drupalauth4ssp-8.x-1.1/drupalauth4ssp.module

drupalauth4ssp.module
drupalauth4ssp
<?php

/**
 * @file
 * DrupalAuth For simpleSAMLphp module.
 *
 * This module tightly integrates the SimpleSAMLphp Identity Provider login
 * experience with a Drupal site.
 */

use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
use Drupal\drupalauth4ssp\Controller\RedirectController;
use Drupal\tfa\Controller\TfaUserController;
use Drupal\user\Entity\User;
use Symfony\Component\HttpFoundation\Request;

/**
 * Implements hook_user_login().
 *
 * Save account ID into the SimpleSAMLphp state, if the user came from IdP.
 */
function drupalauth4ssp_user_login(AccountInterface $account) {
  $session = \Drupal::request()->getSession();
  /** @var Drupal\drupalauth4ssp\SspHandler $sspHandler */
  $sspHandler = \Drupal::service('drupalauth4ssp.ssp_handler');
  if (\Drupal::moduleHandler()->moduleExists('tfa') && $session->has(RedirectController::SESSION_PARAM)) {
    $returnTo = $session->get(RedirectController::SESSION_PARAM);
  }
  else {
    // If the ReturnTo URL is present, extract state ID from it.
    $returnTo = \Drupal::request()->query->get('ReturnTo');
  }

  if (!empty($returnTo) && $sspHandler->returnPathIsAllowed($returnTo)) {
    $request = Request::create($returnTo);
    if ($stateId = $request->query->get('State')) {
      $sspHandler->saveIdToStat($account->id(), $stateId);
    }
  }
}

/**
 * Implements hook_user_logout().
 *
 * Expire SimpleSAMLphp session as well.
 */
function drupalauth4ssp_user_logout(AccountInterface $account) {
  /** @var Drupal\drupalauth4ssp\SspHandler $sspHandler */
  $sspHandler = \Drupal::service('drupalauth4ssp.ssp_handler');
  $sspHandler->logout();
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function drupalauth4ssp_form_user_login_form_alter(&$form, FormStateInterface $form_state) {
  $form['#submit'][] = 'drupalauth4ssp_user_login_submit';
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function drupalauth4ssp_form_tfa_entry_form_alter(&$form, FormStateInterface $form_state) {
  $form['#submit'][] = 'drupalauth4ssp_tfa_entry_submit';
}

/**
 * Sets redirect upon successful login.
 */
function drupalauth4ssp_user_login_submit($form, FormStateInterface $form_state) {
  $returnTo = \Drupal::request()->query->get('ReturnTo');
  if (empty($returnTo)) {
    return;
  }

  $sspHandler = \Drupal::service('drupalauth4ssp.ssp_handler');

  // If there is a TFA redirect, do not interrupt it.
  $tfaRedirect = (
    $form_state->getRedirect() &&
    $form_state->getRedirect()->isRouted() &&
    (
      // User has configured TFA previously and is required to enter TFA code.
      $form_state->getRedirect()->getRouteName() === 'tfa.entry'
      ||
      // Use was logged in without TFA code and is now required to set up TFA.
      $form_state->getRedirect()->getRouteName() === 'tfa.overview'
    )
  );
  if ($tfaRedirect) {
    \Drupal::request()->getSession()->set(RedirectController::SESSION_PARAM, $returnTo);
  }
  // When TFA module is enabled and user has exhausted attempts to skip TFA
  // we can get here and not have the user authenticated, even thought they
  // provided valid credentials.
  elseif (\Drupal::currentUser()->isAuthenticated() && $sspHandler->returnPathIsAllowed($returnTo)) {
    $form_state->setRedirectUrl(Url::fromUri($returnTo));
  }
}

/**
 * Sets redirect upon successful tfa login.
 */
function drupalauth4ssp_tfa_entry_submit($form, FormStateInterface $form_state) {
  // If the ReturnTo URL is present, send the user to the URL.
  $session = \Drupal::request()->getSession();
  $returnTo = $session->get(RedirectController::SESSION_PARAM);
  $sspHandler = \Drupal::service('drupalauth4ssp.ssp_handler');

  if (!empty($returnTo) && $sspHandler->returnPathIsAllowed($returnTo)) {
    $session->remove(RedirectController::SESSION_PARAM);
    $form_state->setRedirectUrl(Url::fromUri($returnTo));
  }
}

/**
 * Help user return to the service provider once TFA is set up.
 */
function drupalauth4ssp_form_tfa_base_overview_alter() {
  if (\Drupal::request()->getSession()->has(RedirectController::SESSION_PARAM)) {
    $user = User::load(\Drupal::currentUser()->id());
    /** @var \Drupal\tfa\Controller\TfaUserController $tfaUserController */
    $tfaUserController = \Drupal::service('class_resolver')->getInstanceFromDefinition(TfaUserController::class);
    $tfaUserController->setUser($user);
    if ($tfaUserController->isReady()) {
      \Drupal::messenger()->addStatus(
        t('As your journey was interrupted to set up two-factor authentication, you can now <a href=":url">click here to return to where you started</a>.', [
          ':url' => Url::fromRoute('drupalauth4ssp.redirect')->toString(),
        ])
      );
    }
  }
}

Главная | Обратная связь

drupal hosting | друпал хостинг | it patrol .inc