You are here

Home » API reference » OpenID Connect / OAuth client 2.x

openid_connect.module in OpenID Connect / OAuth client 2.x

Same filename and directory in other branches
  1. 8 openid_connect.module
  2. 7 openid_connect.module

Hook implementations of the OpenID Connect module.

File

openid_connect.module
View source 
<?php

/**
 * @file
 * Hook implementations of the OpenID Connect module.
 */

/* @noinspection PhpUnnecessaryFullyQualifiedNameInspection */

/* @noinspection PhpUnused */
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\Core\Url;

/**
 * Implements hook_help().
 */
function openid_connect_help($route_name, RouteMatchInterface $route_match) : string {
  $output = '';
  switch ($route_name) {

    // Main module help for the keycloak module.
    case 'help.page.openid_connect':
      $output .= '<h3>' . t('About') . '</h3>';
      $output .= '<p>' . t('A pluggable client implementation for the OpenID Connect protocol. You can enable available OpenID Connect clients within the <a href=":settings">OpenID Connect settings</a> page. For more information, see the <a href=":documentation">online documentation for the OpenID Connect module</a>.', [
        ':settings' => Url::fromRoute('openid_connect.admin_settings')
          ->toString(),
        ':documentation' => 'https://www.drupal.org/docs/8/modules/openid-connect',
      ]) . '</p>';
      $output .= '<h3>' . t('Uses') . '</h3>';
      $output .= '<dl>';
      $output .= '<dt>' . t('Login to Drupal using OpenID Connect/OAuth2 providers') . '</dt>';
      $output .= '<dd>' . t('Drupal users can use external OpenID Connect authentication providers to register and login to the Drupal site.') . '</dd>';
      $output .= '<dt>' . t('Default providers') . '</dt>';
      $output .= '<dd>' . t('The default clients provided by the module for Google, Facebook, Github, LinkedIn and Okta can be used out-of-the box.') . '</dd>';
      $output .= '<dt>' . t('Custom OpenID Connect/OAuth2 providers') . '</dt>';
      $output .= '<dd>' . t('Easily add an own provider by using the provided Generic client, or use a custom provider client plugin.') . '</dd>';
      $output .= '<dt>' . t('Synchronize user properties/fields with OpenID Connect claims') . '</dt>';
      $output .= '<dd>' . t("During login and user registration user attributes can optionally be synchronized with the OpenID Connect claims mapping.") . '</dd>';
      $output .= '</dl>';
  }
  return $output;
}

/**
 * Implements hook_entity_property_info_alter().
 */
function openid_connect_entity_property_info_alter(&$info) {
  $properties =& $info['user']['properties'];
  if (!isset($properties['timezone'])) {

    // Adds the missing timezone property.
    $properties['timezone'] = [
      'label' => t('Time zone'),
      'description' => t("The user's time zone."),
      'options list' => 'system_time_zones',
      'getter callback' => 'entity_property_verbatim_get',
      'setter callback' => 'entity_property_verbatim_set',
      'schema field' => 'timezone',
    ];
  }
}

/**
 * Implements hook_user_cancel().
 */
function openid_connect_user_cancel($edit, $account, $method) {

  /** @var \Drupal\externalauth\AuthmapInterface $authmap */
  $authmap = \Drupal::service('externalauth.authmap');
  $authmap
    ->delete($account
    ->id());
}

/**
 * Implements hook_user_format_name_alter().
 */
function openid_connect_user_format_name_alter(&$name, $account) {

  // Ensure that usernames are not displayed if they are email addresses, or if
  // they are generated names starting with 'oidc_'.
  $oidc_name = \Drupal::service('user.data')
    ->get('openid_connect', $account
    ->id(), 'oidc_name');
  if (!empty($oidc_name) && strpos($name, 'oidc_') !== 0 && strpos($name, '@') !== FALSE) {
    $name = $oidc_name;
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for user_form.
 */
function openid_connect_form_user_form_alter(&$form, &$form_state) {

