diff --git a/src/SocialAuthUserManager.php b/src/SocialAuthUserManager.php index 0ec0188..9dc6800 100644 --- a/src/SocialAuthUserManager.php +++ b/src/SocialAuthUserManager.php @@ -98,25 +98,19 @@ class SocialAuthUserManager { public function authenticateUser($email, $name, $id = NULL, $picture_url = FALSE) { // Tries to load the user by their email. $drupal_user = $this->loadUserByProperty('mail', $email); - $config = $this->configFactory->get('social_auth.settings'); // If user email has already an account in the site. if ($drupal_user) { - // Check if Admin can authenticate. - if($config->get('disable_admin_login')){ - if($drupal_user->id() == 1) { - return $this->redirect('user.login'); - } + // If Admin can authenticate. + if ($redirect = $this->isAdminDisabled($drupal_user)) { + return $redirect; } - // Check for Disabled roles. - $disabled_roles = $config->get('disabled_roles'); - foreach($disabled_roles as $role){ - if(!empty($role) && $drupal_user->hasRole($role)){ - return $this->redirect('user.login'); - } + // If User with specific roles can login. + if ($redirect = $this->isUserDisabled($drupal_user)) { + return $redirect; } // If user could be logged in. if ($this->loginUser($drupal_user)) { - return $this->redirect($config->get('post_login_path')); + return $this->redirect($this->getLoginPostPath()); } else { drupal_set_message($this->t("Your account has not been approved yet or might have been canceled, please contact the administrator"), 'error'); @@ -138,13 +132,11 @@ class SocialAuthUserManager { } // If the new user could be logged in. if ($this->loginUser($drupal_user)) { - if($config->get('redirect_user_form')) { - return $this->redirect('entity.user.edit_form', [ - 'user' => $drupal_user->id(), - ]); + if ($redirect = $this->redirectToUserForm($drupal_user)) { + return $redirect; } - else{ - return $this->redirect('user.page'); + else { + return $this->redirect($this->getLoginPostPath()); } } } @@ -354,6 +346,83 @@ class SocialAuthUserManager { } /** + * Checks if Admin can login. + * + * @param User $drupal_user + * User object to check if user is admin. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user login page, if user can't login. + * False otherwise + */ + protected function isAdminDisabled(User $drupal_user) { + if ($this->configFactory + ->get('social_auth.settings') + ->get('disable_admin_login') && $drupal_user->id() == 1) { + drupal_set_message($this->t('Authentication for Admin is disabled for Security Reasons.'), 'error'); + return $this->redirect('user.login'); + } + + return FALSE; + } + + /** + * Checks if User with specific roles is allowed to login. + * + * @param User $drupal_user + * User object to check if user has a specific role. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user login page, if user can't login. + * False otherwise + */ + protected function isUserDisabled(User $drupal_user) { + foreach ($this->configFactory + ->get('social_auth.settings') + ->get('disabled_roles') as $role) { + if (!empty($role) && $drupal_user->hasRole($role)) { + drupal_set_message($this->t('Authentication for @role is disabled for Security Reasons.', array('@role' => $role)), 'error'); + return $this->redirect('user.login'); + } + } + + return FALSE; + } + + /** + * Returns the Post Login Path. + * + * @return string + * Post Login Path to which the user would be redirected after login. + */ + protected function getLoginPostPath() { + return $this->configFactory + ->get('social_auth.settings') + ->get('post_login_path'); + } + + /** + * Checks if User should be redirected to User Form after creation. + * + * @param User $drupal_user + * User object to get the id of user. + * + * @return \Symfony\Component\HttpFoundation\RedirectResponse|false + * A redirect response to user form, if option is enabled. + * False otherwise + */ + protected function redirectToUserForm(User $drupal_user) { + if ($this->configFactory + ->get('social_auth.settings') + ->get('redirect_user_form')) { + return $this->redirect('entity.user.edit_form', [ + 'user' => $drupal_user->id(), + ]); + } + return FALSE; + } + + /** * Ensures that Drupal usernames will be unique. * * Drupal usernames will be generated so that the user's full name on Provider