Cleaned up OIDC settings

Author: rimi-itk

web/profiles/custom/os2loop/modules/os2loop_user_login/README.md

@@ -7,14 +7,10 @@ Go to Administration › Configuration › OS2Loop › OS2Loop user login settin
 
 ## OpenID Connect
 
-The modules [OpenID Connect](https://www.drupal.org/project/openid_connect) and
-[OpenID Connect Microsoft Azure Active Directory
-client](https://www.drupal.org/project/openid_connect_windows_aad) are used for
-OpenID Connect login. *Note*: Eventhough it's called “OpenID Connect Microsoft
-Azure Active Directory client” it also work with other OpenID Connect identity
-providers.
-
-In the default configuration both login methods assume that the identitity
+The module [OpenID Connect](https://www.drupal.org/project/openid_connect) is
+used for OpenID Connect login.
+
+In the default configuration the login method assumes that the identitity
 provider returns a `name` claim which is used as the Drupal user name and that a
 `groups` claim is a list of groups that can be mapped to Drupal roles.
 
@@ -83,12 +79,16 @@ $config['openid_connect.client.generic']['settings']['authorization_endpoint'] =
 $config['openid_connect.client.generic']['settings']['token_endpoint'] = …; // Get this from your OpenID Connect Discovery endpoint
 // Optional
 $config['openid_connect.client.generic']['settings']['end_session_endpoint'] = …; // Get this from your OpenID Connect Discovery endpoint
+
+// Disable "Autostart login process"
+$config['openid_connect.settings']['autostart_login'] = false;
 ```
 
 Check your overwrites by running
 
