You are here

class IdpForm in SAML Service Provider 3.x

Same name and namespace in other branches
  1. 8.3 src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm
  2. 8.2 src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm
  3. 4.x src/Form/IdpForm.php \Drupal\saml_sp\Form\IdpForm

Provides the form to configure the IdP.

Hierarchy

Expanded class hierarchy of IdpForm

File

src/Form/IdpForm.php, line 13

Namespace

Drupal\saml_sp\Form
View source
class IdpForm extends EntityForm {

  /**
   * {@inheritdoc}
   */
  public function form(array $form, FormStateInterface $form_state) {
    $form = parent::form($form, $form_state);
    $idp = $this->entity;
    $form['idp_metadata'] = [
      '#type' => 'textarea',
      '#title' => t('XML Metadata'),
      '#description' => t('Paste in the metadata provided by the Identity Provider here and the form will be automatically filled out, or you can manually enter the information.'),
    ];
    $form['#attached']['library'][] = 'saml_sp/idp_form';
    $form['idp'] = [
      '#type' => 'fieldset',
      '#tree' => TRUE,
    ];
    $form['idp']['label'] = [
      '#type' => 'textfield',
      '#title' => t('Name'),
      '#default_value' => $idp
        ->label(),
      '#description' => t('The human-readable name of this IdP. This text will be displayed to administrators who can configure SAML.'),
      '#required' => TRUE,
      '#size' => 30,
      '#maxlength' => 30,
    ];
    $form['idp']['id'] = [
      '#type' => 'machine_name',
      '#default_value' => $idp
        ->id(),
      '#maxlength' => 32,
      '#machine_name' => [
        'exists' => 'saml_sp_idp_load',
        'source' => [
          'idp',
          'label',
        ],
      ],
      '#description' => t('A unique machine-readable name for this IdP. It must only contain lowercase letters, numbers, and underscores.'),
    ];
    $form['idp']['entity_id'] = [
      '#type' => 'textfield',
      '#title' => t('Entity ID'),
      '#description' => t('The entityID identifier which the Identity Provider will use to identiy itself by, this may sometimes be a URL.'),
      '#default_value' => $idp
        ->getEntityId(),
      '#maxlength' => 255,
    ];
    $form['idp']['app_name'] = [
      '#type' => 'textfield',
      '#title' => t('App name'),
      '#description' => t('The app name is provided to the Identiy Provider, to identify the origin of the request.'),
      '#default_value' => $idp
        ->getAppName(),
      '#maxlength' => 255,
    ];
    $fields = [
      'mail' => t('Email'),
    ];

    // TODO: Add extra fields to config.

    /*
        // @codingStandardsIgnoreStart
        if (!empty($extra_fields)) {
          foreach ($extra_fields as $value) {
            $fields[$value] = $value;
          }
        }
        // @codingStandardsIgnoreEnd
        /**/
    $form['idp']['nameid_field'] = [
      '#type' => 'select',
      '#title' => t('NameID field'),
      '#description' => t('Mail is usually used between IdP and SP, but if you want to let users change the email address in IdP, you need to use a custom field to store the ID.'),
      '#options' => $fields,
      '#default_value' => $idp
        ->getNameIdField(),
    ];

