You are here

function samlauth_check_saml_user in SAML Authentication 8.2

Same name and namespace in other branches
  1. 8.3 samlauth.module \samlauth_check_saml_user()
  2. 8 samlauth.module \samlauth_check_saml_user()
  3. 7 samlauth.module \samlauth_check_saml_user()
  4. 4.x samlauth.module \samlauth_check_saml_user()

Validation callback for SAML users logging in through the normal methods.

1 string reference to 'samlauth_check_saml_user'
samlauth_form_user_login_form_alter in ./samlauth.module
Implements hook_form_FORM_ID_alter().

File

./samlauth.module, line 38
Contains samlauth.module.

Code

function samlauth_check_saml_user($form, FormStateInterface $form_state) {
  if (!\Drupal::config('samlauth.authentication')
    ->get('drupal_saml_login')) {
    if ($form_state
      ->hasAnyErrors()) {

      // If previous validation has already failed (name/pw incorrect or blocked),
      // bail out so we don't disclose any details about a user that otherwise
      // wouldn't be authenticated.
      return;
    }

    // If the user has logged into the site using samlauth before, block them.
    // (There currently is no option to disallow _any_ user from logging in
    // locally.)
    if ($account = user_load_by_name($form_state
      ->getValue('name'))) {

      /** @var \Drupal\externalauth\AuthmapInterface $authmap */
      $authmap = \Drupal::service('externalauth.authmap');
      $saml_id = $authmap
        ->get($account
        ->id(), 'samlauth');
      if ($saml_id !== FALSE) {
        $form_state
          ->setErrorByName('name', t('SAML users must sign in with SSO'));
      }
    }
  }
}