Commit c1e4dd1a authored by João Ventura's avatar João Ventura Committed by João Ventura
Browse files

Issue #3250979 by sanduhrs, jcnventura: Add note on possible implications when... 

Issue #3250979 by sanduhrs, jcnventura: Add note on possible implications when enabling auto connect existing accounts
parent 1b390dfc

openid_connect.install

+21 −0
Original line number Diff line number Diff line
@@ -10,8 +10,29 @@ 


use Drupal\Core\Config\Entity\ConfigEntityType;

use Drupal\Core\StringTranslation\TranslatableMarkup;

use Drupal\Core\Url;

use Drupal\Core\Utility\UpdateException;



/**

 * Implements hook_requirements().

 */

function openid_connect_requirements($phase) {

  $requirements = [];

  if ($phase == 'runtime') {

    if (\Drupal::config('openid_connect.settings')->get('connect_existing_users')) {

      $requirements['openid_connect_connect_existing_users'] = [

        'title' => t('OpenID Connect'),

        'value' => t('Automatically connect existing users enabled'),

        'description' => t('The "Automatically connect existing users" option is enabled. This can lead to security vulnerabilities. It is <strong>highly recommended</strong> to <a href=":url">disable this option</a>.',

          [':url' => Url::fromRoute('openid_connect.admin_settings', [], ['fragment' => 'edit-connect-existing-users'])->toString()]

        ),

        'severity' => REQUIREMENT_WARNING,

      ];

    }

  }

  return $requirements;

}



/**

 * Add default config for Facebook and LinkedIn provider.

 */

src/Form/OpenIDConnectSettingsForm.php

+12 −7
Original line number Diff line number Diff line
@@ -109,13 +109,6 @@ class OpenIDConnectSettingsForm extends ConfigFormBase { 
      '#default_value' => $settings->get('always_save_userinfo'),

    ];



    $form['connect_existing_users'] = [

      '#type' => 'checkbox',

      '#title' => $this->t('Automatically connect existing users'),

      '#description' => $this->t('If disabled, authentication will fail for existing email addresses.'),

      '#default_value' => $settings->get('connect_existing_users'),

    ];



    $form['override_registration_settings'] = [

      '#type' => 'checkbox',

      '#title' => $this->t('Override registration settings'),
@@ -220,6 +213,18 @@ class OpenIDConnectSettingsForm extends ConfigFormBase { 
      ];

    }



    $form['advanced'] = [

      '#title' => $this->t('Advanced'),

      '#type' => 'details',

      '#open' => $settings->get('connect_existing_users') ? TRUE : FALSE,

    ];

    $form['advanced']['connect_existing_users'] = [

      '#type' => 'checkbox',

      '#title' => $this->t('Automatically connect existing users'),

      '#description' => $this->t('<strong><em>Please note:</em> This option has security implications, only use with trusted OpenID Connect providers.</strong><br />If disabled, authentication will fail for accounts with existing email addresses, users may connect existing accounts on their personal Connected Accounts page in a secure way.'),

      '#default_value' => $settings->get('connect_existing_users'),

    ];



    return parent::buildForm($form, $form_state);

  }