 ```sh
 vendor/bin/drush config:get --include-overridden openid_connect.client.generic
+vendor/bin/drush config:get --include-overridden openid_connect.settings
 ```
 
 #### Groups to roles mapping

web/profiles/custom/os2loop/modules/os2loop_user_login/os2loop_user_login.module

@@ -5,18 +5,8 @@
  * The module file for os2loop_user_login.
  */
 
-use Drupal\Core\Form\FormStateInterface;
 use Drupal\user\UserInterface;
 
-/**
- * Implements hook_form_alter().
- *
- * @see \Drupal\os2loop_user_login\Helper\Helper::alterForm()
- */
-function os2loop_user_login_form_alter(&$form, FormStateInterface $form_state, $form_id) {
-  Drupal::service('os2loop_user_login.helper')->alterForm($form, $form_state, $form_id);
-}
-
 /**
  * Implements hook_menu_local_tasks_alter().
  *

web/profiles/custom/os2loop/modules/os2loop_user_login/src/Form/SettingsForm.php

@@ -73,37 +73,43 @@ public function buildForm(array $form, FormStateInterface $form_state) {
     $form['show_drupal_login'] = [
       '#type' => 'checkbox',
       '#title' => $this->t('Show Drupal login'),
-      '#default_value' => $config->get('show_drupal_login'),
+      '#default_value' => FALSE,
+      '#disabled' => TRUE,
       '#description' => $this->t(
-        'Show Drupal (username and password) login on user login page. If not enabled, the login form will still be visible if <a href="@login_url"><code>#drupal-login</code></a> is appended to the url (<a href="@login_url">@login_url</a>).',
+        'This option has been removed. This is now controlled by the "@config_title" setting in the <a href=":config_url">OpenID Connect settings</a>.',
         [
-          '@login_url' => Url::fromRoute('user.login', [], [
-            'absolute' => TRUE,
-            'fragment' => 'drupal-login',
-          ])->toString(),
-        ]),
+          '@config_title' => $this->t('OpenID buttons display in user login form'),
+          ':config_url' => Url::fromRoute('openid_connect.admin_settings')->toString(),
+        ],
+      ),
     ];
 
     $form['show_oidc_login'] = [
       '#type' => 'checkbox',
       '#title' => $this->t('Show OpenID Connect login'),
-      '#default_value' => $config->get('show_oidc_login'),
+      '#default_value' => FALSE,
+      '#disabled' => TRUE,
       '#description' => $this->t(
-        'Show OpenID Connect login button on user login page. Set up proper <a href="@config_url">OpenID Connect configuration</a> before enabling this.',
+        'This option has been removed. This is now controlled by the "@config_title" setting in the <a href=":config_url">OpenID Connect settings</a>.',
         [
-          '@config_url' => Url::fromRoute('openid_connect.admin_settings')->toString(),
-        ]
+          '@config_title' => $this->t('OpenID buttons display in user login form'),
+          ':config_url' => Url::fromRoute('openid_connect.admin_settings')->toString(),
+        ],
       ),
     ];
 
-    $options['oidc'] = $this->t('OpenID Connect');
     $form['default_login_method'] = [
       '#type' => 'select',
       '#title' => $this->t('Default login method'),
-      '#options' => $options,
-      '#empty_value' => '',
-      '#default_value' => $config->get('default_login_method'),
-      '#description' => $this->t('The default login method to use. If specified, anonymous users will automatically be logged in with this method.'),
+      '#default_value' => FALSE,
+      '#disabled' => TRUE,
+      '#description' => $this->t(
+        'This option has been removed. This is now controlled by the "@config_title" setting in the <a href=":config_url">OpenID Connect settings</a>.',
+        [
+          '@config_title' => $this->t('Autostart login process'),
+          ':config_url' => Url::fromRoute('openid_connect.admin_settings')->toString(),
+        ],
+      ),
     ];
 
     $form['hide_logout_menu_item'] = [
@@ -121,9 +127,6 @@ public function buildForm(array $form, FormStateInterface $form_state) {
    */
   public function submitForm(array &$form, FormStateInterface $form_state) {
     $this->configFactory->getEditable(static::SETTINGS_NAME)
-      ->set('show_drupal_login', $form_state->getValue('show_drupal_login'))
-      ->set('show_oidc_login', $form_state->getValue('show_oidc_login'))
-      ->set('default_login_method', $form_state->getValue('default_login_method'))
       ->set('hide_logout_menu_item', $form_state->getValue('hide_logout_menu_item'))
       ->save();
 

web/profiles/custom/os2loop/modules/os2loop_user_login/src/Helper/Helper.php

@@ -5,7 +5,6 @@
 use Drupal\Core\Entity\EntityFieldManager;
 use Drupal\Core\Entity\EntityTypeManagerInterface;
 use Drupal\Core\Extension\ModuleHandlerInterface;
-use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Messenger\MessengerInterface;
 use Drupal\Core\Path\CurrentPathStack;
 use Drupal\Core\Session\AccountInterface;
@@ -28,6 +27,13 @@ class Helper {
    */
   private $config;
 
+  /**
+   * The OpenID Connect config.
+   *
+   * @var \Drupal\Core\Config\ImmutableConfig
+   */
+  private $openIdConnectConfig;
+
   /**
    * The entity type manager.
    *
@@ -75,6 +81,7 @@ class Helper {
    */
   public function __construct(Settings $settings, ModuleHandlerInterface $module_handler, EntityTypeManagerInterface $entity_type_manager, EntityFieldManager $entity_field_manager, MessengerInterface $messenger, RequestStack $requestStack, CurrentPathStack $currentPathStack) {
     $this->config = $settings->getConfig(SettingsForm::SETTINGS_NAME);
+    $this->openIdConnectConfig = $settings->getConfig('openid_connect.settings');
     $this->moduleHandler = $module_handler;
     $this->entityTypeManager = $entity_type_manager;
     $this->entityFieldManager = $entity_field_manager;
@@ -83,39 +90,6 @@ public function __construct(Settings $settings, ModuleHandlerInterface $module_h
     $this->currentPathStack = $currentPathStack;
   }
 
-  /**
-   * Implements hook_form_alter().
-   *
-   * Show different login options depending on the site configuration.
-   */
-  public function alterForm(&$form, FormStateInterface $form_state, $form_id) {
-    if ('openid_connect_login_form' === $form_id) {
-      if (!$this->config->get('show_oidc_login')) {
-        $form['#access'] = FALSE;
-      }
-    }
-    elseif ('user_login_form' === $form_id) {
-      if (!$this->config->get('show_drupal_login')) {
-        $form['#attached']['library'][] = 'os2loop_user_login/user-login-form';
-
-        // Wrap default Drupal login form in an element with a known id
-        // (drupal-login) so we can visually hide it.
-        foreach ($form as $key => $value) {
-          if (0 !== strpos($key, '#')) {
-            $form['drupal_login'][$key] = array_merge($value);
-            unset($form[$key]);
-          }
-        }
-        $form['drupal_login'] += [
-          '#type' => 'fieldset',
-          '#title' => $this->t('Drupal login'),
-          '#weight' => 100,
-          '#attributes' => ['id' => 'drupal-login'],
-        ];
-      }
-    }
-  }
-
   /**
    * Implements hook_preprocess_block().
    */
@@ -138,7 +112,12 @@ public function preprocessBlock(array &$variables) {
         return;
       }
 
-      $defaultLoginMethod = $this->config->get('default_login_method');
+      // The OpenID Connect module's "Autostart login process" triggers only on
+      // login, register or password reset pages. We need to trigger it in the
+      // userlogin block as well and use JavaScript to submit the (OIDC) login
+      // form if found on the page
+      // (cf. @os2loop_theme/templates/block/block--user-login-block.html.twig).
+      $defaultLoginMethod = TRUE === $this->openIdConnectConfig->get('autostart_login') ? 'oidc' : NULL;
       switch ($defaultLoginMethod) {
         case 'oidc':
           $variables['default_login_form_id'] = 'openid-connect-login-form';