uiowa_auth.module

<?php

/**
 * @file
 * Primary module hooks for uiowa_auth module.
 */

use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Url;
use Drupal\Core\Block\BlockPluginInterface;
use Drupal\uiowa_auth\UserLoginBlockPreRender;

/**
 * Implements hook_form_FORM_ID_alter().
 */
function uiowa_auth_form_user_login_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  // Remove access to form fields to avoid users entering HawkID credentials.
  $form['name']['#access'] = FALSE;
  $form['pass']['#access'] = FALSE;
  $form['actions']['#access'] = FALSE;
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function uiowa_auth_form_user_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  // Adjust access to fields on the user edit form that are synced via SAML. The
  // samlauth module does something similar to this but only for the current
  // user editing their own account. We take some additional steps also.
  if ($form['form_id']['#id'] === 'edit-user-form') {
    /** @var \Drupal\user\UserInterface $account */
    $account = user_load_by_name($form['account']['name']['#default_value']);

    /** @var \Drupal\externalauth\Authmap $authmap */
    $authmap = \Drupal::service('externalauth.authmap');

    if ($account) {
      // Always disable these fields.
      $form['account']['current_pass']['#access'] = FALSE;
      $form['account']['pass']['#access'] = FALSE;
      $form['path']['#access'] = FALSE;
      $form['account']['mail']['#disabled'] = TRUE;
      $form['account']['mail']['#description'] = t('Email addresses are synced automatically after every successful HawkID login.');

      if ((int) $account->id() === 1) {
        $form['#disabled'] = TRUE;
        $form['account']['name']['#description'] = t('User 1 information is randomized and locked for security.');
        $form['account']['mail']['#description'] = t('User 1 information is randomized and locked for security.');
      }
      else {
        if ($authmap->getUid($account->getAccountName(), 'samlauth') === FALSE) {
          _uiowa_auth_alter_name_field($form);
        }
        else {
          $form['account']['name']['#description'] = t('Usernames are synced automatically after every successful HawkID login.');
          $form['account']['name']['#disabled'] = TRUE;
        }
      }
    }
  }
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function uiowa_auth_form_user_register_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  _uiowa_auth_alter_name_field($form);

  // The email field is required for non-admins but an issue exists for core.
  // @see: https://www.drupal.org/project/drupal/issues/2992848.
  $form['account']['mail']['#access'] = FALSE;
  $form['account']['mail']['#value'] = uniqid('email_') . '@uiowa.edu';

  // Hide the password field and generate a random one since it is never used.
  $pass = \Drupal::service('password_generator')->generate();
  $form['account']['pass']['#access'] = FALSE;

  $form['account']['pass']['#value'] = [
    'pass1' => $pass,
    'pass2' => $pass,
  ];

  // Hide the path field. The defaults are fine.
  $form['path']['#access'] = FALSE;

  // @todo https://github.com/uiowa/uiowa/issues/5032
  $form['account']['notify']['#access'] = FALSE;
}

/**
 * Implements hook_block_view_BASE_BLOCK_ID_alter().
 */
function uiowa_auth_block_view_user_login_block_alter(array &$build, BlockPluginInterface $block) {
  $build['#pre_render'][] = [UserLoginBlockPreRender::class, 'preRender'];
}

/**
 * Helper to alter name field that defines a user mapping.
 *
 * @param array $form
 *   The form that contains the name field to modify.
 */
function _uiowa_auth_alter_name_field(array &$form) {
  $form['account']['name']['#description'] = t('Enter the HawkID of the user you wish to add. HawkIDs can be found using the <a href=":url">UIowa directory</a>.', [
    ':url' => Url::fromUri('https://iam.uiowa.edu/whitepages/search')->toString(),
  ]);
}