    // The SAML login URL and X.509 certificate must match the details provided
    // by the IdP.
    $form['idp']['login_url'] = [
      '#type' => 'textfield',
      '#title' => t('IdP login URL'),
      '#description' => t('Login URL of the Identity Provider server.'),
      '#default_value' => $idp
        ->getLoginUrl(),
      '#required' => TRUE,
      '#max_length' => 255,
    ];
    $form['idp']['logout_url'] = [
      '#type' => 'textfield',
      '#title' => t('IdP logout URL'),
      '#description' => t('Logout URL of the Identity Provider server.'),
      '#default_value' => $idp
        ->getLogoutUrl(),
      '#required' => TRUE,
      '#max_length' => 255,
    ];
    $form['idp']['x509_cert'] = $this
      ->createCertsFieldset($form_state);
    $form_state
      ->setCached(FALSE);
    $refs = saml_sp_authn_context_class_refs();
    $authn_context_class_ref_options = [
      $refs[Constants::AC_PASSWORD] => t('User Name and Password'),
      $refs[Constants::AC_PASSWORD_PROTECTED] => t('Password Protected Transport'),
      $refs[Constants::AC_TLS] => t('Transport Layer Security (TLS) Client'),
      $refs[Constants::AC_X509] => t('X.509 Certificate'),
      $refs[Constants::AC_WINDOWS] => t('Integrated Windows Authentication'),
      $refs[Constants::AC_KERBEROS] => t('Kerberos'),
    ];
    $default_auth = [];
    foreach ($refs as $key => $value) {
      $default_auth[$value] = $value;
    }
    $form['idp']['authn_context_class_ref'] = [
      '#type' => 'checkboxes',
      '#title' => t('Authentication methods'),
      '#description' => t('What authentication methods would you like to use with this IdP? If left empty all methods from the provider will be allowed.'),
      '#default_value' => $idp
        ->id() ? $idp
        ->getAuthnContextClassRef() : $default_auth,
      '#options' => $authn_context_class_ref_options,
      '#required' => FALSE,
    ];
    return $form;
  }

  /**
   * Creates a fieldset for managing certificates.
   */
  public function createCertsFieldset(FormStateInterface $form_state) {
    $idp = $this->entity;
    $certs = $idp
      ->getX509Cert();
    if (!is_array($certs)) {
      $certs = [
        $certs,
      ];
    }
    foreach ($certs as $key => $value) {
      if (is_string($value) && empty(trim($value)) || $value == 'Array') {
        unset($certs[$key]);
      }
    }
    $values = $form_state
      ->getValues();
    if (!empty($values['idp']['x509_cert'])) {
      $certs = $values['idp']['x509_cert'];
      unset($certs['actions']);
    }
    $form = [
      '#type' => 'fieldset',
      '#title' => $this
        ->t('X.509 certificates'),
      '#description' => t('Enter the application certificate(s) provided by the IdP.'),
      '#prefix' => '<div id="certs-fieldset-wrapper">',
      '#suffix' => '</div>',
    ];

    // Gather the number of certs in the form already.
    $num_certs = $form_state
      ->get('num_certs');

    // We have to ensure that there is at least one cert field.
    if ($num_certs === NULL) {
      $num_certs = count($certs) ?: 1;
      $cert_field = $form_state
        ->set('num_certs', $num_certs);
    }
    for ($i = 0; $i < $num_certs; $i++) {
      if (isset($certs[$i])) {
        $encoded_cert = trim($certs[$i]);
      }
      else {
        $encoded_cert = '';
      }
      if (empty($encoded_cert)) {
        $form[$i] = [
          '#type' => 'textarea',
          '#title' => $this
            ->t('New Certificate'),
          '#default_value' => $encoded_cert,
        ];
        continue;
      }
      $title = t('Certificate');
      if (function_exists('openssl_x509_parse')) {
        $cert = openssl_x509_parse(Utils::formatCert($encoded_cert));
        if ($cert) {

          // Flatten the issuer array.
          foreach ($cert['issuer'] as $key => &$value) {
            if (is_array($value)) {
              $value = implode("/", $value);
            }
          }
          $title = t('Name: %cert-name<br/>Issued by: %issuer<br/>Valid: %valid-from - %valid-to', [
            '%cert-name' => $cert['name'],
            '%issuer' => implode('/', $cert['issuer']),
            '%valid-from' => date('c', $cert['validFrom_time_t']),
            '%valid-to' => date('c', $cert['validTo_time_t']),
          ]);
        }
      }
      $form[$i] = [
        '#type' => 'textarea',
        '#title' => $title,
        '#default_value' => $encoded_cert,
      ];
    }
    $form['actions'] = [
      '#type' => 'actions',
    ];
    $form['actions']['add_cert'] = [
      '#type' => 'submit',
      '#value' => t('Add one more'),
      '#submit' => [
        '::addCertCallback',
      ],
      '#ajax' => [
        'callback' => '::addMoreCertsCallback',
        'wrapper' => 'certs-fieldset-wrapper',
      ],
    ];

