diff --git a/src/SocialAuthUserManager.php b/src/SocialAuthUserManager.php index 335a8c8..9dc6800 100644 --- a/src/SocialAuthUserManager.php +++ b/src/SocialAuthUserManager.php @@ -100,9 +100,17 @@ class SocialAuthUserManager { $drupal_user = $this->loadUserByProperty('mail', $email); // If user email has already an account in the site. if ($drupal_user) { + // If Admin can authenticate. + if ($redirect = $this->isAdminDisabled($drupal_user)) { + return $redirect; + } + // If User with specific roles can login. + if ($redirect = $this->isUserDisabled($drupal_user)) { + return $redirect; + } // If user could be logged in. if ($this->loginUser($drupal_user)) { - return $this->redirect('user.page'); + return $this->redirect($this->getLoginPostPath()); } else { drupal_set_message($this->t("Your account has not been approved yet or might have been canceled, please contact the administrator"), 'error'); @@ -124,7 +132,12 @@ class SocialAuthUserManager { } // If the new user could be logged in. if ($this->loginUser($drupal_user)) { - return $this->redirect('user.page'); + if ($redirect = $this->redirectToUserForm($drupal_user)) { + return $redirect; + } + else { + return $this->redirect($this->getLoginPostPath()); + } } } @@ -333,6 +346,83 @@ class SocialAuthUserManager { } /** + * Checks if Admin can login. + * + * @param User $drupal_user + * User object to check if user is admin. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user login page, if user can't login. + * False otherwise + */ + protected function isAdminDisabled(User $drupal_user) { + if ($this->configFactory + ->get('social_auth.settings') + ->get('disable_admin_login') && $drupal_user->id() == 1) { + drupal_set_message($this->t('Authentication for Admin is disabled for Security Reasons.'), 'error'); + return $this->redirect('user.login'); + } + + return FALSE; + } + + /** + * Checks if User with specific roles is allowed to login. + * + * @param User $drupal_user + * User object to check if user has a specific role. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user login page, if user can't login. + * False otherwise + */ + protected function isUserDisabled(User $drupal_user) { + foreach ($this->configFactory + ->get('social_auth.settings') + ->get('disabled_roles') as $role) { + if (!empty($role) && $drupal_user->hasRole($role)) { + drupal_set_message($this->t('Authentication for @role is disabled for Security Reasons.', array('@role' => $role)), 'error'); + return $this->redirect('user.login'); + } + } + + return FALSE; + } + + /** + * Returns the Post Login Path. + * + * @return string + * Post Login Path to which the user would be redirected after login. + */ + protected function getLoginPostPath() { + return $this->configFactory + ->get('social_auth.settings') + ->get('post_login_path'); + } + + /** + * Checks if User should be redirected to User Form after creation. + * + * @param User $drupal_user + * User object to get the id of user. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user form, if option is enabled. + * False otherwise + */ + protected function redirectToUserForm(User $drupal_user) { + if ($this->configFactory + ->get('social_auth.settings') + ->get('redirect_user_form')) { + return $this->redirect('entity.user.edit_form', [ + 'user' => $drupal_user->id(), + ]); + } + return FALSE; + } + + /** * Ensures that Drupal usernames will be unique. * * Drupal usernames will be generated so that the user's full name on Provider