Restrict user to only register or log in

I guess all the feature request should go to 8.x-1.x-dev .

I like this idea, but I think we should allow users to login, register, or both (default).

1. +++ b/config/install/social_auth.settings.yml
   @@ -3,3 +3,4 @@ post_login: /user
    disabled_roles: []
   +user_register: 'register_login'
   

   With the changes, this might become an array. Also, we need a hook_update function in social_auth.install

2. +++ b/config/schema/social_auth.schema.yml
   @@ -5,6 +5,9 @@ social_auth.settings:
   +      label: 'Can you register using google sign in button.'
        redirect_user_form:
   

   The label should be the same as the form field title.

3. +++ b/src/Form/SocialAuthSettingsForm.php
   @@ -92,6 +92,16 @@ class SocialAuthSettingsForm extends ConfigFormBase {
   +      '#type' => 'radios',
   ...
   +      '#options' => array(
   +        'register_login' => $this->t('Register & Login'),
   +        'login' => $this->t('Login Only'),
   

   It would be better if we allow checkboxes with "Register" and "Login"

4. +++ b/src/Form/SocialAuthSettingsForm.php
   @@ -92,6 +92,16 @@ class SocialAuthSettingsForm extends ConfigFormBase {
   +      '#title' => $this->t('Who can register accounts?'),
   

   What about "What can users do?"

Here is the new patch, It still needs hook_update_N() implementation but let's see if everything else is okay. Sorry, wasn't able to test it out, but it should work.

Forgot some change in the previous patch. Here is the new Patch, (also added hook_update_N() )

1. +++ b/social_auth.install
   @@ -39,3 +39,14 @@ function social_auth_update_8002(&$sandbox) {
   +  $config->set('user_allowed', array('register', 'login'))
   +    ->save();
   

   Since this is short, ->save() should be in the same line. We need to explain what the update does too.

2. +++ b/social_auth.install
   @@ -39,3 +39,14 @@ function social_auth_update_8002(&$sandbox) {
   +  $config->save();
   

   You don't need this here since you have already saved the configuration in the previous line.

For this new configuration, we need to change the warning 'Failed to create user. User registration is disabled in Drupal account settings' for something like 'Failed to create user. User registration is disabled.'

Applied changes from #9 on patch #8, please review! :)

We need to explain what the update does too.

Looks like you missed this

Thanks @tameeshb,

We need to change the warning 'Failed to create user. User registration is disabled in Drupal account settings' in SocialAuthUserManager too

Not very sure about what do i write for this:

We need to explain what the update does too.

Modified SocialAuthUserManager.php to change warning message.

/**
* Implements hook_update_N().
*
* Default Value for new key user_allowed
*
* This update creates a new key user_allowed which
* has it's default value set to both register and login.
*/

Maybe this

Maybe

/**
* Implements hook_update_N().
*
* Sets default value for new user_allowed key.
*
* user_allowed allows site builders to determine if
* users can only login, register, or both. This update
* creates the new user_allowed key with a default
* value set to both register and login.
*/

Added documentation from #15

+++ b/src/Form/SocialAuthSettingsForm.php
@@ -92,6 +92,16 @@ class SocialAuthSettingsForm extends ConfigFormBase {
+      '#type' => 'radios',
+      '#title' => $this->t('What can users do?'),
+      '#default_value' => $social_auth_config->get('user_allowed'),
+      '#options' => array(
+        'register' => $this->t('Register Only'),
+        'login' => $this->t('Login Only'),
+      ),

These should be checkboxes so that the user can select both behaviors if they want.

Also, this version of hook_update_N tries to use all the spaces up to 80 cols and removes the unnecessary $config variable

/**
 * Implements hook_update_N().
 *
 * Sets default value for new user_allowed key.
 *
 * user_allowed allows site builders to determine if users can only login,
 * register, or both. This update creates the new user_allowed key with a
 * default value set to both register and login.
 */
function social_auth_update_8003(&$sandbox) {
  // Sets and saves new user_allowed value.
  \Drupal::configFactory()->getEditable('social_auth.settings')
    ->set('user_allowed', array('register', 'login'))
    ->save();
}

Please update the project from the remote git repository. It seems you haven't done that before creating the last patch

I thought i already used checkboxes :( Would provide the new patch today with testing

Here is the new patch rerolled and also implements changes in #17. IDK if i should attach the interdiff if it's a reroll. Here are the couple of things that i changed

1. Changed user_register to user_allowed in SocialAuthSettingsForm.php according to .settings.yml
2. Changed this if (!in_array('login', $this->configFactory->get('social_auth.settings')->get('user_allowed'),)) {
   to
   if (!in_array('login', $this->configFactory->get('social_auth.settings')->get('user_allowed'), true)) { .
   IDK why the previous code wasn't working.
3. All changes mentioned in #17
4. Some Documentation changes.

This time i tested this patch, with Social Auth Twitter and it works great. The only problem i noticed is that when the user registration is blocked, two error messages appear which i don't think is cool. I will open an issue for that. Assigning gvso to review this patch.

+++ b/src/Form/SocialAuthSettingsForm.php
@@ -92,6 +92,16 @@ class SocialAuthSettingsForm extends ConfigFormBase {
+        'register' => $this->t('Register Only'),
+        'login' => $this->t('Login Only'),
+      ),

I'd change these to just "Register" and "Login"

What's the issue with the messages? Can't that issue be fixed in this patch?

I have attached the new patch following the suggestion in #20 .

What's the issue with the messages? Can't that issue be fixed in this patch?

drupal_set_message() is called in createUser when the registration is disabled.

if ($this->registrationBlocked()) {
      $this->loggerFactory
        ->get($this->getPluginId())
        ->warning('Failed to create user. User registration is disabled. Name: @name, email: @email.', array('@name' => $name, '@email' => $email));

      drupal_set_message($this->t('User registration is disabled, please contact the administrator.'), 'error');

      return FALSE;
    }

But since createUser() doesn't redirect to login page after this message is set the createUser() returns FALSE and then the following code is followed,

    $drupal_user = $this->createUser($name, $email);
    // If the new user could be registered.
    if ($drupal_user) {
      // Download profile picture for the newly created user.
      if ($picture_url) {
        $this->setProfilePic($drupal_user, $picture_url, $id);
      }
      // Authenticates and redirect new user.
      return $this->authenticateNewUser($drupal_user);
    }

    drupal_set_message($this->t('You could not be authenticated, please contact the administrator'), 'error');
    $this->nullifySessionKeys();
    return $this->redirect('user.login'); 

This way 2 messages are set with drupal_set_message 'User registration is disabled, please contact the administrator.' and 'You could not be authenticated, please contact the administrator' . I am not sure if we should fix that in this issue since we'll have to change createUser() function to maybe return RedirectResponse . What do you think?

Since registrationBlocked() is modified by the patch, let's fix that issue here. Plus, I'd change registrationBlocked() for isRegistrationDisabled() to make it more consistent with other methods.

Here is the new patch!

Ok, everything works fine. Thanks for the patch.

My only question is if we should allow to login the user who just registered. Currently, the user who registers can't login if the settings is set to allow registration but not login.

@sriharsha.uppuluri, could you help us finding the best approach for this?

@gvso I think the current approach is fine. I tried to apply the patch on my local drupal installation but the patch needed rerolling. Here is the rerolled patch.

We need to reroll this patch to make it work with 2.x

I think, we should change the checkboxes for radio buttons "Register and login" and "Login only". I think it woudn't make much sense to allow user to register but no login since a password would be needed in that case.

Made the above change. Thanks everyone!