-
Notifications
You must be signed in to change notification settings - Fork 0
/
utexas_saml_auth_helper.module
121 lines (109 loc) · 4.75 KB
/
utexas_saml_auth_helper.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
* @file
* Defines hooks & permissions for utexas_saml_auth_helper module.
*/
use Drupal\Core\Form\FormStateInterface;
/**
* Implements hook_form_alter().
*/
function utexas_saml_auth_helper_form_alter(&$form, FormStateInterface $form_state, $form_id) {
$activated = \Drupal::config('simplesamlphp_auth.settings')->get('activate');
if (!$activated) {
return;
}
$user_forms = ['user_form', 'user_register_form'];
// For new user registrations, remove the password field and make it not
// required, and enforce enabling the SAML option.
if (in_array($form_id, $user_forms)) {
$account = $form_state->getFormObject()->getEntity();
// These alterations don't apply to User 1.
if ($account->id() == 1) {
return;
}
// For non-registration forms, disable editing the username.
if ($form_id == 'user_form') {
$form['account']['name']['#disabled'] = TRUE;
// Turn off Current password field's validation
$form_state->set('user_pass_reset', 1);
}
$form['simplesamlphp_auth_user_enable']['#default_value'] = TRUE;
$form['simplesamlphp_auth_user_enable']['#disabled'] = TRUE;
$form['simplesamlphp_auth_user_enable']['#title'] = 'This is an Enterprise Authentication account.';
$form['simplesamlphp_auth_user_enable']['#description'] = '';
$form['simplesamlphp_auth_user_enable']['#weight'] = -100;
// Password is not required and may not be set (the field will be hidden).
// NOTE: password already removed when *editing* the profile of an existing
// user that has SAML enabled, so in this module we only need to disable it
// for user registrations.
$form['account']['pass']['#access'] = FALSE;
$form['account']['pass']['#required'] = FALSE;
$form['account']['current_pass']['#access'] = FALSE;
$form['account']['name']['#title'] = t('Username (UT EID)');
$form['account']['name']['#weight'] = -2;
$form['account']['name']['#description'] = t("Most Texas affiliates' EIDs can be obtained via <a href='https://directory.utexas.edu/'>https://directory.utexas.edu/</a>.");
$manual_email = \Drupal::config('utexas_saml_auth_helper.settings')->get('manual_email');
if (!$manual_email) {
// Email address is not required.
$form['account']['mail']['#required'] = FALSE;
$form['account']['mail']['#disabled'] = TRUE;
$form['account']['mail']['#weight'] = -1;
$form['account']['mail']['#description'] = t('This field cannot be modified manually; it will be filled in from UT EID attributes when the user logs in. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive certain news or notifications by e-mail.');
// The email address can't actually be blank, so we use a custom validate
// function to set it to *something*.
array_unshift($form['#validate'], 'utexas_saml_auth_helper_user_account_form_validate');
}
}
}
/**
* Form validation handler for user_account_form().
*
* This form validation handler should run before user_account_form_validate().
*
* It will a) check that the username is a valid UT EID, b) set the email
* field using the EID and the IID domain (defaults to eid.utexas.edu), and c)
* doule check that SAML authentication is enabled for the account.
*
* @see _utexas_saml_auth_helper_user_validate_name()
*/
function utexas_saml_auth_helper_user_account_form_validate($form, &$form_state) {
$name = $form_state->getValue('name');
if ($error = _utexas_saml_auth_helper_user_validate_name($name)) {
$form_state->setErrorByName('name', $error);
}
$config = \Drupal::config('utexas_saml_auth_helper.settings');
$form_state->setValue('mail', $name . '@' . $config->get('utexas_saml_auth_helper_iid_domain'));
}
/**
* Custom validation for a user's name (UT EID).
*
* This function performs the following checks on a given name:
* - is non-empty
* - matches the regular pattern /^[a-z0-9][a-z0-9._-]{1,7}$/
*
* Borrowed from the UTLogin module.
*
* @param string $name
* The name to be checked.
*
* @return string|null
* NULL if the given name passes all checks, or an error string otherwise.
*/
function _utexas_saml_auth_helper_user_validate_name($name) {
// Check that the name is non-empty.
if (!$name) {
return t('You must enter a UT EID.');
}
// Check that the name matches the UT EID regular pattern.
if (!preg_match('/^[a-z0-9][a-z0-9._-]{1,7}$/', $name)) {
return t('The entered UT EID is not valid.');
}
return FALSE;
}
/**
* Implements hook_plugin_filter_TYPE__CONSUMER_alter().
*/
function utexas_saml_auth_helper_plugin_filter_block__layout_builder_alter(array &$definitions) {
// Explicitly remove blocks from the list.
unset($definitions['simplesamlphp_auth_block']);
}