Loading README.md 0 → 100644 +11 −0 Original line number Diff line number Diff line # Azure AD login Fill the form in admin/config/services/azure-ad-login with Azure AD login credentiasl. Also, when the Azure AD login is built in Azure Devops some roles must be create to macth with Roles created in Drupal. Drupal module callback for Azure Devops configuration is `callback_azure_ad`, example : `https://domain.com/callback_azure_ad` README.txtdeleted 100644 → 0 +0 −1 Original line number Diff line number Diff line Azure AD login azure_ad_login.info.yml +2 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,8 @@ name: Azure AD Login type: module description: Use Active record Directory to login into Drupal package: Custom core: 8.x core_version_requirement: ^9.1 || ^10 dependencies: - user configure: azure_ad_login.settings_form No newline at end of file src/AzureAD.php +2 −2 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ public static function create(ContainerInterface $container) { } /** * Build login url hfor login form. * Build login url for login form. * * @return string * Return a url to connect with Azure. Loading Loading @@ -210,7 +210,7 @@ public function decodeIdToken(array $token_data): array { * @return array * array with all the groups that are selected to compare with Azure groups. */ public function groupMap(): array { public function DrupalRoles(): array { $role_list = $this->azureADSettings->get('role_group_map'); $list = []; foreach ($role_list as $value) { Loading src/Controller/CallbackController.php +51 −35 Original line number Diff line number Diff line Loading @@ -10,9 +10,9 @@ use Drupal\user\Entity\User; use Drupal\azure_ad_login\AzureAD; use Drupal\Core\Language\languageManager; use Drupal\Core\Password\DefaultPasswordGenerator; use Drupal\Core\Password\PasswordGeneratorInterface; use Drupal\Core\Render\Element\Password; use Drupal\Core\Messenger\MessengerInterface; use Drupal\Core\Logger\LoggerChannelFactory; /** * Returns responses for Azure AD Login routes. Loading Loading @@ -41,12 +41,19 @@ class CallbackController extends ControllerBase { protected $loggerFactory; /** * Password generator * Password generator service. * * @var \Drupal\Core\Password\DefaultPasswordGenerator */ protected $passwordGenerator; /** * The Messenger service. * * @var \Drupal\Core\Messenger\MessengerInterface */ protected $messenger; protected $azureAD; protected $languageManager; Loading @@ -62,12 +69,14 @@ public function __construct( ConfigFactoryInterface $config, LoggerChannelFactoryInterface $logger_factory, PasswordGeneratorInterface $password_generator, MessengerInterface $messenger, AzureAD $azure_ad, languageManager $language ) { $this->azureADSettings = $config->get('azure_ad_login.settings'); $this->loggerFactory = $logger_factory; $this->passwordGenerator = $password_generator; $this->messenger = $messenger; $this->azureAD = $azure_ad; $this->languageManager = $language; } Loading @@ -82,6 +91,7 @@ public static function create(ContainerInterface $container) { $container->get('config.factory'), $container->get('logger.factory'), $container->get('password_generator'), $container->get('messenger'), $container->get('azure_ad_login.authentication'), $container->get('language_manager'), Loading @@ -92,48 +102,54 @@ public static function create(ContainerInterface $container) { * Builds the response. */ public function build(Request $request) { $code = $request->get('code'); if (isset($code)) { $message_error = $this->t('Something go wrong with Azure Login, ask to adminitrator', ['error']); $token = $this->azureAD->getToken($code); $code = $request->get('code'); if (!isset($code)) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Code'); return $this->redirect('user.login'); } if (isset($token['access_token'])) { $token = $this->azureAD->getToken($code); if (!isset($token['access_token'])) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Token'); return $this->redirect('user.login'); } $azure_profile = $this->azureAD->loadUserProfile($token['access_token']); if (!isset($azure_profile['id'])) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Profile'); return $this->redirect('user.login'); } if (isset($azure_profile['id'])) { // Checka that the user exist or not in drupal. // Check that the user exist or not in drupal. $drupal_user = user_load_by_mail($azure_profile['userPrincipalName']); // If the user is not in Drupal. if (empty($drupal_user) || !isset($drupal_user)) { // Get Azure user groups. $azure_user_group_list = $this->azureAD->userGroupList($azure_profile['id'], $token['access_token']); // Load the list of groups to use. $drupal_role_list = $this->azureAD->groupMap(); $drupal_role_list = $this->azureAD->DrupalRoles(); // Get the roles to asing to the user. $roles = $this->roleList($azure_user_group_list, $drupal_role_list); // If there are no roles don't login. if (count($roles) === 0) { return $this->redirect('user.page'); if (!is_array($azure_user_group_list) || !is_array($drupal_role_list) ) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The are problems with roles.'); return $this->redirect('user.login'); } $roles = $this->roleList($azure_user_group_list, $drupal_role_list); $drupal_user = $this->createUser($azure_profile, $roles); } \Drupal::moduleHandler()->invoke('user', user_login_finalize($drupal_user)); user_login_finalize($drupal_user); return $this->redirect('user.page'); } } } return $this->redirect('user.login'); } /** Loading Loading @@ -177,7 +193,7 @@ private function createUser(array $account, array $roles):object { * @return array * List of groups/roles to assign to user or empty array. */ private function roleList(array $azure_group, array $role_list):array { private function roleList(?array $azure_group, array $role_list): ?array { return array_intersect( array_map('strtolower', $azure_group), array_map('strtolower', $role_list), Loading Loading
