Skip to content
Snippets Groups Projects

WP110 Refactor uib_feide_openid_connect_pre_authorize

Closed WP110 Refactor uib_feide_openid_connect_pre_authorize
refactor-uib-feide-openid-connect-pre-authorize into master
Closed Are Johannessen requested to merge refactor-uib-feide-openid-connect-pre-authorize into master
Viewing commit 961eddce
Show latest version
1 file
+ 30
28
Compare changes
  • Side-by-side
  • Inline
uib_feide.module
+ 30
28
@@ -28,40 +28,42 @@ function uib_feide_openid_connect_pre_authorize($account, array $context) : bool
@@ -28,40 +28,42 @@ function uib_feide_openid_connect_pre_authorize($account, array $context) : bool
// Retrieve the 'uib_feide' settings.
// Retrieve the 'uib_feide' settings.
$config = Drupal::config('uib_feide.user_control_settings');
$config = Drupal::config('uib_feide.user_control_settings');
if ($config->get('domains_allowed') !== '') {
if ($config->get('domains_allowed') === '') {
// Get the SCIM data for the user.
return TRUE;
$api_service = Drupal::service('plugin.manager.api_connector');
}
$scim_connector = $api_service->createInstance('scim');
$scim_data = $scim_connector->fetchScimUser($context['userinfo']['email']);
if ($scim_data !== NULL) {
$roles = $scim_data->getRoles();
// Check if the user has the correct domain.
// Get the SCIM data for the user.
$domains_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('domains_allowed') ?: ''));
$api_service = Drupal::service('plugin.manager.api_connector');
$email_account_for_new_user = $context['userinfo']['email'];
$scim_connector = $api_service->createInstance('scim');
 
$scim_data = $scim_connector->fetchScimUser($context['userinfo']['email']);
 
if ($scim_data === NULL) {
 
return TRUE;
 
}
 
$roles = $scim_data->getRoles();
if (str_contains($email_account_for_new_user, '@')) {
// Check if the user has the correct domain.
$domain_for_new_user = explode('@', $email_account_for_new_user)[1];
$domains_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('domains_allowed') ?: ''));
if (in_array($domain_for_new_user, $domains_allowed)) {
$email_account_for_new_user = $context['userinfo']['email'];
$domain_matches = TRUE;
}
}
// Check if the user has the correct variable.
if (str_contains($email_account_for_new_user, '@')) {
$roles_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('roles_allowed') ?: ''));
$domain_for_new_user = explode('@', $email_account_for_new_user)[1];
 
if (in_array($domain_for_new_user, $domains_allowed)) {
 
$domain_matches = TRUE;
 
}
 
}
// Check each setting.
// Check if the user has the correct variable.
foreach ($roles_allowed as $role) {
$roles_allowed = explode("\r", str_replace(["\r\n", "\n"], "\r", $config->get('roles_allowed') ?: ''));
if (in_array($role, $roles)) {
$role_matches = TRUE;
break;
}
}
// If both the domain and role matches, then proceed to log in.
// Check each setting.
return $domain_matches && $role_matches;
foreach ($roles_allowed as $role) {
 
if (in_array($role, $roles)) {
 
$role_matches = TRUE;
 
break;
}
}
}
}
return TRUE;
// If both the domain and role matches, then proceed to log in.
 
return $domain_matches && $role_matches;
 
}
}