You are here

Home » API reference » OpenID Connect / OAuth client 2.x » OpenIDConnectSettingsForm.php » OpenIDConnectSettingsForm

public function OpenIDConnectSettingsForm::buildForm in OpenID Connect / OAuth client 2.x

Same name and namespace in other branches
  1. 8 src/Form/OpenIDConnectSettingsForm.php \Drupal\openid_connect\Form\OpenIDConnectSettingsForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides ConfigFormBase::buildForm

File

src/Form/OpenIDConnectSettingsForm.php, line 101

Class

OpenIDConnectSettingsForm
Provides the OpenID Connect settings form.

Namespace

Drupal\openid_connect\Form

Code

public function buildForm(array $form, FormStateInterface $form_state) : array {
  $settings = $this
    ->configFactory()
    ->getEditable('openid_connect.settings');
  $form['always_save_userinfo'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Save user claims on every login'),
    '#description' => $this
      ->t('If disabled, user claims will only be saved when the account is first created.'),
    '#default_value' => $settings
      ->get('always_save_userinfo'),
  ];
  $form['connect_existing_users'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Automatically connect existing users'),
    '#description' => $this
      ->t('If disabled, authentication will fail for existing email addresses.'),
    '#default_value' => $settings
      ->get('connect_existing_users'),
  ];
  $form['override_registration_settings'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Override registration settings'),
    '#description' => $this
      ->t('If enabled, user creation will always be allowed, even if the registration setting is set to require admin approval, or only allowing admins to create users.'),
    '#default_value' => $settings
      ->get('override_registration_settings'),
  ];
  $form['end_session_enabled'] = [
    '#type' => 'checkbox',
    '#title' => $this
      ->t('Logout from identity provider'),
    '#description' => $this
      ->t('If enabled and supported by the identity provider, logging out from Drupal will also logout the user from the identity provider.'),
    '#default_value' => $settings
      ->get('end_session_enabled'),
  ];
  $form['user_login_display'] = [
    '#type' => 'radios',
    '#title' => $this
      ->t('OpenID buttons display in user login form'),
    '#options' => [
      'hidden' => $this
        ->t('Hidden'),
      'above' => $this
        ->t('Above'),
      'below' => $this
        ->t('Below'),
      'replace' => $this
        ->t('Replace'),
    ],
    '#description' => $this
      ->t("Modify the user login form to show the the OpenID login buttons. If the 'Replace' option is selected, only the OpenID buttons will be displayed. In this case, pass the 'showcore' URL parameter to return to a password-based login form."),
    '#default_value' => $settings
      ->get('user_login_display'),
  ];
  $form['redirects'] = [
    '#title' => $this
      ->t('Redirects'),
    '#type' => 'fieldset',
  ];
  $form['redirects']['redirect_login'] = [
    '#title' => $this
      ->t('Login'),
    '#type' => 'textfield',
    '#description' => $this
      ->t('Path to redirect to on client login'),
    '#default_value' => $settings
      ->get('redirect_login'),
  ];
  $form['redirects']['redirect_logout'] = [
    '#title' => $this
      ->t('Logout'),
    '#type' => 'textfield',
    '#description' => $this
      ->t('Path to redirect to on client logout'),
    '#default_value' => $settings
      ->get('redirect_logout'),
  ];
  $form['userinfo_mappings'] = [
    '#title' => $this
      ->t('User claims mapping'),
    '#type' => 'fieldset',
    '#tree' => TRUE,
  ];
  $properties = $this->entityFieldManager
    ->getFieldDefinitions('user', 'user');
  $properties_skip = $this->openIDConnect
    ->userPropertiesIgnore();
  $claims = $this->claims
    ->getOptions();
  $mappings = $settings
    ->get('userinfo_mappings');
  foreach ($properties as $property_name => $property) {
    if (isset($properties_skip[$property_name])) {
      continue;
    }
    $form['userinfo_mappings'][$property_name] = [
      '#type' => 'select',
      '#title' => $property
        ->getLabel(),
      '#description' => $property
        ->getDescription(),
      '#options' => (array) $claims,
      '#empty_value' => '',
      '#empty_option' => $this
        ->t('- No mapping -'),
      '#default_value' => $mappings[$property_name] ?? '',
    ];
  }

  /** @var \Drupal\user\Entity\Role[] $roles */
  $roles = $this->entityTypeManager
    ->getStorage('user_role')
    ->loadMultiple();
  unset($roles['anonymous']);
  unset($roles['authenticated']);
  $role_mappings = $settings
    ->get('role_mappings');
  $form['role_mappings'] = [
    '#title' => 'EXPERIMENTAL - ' . $this
      ->t('User role mapping'),
    '#type' => 'fieldset',
    '#description' => $this
      ->t('For each Drupal role, provide the sets of equivalent external groups, separated by spaces. A user belonging to one of the provided groups will be assigned the configured Drupal role. Use client_id.group to limit a group to a specific client.'),
    '#tree' => TRUE,
  ];
  foreach ($roles as $role_id => $role) {
    $default = '';
    if (is_array($role_mappings[$role_id])) {

      // Surround any mappings with spaces with double quotes.
      foreach ($role_mappings[$role_id] as $key => $mapping) {
        if (strpos($mapping, ' ') !== FALSE) {
          $role_mappings[$role_id][$key] = '"' . $mapping . '"';
        }
      }
      $default = implode(' ', $role_mappings[$role_id]);
    }
    $form['role_mappings'][$role_id] = [
      '#title' => $role
        ->label(),
      '#type' => 'textfield',
      '#default_value' => $default,
    ];
  }
  return parent::buildForm($form, $form_state);
}