Create authenticate method

From experience with #2847914: Attempts to create an user even if it already exists, I'd suggest to differentiate different results of this new method. There might be a case when the user is present but cannot login (if the user is blocked, for example). And then there is the regular case of the user does not exist. The related issue exists because we do not differentiate between these two scenarios. The calling code should know why exactly the login failed and then if it was because of missing user, only then attempt to create the user.

Alternatively, this entire flow seems common among all such modules. We could have a method called something like authenticateOrCreateUser() that does the entire job.

1. +++ b/src/Form/SocialAuthSettingsForm.php
   @@ -78,7 +78,7 @@ class SocialAuthSettingsForm extends ConfigFormBase {
   -      $form['social_auth']['disabled_roles']['#description'] = t('No roles found.');
   +      $form['social_auth']['disabled_roles']['#description'] = $this->t('No roles found.');
   
   +++ b/src/SocialAuthUserManager.php
   @@ -57,15 +66,92 @@ class SocialAuthUserManager {
   -    $this->configFactory      = $config_factory;
   -    $this->loggerFactory      = $logger_factory;
   -    $this->eventDispatcher    = $event_dispatcher;
   -    $this->entityTypeManager  = $entity_type_manager;
   ...
   -    $this->token              = $token;
   -    $this->stringTranslation  = $string_translation;
   -    $this->transliteration    = $transliteration;
   -    $this->languageManager    = $language_manager;
   

   This seems to be entirely unrelated to the issue. It is not too much of a change but it is still better in another issue for code cleanup.

2. +++ b/src/SocialAuthUserManager.php
   @@ -57,15 +66,92 @@ class SocialAuthUserManager {
   +    if ($drupal_user) {
   +      // If user could be logged in.
   +      if ($this->loginUser($drupal_user)) {
   +        return $this->redirect('user.page');
   +      }
   +    }
   

   This preserves the existing bug in social_auth_google module I filed - #2847914: Attempts to create an user even if it already exists. Please see the patch there.

   With the new isApprovalRequired message, the user will get a proper message the first time they login and that's great. But when they try to login next time and admin has still not approved them, then the issue remains. This code flow will try to create the user again instead of giving an error message about it.

I think that message is accurate and helpful. The user can then contact the administrator to fix the issue.

I wouldn't suggest to make a check on isActive or any other conditions. Once it enters the outer if-block, we know that the user is there. Even if the user cannot login under any circumstances, there is no point to try to create the user again at all. If you check my patch in #2847914: Attempts to create an user even if it already exists, it ensures that we exit the method under all circumstances. That is, if the user is already present, we don't try to create it again.

I see all concerns are resolved. Thank you!

RTBC+1 We still need to update other implementers, but i don't think it's part of this issue.

@gvso I think after this issue is fixed, solving this issue would become a lot easy. #2821853: Provide Social Auth settings: functionality

IMHO We could also set $id default value to NULL. Since $id is only required when setProfilePic() .

I was thinking of something like this.