You are here

Home » API reference » SAML Authentication 4.x » SamlauthConfigureForm.php » SamlauthConfigureForm

public function SamlauthConfigureForm::validateForm in SAML Authentication 4.x

Same name and namespace in other branches
  1. 8.3 src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::validateForm()
  2. 8 src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::validateForm()
  3. 8.2 src/Form/SamlauthConfigureForm.php \Drupal\samlauth\Form\SamlauthConfigureForm::validateForm()

Form validation handler.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Overrides FormBase::validateForm

File

src/Form/SamlauthConfigureForm.php, line 1302

Class

SamlauthConfigureForm
Provides a configuration form for samlauth module settings and IdP/SP info.

Namespace

Drupal\samlauth\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
  parent::validateForm($form, $form_state);

  // Validate login/logout redirect URLs.
  $login_url_path = $form_state
    ->getValue('login_redirect_url');
  if ($login_url_path) {
    $login_url_path = $this->token
      ->replace($login_url_path);
    $login_url = $this->pathValidator
      ->getUrlIfValidWithoutAccessCheck($login_url_path);
    if (!$login_url) {
      $form_state
        ->setErrorByName('login_redirect_url', $this
        ->t('The Login Redirect URL is not a valid path.'));
    }
  }
  $logout_url_path = $form_state
    ->getValue('logout_redirect_url');
  if ($logout_url_path) {
    $logout_url_path = $this->token
      ->replace($logout_url_path);
    $logout_url = $this->pathValidator
      ->getUrlIfValidWithoutAccessCheck($logout_url_path);
    if (!$logout_url) {
      $form_state
        ->setErrorByName('logout_redirect_url', $this
        ->t('The Logout Redirect URL is not a valid path.'));
    }
  }
  $error_redirect_url = $form_state
    ->getValue('error_redirect_url');
  if ($error_redirect_url) {
    $error_redirect_url = $this->token
      ->replace($error_redirect_url);
    $error_url = $this->pathValidator
      ->getUrlIfValidWithoutAccessCheck($error_redirect_url);
    if (!$error_url) {
      $form_state
        ->setErrorByName('error_redirect_url', $this
        ->t('The Error redirect URL is not a valid path.'));
    }
  }
  $duration = $form_state
    ->getValue('metadata_valid_secs');
  if ($duration || $duration == '0') {
    $duration = $this
      ->parseReadableDuration($form_state
      ->getValue('metadata_valid_secs'));
    if (!$duration) {
      $form_state
        ->setErrorByName('metadata_valid_secs', $this
        ->t('Invalid period value.'));
    }
  }

  // @todo Validate key/certs. Might be able to just openssl_x509_parse().
  $sp_key_type = $form_state
    ->getValue('sp_key_cert_type');
  if ($sp_key_type) {
    list($sp_key_type, $sp_cert_type) = explode('_', $sp_key_type, 2);
  }
  else {
    $sp_cert_type = '';
  }
  $keyname = $form_state
    ->getValue('sp_key_key');
  $cert_keyname = $form_state
    ->getValue('sp_cert_key');
  if (in_array($sp_cert_type, [
    '',
    'key',
  ]) && $cert_keyname && ($sp_key_type === 'key' || !$sp_key_type && !$keyname)) {

    // The select element for the private key is invisible. Get it from the
    // cert (except if that is empty; then we don't really care what happens
    // at this stage; we'll warn while displaying the form).
    $key = $this->keyRepository
      ->getKey($cert_keyname);
    if ($key) {
      $key_type_settings = $key
        ->getKeyType()
        ->getConfiguration();
      if (!empty($key_type_settings['private_key'])) {
        $key = $this->keyRepository
          ->getKey($key_type_settings['private_key']);
      }
    }
    $form_state
      ->setValue('sp_key_key', $key ? $key
      ->id() : '');
  }
  $filename = $form_state
    ->getValue('sp_key_file');
  $full_cert = $form_state
    ->getValue('sp_private_key');
  if ($filename && in_array($sp_key_type, [
    '',
    'file',
  ]) && $filename[0] !== '/') {
    $form_state
      ->setErrorByName('sp_key_file', $this
      ->t('SP private key filename must be absolute.'));
  }

  // There are 4 elements that reference the key. At least 3 must be empty or
  // invisible. (Checking $sp_key_type=='' is enough to determine if multiple
  // elements are visible.)
  if (!$sp_key_type && (int) empty($keyname) + (int) empty($cert_keyname) + (int) empty($filename) + (int) empty($full_cert) < 3) {
    $form_state
      ->setErrorByName("sp_private_key", $this
      ->t('Only one private key (filename) element must be populated.'));
  }
  $filename = $form_state
    ->getValue('sp_cert_file');
  $full_cert = $form_state
    ->getValue('sp_x509_certificate');
  if ($filename && in_array($sp_cert_type, [
    '',
    'file',
  ]) && $filename[0] !== '/') {
    $form_state
      ->setErrorByName('sp_cert_file', $this
      ->t('SP certificate filename must be absolute.'));
  }
  if (!$sp_cert_type && ($cert_keyname && $filename || $cert_keyname && $full_cert || $filename && $full_cert)) {
    $form_state
      ->setErrorByName("sp_private_key", $this
      ->t('Only one certificate (filename) element must be populated.'));
  }
  $keyname = $form_state
    ->getValue('sp_new_cert_key');
  $filename = $form_state
    ->getValue('sp_new_cert_file');
  $full_cert = $form_state
    ->getValue('sp_new_cert');
  if ($filename && in_array($sp_cert_type, [
    '',
    'file',
  ]) && $filename[0] !== '/') {
    $form_state
      ->setErrorByName("sp_private_key", $this
      ->t('Only one new certificate (filename) element must be populated.'));
  }
  if (!$sp_cert_type && ($keyname && $filename || $keyname && $full_cert || $filename && $full_cert)) {
    $form_state
      ->setErrorByName("sp_new_cert", $this
      ->t('Only one new certificate (filename) element must be populated.'));
  }
  $idp_cert_type = $form_state
    ->getValue('idp_cert_type');
  $idp_certs = $form_state
    ->getValue('idp_certs');
  foreach ($idp_certs as $index => $item) {
    if (!empty($item['file']) && in_array($idp_cert_type, [
      '',
      'file',
    ]) && $item['file'][0] !== '/') {
      $form_state
        ->setErrorByName("idp_certs][{$index}][file", $this
        ->t('IdP certificate filename must be absolute.'));
    }
    if (!$idp_cert_type && (!empty($item['key']) && !empty($item['file']) || !empty($item['key']) && !empty($item['cert']) || !empty($item['file']) && !empty($item['cert']))) {
      $form_state
        ->setErrorByName("idp_certs][{$index}][cert", $this
        ->t('Only one new certificate (filename) element must be populated per row.'));
    }
  }
  $keyname = $form_state
    ->getValue('idp_certkey_encryption');
  $filename = $form_state
    ->getValue('idp_certfile_encryption');
  $full_cert = $form_state
    ->getValue('idp_cert_encryption');
  if ($filename && in_array($idp_cert_type, [
    '',
    'file',
  ]) && $filename[0] !== '/') {
    $form_state
      ->setErrorByName('idp_certfile_encryption', $this
      ->t('IdP encryption certificate filename must be absolute.'));
  }
  if (!$idp_cert_type && ($keyname && $filename || $keyname && $full_cert || $filename && $full_cert)) {
    $form_state
      ->setErrorByName("idp_cert_encryption", $this
      ->t('IdP certificate and filename cannot both be set.'));
  }
}