($authenticationResult) . ' ' . $this
->additionalDebuggingResponse($authenticationResult),
], 'ldap_authentication');
if ($authenticationResult !== self::AUTHENTICATION_SUCCESS) {
$this
->failureResponse($authenticationResult);
}
return $authenticationResult;
}
protected function userAlreadyAuthenticated() : bool {
if (!empty($this->formState
->get('uid'))) {
if ($this->config
->get('authenticationMode') === 'mixed') {
$this->detailLog
->log('%username: Previously authenticated in mixed mode, pass on validation.', [
'%username' => $this->authName,
], 'ldap_authentication');
return TRUE;
}
}
return FALSE;
}
public function validateCredentialsLoggedIn(UserInterface $account) : int {
$this->drupalUser = $account;
$data = $this->externalAuth
->getAuthData($account
->id(), 'ldap_user');
if (!empty($data) && $data['authname']) {
$this->authName = $data['authname'];
$this->drupalUserAuthMapped = TRUE;
}
$this->detailLog
->log('%auth_name : Testing existing credentials authentication', [
'%auth_name' => $this->authName,
], 'ldap_authentication');
return $this
->testCredentials();
}
}