    // If there is more than one name, add the remove button.
    if ($num_certs > 1) {
      $form['actions']['remove_cert'] = [
        '#type' => 'submit',
        '#value' => t('Remove one'),
        '#submit' => [
          '::removeCertCallback',
        ],
        '#ajax' => [
          'callback' => '::addMoreCertsCallback',
          'wrapper' => 'certs-fieldset-wrapper',
        ],
      ];
    }
    return $form;
  }

  /**
   * Callback for both ajax-enabled buttons.
   *
   * Selects and returns the fieldset with the certs in it.
   */
  public function addMoreCertsCallback(array &$form, FormStateInterface $form_state) {
    $cert_field = $form_state
      ->get('num_certs');
    return $form['idp']['x509_cert'];
  }

  /**
   * Submit handler for the "add cert" button.
   *
   * Increments the max counter and causes a rebuild.
   */
  public function addCertCallback(array &$form, FormStateInterface $form_state) {
    $cert_field = $form_state
      ->get('num_certs');
    $add_button = $cert_field + 1;
    $form_state
      ->set('num_certs', $add_button);
    $form_state
      ->setRebuild();
  }

  /**
   * Submit handler for the "remove cert" button.
   *
   * Decrements the max counter and causes a form rebuild.
   */
  public function removeCertCallback(array &$form, FormStateInterface $form_state) {
    $cert_field = $form_state
      ->get('num_certs');
    if ($cert_field > 1) {
      $remove_button = $cert_field - 1;
      $form_state
        ->set('num_certs', $remove_button);
    }
    $form_state
      ->setRebuild();
  }

  /**
   * {@inheritdoc}
   */
  public function save(array $form, FormStateInterface $form_state) {
    $idp = $this->entity;
    $values = $form_state
      ->getValues();
    if (!is_array($values['idp']['x509_cert'])) {
      $values['idp']['x509_cert'] = [
        $values['idp']['x509_cert'],
      ];
    }
    foreach ($values['idp'] as $key => $value) {
      $idp
        ->set($key, $value);
    }
    $status = $idp
      ->save();
    if ($status) {
      \Drupal::messenger()
        ->addMessage($this
        ->t('Saved the %label Identity Provider.', [
        '%label' => $idp
          ->label(),
      ]));
    }
    else {
      \Drupal::messenger()
        ->addMessage($this
        ->t('The %label Identity Provider was not saved.', [
        '%label' => $idp
          ->label(),
      ]));
    }
    $form_state
      ->setRedirect('entity.idp.collection');
  }

