You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.4 » LoginValidatorSso.php

class LoginValidatorSso in Lightweight Directory Access Protocol (LDAP) 8.4

Handles the actual testing of credentials and authentication of users.

Hierarchy

Expanded class hierarchy of LoginValidatorSso

1 string reference to 'LoginValidatorSso'
ldap_authentication.services.yml in ldap_authentication/ldap_authentication.services.yml
ldap_authentication/ldap_authentication.services.yml
1 service uses LoginValidatorSso
ldap_authentication.login_validator_sso in ldap_authentication/ldap_authentication.services.yml
\Drupal\ldap_authentication\Controller\LoginValidatorSso

File

ldap_authentication/src/Controller/LoginValidatorSso.php, line 10

Namespace

Drupal\ldap_authentication\Controller
View source 
class LoginValidatorSso extends LoginValidatorBase {

  /**
   * Set authname.
   *
   * @param string $authname
   *   Authname.
   */
  public function setAuthname(string $authname) : void {
    $this->authName = $authname;
  }

  /**
   * {@inheritdoc}
   */
  public function processLogin() : void {
    if (!$this
      ->validateCommonLoginConstraints()) {
      return;
    }
    if ($this
      ->testCredentials() !== self::AUTHENTICATION_SUCCESS) {
      return;
    }
    if (!$this
      ->deriveDrupalUserName()) {
      return;
    }

    // We now have an LDAP account, matching username and password and the
    // reference Drupal user.
    if (!$this->drupalUser && $this->serverDrupalUser) {
      $this
        ->updateAuthNameFromPuid();
    }

    // Existing Drupal but not mapped to LDAP.
    if ($this->drupalUser && !$this->drupalUserAuthMapped) {
      if (!$this
        ->matchExistingUserWithLdap()) {
        return;
      }
    }

    // Existing Drupal account with incorrect email. Fix email if appropriate.
    $this
      ->fixOutdatedEmailAddress();
    if (!$this->drupalUser) {

      // No existing Drupal account, try provisioning Drupal account.
      $this
        ->provisionDrupalUser();
    }
  }

  /**
   * {@inheritdoc}
   *
   * @todo Reduce code duplication w/ LoginValidator, split this function up.
   */
  public function testCredentials() : int {
    $authenticationResult = self::AUTHENTICATION_FAILURE_UNKNOWN;
    foreach ($this->authenticationServers
      ->getAvailableAuthenticationServers() as $server) {
      $this->serverDrupalUser = $this->entityTypeManager
        ->getStorage('ldap_server')
        ->load($server);
      $this->ldapBridge
        ->setServer($this->serverDrupalUser);
      $this->detailLog
        ->log('%username: Trying server %id with %bind_method', [
        '%username' => $this->authName,
        '%id' => $this->serverDrupalUser
          ->id(),
        '%bind_method' => $this->serverDrupalUser
          ->getFormattedBind(),
      ], 'ldap_authentication');

      // @todo Verify new usage of CredentialsStorage here.
      $bindResult = $this
        ->bindToServer();
      if ($bindResult !== self::AUTHENTICATION_SUCCESS) {
        $authenticationResult = $bindResult;

        // If bind fails, onto next server.
        continue;
      }

      // Check if user exists in LDAP.
      $this->ldapUserManager
        ->setServer($this->serverDrupalUser);
      $entry = $this->ldapUserManager
        ->queryAllBaseDnLdapForUsername($this->authName);
      if ($entry) {
        $this->ldapUserManager
          ->sanitizeUserDataResponse($entry, $this->authName);
      }
      $this->ldapEntry = $entry;
      if (!$this->ldapEntry) {
        $authenticationResult = self::AUTHENTICATION_FAILURE_FIND;

        // Next server, please.
        continue;
      }
      if (!$this
        ->checkAllowedExcluded($this->authName, $this->ldapEntry)) {
        $authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;

        // Regardless of how many servers, disallowed user fails.
        break;
      }
      $authenticationResult = self::AUTHENTICATION_SUCCESS;
      break;
    }
    $this->detailLog
      ->log('%username: Authentication result is "%err_text"', [
      '%username' => $this->authName,
      '%err_text' => $this
        ->authenticationHelpText($authenticationResult) . ' ' . $this
        ->additionalDebuggingResponse($authenticationResult),
    ], 'ldap_authentication');
    return $authenticationResult;
  }

