Commit ebddc8c7 authored by sanduhrs's avatar sanduhrs Committed by sanduhrs

Issue #2904411 by vermario, sanduhrs: Allow to override the drupal user...

Issue #2904411 by vermario, sanduhrs: Allow to override the drupal user registration settings while logging in via openid
parent 6d2ed76a
always_save_userinfo: true
override_registration_settings: false
userinfo_mappings:
timezone: zoneinfo
\ No newline at end of file
timezone: zoneinfo
......@@ -7,6 +7,9 @@ openid_connect.settings:
always_save_userinfo:
type: boolean
label: 'Save user claims on every login'
override_registration_settings:
type: boolean
label: 'Override registration settings'
userinfo_mappings:
type: mapping
label: 'OpenID Connect settings'
......
......@@ -93,3 +93,13 @@ function openid_connect_update_8102() {
]);
$config->save(TRUE);
}
/**
* Update the active config with the registration override value.
*/
function openid_connect_update_8103() {
$config_factory = \Drupal::configFactory();
$config = $config_factory->getEditable('openid_connect.settings');
$config->set('override_registration_settings', FALSE);
$config->save(TRUE);
}
......@@ -468,19 +468,29 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
}
// Check Drupal user register settings before saving.
$register = \Drupal::config('user.settings')->get('register');
$register = \Drupal::config('user.settings')
->get('register');
// Respect possible override from OpenID-Connect settings.
$register_override = \Drupal::config('openid_connect.settings')
->get('override_registration_settings');
if ($register === USER_REGISTER_ADMINISTRATORS_ONLY && $register_override) {
$register = USER_REGISTER_VISITORS;
}
switch ($register) {
case USER_REGISTER_ADMINISTRATORS_ONLY:
// Deny user registration.
drupal_set_message(t('Only administrators can register new accounts.'), 'error');
return FALSE;
case USER_REGISTER_VISITORS:
// Create a new account.
// Create a new account if register settings is set to visitors or
// override is active.
$account = openid_connect_create_user($sub, $userinfo, $client->getPluginId(), 1);
break;
case USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL:
// Create a new account.
// Create a new account and inform the user of the pending approval.
$account = openid_connect_create_user($sub, $userinfo, $client->getPluginId(), 0);
drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.'));
break;
......
......@@ -146,6 +146,13 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
$form['clients'][$client_plugin['id']]['settings'] += $client->buildConfigurationForm([], $form_state);
}
$form['override_registration_settings'] = [
'#type' => 'checkbox',
'#title' => $this->t('Override registration settings'),
'#description' => $this->t('If enabled, a user will be registered even if registration is set to "Administrators only".'),
'#default_value' => $settings->get('override_registration_settings'),
];
$form['always_save_userinfo'] = [
'#type' => 'checkbox',
'#title' => $this->t('Save user claims on every login'),
......@@ -158,6 +165,13 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
'#type' => 'fieldset',
];
$form['override_registration_settings'] = array(
'#type' => 'checkbox',
'#title' => $this->t('Override registration settings'),
'#description' => $this->t('If enabled, user creation will always be allowed, even if the registration setting is set to require admin approval, or only allowing admins to create users.'),
'#default_value' => $settings->get('override_registration_settings'),
);
$properties = $this->entityFieldManager->getFieldDefinitions('user', 'user');
$properties_skip = _openid_connect_user_properties_to_skip();
$claims = $this->claims->getOptions();
......@@ -201,6 +215,7 @@ class SettingsForm extends ConfigFormBase implements ContainerInjectionInterface
$this->config('openid_connect.settings')
->set('always_save_userinfo', $form_state->getValue('always_save_userinfo'))
->set('override_registration_settings', $form_state->getValue('override_registration_settings'))
->set('userinfo_mappings', $form_state->getValue('userinfo_mappings'))
->save();
$clients_enabled = $form_state->getValue('clients_enabled');
......
......@@ -46,6 +46,7 @@ class SettingsFormTest extends WebTestBase {
// Override the default values.
$edit = [
'always_save_userinfo' => FALSE,
'override_registration_settings' => TRUE,
];
$this->drupalPostForm(NULL, $edit, 'Save configuration', [], [], 'openid-connect-admin-settings');
......@@ -54,8 +55,12 @@ class SettingsFormTest extends WebTestBase {
$config_factory = $this->container->get('config.factory');
/* @var \Drupal\Core\Config\Config $config */
$config = $config_factory->get('openid_connect.settings');
$user_info = $config->get('always_save_userinfo');
$this->assertFalse($user_info);
$override_registration_settings = $config->get('override_registration_settings');
$this->assertTrue($override_registration_settings);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment