You are here

Home » API reference » simpleSAMLphp Authentication 8.3 » SimplesamlphpDrupalAuth.php » SimplesamlphpDrupalAuth

public function SimplesamlphpDrupalAuth::externalRegister in simpleSAMLphp Authentication 8.3

Registers a user locally as one authenticated by the SimpleSAML IdP.

Parameters

string $authname: The authentication name.

Return value

\Drupal\Core\Entity\EntityInterface|bool The registered Drupal user.

Throws

\Exception An ExternalAuth exception.

1 call to SimplesamlphpDrupalAuth::externalRegister()
SimplesamlphpDrupalAuth::externalLoginRegister in src/Service/SimplesamlphpDrupalAuth.php
Log in and optionally register a user based on the authname provided.

File

src/Service/SimplesamlphpDrupalAuth.php, line 146

Class

SimplesamlphpDrupalAuth
Service to link SimpleSAMLphp authentication with Drupal users.

Namespace

Drupal\simplesamlphp_auth\Service

Code

public function externalRegister($authname) {
  $account = FALSE;

  // It's possible that a user with their username set to this authname
  // already exists in the Drupal database.
  $existing_user = $this->entityTypeManager
    ->getStorage('user')
    ->loadByProperties([
    'name' => $authname,
  ]);
  $existing_user = $existing_user ? reset($existing_user) : FALSE;
  if ($existing_user) {

    // If auto-enable SAML is activated, link this user to SAML.
    if ($this->config
      ->get('autoenablesaml')) {
      if ($this->config
        ->get('debug')) {
        $this->logger
          ->debug('Linking authname %authname to existing Drupal user with ID %id because "Automatically enable SAML authentication for existing users upon successful login" setting is activated.', [
          '%authname' => $authname,
          '%id' => $existing_user
            ->id(),
        ]);
      }
      $this->externalauth
        ->linkExistingAccount($authname, 'simplesamlphp_auth', $existing_user);
      $account = $existing_user;
    }
    else {
      if ($this->config
        ->get('debug')) {
        $this->logger
          ->debug('A local Drupal user with username %authname already exists. Aborting the creation of a SAML-enabled Drupal user.', [
          '%authname' => $authname,
        ]);
      }

      // User is not permitted to login to Drupal via SAML.
      // Log out of SAML and redirect to the front page.
      $this->messenger
        ->addMessage($this
        ->t('We are sorry, your user account is not SAML enabled.'), 'status');
      $this->simplesamlAuth
        ->logout(base_path());
      return FALSE;
    }
  }
  else {

    // If auto-enable SAML is activated, take more action to find an existing
    // user.
    if ($this->config
      ->get('autoenablesaml')) {

      // Allow other modules to decide if there is an existing Drupal user,
      // based on the supplied SAML atttributes.
      $attributes = $this->simplesamlAuth
        ->getAttributes();
      foreach ($this->moduleHandler
        ->getImplementations('simplesamlphp_auth_existing_user') as $module) {
        $return_value = $this->moduleHandler
          ->invoke($module, 'simplesamlphp_auth_existing_user', [
          $attributes,
        ]);
        if ($return_value instanceof UserInterface) {
          $account = $return_value;
          if ($this->config
            ->get('debug')) {
            $this->logger
              ->debug('Linking authname %authname to existing Drupal user with ID %id because "Automatically enable SAML authentication for existing users upon successful login" setting is activated.', [
              '%authname' => $authname,
              '%id' => $account
                ->id(),
            ]);
          }
          $this->externalauth
            ->linkExistingAccount($authname, 'simplesamlphp_auth', $account);
        }
      }
    }

    // Check the admin settings for simpleSAMLphp and find out if we
    // are allowed to register users.
    if (!$this->config
      ->get('register_users')) {

      // We're not allowed to register new users on the site through
      // simpleSAML. We let the user know about this and redirect to the
      // user/login page.
      $this->messenger
        ->addMessage($this
        ->t('We are sorry. While you have successfully authenticated, you are not yet entitled to access this site. Please ask the site administrator to provision access for you.'), 'status');
      $this->simplesamlAuth
        ->logout(base_path());
      return FALSE;
    }
  }
  if (!$account) {

    // Create the new user.
    try {
      $account = $this->externalauth
        ->register($authname, 'simplesamlphp_auth');
    } catch (\Exception $ex) {
      watchdog_exception('simplesamlphp_auth', $ex);
      $this->messenger
        ->addMessage($this
        ->t('Error registering user: An account with this username already exists.'), 'error');
    }
  }
  if ($account) {
    $this
      ->synchronizeUserAttributes($account, TRUE);
    return $this->externalauth
      ->userLoginFinalize($account, $authname, 'simplesamlphp_auth');
  }
}