public function SimplesamlphpAuthController::authenticate in simpleSAMLphp Authentication 8.3
Logs the user in via SimpleSAML federation.
Return value
\Symfony\Component\HttpFoundation\RedirectResponse A redirection to either a designated page or the user login page.
1 string reference to 'SimplesamlphpAuthController::authenticate'
File
- src/
Controller/ SimplesamlphpAuthController.php, line 133
Class
- SimplesamlphpAuthController
- Controller routines for simplesamlphp_auth routes.
Namespace
Drupal\simplesamlphp_auth\ControllerCode
public function authenticate() {
global $base_url;
// Ensure the module has been turned on before continuing with the request.
if (!$this->simplesaml
->isActivated()) {
return $this
->redirect('user.login');
}
// Ensure phpsession isn't the session storage location.
if ($this->simplesaml
->getStorage() === 'phpsession') {
return $this
->redirect('user.login');
}
// See if a URL has been explicitly provided in ReturnTo. If so, use it
// otherwise, use the HTTP_REFERER. Each must point to the site to be valid.
$request = $this->requestStack
->getCurrentRequest();
if (($return_to = $request->query
->get('ReturnTo')) || ($return_to = $request->request
->get('ReturnTo')) || ($return_to = $request->server
->get('HTTP_REFERER'))) {
if ($this->pathValidator
->isValid($return_to) && UrlHelper::externalIsLocal($return_to, $base_url)) {
$redirect = $return_to;
}
}
// The user is not logged into Drupal.
if ($this->account
->isAnonymous()) {
if (isset($redirect)) {
// Set the cookie so we can deliver the user to the place they started.
// @TODO probably a more symfony way of doing this
$cookie_secure = $this->config
->get('secure');
$cookie_httponly = $this->config
->get('httponly');
setrawcookie('simplesamlphp_auth_returnto', $redirect, time() + 60 * 60, "", "", $cookie_secure, $cookie_httponly);
}
// User is logged in to the SimpleSAMLphp IdP, but not to Drupal.
if ($this->simplesaml
->isAuthenticated()) {
if (!$this->simplesaml
->allowUserByAttribute()) {
return [
'#markup' => $this
->t('You are not allowed to login via this service.'),
];
}
// Get unique identifier from saml attributes.
$authname = $this->simplesaml
->getAuthname();
if (!empty($authname)) {
if ($this->config
->get('debug')) {
$this->logger
->debug('Trying to login SAML-authenticated user with authname %authname', [
'%authname' => $authname,
]);
}
// User is logged in with SAML authentication and we got the unique
// identifier, so try to log into Drupal.
// Check to see whether the external user exists in Drupal. If they
// do not exist, create them.
// Also log in the user.
$this->simplesamlDrupalauth
->externalLoginRegister($authname);
}
}
if (\Drupal::config('simplesamlphp_auth.settings')
->get('header_no_cache')) {
header('Cache-Control: no-cache');
}
$this->simplesaml
->externalAuthenticate();
}
// Check to see if we've set a cookie. If there is one, give it priority.
if ($request->cookies
->has('simplesamlphp_auth_returnto')) {
$redirect = $request->cookies
->get('simplesamlphp_auth_returnto');
// Unset the cookie.
setrawcookie('simplesamlphp_auth_returnto', '');
}
if (isset($redirect)) {
// Avoid caching of redirect response object.
\Drupal::service('page_cache_kill_switch')
->trigger();
if ($this->config
->get('debug')) {
$this->logger
->debug('Redirecting user to %redirect', [
'%redirect' => $redirect,
]);
}
$response = new RedirectResponse($redirect, RedirectResponse::HTTP_FOUND);
return $response;
}
return $this
->redirect('user.login');
}