LoginValidatorSso.php in Lightweight Directory Access Protocol (LDAP) 8.4
File
ldap_authentication/src/Controller/LoginValidatorSso.php
View source
<?php
declare (strict_types=1);
namespace Drupal\ldap_authentication\Controller;
class LoginValidatorSso extends LoginValidatorBase {
public function setAuthname(string $authname) : void {
$this->authName = $authname;
}
public function processLogin() : void {
if (!$this
->validateCommonLoginConstraints()) {
return;
}
if ($this
->testCredentials() !== self::AUTHENTICATION_SUCCESS) {
return;
}
if (!$this
->deriveDrupalUserName()) {
return;
}
if (!$this->drupalUser && $this->serverDrupalUser) {
$this
->updateAuthNameFromPuid();
}
if ($this->drupalUser && !$this->drupalUserAuthMapped) {
if (!$this
->matchExistingUserWithLdap()) {
return;
}
}
$this
->fixOutdatedEmailAddress();
if (!$this->drupalUser) {
$this
->provisionDrupalUser();
}
}
public function testCredentials() : int {
$authenticationResult = self::AUTHENTICATION_FAILURE_UNKNOWN;
foreach ($this->authenticationServers
->getAvailableAuthenticationServers() as $server) {
$this->serverDrupalUser = $this->entityTypeManager
->getStorage('ldap_server')
->load($server);
$this->ldapBridge
->setServer($this->serverDrupalUser);
$this->detailLog
->log('%username: Trying server %id with %bind_method', [
'%username' => $this->authName,
'%id' => $this->serverDrupalUser
->id(),
'%bind_method' => $this->serverDrupalUser
->getFormattedBind(),
], 'ldap_authentication');
$bindResult = $this
->bindToServer();
if ($bindResult !== self::AUTHENTICATION_SUCCESS) {
$authenticationResult = $bindResult;
continue;
}
$this->ldapUserManager
->setServer($this->serverDrupalUser);
$entry = $this->ldapUserManager
->queryAllBaseDnLdapForUsername($this->authName);
if ($entry) {
$this->ldapUserManager
->sanitizeUserDataResponse($entry, $this->authName);
}
$this->ldapEntry = $entry;
if (!$this->ldapEntry) {
$authenticationResult = self::AUTHENTICATION_FAILURE_FIND;
continue;
}
if (!$this
->checkAllowedExcluded($this->authName, $this->ldapEntry)) {
$authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;
break;
}
$authenticationResult = self::AUTHENTICATION_SUCCESS;
break;
}
$this->detailLog
->log('%username: Authentication result is "%err_text"', [
'%username' => $this->authName,
'%err_text' => $this
->authenticationHelpText($authenticationResult) . ' ' . $this
->additionalDebuggingResponse($authenticationResult),
], 'ldap_authentication');
return $authenticationResult;
}
protected function bindToServerAsUser() : int {
$this->logger
->error('Trying to use SSO with user bind method.');
return self::AUTHENTICATION_FAILURE_CREDENTIALS;
}
}
Classes
Name |
Description |
LoginValidatorSso |
Handles the actual testing of credentials and authentication of users. |