DAE-3696: Fix issues on ahoy install process.

composer.json

@@ -37,6 +37,7 @@
         "lobsterr/newsroom_connector": "dev-master",
         "lobsterr/oe_newsroom_connector": "dev-master",
         "openeuropa/composer-artifacts": "~0.1",
+        "openeuropa/oe_authentication": "^1.3",
         "openeuropa/oe_content": "^1.11",
         "openeuropa/oe_corporate_blocks": "~3.0.0-beta3",
         "openeuropa/oe_corporate_countries": "^1.0@beta",

config/sync/cas.settings.yml

@@ -0,0 +1,56 @@
+server:
+  version: '3.0'
+  protocol: https
+  hostname: ecas.ec.europa.eu
+  port: 443
+  path: /cas
+  verify: 0
+  cert: ''
+gateway:
+  check_frequency: -2
+  paths:
+    id: request_path
+    pages: ''
+    negate: false
+forced_login:
+  enabled: true
+  paths:
+    id: request_path
+    pages: /user/login
+    negate: false
+logout:
+  logout_destination: '<front>'
+  enable_single_logout: false
+  cas_logout: true
+  single_logout_session_lifetime: 25
+proxy:
+  initialize: false
+  can_be_proxied: false
+  proxy_chains: ''
+user_accounts:
+  prevent_normal_login: true
+  auto_register: true
+  email_assignment_strategy: 0
+  email_hostname: localhost
+  email_attribute: ''
+  auto_assigned_roles: {  }
+  restrict_password_management: true
+  restrict_email_management: true
+error_handling:
+  login_failure_page: /
+  message_validation_failure: 'There was a problem validating your login, please contact a site administrator.'
+  message_no_local_account: 'You do not have an account on this website. Please contact a site administrator.'
+  message_subscriber_denied_reg: 'You do not have access to log in to this website. Please contact a site administrator if you believe you should have access.'
+  message_account_blocked: 'Your account is blocked or has not been activated. Please contact a site administrator.'
+  message_subscriber_denied_login: 'You do not have access to log in to this website. Please contact a site administrator if you believe you should have access.'
+  message_username_already_exists: 'An account on this website with your username already exists. Please contact a site administrator.'
+  message_prevent_normal_login: 'This account must log in using <a href="[cas:login-url]">EU Login</a>.'
+  message_restrict_password_management: 'The requested account is associated with EU Login and its password cannot be managed from this website.'
+advanced:
+  debug_log: false
+  connection_timeout: 10
+login_link_enabled: true
+login_link_label: 'EU Login'
+login_success_message: 'You have been logged in.'
+_core:
+  default_config_hash: W42TeamUFaYIcLMbvbx1hngcurDgrV8-Rh_iNsgeFJc

config/sync/core.entity_view_display.node.cnt_description.teaser.yml

@@ -52,6 +52,7 @@ hidden:
   cnt_txt_sv_02: true
   cnt_txt_sv_03: true
   cnt_txt_sv_04: true
+  extra_field_in_page_navigation: true
   oe_content_content_owner: true
   oe_content_legacy_link: true
   oe_content_navigation_title: true

config/sync/core.extension.yml

@@ -5,9 +5,11 @@ module:
   block: 0
   block_content: 0
   breakpoint: 0
+  cas: 0
   ckeditor: 0
   cnt_description: 0
   cnt_landing: 0
+  cnt_user: 0
   composite_reference: 0
   conditional_fields: 0
   config: 0
@@ -33,9 +35,9 @@ module:
   geofield: 0
   image: 0
   inline_entity_form: 0
+  json_field: 0
   layout_builder: 0
   layout_discovery: 0
-  json_field: 0
   link: 0
   linkit: 0
   maxlength: 0
@@ -51,6 +53,7 @@ module:
   newsroom_connector_topic: 0
   newsroom_connector_type: 0
   node: 0
+  oe_authentication: 0
   oe_content: 0
   oe_content_documents_field: 0
   oe_content_entity: 0
@@ -103,6 +106,7 @@ module:
   menu_link_content: 1
   oe_media: 1
   pathauto: 1
+  externalauth: 10
   views: 10
   paragraphs: 11
   oe_profile: 1000

config/sync/oe_authentication.settings.yml

@@ -0,0 +1,7 @@
+protocol: eulogin
+register_path: eim/external/register.cgi
+validation_path: TicketValidationService
+assurance_level: TOP
+ticket_types: 'SERVICE,PROXY'
+_core:
+  default_config_hash: QqXrdnYD_oVmsY_aKMaDLRwxQfZ8eveMW5HTuTrXY7o

lib/modules/cnt_user/cnt_user.info.yml

@@ -0,0 +1,9 @@
+name: 'Cnect User'
+type: module
+description: 'Cnect user module contains changes and configurations relative to users.'
+core: 8.x
+core_version_requirement: ^8 || ^9
+package: 'Cnect'
+php: 7.1
+dependencies:
+  - oe_authentication:oe_authentication

lib/modules/cnt_user/cnt_user.links.task.yml

@@ -0,0 +1,4 @@
+cnt_user.task:
+  route_name: cnt_user.canonical
+  base_route: entity.user.canonical
+  title: View

lib/modules/cnt_user/cnt_user.module

@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * @file
+ * Contains cnt_user.module.
+ */
+
+/**
+ * Implements hook_link_alter().
+ */
+function cnt_user_link_alter(&$variables) {
+  if (!empty($variables['options']['query']['destination'])) {
+    return;
+  }
+
+  $routes = [
+    'cas.login',
+  ];
+
+  /** @var Drupal\Core\Url $url */
+  $url = $variables['url'];
+
+  if ($url->isExternal() || $url->isRouted() && !in_array($url->getRouteName(), $routes)) {
+    return;
+  }
+
+  // Get current path.
+  $current_path = \Drupal::service('path.current')->getPath();
+
+  // Add destination parameter to bring user back to the current page.
+  $variables['options']['query']['destination'] = $current_path;
+}
+
+/**
+ * Implements hook_local_tasks_alter().
+ */
+function cnt_user_local_tasks_alter(&$local_tasks) {
+  /*
+  Unset "View" link on user page tabs to avoid duplicated items.
+
+  In order to force redirection to user edit page under certain conditions,
+  for example:
+  "redirect permanently until the user doesn't approve privacy policy",
+  replace the the array key with 'cnt_user.canonical' and
+  change the logic into RedirectController::postLoginRedirect().
+   */
+  unset($local_tasks['entity.user.canonical']);
+}

lib/modules/cnt_user/cnt_user.routing.yml

@@ -0,0 +1,19 @@
+cnt_user.login:
+  path: '/superuser/login'
+  defaults:
+    _form: '\Drupal\user\Form\UserLoginForm'
+    _title: 'Log in'
+  requirements:
+    _user_is_logged_in: 'FALSE'
+  options:
+    _maintenance_access: TRUE
+
+cnt_user.canonical:
+  path: '/user/{user}/view'
+  defaults:
+    _entity_view: 'user.full'
+    _title_callback: 'Drupal\user\Controller\UserController::userTitle'
+  requirements:
+    _entity_access: 'user.view'
+    _user_is_logged_in: 'TRUE'
+    user: '\d+'

lib/modules/cnt_user/cnt_user.services.yml

@@ -0,0 +1,5 @@
+services:
+  cnt_user.route_subscriber:
+    class: Drupal\cnt_user\Routing\UserRouteSubscriber
+    tags:
+      - { name: event_subscriber }