Issue #2904411 by vermario, sanduhrs: Allow to override the drupal user...

Issue #2904411 by vermario, sanduhrs: Allow to override the drupal user registration settings while logging in via openid

config/install/openid_connect.settings.yml

 always_save_userinfo: true
+override_registration_settings: false
 userinfo_mappings:
-  timezone: zoneinfo
\ No newline at end of file
+  timezone: zoneinfo

config/schema/openid_connect.schema.yml

@@ -7,6 +7,9 @@ openid_connect.settings:
     always_save_userinfo:
       type: boolean
       label: 'Save user claims on every login'
+    override_registration_settings:
+      type: boolean
+      label: 'Override registration settings'
     userinfo_mappings:
       type: mapping
       label: 'OpenID Connect settings'

openid_connect.install

@@ -93,3 +93,13 @@ function openid_connect_update_8102() {
   ]);
   $config->save(TRUE);
 }
+
+/**
+ * Update the active config with the registration override value.
+ */
+function openid_connect_update_8103() {
+  $config_factory = \Drupal::configFactory();
+  $config = $config_factory->getEditable('openid_connect.settings');
+  $config->set('override_registration_settings', FALSE);
+  $config->save(TRUE);
+}

openid_connect.module

@@ -468,19 +468,29 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
     }
 
     // Check Drupal user register settings before saving.
-    $register = \Drupal::config('user.settings')->get('register');
+    $register = \Drupal::config('user.settings')
+      ->get('register');
+    // Respect possible override from OpenID-Connect settings.
+    $register_override = \Drupal::config('openid_connect.settings')
+      ->get('override_registration_settings');
+    if ($register === USER_REGISTER_ADMINISTRATORS_ONLY && $register_override) {
+      $register = USER_REGISTER_VISITORS;
+    }
+
     switch ($register) {
       case USER_REGISTER_ADMINISTRATORS_ONLY:
+        // Deny user registration.
         drupal_set_message(t('Only administrators can register new accounts.'), 'error');
         return FALSE;
 
       case USER_REGISTER_VISITORS:
-        // Create a new account.
+        // Create a new account if register settings is set to visitors or
+        // override is active.
         $account = openid_connect_create_user($sub, $userinfo, $client->getPluginId(), 1);
         break;
 
       case USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL:
-        // Create a new account.
+        // Create a new account and inform the user of the pending approval.
         $account = openid_connect_create_user($sub, $userinfo, $client->getPluginId(), 0);
         drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.'));
         break;

src/Form/SettingsForm.php

@@ -146,6 +146,13 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
       $form['clients'][$client_plugin['id']]['settings'] += $client->buildConfigurationForm([], $form_state);
     }
 
+    $form['override_registration_settings'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Override registration settings'),
+      '#description' => $this->t('If enabled, a user will be registered even if registration is set to "Administrators only".'),
+      '#default_value' => $settings->get('override_registration_settings'),
+    ];
+
     $form['always_save_userinfo'] = [
       '#type' => 'checkbox',
       '#title' => $this->t('Save user claims on every login'),
@@ -158,6 +165,13 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
       '#type' => 'fieldset',
     ];
 
+    $form['override_registration_settings'] = array(
+      '#type' => 'checkbox',
+      '#title' => $this->t('Override registration settings'),
+      '#description' => $this->t('If enabled, user creation will always be allowed, even if the registration setting is set to require admin approval, or only allowing admins to create users.'),
+      '#default_value' => $settings->get('override_registration_settings'),
+    );
+
     $properties = $this->entityFieldManager->getFieldDefinitions('user', 'user');
     $properties_skip = _openid_connect_user_properties_to_skip();
     $claims = $this->claims->getOptions();
@@ -201,6 +215,7 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
 
     $this->config('openid_connect.settings')
       ->set('always_save_userinfo', $form_state->getValue('always_save_userinfo'))
+      ->set('override_registration_settings', $form_state->getValue('override_registration_settings'))
       ->set('userinfo_mappings', $form_state->getValue('userinfo_mappings'))
       ->save();
     $clients_enabled = $form_state->getValue('clients_enabled');

src/Tests/SettingsFormTest.php

@@ -46,6 +46,7 @@ class SettingsFormTest extends WebTestBase {
     // Override the default values.
     $edit = [
       'always_save_userinfo' => FALSE,
+      'override_registration_settings' => TRUE,
     ];
 
     $this->drupalPostForm(NULL, $edit, 'Save configuration', [], [], 'openid-connect-admin-settings');
@@ -54,8 +55,12 @@ class SettingsFormTest extends WebTestBase {
     $config_factory = $this->container->get('config.factory');
     /* @var \Drupal\Core\Config\Config $config */
     $config = $config_factory->get('openid_connect.settings');
+
     $user_info = $config->get('always_save_userinfo');
     $this->assertFalse($user_info);
+
+    $override_registration_settings = $config->get('override_registration_settings');
+    $this->assertTrue($override_registration_settings);
   }
 
 }