diff --git a/composer.json b/composer.json index 7d8d668..2542ab0 100644 --- a/composer.json +++ b/composer.json @@ -19,6 +19,9 @@ "issues": "https://github.com/deohs/uwauth/issues", "source": "https://github.com/deohs/uwauth" }, + "require": { + "php": ">=8.1" + }, "license": "GPL-3.0-or-later", "minimum-stability": "dev" } diff --git a/src/Controller/LogoutController.php b/src/Controller/LogoutController.php index d52a409..0e17f85 100644 --- a/src/Controller/LogoutController.php +++ b/src/Controller/LogoutController.php @@ -14,7 +14,7 @@ class LogoutController extends ControllerBase { /** * The overridden controller for user.logout. * - * Do not set the refrehs delay to 0 to avoid having an immediate redirect + * Do not set the refresh delay to 0 to avoid having an immediate redirect * without page display. * * @see https://www.w3.org/TR/WCAG20-TECHS/H76.html @@ -22,7 +22,7 @@ class LogoutController extends ControllerBase { * @return array * A render array. */ - public function logout() { + public function logout(): array { $title = $this->t('Logout'); $frontUrl = Url::fromRoute('', [], ['absolute' => TRUE]); $frontString = $frontUrl->toString(); diff --git a/src/Controller/UwAuthLogoutController.php b/src/Controller/UwAuthLogoutController.php index 78d6bce..4b41fc0 100644 --- a/src/Controller/UwAuthLogoutController.php +++ b/src/Controller/UwAuthLogoutController.php @@ -13,7 +13,7 @@ class UwAuthLogoutController extends ControllerBase { /** * Log user out of Drupal, and redirect to web login. */ - public function logout() { + public function logout(): TrustedRedirectResponse { user_logout(); return new TrustedRedirectResponse('https://weblogin.washington.edu/'); } diff --git a/src/Debug.php b/src/Debug.php index cfb9686..48f335d 100644 --- a/src/Debug.php +++ b/src/Debug.php @@ -14,14 +14,14 @@ class Debug { * * @var bool */ - protected $verbose; + protected bool $verbose; /** * The Messenger service. * * @var \Drupal\Core\Messenger\MessengerInterface */ - protected $messenger; + protected MessengerInterface $messenger; /** * Debug constructor. @@ -31,7 +31,7 @@ class Debug { * @param bool $verbose * Display debug information? */ - public function __construct(MessengerInterface $messenger, $verbose = FALSE) { + public function __construct(MessengerInterface $messenger, bool $verbose = FALSE) { $this->messenger = $messenger; $this->verbose = $verbose; } @@ -44,7 +44,7 @@ public function __construct(MessengerInterface $messenger, $verbose = FALSE) { * @param string $level * The message severity level. */ - public function message($message, $level = MessengerInterface::TYPE_STATUS) { + public function message(string $message, string $level = MessengerInterface::TYPE_STATUS): void { if (!$this->verbose) { return; } diff --git a/src/EventSubscriber/LogoutOverride.php b/src/EventSubscriber/LogoutOverride.php index 32e68bc..3c9c3bf 100644 --- a/src/EventSubscriber/LogoutOverride.php +++ b/src/EventSubscriber/LogoutOverride.php @@ -13,7 +13,7 @@ class LogoutOverride extends RouteSubscriberBase { /** * {@inheritdoc} */ - public function alterRoutes(RouteCollection $collection) { + public function alterRoutes(RouteCollection $collection): void { if (!$route = $collection->get('user.logout')) { return; } diff --git a/src/EventSubscriber/UwAuthSubscriber.php b/src/EventSubscriber/UwAuthSubscriber.php index 253913d..a6f673b 100644 --- a/src/EventSubscriber/UwAuthSubscriber.php +++ b/src/EventSubscriber/UwAuthSubscriber.php @@ -3,6 +3,7 @@ namespace Drupal\uwauth\EventSubscriber; use Drupal\Core\Config\ConfigFactoryInterface; +use Drupal\Core\Config\ImmutableConfig; use Drupal\Core\PageCache\ResponsePolicy\KillSwitch; use Drupal\Core\Routing\CurrentRouteMatch; use Drupal\Core\Session\AccountInterface; @@ -20,6 +21,7 @@ use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface; use Symfony\Component\HttpKernel\KernelEvents; use Symfony\Component\HttpKernel\Event\RequestEvent; +use Symfony\Component\HttpFoundation\RedirectResponse; /** * UW Auth event subscriber. @@ -29,66 +31,48 @@ class UwAuthSubscriber implements EventSubscriberInterface { /** * The current_user service. - * - * @var \Drupal\Core\Session\AccountProxyInterface */ - protected $currentUser; + protected AccountProxyInterface $currentUser; /** * A diagnostic display service. - * - * @var \Drupal\uwauth\Debug */ - protected $debug; + protected Debug $debug; /** * The entity manager. - * - * @var \Drupal\Core\Entity\EntityTypeManagerInterface */ - protected $entityTypeManager; + protected EntityTypeManagerInterface $entityTypeManager; /** * The page_cache_kill_switch service. - * - * @var \Drupal\Core\PageCache\ResponsePolicy\KillSwitch */ - protected $killSwitch; + protected KillSwitch $killSwitch; /** * The logger.channel.uwauth service. - * - * @var \Psr\Log\LoggerInterface */ - protected $logger; + protected LoggerInterface $logger; /** * The request. - * - * @var \Symfony\Component\HttpFoundation\RequestStack */ - protected $requestStack; + protected RequestStack $requestStack; /** * The current_route_match service. - * - * @var \Drupal\Core\Routing\CurrentRouteMatch */ - protected $route; + protected CurrentRouteMatch $route; /** * The module settings. - * - * @var array|mixed|null */ - protected $settings; + protected ImmutableConfig $settings; /** * A hash of severity level by group sync method. - * - * @var arraystringstring */ - protected $severity; + protected array $severity; /** * Constructs a UW Auth event subscriber. @@ -102,14 +86,14 @@ class UwAuthSubscriber implements EventSubscriberInterface { * @param \Drupal\Core\Session\AccountProxyInterface $currentUser * The current user. * @param \Drupal\Core\Config\ConfigFactoryInterface $config - * The config.factory service. + * The config factory service. * @param \Drupal\Core\PageCache\ResponsePolicy\KillSwitch $killSwitch * The page_cache_kill_switch service. * @param \Drupal\Core\Routing\CurrentRouteMatch $route * The current_route_match service. * @param \Psr\Log\LoggerInterface $logger * The logger.channel.uwauth logger channel. - * @param arraystringstring $severity + * @param array $severity * The severity levels to use for each role sync method. */ public function __construct( @@ -121,7 +105,8 @@ public function __construct( KillSwitch $killSwitch, CurrentRouteMatch $route, LoggerInterface $logger, - array $severity) { + array $severity, + ) { $this->currentUser = $currentUser; $this->debug = $debug; $this->entityTypeManager = $entity_manager; @@ -144,17 +129,18 @@ public function __construct( * @return \Drupal\user\Entity\User * The new or existing user account. * - * @TODO add support for more attributes. + * @throws \Drupal\Core\Entity\EntityStorageException * * @see https://tools.ietf.org/html/rfc2606#section-2 + * @todo Add support for more attributes. */ - protected function createUser($username, AttributeBagInterface $attributes) { + protected function createUser(string $username, AttributeBagInterface $attributes): User { $mail = $attributes->get('mail') ?: $username . '@uw.edu'; $domain = mb_substr(strrchr($mail, "@"), 1); $validDomains = $this->settings->get('mail.valid_domains'); // Ensure an invalid, non-reservable domain, to ensure mails are not being // sent to an unknown server; as per RFC 2606 section 2. - if (!in_array($domain, $validDomains)) { + if (!