  /**
   * Bind to server.
   *
   * @return int
   *   Success or failure result.
   */
  protected function bindToServerAsUser() : int {
    $this->logger
      ->error('Trying to use SSO with user bind method.');
    return self::AUTHENTICATION_FAILURE_CREDENTIALS;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
LdapUserAttributesInterface::ACCOUNT_CREATION_LDAP_BEHAVIOUR public constant Event config.
LdapUserAttributesInterface::ACCOUNT_CREATION_USER_SETTINGS_FOR_LDAP public constant Config.
LdapUserAttributesInterface::EVENT_CREATE_DRUPAL_USER public constant Event config.
LdapUserAttributesInterface::EVENT_CREATE_LDAP_ENTRY public constant Event config.
LdapUserAttributesInterface::EVENT_LDAP_ASSOCIATE_DRUPAL_USER public constant Event config.
LdapUserAttributesInterface::EVENT_SYNC_TO_DRUPAL_USER public constant Event config.
LdapUserAttributesInterface::EVENT_SYNC_TO_LDAP_ENTRY public constant Event config.
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_LDAP_ASSOCIATE public constant Config.
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_NO_LDAP_ASSOCIATE public constant Config.
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_REJECT public constant Config.
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_SHOW_OPTION_ON_FORM public constant Config.
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_AUTHENTICATION public constant Provision config.
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_ON_MANUAL_CREATION public constant Provision config.
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_UPDATE_CREATE public constant Provision config.
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_AUTHENTICATION public constant Provision config.
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_DELETE public constant Provision config.
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_UPDATE_CREATE public constant Provision config.
LdapUserAttributesInterface::PROVISION_TO_ALL constant Provision config.
LdapUserAttributesInterface::PROVISION_TO_DRUPAL public constant Provision config.
LdapUserAttributesInterface::PROVISION_TO_LDAP public constant Provision config.
LdapUserAttributesInterface::PROVISION_TO_NONE public constant Provision config.
LdapUserAttributesInterface::USER_CONFLICT_ATTEMPT_RESOLVE public constant Config.
LdapUserAttributesInterface::USER_CONFLICT_LOG public constant Config.
LoginValidatorBase::$authenticationServers protected property Authentication servers.
LoginValidatorBase::$authName protected property Authname.
LoginValidatorBase::$config protected property Config.
LoginValidatorBase::$configFactory protected property Config factory.
LoginValidatorBase::$detailLog protected property Detail log.
LoginValidatorBase::$drupalUser protected property The Drupal user.
LoginValidatorBase::$drupalUserAuthMapped protected property Whether the external authmap is linked with the user.
LoginValidatorBase::$drupalUserName protected property Drupal User name.
LoginValidatorBase::$drupalUserProcessor protected property Drupal User Processor.
LoginValidatorBase::$emailTemplateTokens protected property Email template tokens.
LoginValidatorBase::$emailTemplateUsed protected property Email template used.
LoginValidatorBase::$entityTypeManager protected property Entity type Manager.
LoginValidatorBase::$externalAuth protected property External authentication mapper.
LoginValidatorBase::$formState protected property Form State.
LoginValidatorBase::$ldapBridge protected property LDAP bridge.
LoginValidatorBase::$ldapEntry protected property LDAP Entry.
LoginValidatorBase::$ldapUserManager protected property LDAP User Manager.
LoginValidatorBase::$logger protected property Logger.
LoginValidatorBase::$messenger protected property Messenger.
LoginValidatorBase::$moduleHandler protected property Module handler.
LoginValidatorBase::$serverDrupalUser protected property The Server for the Drupal user.
LoginValidatorBase::additionalDebuggingResponse protected function Provides formatting for authentication failures.
LoginValidatorBase::authenticationHelpText protected function Get human readable authentication error string.
LoginValidatorBase::AUTHENTICATION_FAILURE_BIND public constant Failure value.
LoginValidatorBase::AUTHENTICATION_FAILURE_CREDENTIALS public constant Failure value.
LoginValidatorBase::AUTHENTICATION_FAILURE_DISALLOWED public constant Failure value.
LoginValidatorBase::AUTHENTICATION_FAILURE_FIND public constant Failure value.
LoginValidatorBase::AUTHENTICATION_FAILURE_UNKNOWN public constant Failure value.
LoginValidatorBase::AUTHENTICATION_SUCCESS public constant Success value.
LoginValidatorBase::bindToServer protected function Bind to server.
LoginValidatorBase::checkAllowedExcluded public function Check if exclusion criteria match. Overrides LoginValidatorInterface::checkAllowedExcluded
LoginValidatorBase::deriveDrupalUserName protected function Derives the Drupal user name from server configuration.
LoginValidatorBase::failureResponse protected function Failure response.
LoginValidatorBase::fixOutdatedEmailAddress protected function Update an outdated email address.
LoginValidatorBase::getDrupalUser public function Returns the derived user account. Overrides LoginValidatorInterface::getDrupalUser
LoginValidatorBase::initializeDrupalUserFromAuthName protected function Determine if the corresponding Drupal account exists and is mapped.
LoginValidatorBase::matchExistingUserWithLdap protected function Match existing user with LDAP.
LoginValidatorBase::prepareEmailTemplateToken protected function Prepare the email template token.
LoginValidatorBase::provisionDrupalUser protected function Provision the Drupal user.
LoginValidatorBase::replaceUserMailWithTemplate protected function Replace user email address with template.
LoginValidatorBase::testUserPassword protected function Tests the user's password.
LoginValidatorBase::updateAuthNameFromPuid protected function Update the authName if it's no longer valid.
LoginValidatorBase::validateCommonLoginConstraints protected function Validate common login constraints for user.
LoginValidatorBase::verifyAccountCreation protected function Verifies whether the user is available or can be created.
LoginValidatorBase::verifyUserAllowed protected function Verifies whether the user is available or can be created.
LoginValidatorBase::__construct public function Constructor.
LoginValidatorSso::bindToServerAsUser protected function Bind to server. Overrides LoginValidatorBase::bindToServerAsUser
LoginValidatorSso::processLogin public function Perform the actual logging in. Overrides LoginValidatorInterface::processLogin
LoginValidatorSso::setAuthname public function Set authname.
LoginValidatorSso::testCredentials public function @todo Reduce code duplication w/ LoginValidator, split this function up. Overrides LoginValidatorInterface::testCredentials
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.