summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ga_login.module33
1 files changed, 32 insertions, 1 deletions
diff --git a/ga_login.module b/ga_login.module
index 2fa2423..877d8ac 100644
--- a/ga_login.module
+++ b/ga_login.module
@@ -403,8 +403,10 @@ function ga_login_test_form_submit($form, $form_state) {
*/
function ga_login_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'user_login_block' || $form_id == 'user_login') {
+ // Re-arrange and add validation handlers.
array_unshift($form['#validate'], $form['#validate'][0]);
$form['#validate'][1] = 'ga_login_user_login_validate';
+ $form['#validate'][] = 'ga_login_user_login_validate_code_needed';
$form['gacode'] = array(
'#type' => 'textfield',
'#title' => 'Code',
@@ -442,6 +444,10 @@ function ga_login_form_alter(&$form, &$form_state, $form_id) {
/**
* Implements hook_user_presave().
+ *
+ * If a user enables 'Protect my account with two-factor-authentication', make
+ * sure he has setup a code, if not redirect to the creation page.
+ *
*/
function ga_login_user_presave(&$edit, $account, $category) {
if (isset($edit['ga_login_force_tfa'])) {
@@ -455,12 +461,16 @@ function ga_login_user_presave(&$edit, $account, $category) {
/**
* Validate callback for login form.
+ *
+ * Checks if the ga_login code is needed and valid.
+ *
* @see ga_login_form_alter()
*/
function ga_login_user_login_validate($form, &$form_state) {
$name = $form_state['values']['name'];
$code = $form_state['values']['gacode'];
$account = user_load_by_name($name);
+
if (_ga_login_force_tfa($account) || !empty($code) || ($account->uid == 1 && variable_get('ga_login_always_for_uid1', 0))) {
module_load_include('php', 'ga_login', 'ga_login.class');
$ga = new ga_loginGA(10);
@@ -469,9 +479,30 @@ function ga_login_user_login_validate($form, &$form_state) {
$keyok = $ga->authenticateUser($username, $code);
if (!$keyok) {
form_set_error('gacode', t("Your code isn't valid."));
+ $form_state['ga_code'] = 'invalid';
+ }
+ else {
+ $form_state['ga_code'] = 'valid';
}
}
- else {
+ }
+}
+
+/**
+ * Validate callback for login form.
+ *
+ * Checks if the user has to use ga_login, but doesn't yet have a code.
+ *
+ * @see ga_login_form_alter()
+ */
+function ga_login_user_login_validate_code_needed($form, &$form_state) {
+ $name = $form_state['values']['name'];
+ $code = $form_state['values']['gacode'];
+ $account = user_load_by_name($name);
+
+ if (_ga_login_force_tfa($account) || !empty($code) || ($account->uid == 1 && variable_get('ga_login_always_for_uid1', 0))) {
+ // The username and password are valid, check if the user has a token.
+ if ($form_state['uid'] && !isset($form_state['ga_code'])) {
form_set_error('gacode');
unset($_GET['destination']);
drupal_set_message(t('You don\'t have a login code yet. This login will only work once. After you log in, you can go to your profile page to generate the GA login code.'), 'warning');