-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* PE-417 Add sync settings * PE-417 Refactor user sync code * PE-417 Don't retrieve manager for Police * PE-417 Skip PTLD manager * PE-417 Enable ROSE sync * PE-417 Resave search field setting to remove warning * PE-417 Handle user creation failure * PE-417 Find user with principal name first * PE-417 Refactor key reading logic * PE-417 Fix issues found during testing * PE-417 Make user cron update more robust * PE-417 Handle special users * PE-417 Skip users without first and last names * PE-417 Update first and last name in bulk op * PE-417 Add principal name field * PE-417 Shorten log message * PE-417 Fix hook_user_login * PE-417 Improve group sync code for user updates or insertion * PE-417 Use Exception in root namespace * PE-417 Skip extra statement to update group membership * PE-417 Revert search_api.index.full_index.yml
- Loading branch information
Showing
14 changed files
with
479 additions
and
549 deletions.
There are no files selected for viewing
464 changes: 142 additions & 322 deletions
464
web/modules/custom/portland_openid_connect/portland_openid_connect.module
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,45 +20,24 @@ class RetrieveUserInfoFromAD extends ActionBase | |
| /** | ||
| * {@inheritdoc} | ||
| */ | ||
| public function execute($account = NULL) | ||
| public function execute($user = NULL) | ||
| { | ||
| if (empty($account)) return; | ||
| if (empty($user)) return; | ||
|
|
||
| $account_name = $account->getAccountName(); | ||
| if(PortlandOpenIdConnectUtil::ShouldSkipUser($user)) return; | ||
|
|
||
| // Skip if cannot find a Drupal user with the email | ||
| $users = \Drupal::entityTypeManager()->getStorage('user') | ||
| ->loadByProperties(['name' => $account_name]); | ||
| if( empty($users) ) return; | ||
| $user = array_values($users)[0]; | ||
| // If the user is not active, skip | ||
| // If the user is Contact Only, skip | ||
| // If there is no Azure AD ID, skip | ||
| $azure_ad_id = $user->field_active_directory_id->value; | ||
| if ( $user->field_is_contact_only->value || empty($azure_ad_id) ) return; | ||
| $domain = (str_ends_with($user->mail->value, PortlandOpenIdConnectUtil::PTLD_DOMAIN_NAME)) ? PortlandOpenIdConnectUtil::PTLD_DOMAIN_NAME : PortlandOpenIdConnectUtil::ROSE_DOMAIN_NAME; | ||
|
|
||
| // Skip these users | ||
| $skip_emails = [ | ||
| '[email protected]', | ||
| '[email protected]', | ||
| '[email protected]', | ||
| '[email protected]', | ||
| // '[email protected]', // User email address | ||
| // '[email protected]', // Principal user name | ||
| // '[email protected]', // Outlook distribution list | ||
| // '[email protected]', // Actual AD group | ||
| ]; | ||
| if (in_array(strtolower($account_name), array_map('strtolower', $skip_emails))) return; | ||
|
|
||
| $tokens = PortlandOpenIdConnectUtil::GetAccessToken(); | ||
| $tokens = PortlandOpenIdConnectUtil::GetAccessToken($domain); | ||
| if (empty($tokens) || empty($tokens['access_token'])) { | ||
| \Drupal::logger('portland OpenID')->error("Cannot retrieve access token for Microsoft Graph. Make sure the client secret is correct."); | ||
| return; | ||
| } | ||
|
|
||
| PortlandOpenIdConnectUtil::GetUserProfile($tokens['access_token'], $account_name, $azure_ad_id); | ||
| PortlandOpenIdConnectUtil::GetUserManager($tokens['access_token'], $account_name, $azure_ad_id); | ||
| PortlandOpenIdConnectUtil::GetUserProfile($tokens['access_token'], $user); | ||
| PortlandOpenIdConnectUtil::GetUserManager($tokens['access_token'], $user); | ||
| // PortlandOpenIdConnectUtil::GetUserPhoto($tokens['access_token'], $account_name, $azure_ad_id); | ||
| $user->save(); | ||
| } | ||
|
|
||
| /** | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,45 +20,25 @@ class SyncUserStatusWithAD extends ActionBase | |
| /** | ||
| * {@inheritdoc} | ||
| */ | ||
| public function execute($account = NULL) | ||
| public function execute($user = NULL) | ||
| { | ||
| if (empty($account)) return $this->t('User skipped'); | ||
| if (empty($user)) return $this->t('User skipped'); | ||
|
|
||
| // Skip if cannot find a Drupal user with the email | ||
| $users = \Drupal::entityTypeManager()->getStorage('user') | ||
| ->loadByProperties(['mail' => $account->getEmail()]); | ||
| if( empty($users) ) return $this->t('User skipped'); | ||
| $user = array_values($users)[0]; | ||
| // If the user is not active, skip | ||
| // If the user is Contact Only, skip | ||
| // If there is no Azure AD ID, skip | ||
| $azure_ad_id = $user->field_active_directory_id->value; | ||
| if ( $user->field_is_contact_only->value || empty($azure_ad_id) ) return $this->t('User skipped'); | ||
| if(PortlandOpenIdConnectUtil::ShouldSkipUser($user)) return $this->t('User skipped'); | ||
|
|
||
| // Skip these users | ||
| $skip_emails = [ | ||
| '[email protected]', | ||
| '[email protected]', | ||
| '[email protected]', | ||
| '[email protected]', | ||
| // '[email protected]', // User email address | ||
| // '[email protected]', // Principal user name | ||
| // '[email protected]', // Outlook distribution list | ||
| // '[email protected]', // Actual AD group | ||
| ]; | ||
| if (in_array(strtolower($account->getEmail()), array_map('strtolower', $skip_emails))) return $this->t('User skipped'); | ||
| $domain = (str_ends_with($user->mail->value, PortlandOpenIdConnectUtil::PTLD_DOMAIN_NAME)) ? PortlandOpenIdConnectUtil::PTLD_DOMAIN_NAME : PortlandOpenIdConnectUtil::ROSE_DOMAIN_NAME; | ||
|
|
||
| $tokens = PortlandOpenIdConnectUtil::GetAccessToken(); | ||
| $tokens = PortlandOpenIdConnectUtil::GetAccessToken($domain); | ||
| if (empty($tokens) || empty($tokens['access_token'])) { | ||
| \Drupal::logger('portland OpenID')->error("Cannot retrieve access token for Microsoft Graph. Make sure the client secret is correct."); | ||
| } | ||
|
|
||
| $user_is_enabled = PortlandOpenIdConnectUtil::IsUserEnabled($tokens['access_token'], $account->getEmail(), $azure_ad_id); | ||
| $user_is_enabled = PortlandOpenIdConnectUtil::IsUserEnabled($tokens['access_token'], $user); | ||
| if($user_is_enabled) { | ||
| PortlandOpenIdConnectUtil::EnableUser($account); | ||
| PortlandOpenIdConnectUtil::EnableUser($user); | ||
| } | ||
| else { | ||
| PortlandOpenIdConnectUtil::DisableUser($account); | ||
| PortlandOpenIdConnectUtil::DisableUser($user); | ||
| } | ||
| } | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.