From 2c1808e564d9625d539ea604f67d37392cb82cdd Mon Sep 17 00:00:00 2001
From: Are Johannessen <are.j@uib.no>
Date: Thu, 19 Dec 2024 07:36:54 +0100
Subject: [PATCH] WP110 Refactor uib_feide_openid_connect_pre_authorize

---
 uib_feide.module | 58 +++++++++++++++++++++++++-----------------------
 1 file changed, 30 insertions(+), 28 deletions(-)

diff --git a/uib_feide.module b/uib_feide.module
index febd084..7bc61fe 100644
--- a/uib_feide.module
+++ b/uib_feide.module
@@ -28,40 +28,42 @@ function uib_feide_openid_connect_pre_authorize($account, array $context) : bool
   // Retrieve the 'uib_feide' settings.
   $config = Drupal::config('uib_feide.user_control_settings');
 
-  if ($config->get('domains_allowed') !== '') {
-    // Get the SCIM data for the user.
-    $api_service = Drupal::service('plugin.manager.api_connector');
-    $scim_connector = $api_service->createInstance('scim');
-    $scim_data = $scim_connector->fetchScimUser($context['userinfo']['email']);
-    if ($scim_data !== NULL) {
-      $roles = $scim_data->getRoles();
+  if ($config->get('domains_allowed') === '') {
+    return TRUE;
+  }
 
-      // Check if the user has the correct domain.
-      $domains_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('domains_allowed') ?: ''));
-      $email_account_for_new_user = $context['userinfo']['email'];
+  // Get the SCIM data for the user.
+  $api_service = Drupal::service('plugin.manager.api_connector');
+  $scim_connector = $api_service->createInstance('scim');
+  $scim_data = $scim_connector->fetchScimUser($context['userinfo']['email']);
+  if ($scim_data === FALSE) {
+    return TRUE;
+  }
+  $roles = $scim_data->getRoles();
 
-      if (str_contains($email_account_for_new_user, '@')) {
-        $domain_for_new_user = explode('@', $email_account_for_new_user)[1];
-        if (in_array($domain_for_new_user, $domains_allowed)) {
-          $domain_matches = TRUE;
-        }
-      }
+  // Check if the user has the correct domain.
+  $domains_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('domains_allowed') ?: ''));
+  $email_account_for_new_user = $context['userinfo']['email'];
 
-      // Check if the user has the correct variable.
-      $roles_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('roles_allowed') ?: ''));
+  if (str_contains($email_account_for_new_user, '@')) {
+    $domain_for_new_user = explode('@', $email_account_for_new_user)[1];
+    if (in_array($domain_for_new_user, $domains_allowed)) {
+      $domain_matches = TRUE;
+    }
+  }
 
-      // Check each setting.
-      foreach ($roles_allowed as $role) {
-        if (in_array($role, $roles)) {
-          $role_matches = TRUE;
-          break;
-        }
-      }
+  // Check if the user has the correct variable.
+  $roles_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('roles_allowed') ?: ''));
 
-      // If both the domain and role matches, then proceed to log in.
-      return $domain_matches && $role_matches;
+  // Check each setting.
+  foreach ($roles_allowed as $role) {
+    if (in_array($role, $roles)) {
+      $role_matches = TRUE;
+      break;
     }
   }
 
-  return TRUE;
+  // If both the domain and role matches, then proceed to log in.
+  return $domain_matches && $role_matches;
+
 }
-- 
GitLab