You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.4 » LoginValidatorLoginForm.php » LoginValidatorLoginForm

public function LoginValidatorLoginForm::testCredentials in Lightweight Directory Access Protocol (LDAP) 8.4

Credentials are tested.

Return value

int Returns the authentication result.

Overrides LoginValidatorInterface::testCredentials

2 calls to LoginValidatorLoginForm::testCredentials()
LoginValidatorLoginForm::processLogin in ldap_authentication/src/Controller/LoginValidatorLoginForm.php
Perform the actual logging in.
LoginValidatorLoginForm::validateCredentialsLoggedIn in ldap_authentication/src/Controller/LoginValidatorLoginForm.php
Check credentials on an signed-in user from the account.

File

ldap_authentication/src/Controller/LoginValidatorLoginForm.php, line 98

Class

LoginValidatorLoginForm
Handles the actual testing of credentials and authentication of users.

Namespace

Drupal\ldap_authentication\Controller

Code

public function testCredentials() : int {
  $authenticationResult = self::AUTHENTICATION_FAILURE_UNKNOWN;
  foreach ($this->authenticationServers
    ->getAvailableAuthenticationServers() as $server) {
    $this->serverDrupalUser = $this->entityTypeManager
      ->getStorage('ldap_server')
      ->load($server);
    $this->ldapBridge
      ->setServer($this->serverDrupalUser);
    $this->detailLog
      ->log('%username: Trying server %id with %bind_method', [
      '%username' => $this->authName,
      '%id' => $this->serverDrupalUser
        ->id(),
      '%bind_method' => $this->serverDrupalUser
        ->getFormattedBind(),
    ], 'ldap_authentication');

    // @todo Verify new usage of CredentialsStorage here.
    $bindResult = $this
      ->bindToServer();
    if ($bindResult !== self::AUTHENTICATION_SUCCESS) {
      $authenticationResult = $bindResult;

      // If bind fails, onto next server.
      continue;
    }

    // Check if user exists in LDAP.
    $this->ldapUserManager
      ->setServer($this->serverDrupalUser);
    $entry = $this->ldapUserManager
      ->queryAllBaseDnLdapForUsername($this->authName);
    if ($entry) {
      $this->ldapUserManager
        ->sanitizeUserDataResponse($entry, $this->authName);
    }
    $this->ldapEntry = $entry;
    if (!$this->ldapEntry) {
      $authenticationResult = self::AUTHENTICATION_FAILURE_FIND;

      // Next server, please.
      continue;
    }
    if (!$this
      ->checkAllowedExcluded($this->authName, $this->ldapEntry)) {
      $authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;

      // Regardless of how many servers, disallowed user fails.
      break;
    }
    if (!$this
      ->testUserPassword()) {
      $authenticationResult = self::AUTHENTICATION_FAILURE_CREDENTIALS;

      // Next server, please.
      continue;
    }
    $authenticationResult = self::AUTHENTICATION_SUCCESS;
    break;
  }
  $this->detailLog
    ->log('%username: Authentication result is "%err_text"', [
    '%username' => $this->authName,
    '%err_text' => $this
      ->authenticationHelpText($authenticationResult) . ' ' . $this
      ->additionalDebuggingResponse($authenticationResult),
  ], 'ldap_authentication');
  if ($authenticationResult !== self::AUTHENTICATION_SUCCESS) {
    $this
      ->failureResponse($authenticationResult);
  }
  return $authenticationResult;
}