\in_array($domain, $validDomains)) { $mail = "$username@uwauth.invalid"; } $account = User::create([ @@ -163,7 +149,7 @@ protected function createUser($username, AttributeBagInterface $attributes) { 'name' => $username, 'status' => 1, ]); - $account->setPassword(mb_substr(password_hash(openssl_random_pseudo_bytes(8), PASSWORD_DEFAULT), rand(4, 16), 32)); + $account->setPassword(mb_substr(password_hash(openssl_random_pseudo_bytes(8), PASSWORD_DEFAULT), random_int(4, 16), 32)); $account->save(); return $account; } @@ -177,7 +163,7 @@ protected function createUser($username, AttributeBagInterface $attributes) { * @return array * An array of group names. */ - private function fetchAdGroups(AccountInterface $account) { + private function fetchAdGroups(AccountInterface $account): array { $username = $account->getAccountName(); // Search Filter. @@ -212,10 +198,10 @@ private function fetchAdGroups(AccountInterface $account) { * @param \Drupal\Core\Session\AccountInterface $account * A user object. * - * @return arraystring + * @return array * An array of group names. */ - private function fetchGwsGroups(AccountInterface $account) { + private function fetchGwsGroups(AccountInterface $account): array { $username = $account->getAccountName(); @@ -257,7 +243,7 @@ private function fetchGwsGroups(AccountInterface $account) { * @return \Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag * The "attributes". */ - protected function getFilteredAttributes() { + protected function getFilteredAttributes(): AttributeBag { // Check for a UW NetID from Shibboleth. $attributes = new AttributeBag(); $allowedAttributes = array_flip($this->settings->get('auth.allowed_attributes')); @@ -288,7 +274,7 @@ protected function getFilteredAttributes() { /** * {@inheritdoc} */ - public static function getSubscribedEvents() { + public static function getSubscribedEvents(): array { $events[KernelEvents::REQUEST][] = ['handle', 29]; return $events; } @@ -297,23 +283,23 @@ public static function getSubscribedEvents() { * Get an account User entity by username. * * @param string $username - * The user name for which to load a User entity. + * The username for which to load a User entity. * * @return \Drupal\user\Entity\User|false * The loaded User entity, or FALSE if none matched the user name. + * + * @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException + * @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException */ - protected function getUserByName($username) { + protected function getUserByName(string $username): User|false { $accounts = $this->entityTypeManager ->getStorage('user') ->loadByProperties(['name' => $username]); - $account = reset($accounts); - return $account; + return reset($accounts); } - /** - * {@inheritdoc} - */ - public function handle(RequestEvent $event) { + + public function handle(RequestEvent $event): void { $this->debug->message($this->t('User id: @id', ['@id' => $this->currentUser->id()])); if ($this->isLoggedIn() || $this->isRouteExcluded() @@ -334,11 +320,8 @@ public function handle(RequestEvent $event) { /** * Check whether the current request describes a Shibboleth session. - * - * @return bool - * Does it ? */ - protected function hasShibbolethSession() { + protected function hasShibbolethSession(): bool { // Verify we're actually in a Shibboleth session. $server = $this->requestStack ->getCurrentRequest() @@ -358,11 +341,8 @@ protected function hasShibbolethSession() { /** * Is the current user logged-in on Drupal ? - * - * @return bool - * Is the user logged-in ? */ - protected function isLoggedIn() { + protected function isLoggedIn(): bool { if ($this->currentUser->isAuthenticated()) { $this->debug->message($this->t('Already authenticated')); return TRUE; @@ -373,15 +353,11 @@ protected function isLoggedIn() { /** * Is the current route excluded from using SSO ? - * - * @return bool - * Is it ? */ - protected function isRouteExcluded() { + protected function isRouteExcluded(): bool { $routeName = $this->route->getCurrentRouteMatch()->getRouteName(); $excludedRoutes = $this->settings->get('auth.excluded_routes'); - $ret = in_array($routeName, $excludedRoutes); - return $ret; + return \in_array($routeName, $excludedRoutes); } /** @@ -391,15 +367,19 @@ protected function isRouteExcluded() { * The Shibboleth NameID, to use for the Drupal username. * @param \Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface $attributes * The filtered attributes passed by the SP. + * + * @throws \Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException + * @throws \Drupal\Component\Plugin\Exception\PluginNotFoundException + * @throws \Drupal\Core\Entity\EntityStorageException */ - private function loginUser($username, AttributeBagInterface $attributes) { + private function loginUser(string $username, AttributeBagInterface $attributes): void { $account = $this->getUserByName($username); if (!