README.md 0 → 100644 +11 −0 Original line number Diff line number Diff line # Azure AD login Fill the form in admin/config/services/azure-ad-login with Azure AD login credentiasl. Also, when the Azure AD login is built in Azure Devops some roles must be create to macth with Roles created in Drupal. Drupal module callback for Azure Devops configuration is `callback_azure_ad`, example : `https://domain.com/callback_azure_ad`
azure_ad_login.info.yml +2 −1 Original line number Diff line number Diff line Loading @@ -2,7 +2,8 @@ name: Azure AD Login type: module description: Use Active record Directory to login into Drupal package: Custom core: 8.x core_version_requirement: ^9.1 || ^10 dependencies: - user configure: azure_ad_login.settings_form No newline at end of file
src/AzureAD.php +2 −2 Original line number Diff line number Diff line Loading @@ -74,7 +74,7 @@ public static function create(ContainerInterface $container) { } /** * Build login url hfor login form. * Build login url for login form. * * @return string * Return a url to connect with Azure. Loading Loading @@ -210,7 +210,7 @@ public function decodeIdToken(array $token_data): array { * @return array * array with all the groups that are selected to compare with Azure groups. */ public function groupMap(): array { public function DrupalRoles(): array { $role_list = $this->azureADSettings->get('role_group_map'); $list = []; foreach ($role_list as $value) { Loading
src/Controller/CallbackController.php +51 −35 Original line number Diff line number Diff line Loading @@ -10,9 +10,9 @@ use Drupal\user\Entity\User; use Drupal\azure_ad_login\AzureAD; use Drupal\Core\Language\languageManager; use Drupal\Core\Password\DefaultPasswordGenerator; use Drupal\Core\Password\PasswordGeneratorInterface; use Drupal\Core\Render\Element\Password; use Drupal\Core\Messenger\MessengerInterface; use Drupal\Core\Logger\LoggerChannelFactory; /** * Returns responses for Azure AD Login routes. Loading Loading @@ -41,12 +41,19 @@ class CallbackController extends ControllerBase { protected $loggerFactory; /** * Password generator * Password generator service. * * @var \Drupal\Core\Password\DefaultPasswordGenerator */ protected $passwordGenerator; /** * The Messenger service. * * @var \Drupal\Core\Messenger\MessengerInterface */ protected $messenger; protected $azureAD; protected $languageManager; Loading @@ -62,12 +69,14 @@ public function __construct( ConfigFactoryInterface $config, LoggerChannelFactoryInterface $logger_factory, PasswordGeneratorInterface $password_generator, MessengerInterface $messenger, AzureAD $azure_ad, languageManager $language ) { $this->azureADSettings = $config->get('azure_ad_login.settings'); $this->loggerFactory = $logger_factory; $this->passwordGenerator = $password_generator; $this->messenger = $messenger; $this->azureAD = $azure_ad; $this->languageManager = $language; } Loading @@ -82,6 +91,7 @@ public static function create(ContainerInterface $container) { $container->get('config.factory'), $container->get('logger.factory'), $container->get('password_generator'), $container->get('messenger'), $container->get('azure_ad_login.authentication'), $container->get('language_manager'), Loading @@ -92,48 +102,54 @@ public static function create(ContainerInterface $container) { * Builds the response. */ public function build(Request $request) { $code = $request->get('code'); if (isset($code)) { $message_error = $this->t('Something go wrong with Azure Login, ask to adminitrator', ['error']); $token = $this->azureAD->getToken($code); $code = $request->get('code'); if (!isset($code)) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Code'); return $this->redirect('user.login'); } if (isset($token['access_token'])) { $token = $this->azureAD->getToken($code); if (!isset($token['access_token'])) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Token'); return $this->redirect('user.login'); } $azure_profile = $this->azureAD->loadUserProfile($token['access_token']); if (!isset($azure_profile['id'])) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The request don\'t get Azure Profile'); return $this->redirect('user.login'); } if (isset($azure_profile['id'])) { // Checka that the user exist or not in drupal. // Check that the user exist or not in drupal. $drupal_user = user_load_by_mail($azure_profile['userPrincipalName']); // If the user is not in Drupal. if (empty($drupal_user) || !isset($drupal_user)) { // Get Azure user groups. $azure_user_group_list = $this->azureAD->userGroupList($azure_profile['id'], $token['access_token']); // Load the list of groups to use. $drupal_role_list = $this->azureAD->groupMap(); $drupal_role_list = $this->azureAD->DrupalRoles(); // Get the roles to asing to the user. $roles = $this->roleList($azure_user_group_list, $drupal_role_list); // If there are no roles don't login. if (count($roles) === 0) { return $this->redirect('user.page'); if (!is_array($azure_user_group_list) || !is_array($drupal_role_list) ) { $this->messenger->addError($message_error); $this->loggerFactory->get('Azure login')->error('The are problems with roles.'); return $this->redirect('user.login'); } $roles = $this->roleList($azure_user_group_list, $drupal_role_list); $drupal_user = $this->createUser($azure_profile, $roles); } \Drupal::moduleHandler()->invoke('user', user_login_finalize($drupal_user)); user_login_finalize($drupal_user); return $this->redirect('user.page'); } } } return $this->redirect('user.login'); } /** Loading Loading @@ -177,7 +193,7 @@ private function createUser(array $account, array $roles):object { * @return array * List of groups/roles to assign to user or empty array. */ private function roleList(array $azure_group, array $role_list):array { private function roleList(?array $azure_group, array $role_list): ?array { return array_intersect( array_map('strtolower', $azure_group), array_map('strtolower', $role_list), Loading