  /**
   * Tests whether the IdP exists.
   */
  public function exist($id) {
    $entity = $this->entityTypeManager
      ->getStorage('idp')
      ->getQuery()
      ->condition('id', $id)
      ->execute();
    return (bool) $entity;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property
DependencySerializationTrait::$_serviceIds protected property
DependencySerializationTrait::__sleep public function 2
DependencySerializationTrait::__wakeup public function 2
EntityForm::$entity protected property The entity being used by this form. 11
EntityForm::$entityTypeManager protected property The entity type manager. 3
EntityForm::$moduleHandler protected property The module handler service.
EntityForm::$operation protected property The name of the current operation.
EntityForm::actions protected function Returns an array of supported actions for the current entity form. 35
EntityForm::actionsElement protected function Returns the action form element for the current entity form.
EntityForm::afterBuild public function Form element #after_build callback: Updates the entity with submitted data.
EntityForm::buildEntity public function Builds an updated entity object based upon the submitted form values. Overrides EntityFormInterface::buildEntity 3
EntityForm::buildForm public function Form constructor. Overrides FormInterface::buildForm 13
EntityForm::copyFormValuesToEntity protected function Copies top-level form values to entity properties. 9
EntityForm::getBaseFormId public function Returns a string identifying the base form. Overrides BaseFormIdInterface::getBaseFormId 6
EntityForm::getEntity public function Gets the form entity. Overrides EntityFormInterface::getEntity
EntityForm::getEntityFromRouteMatch public function Determines which entity will be used by this form from a RouteMatch object. Overrides EntityFormInterface::getEntityFromRouteMatch 3
EntityForm::getFormId public function Returns a unique string identifying the form. Overrides FormInterface::getFormId 12
EntityForm::getOperation public function Gets the operation identifying the form. Overrides EntityFormInterface::getOperation
EntityForm::init protected function Initialize the form state and the entity before the first form build. 3
EntityForm::prepareEntity protected function Prepares the entity object before the form is built first. 3
EntityForm::prepareInvokeAll protected function Invokes the specified prepare hook variant.
EntityForm::processForm public function Process callback: assigns weights and hides extra fields.
EntityForm::setEntity public function Sets the form entity. Overrides EntityFormInterface::setEntity
EntityForm::setEntityTypeManager public function Sets the entity type manager for this form. Overrides EntityFormInterface::setEntityTypeManager
EntityForm::setModuleHandler public function Sets the module handler for this form. Overrides EntityFormInterface::setModuleHandler
EntityForm::setOperation public function Sets the operation for this form. Overrides EntityFormInterface::setOperation
EntityForm::submitForm public function This is the default entity object builder function. It is called before any other submit handler to build the new entity object to be used by the following submit handlers. At this point of the form workflow the entity is validated and the form state… Overrides FormInterface::submitForm 20
FormBase::$configFactory protected property The config factory. 3
FormBase::$requestStack protected property The request stack. 1
FormBase::$routeMatch protected property The route match.
FormBase::config protected function Retrieves a configuration object.
FormBase::configFactory protected function Gets the config factory for this form. 3
FormBase::container private function Returns the service container.
FormBase::create public static function Instantiates a new instance of this class. Overrides ContainerInjectionInterface::create 105
FormBase::currentUser protected function Gets the current user.
FormBase::getRequest protected function Gets the request object.
FormBase::getRouteMatch protected function Gets the route match.
FormBase::logger protected function Gets the logger for a specific channel.
FormBase::redirect protected function Returns a redirect response object for the specified route.
FormBase::resetConfigFactory public function Resets the configuration factory.
FormBase::setConfigFactory public function Sets the config factory for this form.
FormBase::setRequestStack public function Sets the request stack object to use.
FormBase::validateForm public function Form validation handler. Overrides FormInterface::validateForm 72
IdpForm::addCertCallback public function Submit handler for the "add cert" button.
IdpForm::addMoreCertsCallback public function Callback for both ajax-enabled buttons.
IdpForm::createCertsFieldset public function Creates a fieldset for managing certificates.
IdpForm::exist public function Tests whether the IdP exists.
IdpForm::form public function Gets the actual form array to be built. Overrides EntityForm::form
IdpForm::removeCertCallback public function Submit handler for the "remove cert" button.
IdpForm::save public function Form submission handler for the 'save' action. Overrides EntityForm::save
LoggerChannelTrait::$loggerFactory protected property The logger channel factory service.
LoggerChannelTrait::getLogger protected function Gets the logger for a specific channel.
LoggerChannelTrait::setLoggerFactory public function Injects the logger channel factory.
MessengerTrait::$messenger protected property The messenger. 27
MessengerTrait::messenger public function Gets the messenger. 27
MessengerTrait::setMessenger public function Sets the messenger.
RedirectDestinationTrait::$redirectDestination protected property The redirect destination service. 1
RedirectDestinationTrait::getDestinationArray protected function Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url.
RedirectDestinationTrait::getRedirectDestination protected function Returns the redirect destination service.
RedirectDestinationTrait::setRedirectDestination public function Sets the redirect destination service.
StringTranslationTrait::$stringTranslation protected property The string translation service. 4
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.