$account) { $account = $this->createUser($username, $attributes); } // Set cookie_lifetime to on browser close. - if (is_null(ini_get('session.cookie_lifetime'))) { + if (\is_null(ini_get('session.cookie_lifetime'))) { ini_set('session.cookie_lifetime', 0); } @@ -417,28 +397,16 @@ private function loginUser($username, AttributeBagInterface $attributes) { * @param \Drupal\Core\Session\AccountInterface $account * A user object. * - * @return arraystring + * @return array * An array of role names. */ - private function mapGroupsRoles(AccountInterface $account) { - switch ($this->settings->get('group.source')) { - case UwAuthSettingsForm::SYNC_GROUPS: - $group_membership = $this->fetchGwsGroups($account); - break; - - case UwAuthSettingsForm::SYNC_AD: - $group_membership = $this->fetchAdGroups($account); - break; - - case UwAuthSettingsForm::SYNC_LOCAL: - $group_membership = $account->getRoles(); - break; - - case UwAuthSettingsForm::SYNC_NONE: - default: - $group_membership = []; - break; - } + private function mapGroupsRoles(AccountInterface $account): array { + $group_membership = match ($this->settings->get('group.source')) { + UwAuthSettingsForm::SYNC_GROUPS => $this->fetchGwsGroups($account), + UwAuthSettingsForm::SYNC_AD => $this->fetchAdGroups($account), + UwAuthSettingsForm::SYNC_LOCAL => $account->getRoles(), + default => [], + }; // Group to Role maps are stored as a multi-line string, containing pipe- // delimited key-value pairs. @@ -451,7 +419,7 @@ private function mapGroupsRoles(AccountInterface $account) { // Loop through group list, and extract matching roles. $mapped_roles = []; foreach ($group_membership as $group) { - if (array_key_exists($group, $group_role_map)) { + if (\array_key_exists($group, $group_role_map)) { $mapped_roles[] = (string) $group_role_map[$group]; } } @@ -471,24 +439,20 @@ private function mapGroupsRoles(AccountInterface $account) { * @return bool * Needed ? */ - protected function needsLogin() { + protected function needsLogin(): bool { $group_source = $this->settings->get('group.source'); $this->debug->message($this->t("Group source '@source'.", ['@source' => $group_source])); - if ($group_source === UwAuthSettingsForm::SYNC_NONE) { - return FALSE; - } - return TRUE; + return $group_source !== UwAuthSettingsForm::SYNC_NONE; } /** * Redirect user back to the requested page. */ - private function redirectUser() { + private function redirectUser(): RedirectResponse { // Disable Page Cache to prevent redirect response from being cached. $this->killSwitch->trigger(); $current_uri = $this->requestStack->getCurrentRequest()->getRequestUri(); - $redirect = LocalRedirectResponse::create($current_uri); - return $redirect; + return LocalRedirectResponse::create($current_uri); } /** @@ -497,7 +461,7 @@ private function redirectUser() { * @param \Drupal\Core\Session\AccountInterface $account * A user object. */ - private function syncRoles(AccountInterface $account) { + private function syncRoles(AccountInterface $account): void { // Local groups do not need to be resynchronized. if ($this->settings->get('group.source') == UwAuthSettingsForm::SYNC_LOCAL) { $this->logger->log($this->severity['local_sync'], 'Used local roles for {name}: no sync.', [ @@ -512,14 +476,14 @@ private function syncRoles(AccountInterface $account) { // Remove from roles they are no longer assigned to. foreach ($roles_assigned as $role_assigned) { - if (!in_array($role_assigned, $mapped_roles)) { + if (!