From de73e800adb2386350c6fa79332e3dba0da050aa Mon Sep 17 00:00:00 2001 From: astanley Date: Tue, 22 Apr 2025 16:27:51 +0000 Subject: [PATCH] added messenging --- src/EventSubscriber/RedirectSubscriber.php | 44 +++++++++++++++++----- src/Form/RedirectSettingsForm.php | 6 ++- url_permission_redirect.services.yml | 2 +- 3 files changed, 40 insertions(+), 12 deletions(-) diff --git a/src/EventSubscriber/RedirectSubscriber.php b/src/EventSubscriber/RedirectSubscriber.php index dc9aa44..b5b1dae 100644 --- a/src/EventSubscriber/RedirectSubscriber.php +++ b/src/EventSubscriber/RedirectSubscriber.php @@ -8,6 +8,9 @@ use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Drupal\Core\Routing\TrustedRedirectResponse; use Drupal\Core\Session\AccountProxyInterface; use Drupal\Core\Config\ConfigFactoryInterface; +use Drupal\Core\Messenger\MessengerInterface; +use Drupal\Core\Url; +use Symfony\Component\HttpFoundation\RedirectResponse; /** * Subscribes to kernel request events to redirect users based on permissions. @@ -31,6 +34,13 @@ class RedirectSubscriber implements EventSubscriberInterface { */ protected $configFactory; + /** + * The Messenger service. + * + * @var \Drupal\Core\Messenger\ + */ + protected $messenger; + /** * Constructs a new RedirectSubscriber. * @@ -38,10 +48,13 @@ class RedirectSubscriber implements EventSubscriberInterface { * The current user. * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory * The config factory. + * @param Drupal\Core\Messenger\MessengerInterface $messenger + * The messenger. */ - public function __construct(AccountProxyInterface $current_user, ConfigFactoryInterface $config_factory) { + public function __construct(AccountProxyInterface $current_user, ConfigFactoryInterface $config_factory, MessengerInterface $messenger) { $this->currentUser = $current_user; $this->configFactory = $config_factory; + $this->messenger = $messenger; } /** @@ -50,13 +63,13 @@ class RedirectSubscriber implements EventSubscriberInterface { public function onRequest(RequestEvent $event) { $request = $event->getRequest(); $host = $request->getHost(); + $uri = $request->getRequestUri(); $config = $this->configFactory->get('url_permission_redirect.settings'); $protectedDomain = $config->get('protected_domain') ?? FALSE; - $uri = $request->getRequestUri(); - // Redirect logged-in users with permission. + // Redirect logged-in users with access permission to protected domain. if ($protectedDomain && $this->currentUser->isAuthenticated() && - $this->currentUser->hasPermission('access protected domain')) { + $this->currentUser->hasPermission('access protected domain')) { if ($host !== $protectedDomain) { $redirect_url = 'https://' . $protectedDomain . $uri; $event->setResponse(new TrustedRedirectResponse($redirect_url, 302)); @@ -64,17 +77,30 @@ class RedirectSubscriber implements EventSubscriberInterface { } } - // Redirect anonymous users trying to log in via the public domain. - if ($host !== $protectedDomain && $uri === '/user/login') { + // Redirect anonymous users attempting to log in from public domain. + if ($host !== $protectedDomain && $uri === '/user/login' && $this->currentUser->isAnonymous()) { $destination = $request->query->get('destination'); - $redirect_url = 'https://' . $protectedDomain . '/user/login'; + $redirect_url = 'https://' . $protectedDomain . '/user?redirect_message=1'; - // Preserve destination if it exists. if ($destination) { - $redirect_url .= '?destination=' . urlencode($destination); + $redirect_url .= '&destination=' . urlencode($destination); } $event->setResponse(new TrustedRedirectResponse($redirect_url, 302)); + return; + } + + // Show redirect message on target domain if query parameter is present. + if ($host === $protectedDomain && $request->query->get('redirect_message') === '1') { + $this->messenger->addStatus('You were redirected here to log in securely.'); + + // Clean the query string by removing redirect_message and reloading. + $query = $request->query->all(); + unset($query['redirect_message']); + + $current_path = $request->getPathInfo(); + $clean_url = Url::fromUri('internal:' . $current_path, ['query' => $query])->toString(); + $event->setResponse(new RedirectResponse($clean_url, 302)); } } diff --git a/src/Form/RedirectSettingsForm.php b/src/Form/RedirectSettingsForm.php index 454231f..0eb6d47 100644 --- a/src/Form/RedirectSettingsForm.php +++ b/src/Form/RedirectSettingsForm.php @@ -37,7 +37,7 @@ class RedirectSettingsForm extends ConfigFormBase { '#type' => 'textfield', '#title' => $this->t('Protected Domain'), '#default_value' => $config->get('protected_domain'), - '#description' => $this->t('Domain to redirect users with permission to.'), + '#description' => $this->t('Domain to redirect users with permissions.'), '#required' => TRUE, ]; @@ -48,8 +48,10 @@ class RedirectSettingsForm extends ConfigFormBase { * {@inheritdoc} */ public function submitForm(array &$form, FormStateInterface $form_state) { + $protected_domain = $form_state->getValue('protected_domain'); + $cleaned = preg_replace('#^https?://#', '', rtrim($protected_domain, '/')); $this->config('url_permission_redirect.settings') - ->set('protected_domain', $form_state->getValue('protected_domain')) + ->set('protected_domain', $cleaned) ->save(); parent::submitForm($form, $form_state); diff --git a/url_permission_redirect.services.yml b/url_permission_redirect.services.yml index 6e33603..6ce3da7 100644 --- a/url_permission_redirect.services.yml +++ b/url_permission_redirect.services.yml @@ -1,6 +1,6 @@ services: url_permission_redirect.event_subscriber: class: Drupal\url_permission_redirect\EventSubscriber\RedirectSubscriber - arguments: ['@current_user', '@config.factory'] + arguments: ['@current_user', '@config.factory, '@messenger'] tags: - { name: event_subscriber }