- Merge request !33Issue #3255740: Allow overriding of auth provider settings. β (Open) created by oknate
- πΊπΈUnited States damienmckenna NH, USA
Bumping this in priority and tagging it as it's a security issue to not support overriding the OAuth settings via PHP in e.g. settings.local.php.
- πΊπΈUnited States damienmckenna NH, USA
I updated the included README.md file in the MR to note the correct variable name and structure.
- First commit to issue fork.
- Merge request !85Issue #3255740: Allow overriding of auth provider settings. β (Open) created by ao5357
- πΊπΈUnited States damienmckenna NH, USA
Ran into a symptom of this today: π Failed authentication should not change default Active
- πΊπΈUnited States damienmckenna NH, USA
One interesting detail is that if you override $config['salesforce.settings']['salesforce_auth_provider'] in settings.php the admin/config/salesforce/authorize/list page shows the change immediately.
There's a bug with the proposed change when multiple configurations are defined - the connection details from the default auth provider is shown on the authorize/list page for all connections, not just the one it affects.
This shows the list page without the patch or any changes to settings.php:
This shows the list page without the patch and with the $config['salesforce.settings']['salesforce_auth_provider'] and $config['salesforce.salesforce_auth.legacy_oauth']['provider_settings'] defined in settings.php:
This shows the list page with patch and without changes to the settings.php file:
This shows the list page with the patch and with the settings.php changes:
As you can see, with multiple configurations it retains the default settings when it shows all settings items.
Another issue is that the state value named "salesforce.auth_tokens.IDENTID" is an object, which will be hard to override.
- πΊπΈUnited States damienmckenna NH, USA
FYI I ended up handling this via an extra Drush command that runs after we run "drush deploy", with this code:
$config_name = 'salesforce.salesforce_auth.legacy_oauth'; $old_config = \Drupal::config($config_name); if ($old_config->hasOverrides()) { $config_factory = \Drupal::configFactory(); $new_config = $config_factory->getEditable($config_name); $new_config->set('provider_settings.consumer_key', $old_config->get('provider_settings.consumer_key')); $new_config->set('provider_settings.consumer_secret', $old_config->get('provider_settings.consumer_secret')); $new_config->save(); $this->io()->writeln(dt('Salesforce credentials updated.')); } else { $this->io()->writeln(dt('Did not update the Salesforce credentials')); }
It loads the configuration of the "legacy_oauth" authentication config, checks to see if it was overridden via settings.php, and if so re-saves the values into the config object.
- First commit to issue fork.
- Merge request !100Issue #3255740: Allow overriding of auth provider settings. β (Open) created by colinstillwell
- π¬π§United Kingdom colinstillwell
When inspecting the incoming patch, my IDE flagged "Too many arguments to function getConfig(). 1 provided, but 0 accepted.".
I have created a new merge request, correcting
->getConfig($this->id())
to->getConfig()
. - π¬π§United Kingdom colinstillwell
On another note, I tried using https://www.drupal.org/project/coi β alongside this patch, and it didnβt work out of the box for the Salesforce auth provider form.
This is because the form elements do not include a
['#config']['key']
definition, so COI has no context about which configuration keys they relate to. While this can be resolved by modifying the form to include these keys, it might be worth discussing whether this should be handled upstream in the module.As a workaround, I added the following
hook_form_alter()
implementation in a custom module:use Drupal\Core\Render\Element; if ( $form_id === 'salesforce_auth_form' && ($provider_id = $form['id']['#default_value'] ?? NULL) && ($provider_settings = $form['settings']['provider_settings'] ?? NULL) ) { foreach (Element::children($provider_settings) as $setting) { $form['settings']['provider_settings'][$setting]['#config']['key'] = "salesforce.salesforce_auth.$provider_id:provider_settings.$setting"; } }
I hope this helps!