\in_array($role_assigned, $mapped_roles)) { $account->removeRole($role_assigned); } } // Add to newly assigned roles. foreach ($mapped_roles as $mapped) { - if (array_key_exists($mapped, $roles_existing)) { + if (\array_key_exists($mapped, $roles_existing)) { $account->addRole($mapped); } } diff --git a/src/Form/UwAuthSettingsForm.php b/src/Form/UwAuthSettingsForm.php index b86b9de..2c16241 100644 --- a/src/Form/UwAuthSettingsForm.php +++ b/src/Form/UwAuthSettingsForm.php @@ -8,38 +8,39 @@ use Drupal\Core\Session\AccountProxyInterface; use Psr\Log\LoggerInterface; use Symfony\Component\DependencyInjection\ContainerInterface; +use Drupal\Core\Config\Config; /** * Configure UwAuth settings for this site. */ class UwAuthSettingsForm extends ConfigFormBase { - const SETTINGS_NAME = 'uwauth.settings'; - const DEFAULT_SP_ENDPOINT = '/Shibboleth.sso'; - const SYNC_AD = 'ad'; - const SYNC_GROUPS = 'gws'; - const SYNC_LOCAL = 'local'; - const SYNC_NONE = 'none'; + public const SETTINGS_NAME = 'uwauth.settings'; + public const DEFAULT_SP_ENDPOINT = '/Shibboleth.sso'; + public const SYNC_AD = 'ad'; + public const SYNC_GROUPS = 'gws'; + public const SYNC_LOCAL = 'local'; + public const SYNC_NONE = 'none'; /** * The current_user service. * * @var \Drupal\Core\Session\AccountProxyInterface */ - protected $account; + protected AccountProxyInterface $account; /** * The logger_channel.uwauth service. * * @var \Psr\Log\LoggerInterface */ - protected $logger; + protected LoggerInterface $logger; /** * The module settings. * * @var \Drupal\Core\Config\Config */ - protected $settings; + protected Config $settings; /** * {@inheritdoc} @@ -54,7 +55,7 @@ public function __construct(ConfigFactoryInterface $configFactory, LoggerInterfa /** * {@inheritdoc} */ - public static function create(ContainerInterface $container) { + public static function create(ContainerInterface $container): self { return new static( $container->get('config.factory'), $container->get('logger.channel.uwauth'), @@ -65,14 +66,14 @@ public static function create(ContainerInterface $container) { /** * {@inheritdoc} */ - public function getFormId() { + public function getFormId(): string { return 'uwauth_settings'; } /** * {@inheritdoc} */ - protected function getEditableConfigNames() { + protected function getEditableConfigNames(): array { return [ static::SETTINGS_NAME, ]; @@ -81,7 +82,7 @@ protected function getEditableConfigNames() { /** * {@inheritdoc} */ - public function buildForm(array $form, FormStateInterface $form_state) { + public function buildForm(array $form, FormStateInterface $form_state): array { $this->logger->info('User @name accessed the SSO configuration form', [ '@name' => $this->account->getDisplayName(), ]); @@ -102,7 +103,7 @@ public function buildForm(array $form, FormStateInterface $form_state) { * @return array * The modified form array. */ - protected function buildMailSettings(array $form, FormStateInterface $form_state) { + protected function buildMailSettings(array $form, FormStateInterface $form_state): array { $validDomains = $this->settings->get('mail.valid_domains'); $validDomains = implode("\n", $validDomains); $form['uwauth_general']['valid_domains'] = [ @@ -125,7 +126,7 @@ protected function buildMailSettings(array $form, FormStateInterface $form_state * @return array * The modified form array. */ - protected function buildLocalSettings(array $form, FormStateInterface $form_state) { + protected function buildLocalSettings(array $form, FormStateInterface $form_state): array { $groupSource = $this->settings->get('group.source'); $form['uwauth_local'] = [ '#type' => 'details', @@ -156,7 +157,7 @@ protected function buildLocalSettings(array $form, FormStateInterface $form_stat * @return array * The modified form array. */ - protected function buildUwSettings(array $form, FormStateInterface $form_state) { + protected function buildUwSettings(array $form, FormStateInterface $form_state): array { $form['uwauth_general'] = [ '#type' => 'details', '#title' => $this->t('General'), @@ -270,7 +271,7 @@ protected function buildUwSettings(array $form, FormStateInterface $form_state) '#type' => 'details', '#title' => $this->t('Group to Role Mapping'), '#description' => $this->t('For group source portability, groups are mapped to roles. Each group can be mapped to a single role.'), - '#open' => in_array($groupSource, [static::SYNC_AD, static::SYNC_GROUPS]), + '#open' => \in_array($groupSource, [static::SYNC_AD, static::SYNC_GROUPS]), ]; $form['uwauth_map']['map'] = [ @@ -287,7 +288,7 @@ protected function buildUwSettings(array $form, FormStateInterface $form_state) /** * {@inheritdoc} */ - public function validateForm(array &$form, FormStateInterface $form_state) { + public function validateForm(array &$form, FormStateInterface $form_state): void { $baseDn = $form_state->getValue('basedn'); $bindDn = $form_state->getValue('binddn'); $caCert = $form_state->getValue('cacert'); @@ -297,48 +298,48 @@ public function validateForm(array &$form, FormStateInterface $form_state) { $source = $form_state->getValue('source'); $uri = $form_state->getValue('uri'); - if (($source == static::SYNC_AD) && ((strlen($uri) == 0) || (strlen($baseDn) == 0))) { + if (($source == static::SYNC_AD) && (($uri == '') || ($baseDn == ''))) { $form_state->setErrorByName('source', $this->t('Active Directory requires both the URI and Base DN to be configured.')); } - if (($source == static::SYNC_GROUPS) && ((strlen($cert) == 0) || (strlen($key) == 0) || (strlen($caCert) == 0))) { + if (($source == static::SYNC_GROUPS) && (($cert == '') || ($key == '') || ($caCert == ''))) { $form_state->setErrorByName('source', $this->t('Groups Web Service requires the Certificate, Key, and CA Certificate to be configured.')); } - if ((strlen($cert) > 0) && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $cert)) { + if (($cert != '') && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $cert)) { $form_state->setErrorByName('cert', $this->t('The Certificate path contains invalid characters.')); } - elseif ((strlen($cert) > 0) && !is_readable($cert)) { + elseif (($cert != '') && !is_readable($cert)) { $form_state->setErrorByName('cert', $this->t('The Certificate file could not be read. Please verify the path is correct.')); } - if ((strlen($key) > 0) && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $key)) { + if (($key != '') && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $key)) { $form_state->setErrorByName('key', $this->t('The Key path contains invalid characters.')); } - elseif ((strlen($key) > 0) && !is_readable($key)) { + elseif (($key != '') && !is_readable($key)) { $form_state->setErrorByName('key', $this->t('The Key file could not be read. Please verify the path is correct.')); } - if ((strlen($caCert) > 0) && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $caCert)) { + if (($caCert != '') && preg_match_all("/[^a-zA-Z0-9_\-\/:\\. ]/", $caCert)) { $form_state->setErrorByName('cacert', $this->t('The CA Certificate path contains invalid characters.')); } - elseif ((strlen($caCert) > 0) && !is_readable($caCert)) { + elseif (($caCert != '') && !is_readable($caCert)) { $form_state->setErrorByName('cacert', $this->t('The CA Certificate file could not be read. Please verify the path is correct.')); } - if ((strlen($uri) > 0) && (preg_match("/^(ldap:\/\/|ldaps:\/\/)[a-z0-9_\.\-]*[a-z0-9]$/i", $uri) === 0)) { + if (($uri != '') && (preg_match("/^(ldap:\/\/|ldaps:\/\/)[a-z0-9_\.\-]*[a-z0-9]$/i", $uri) === 0)) { $form_state->setErrorByName('uri', $this->t('The LDAP URI contains invalid characters or formatting.')); } - if ((strlen($baseDn) > 0) && (preg_match("/^(OU=|DC=)[a-z0-9_\-=, ]*[a-z0-9]$/i", $baseDn) === 0)) { + if (($baseDn != '') && (preg_match("/^(OU=|DC=)[a-z0-9_\-=, ]*[a-z0-9]$/i", $baseDn) === 0)) { $form_state->setErrorByName('basedn', $this->t('The Base DN contains invalid characters or formatting.')); } - if ((strlen($bindDn) > 0) && (preg_match("/^CN=[a-z0-9_\-=, ]*[a-z0-9]$/i", $bindDn) === 0)) { + if (($bindDn != '') && (preg_match("/^CN=[a-z0-9_\-=, ]*[a-z0-9]$/i", $bindDn) === 