#871: Updated OS2Forms Nemid authenticated check

OS2Forms · Mar 1, 2024 · 22f29f3 · 22f29f3
1 parent bb6b90b
commit 22f29f3
Showing 1 changed file with 20 additions and 9 deletions.
diff --git a/modules/os2forms_nemid/os2forms_nemid.module b/modules/os2forms_nemid/os2forms_nemid.module
@@ -134,21 +134,32 @@ function os2forms_nemid_webform_submission_form_alter(array &$form, FormStateInt
     // User is authenticated, check if the form type is corresponding to
     // authentication type.
     if ($authProviderPlugin->isAuthenticated()) {
-      if ($authProviderPlugin->isAuthenticatedPerson() && $webform_type !== NemidElementBase::WEBFORM_TYPE_PERSONAL
-        || $authProviderPlugin->isAuthenticatedCompany() && $webform_type !== NemidElementBase::WEBFORM_TYPE_COMPANY) {
-        \Drupal::messenger()
-          ->addWarning(t('Your login type does match the login type required by the webform. Please <a href="@logout">log out</a> and sign in with a different account', [
-            '@logout' => $authProviderService->getLogoutUrl()
-              ->toString(),
-          ]));
-        foreach (Element::children($form['actions']) as $key) {
-          $form['actions'][$key]['#disabled'] = TRUE;
+      // Users often login on behalf of company as themselves, i.e. values may contain both a cpr and cvr value,
+      // and they will therefore be considered authenticated as company AND person.
+      if ($webform_type === NemidElementBase::WEBFORM_TYPE_COMPANY) {
+        if (!$authProviderPlugin->isAuthenticatedCompany()) {
+          addWarningAndDisableForm($form, $authProviderService->getLogoutUrl()->toString());
+        }
+      } elseif ($webform_type === NemidElementBase::WEBFORM_TYPE_PERSONAL) {
+        if (!$authProviderPlugin->isAuthenticatedPerson()) {
+          addWarningAndDisableForm($form, $authProviderService->getLogoutUrl()->toString());
         }
       }
     }
   }
 }
 
+function addWarningAndDisableForm(array $form, string $logoutUrl): void
+{
+  \Drupal::messenger()
+    ->addWarning(t('Your login type does match the login type required by the webform. Please <a href="@logout">log out</a> and sign in with a different account', [
+      '@logout' => $logoutUrl,
+    ]));
+  foreach (Element::children($form['actions']) as $key) {
+    $form['actions'][$key]['#disabled'] = TRUE;
+  }
+}
+
 /**
  * Implements hook_preprocess().
  */