View source
<?php
namespace Drupal\shield\Form;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Form\ConfigFormBase;
use Drupal\Core\Render\Markup;
use Drupal\key\Plugin\KeyPluginManager;
use Symfony\Component\DependencyInjection\ContainerInterface;
class ShieldSettingsForm extends ConfigFormBase {
protected $moduleHandler;
protected $keyTypeManager;
public function __construct(ConfigFactoryInterface $config_factory, ModuleHandlerInterface $moduleHandler, KeyPluginManager $keyTypeManager = NULL) {
parent::__construct($config_factory);
$this->moduleHandler = $moduleHandler;
$this->keyTypeManager = $keyTypeManager;
}
public static function create(ContainerInterface $container) {
return new static($container
->get('config.factory'), $container
->get('module_handler'), $container
->get('plugin.manager.key.key_type', ContainerInterface::NULL_ON_INVALID_REFERENCE));
}
protected function getEditableConfigNames() {
return [
'shield.settings',
];
}
public function getFormId() {
return 'shield_admin_settings';
}
public function buildForm(array $form, FormStateInterface $form_state) {
$shield_config = $this
->config('shield.settings');
$form['#tree'] = TRUE;
$form['description'] = [
'#type' => 'item',
'#title' => $this
->t('Shield settings'),
'#description' => $this
->t('Set up credentials for an authenticated user. You can also decide whether you want to print out the credentials or not.'),
];
$form['general'] = [
'#type' => 'fieldset',
'#title' => $this
->t('General settings'),
];
$form['general']['shield_enable'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Enable Shield'),
'#description' => $this
->t('Enable/Disable shield functionality. All other settings are ignored if this is not checked.'),
'#default_value' => $shield_config
->get('shield_enable'),
];
$form['general']['shield_allow_cli'] = [
'#type' => 'checkbox',
'#title' => $this
->t('Allow command line access'),
'#description' => $this
->t('When the site is accessed from command line (e.g. from Drush, cron), the shield should not work.'),
'#default_value' => $shield_config
->get('allow_cli'),
];
$form['general']['whitelist'] = [
'#type' => 'textarea',
'#title' => $this
->t('IP Whitelist'),
'#description' => $this
->t("Enter list of IP's for which shield should not be shown, one per line. You can use Network ranges in the format 'IP/Range'.<br><em>Warning: Whitelist interferes with reverse proxy caching! @strong_style_tag Do not use whitelist if reverse proxy caching is in use!</strong></em>", [
'@strong_style_tag' => Markup::create("<strong style='color:red'>"),
]),
'#default_value' => $shield_config
->get('whitelist'),
'#placeholder' => $this
->t("Example:\n192.168.0.1/24\n127.0.0.1"),
];
$form['general']['shield_domains'] = [
'#type' => 'textarea',
'#title' => $this
->t('Whitelist Domains'),
'#description' => $this
->t('Enter list of domain host names for which shield should not be shown, one per line.'),
'#default_value' => $shield_config
->get('domains'),
'#placeholder' => $this
->t("Example:\nexample.com\ndomain.in"),
];
$form['credentials'] = [
'#id' => 'credentials',
'#type' => 'details',
'#title' => $this
->t('Credentials'),
'#open' => TRUE,
];
$credential_provider = $shield_config
->get('credential_provider');
$credential_provider = $form_state
->hasValue([
'credentials',
'credential_provider',
]) ? $form_state
->getValue([
'credentials',
'credential_provider',
]) : $credential_provider;
$form['credentials']['credential_provider'] = [
'#type' => 'select',
'#title' => $this
->t('Credential provider'),
'#options' => [
'shield' => 'Shield',
],
'#default_value' => $credential_provider,
'#ajax' => [
'callback' => [
$this,
'ajaxCallback',
],
'wrapper' => 'credentials_configuration',
'method' => 'replace',
'effect' => 'fade',
],
];
$form['credentials']['providers'] = [
'#type' => 'item',
'#id' => 'credentials_configuration',
];
if ($this->keyTypeManager) {
$form['credentials']['credential_provider']['#options']['key'] = $this
->t('Key Module');
if ($this->keyTypeManager
->hasDefinition('user_password')) {
$form['credentials']['credential_provider']['#options']['multikey'] = $this
->t('Key Module (user/password)');
}
}
if ($credential_provider == 'shield') {
$form['credentials']['providers']['shield']['user'] = [
'#type' => 'textfield',
'#title' => $this
->t('User'),
'#default_value' => $shield_config
->get('credentials.shield.user'),
'#description' => $this
->t('Leave blank to disable authentication.'),
];
$form['credentials']['providers']['shield']['pass'] = [
'#type' => 'textfield',
'#title' => $this
->t('Password'),
'#default_value' => $shield_config
->get('credentials.shield.pass'),
];
}
elseif ($credential_provider == 'key') {
$form['credentials']['providers']['key']['user'] = [
'#type' => 'textfield',
'#title' => $this
->t('User'),
'#default_value' => $shield_config
->get('credentials.key.user'),
'#required' => TRUE,
];
$form['credentials']['providers']['key']['pass_key'] = [
'#type' => 'key_select',
'#title' => $this
->t('Password'),
'#default_value' => $shield_config
->get('credentials.key.pass_key'),
'#empty_option' => $this
->t('- Please select -'),
'#key_filters' => [
'type' => 'authentication',
],
'#required' => TRUE,
];
}
elseif ($credential_provider == 'multikey') {
$form['credentials']['providers']['multikey']['user_pass_key'] = [
'#type' => 'key_select',
'#title' => $this
->t('User/password'),
'#default_value' => $shield_config
->get('credentials.multikey.user_pass_key'),
'#empty_option' => $this
->t('- Please select -'),
'#key_filters' => [
'type' => 'user_password',
],
'#required' => TRUE,
];
}
$form['shield_print'] = [
'#type' => 'textfield',
'#title' => $this
->t('Authentication message'),
'#description' => $this
->t("The message to print in the authentication request popup. You can use [user] and [pass] to print the user and the password respectively. You can leave it empty, if you don't want to print out any special message to the users."),
'#default_value' => $shield_config
->get('print'),
];
return parent::buildForm($form, $form_state);
}
public function submitForm(array &$form, FormStateInterface $form_state) {
$shield_config = $this
->config('shield.settings');
$credential_provider = $form_state
->getValue([
'credentials',
'credential_provider',
]);
$shield_config
->set('allow_cli', $form_state
->getValue([
'general',
'shield_allow_cli',
]))
->set('shield_enable', $form_state
->getValue([
'general',
'shield_enable',
]))
->set('whitelist', $form_state
->getValue([
'general',
'whitelist',
]))
->set('domains', $form_state
->getValue([
'general',
'shield_domains',
]))
->set('print', $form_state
->getValue('shield_print'))
->set('credential_provider', $credential_provider);
$credentials = $form_state
->getValue([
'credentials',
'providers',
$credential_provider,
]);
$shield_config
->set('credentials', [
$credential_provider => $credentials,
]);
$shield_config
->save();
parent::submitForm($form, $form_state);
}
public static function ajaxCallback($form, FormStateInterface $form_state) {
return $form['credentials']['providers'];
}
}