0)) { $form_state->setErrorByName('binddn', $this->t('The Bind DN contains invalid characters or formatting.')); } - if ((strlen($map) > 0) && preg_match_all("/^([^a-z0-9_\-]*\|[a-z0-9_\-]*|[a-z0-9_\-]*\|[^a-z0-9_\-]*)$/mi", $map)) { + if (($map != '') && preg_match_all("/^([^a-z0-9_\-]*\|[a-z0-9_\-]*|[a-z0-9_\-]*\|[^a-z0-9_\-]*)$/mi", $map)) { $form_state->setErrorByName('map', $this->t('The Group Map contains invalid characters or formatting.')); } @@ -357,20 +358,19 @@ public function validateForm(array &$form, FormStateInterface $form_state) { * @param string $key * The key for the value in form state. * - * @return arraystring - * The value as an array of single-line, non empty strings. + * @return array + * The value as an array of single-line, non-empty strings. */ - public static function getTextFromValues(FormStateInterface $form_state, $key) { + public static function getTextFromValues(FormStateInterface $form_state, string $key): array { $rawValue = $form_state->getValue($key); $arrayValue = explode("\n", "$rawValue\n"); - $ret = array_filter(array_map('trim', $arrayValue)); - return $ret; + return array_filter(array_map('trim', $arrayValue)); } /** * {@inheritdoc} */ - public function submitForm(array &$form, FormStateInterface $form_state) { + public function submitForm(array &$form, FormStateInterface $form_state): void { $allowedAttributes = static::getTextFromValues($form_state, 'allowed_attributes'); $excludedRoutes = static::getTextFromValues($form_state, 'excluded_routes'); $validDomains = static::getTextFromValues($form_state, 'valid_domains'); @@ -387,7 +387,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) { ->set('ad.uri', $form_state->getValue('uri')) ->set('ad.basedn', $form_state->getValue('basedn')) ->set('ad.binddn', $form_state->getValue('binddn')); - if (($this->settings->get('ad.bindpass') === NULL) || (strlen($form_state->getValue('bindpass')) > 0)) { + if (($this->settings->get('ad.bindpass') === NULL) || ($form_state->getValue('bindpass') != '')) { $this->settings->set('ad.bindpass', $form_state->getValue('bindpass')); } $this->settings->set('group.map', $form_state->getValue('map')) diff --git a/uwauth.info.yml b/uwauth.info.yml index aa39129..cb628b2 100644 --- a/uwauth.info.yml +++ b/uwauth.info.yml @@ -2,5 +2,5 @@ name: 'UW Auth' description: 'Provides authentication and role assignment with Shibboleth, and UW Groups or Active Directory' package: Web services type: module -version: '3.0.0' -core_version_requirement: ^8.8 || ^9 +version: '3.0.2' +core_version_requirement: ^9 || ^10 diff --git a/uwauth.install b/uwauth.install index dccc698..5348582 100644 --- a/uwauth.install +++ b/uwauth.install @@ -8,7 +8,7 @@ /** * Update 2.1 schema to 2.2 schema with UW defaults. */ -function uwauth_update_8001() { +function uwauth_update_8001(): void { $config_factory = \Drupal::configFactory(); $config = $config_factory->getEditable('uwauth.settings'); $config->set('mail', ['valid_domains' => ['uw.edu']]); diff --git a/uwauth.module b/uwauth.module index 7b9400e..52cc6f6 100644 --- a/uwauth.module +++ b/uwauth.module @@ -13,8 +13,7 @@ use Drupal\Core\Routing\RouteMatchInterface; function uwauth_help($route_name, RouteMatchInterface $route_match) { switch ($route_name) { case 'help.page.uwauth': - $output = ''; - $output .= '

' . t('About') . '

'; + $output = '

' . t('About') . '

'; $output .= '

' . t('UW Auth implements user authentication and automatic role assigment. Authentication is provided by Shibboleth, with role assignment utilizing UW Groups or Active Directory.') . '

'; $output .= '

' . t('General Settings') . '

'; $output .= '

' . t('From here you can specify what your group membership source is. By default, this will be set to None, which effectively disables the module. To minimize issues, select your group membership source after you have created your roles, mapped them, and configured the group source.') . '

';