public function LoginValidatorSso::testCredentials in Lightweight Directory Access Protocol (LDAP) 8.4
@todo Reduce code duplication w/ LoginValidator, split this function up.
Overrides LoginValidatorInterface::testCredentials
1 call to LoginValidatorSso::testCredentials()
- LoginValidatorSso::processLogin in ldap_authentication/
src/ Controller/ LoginValidatorSso.php - Perform the actual logging in.
File
- ldap_authentication/
src/ Controller/ LoginValidatorSso.php, line 65
Class
- LoginValidatorSso
- Handles the actual testing of credentials and authentication of users.
Namespace
Drupal\ldap_authentication\ControllerCode
public function testCredentials() : int {
$authenticationResult = self::AUTHENTICATION_FAILURE_UNKNOWN;
foreach ($this->authenticationServers
->getAvailableAuthenticationServers() as $server) {
$this->serverDrupalUser = $this->entityTypeManager
->getStorage('ldap_server')
->load($server);
$this->ldapBridge
->setServer($this->serverDrupalUser);
$this->detailLog
->log('%username: Trying server %id with %bind_method', [
'%username' => $this->authName,
'%id' => $this->serverDrupalUser
->id(),
'%bind_method' => $this->serverDrupalUser
->getFormattedBind(),
], 'ldap_authentication');
// @todo Verify new usage of CredentialsStorage here.
$bindResult = $this
->bindToServer();
if ($bindResult !== self::AUTHENTICATION_SUCCESS) {
$authenticationResult = $bindResult;
// If bind fails, onto next server.
continue;
}
// Check if user exists in LDAP.
$this->ldapUserManager
->setServer($this->serverDrupalUser);
$entry = $this->ldapUserManager
->queryAllBaseDnLdapForUsername($this->authName);
if ($entry) {
$this->ldapUserManager
->sanitizeUserDataResponse($entry, $this->authName);
}
$this->ldapEntry = $entry;
if (!$this->ldapEntry) {
$authenticationResult = self::AUTHENTICATION_FAILURE_FIND;
// Next server, please.
continue;
}
if (!$this
->checkAllowedExcluded($this->authName, $this->ldapEntry)) {
$authenticationResult = self::AUTHENTICATION_FAILURE_DISALLOWED;
// Regardless of how many servers, disallowed user fails.
break;
}
$authenticationResult = self::AUTHENTICATION_SUCCESS;
break;
}
$this->detailLog
->log('%username: Authentication result is "%err_text"', [
'%username' => $this->authName,
'%err_text' => $this
->authenticationHelpText($authenticationResult) . ' ' . $this
->additionalDebuggingResponse($authenticationResult),
], 'ldap_authentication');
return $authenticationResult;
}