  // Whether the current user is allowed to change its password.
  if (\Drupal::service('openid_connect.openid_connect')
    ->hasSetPasswordAccess()) {
    return;
  }
  if (isset($form['account'])) {
    $account_form =& $form['account'];
  }
  else {
    $account_form =& $form;
  }
  $account_form['current_pass']['#access'] = FALSE;
  $account_form['current_pass_required_values']['#value'] = [];
  $account_form['pass']['#access'] = FALSE;
  $account_form['pass']['#required'] = FALSE;
}

/**
 * Implements hook_form_FORM_ID_alter() for user_profile_form.
 */
function openid_connect_form_user_profile_form_alter(&$form, &$form_state) {
  if (isset($form['account'])) {
    $account_form =& $form['account'];
  }
  else {
    $account_form =& $form;
  }
  $account = \Drupal::currentUser();
  if (!empty($account_form['pass']['#access']) && !\Drupal::service('openid_connect.openid_connect')
    ->hasSetPasswordAccess($account)) {
    $account_form['current_pass']['#access'] = FALSE;
    $account_form['current_pass_required_values']['#value'] = [];
    $account_form['pass']['#access'] = FALSE;
  }
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function openid_connect_form_user_pass_alter(array &$form, FormStateInterface &$form_state) {
  $form['#validate'][] = '_openid_connect_user_pass_form_validate';
}

/**
 * Validate user password reset form on existing connections with openid.
 *
 * @param array $form
 *   An associative array containing the structure of the form.
 * @param \Drupal\Core\Form\FormStateInterface $form_state
 *   The current state of the form.
 */
function _openid_connect_user_pass_form_validate(array &$form, FormStateInterface $form_state) {
  $name = $form_state
    ->getValue('name');
  if (empty($name)) {
    return;
  }

  // Try to load by email.
  $user = user_load_by_mail($name);
  if (empty($user)) {

    // No success, try to load by name.
    $user = user_load_by_name($name);
  }
  if (!empty($user) && !\Drupal::service('openid_connect.openid_connect')
    ->hasSetPasswordAccess($user)) {
    $form_state
      ->setErrorByName('name', t('%name is connected to an external authentication system.', [
      '%name' => $name,
    ]));
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for user_login_form.
 */
function openid_connect_form_user_login_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  $user_login_display = \Drupal::config('openid_connect.settings')
    ->get('user_login_display');
  if ($user_login_display != 'hidden') {
    $openid_form = \Drupal::formBuilder()
      ->getForm('Drupal\\openid_connect\\Form\\OpenIDConnectLoginForm');
    switch ($user_login_display) {
      case 'above':
        $form['#prefix'] = \Drupal::service('renderer')
          ->render($openid_form);
        break;
      case 'below':
        $form['#suffix'] = \Drupal::service('renderer')
          ->render($openid_form);
        break;
      case 'replace':

        // Do nothing in case the query contains the 'showcore' parameter.
        $query = \Drupal::request()->query;
        if (!$query
          ->has('showcore')) {

          // Replace the user login form with the IDP login button.
          $form = $openid_form;
        }
        $form['#cache']['contexts'][] = 'url.query_args:showcore';
        break;
    }
  }
}

Functions

Namesort descending Description
openid_connect_entity_property_info_alter Implements hook_entity_property_info_alter().
openid_connect_form_user_form_alter Implements hook_form_FORM_ID_alter() for user_form.
openid_connect_form_user_login_form_alter Implements hook_form_FORM_ID_alter() for user_login_form.
openid_connect_form_user_pass_alter Implements hook_form_FORM_ID_alter().
openid_connect_form_user_profile_form_alter Implements hook_form_FORM_ID_alter() for user_profile_form.
openid_connect_help Implements hook_help().
openid_connect_user_cancel Implements hook_user_cancel().
openid_connect_user_format_name_alter Implements hook_user_format_name_alter().
_openid_connect_user_pass_form_validate Validate user password reset form on existing connections with openid.