Issue #82: Expose the new config in the settings form.

src/Form/AuthenticationSettingsForm.php

@@ -6,6 +6,7 @@
 
 use Drupal\Core\Form\ConfigFormBase;
 use Drupal\Core\Form\FormStateInterface;
+use Drupal\user\UserInterface;
 
 /**
  * Settings form for module.
@@ -53,6 +54,13 @@ public function buildForm(array $form, FormStateInterface $form_state) {
       '#title' => $this->t('Application available ticket types'),
       '#default_value' => $this->config(static::CONFIG_NAME)->get('ticket_types'),
     ];
+    $form['block_on_site_admin_approval'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Block newly created users if the site requires admin approval'),
+      '#disabled' => $this->config('user.settings')->get('register') !== UserInterface::REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL,
+      '#default_value' => $this->config(static::CONFIG_NAME)->get('block_on_site_admin_approval'),
+      '#description' => $this->t('New users, registered after a successful EU Login, are disabled when this option is checked, if the user registration is configured to require administrators approval. This option cannot be configured and has no effect if only administrators can register users or visitors can register themselves without any approval.'),
+    ];
     return parent::buildForm($form, $form_state);
   }
 
@@ -66,6 +74,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
       ->set('validation_path', $form_state->getValue('validation_path'))
       ->set('assurance_level', $form_state->getValue('assurance_level'))
       ->set('ticket_types', $form_state->getValue('ticket_types'))
+      ->set('block_on_site_admin_approval', $form_state->getValue('block_on_site_admin_approval'))
       ->save();
     parent::submitForm($form, $form_state);
   }

tests/Behat/AuthenticationContext.php

@@ -137,6 +137,59 @@ public function setNewUsersBlocked(): void {
     $this->configContext->setConfig('user.settings', 'register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
   }
 
+  /**
+   * Asserts that a give field is disabled.
+   *
+   * @param string $field_locator
+   *   The field locator.
+   *
+   * @throws \Exception
+   *   If the field is enabled.
+   *
+   * @Given (the ):field (field )should be disabled
+   */
+  public function assertFieldIsDisabled(string $field_locator): void {
+    if ($this->isFieldEnabled($field_locator)) {
+      throw new \Exception("Field '$field_locator' is enabled but should be disabled.");
+    }
+  }
+
+  /**
+   * Asserts that a give field is not disabled.
+   *
+   * @param string $field_locator
+   *   The field locator.
+   *
+   * @throws \Exception
+   *   If the field is disabled.
+   *
+   * @Given (the ):field (field )should not be disabled
+   */
+  public function assertFieldIsNotDisabled(string $field_locator): void {
+    if (!$this->isFieldEnabled($field_locator)) {
+      throw new \Exception("Field '$field_locator' is disabled but should be enabled.");
+    }
+  }
+
+  /**
+   * Finds out if a given field is enabled or disabled.
+   *
+   * @param string $field_locator
+   *   The field locator.
+   *
+   * @return bool
+   *   TRUE if the field is enabled, FALSE otherwise.
+   *
+   * @throws \Exception
+   *   If the field doesn't exist.
+   */
+  protected function isFieldEnabled(string $field_locator): bool {
+    if (!$field = $this->getSession()->getPage()->findField($field_locator)) {
+      throw new \Exception("Field '$field_locator' doesn't exist.");
+    }
+    return empty($field->getAttribute('disabled'));
+  }
+
   /**
    * We reset the authentication mock to the state as it was.
    *

tests/features/configure_authentication.feature

@@ -8,25 +8,35 @@ Feature: Authentication
 
   @DrupalLogin @BackupAuthConfigs
   Scenario: Configure Authentication settings
+    Given the site is configured to make users blocked on creation
     When I am on "the Authentication configuration page"
+
     Then I should see "Authentication settings"
     # Check for the default config is there.
     And the "Application authentication protocol" field should contain "eulogin"
     And the "Application register path" field should contain "eim/external/register.cgi"
     And the "Application validation path" field should contain "TicketValidationService"
     And the "Application assurance levels" field should contain "TOP"
     And the "Application available ticket types" field should contain "SERVICE,PROXY"
+    And the "Block newly created users if the site requires admin approval" field should not be disabled
+    And the "Block newly created users if the site requires admin approval" checkbox should be checked
 
     # Change the configuration values.
     When I fill in "Application authentication protocol" with "something"
     And I fill in "Application register path" with "test/something"
     And I fill in "Application validation path" with "validation/path"
     And I fill in "Application assurance levels" with "assurance"
     And I fill in "Application available ticket types" with "ticket.test"
+    And I uncheck "Block newly created users if the site requires admin approval"
     And I press "Save configuration"
     Then I should see the message "The configuration options have been saved."
     And the "Application authentication protocol" field should contain "something"
     And the "Application register path" field should contain "test/something"
     And the "Application validation path" field should contain "validation/path"
     And the "Application assurance levels" field should contain "assurance"
     And the "Application available ticket types" field should contain "ticket.test"
+    And the "Block newly created users if the site requires admin approval" checkbox should be unchecked
+
+    Given the site is configured to make users active on creation
+    When I reload the page
+    Then the "Block newly created users if the site requires admin approval" field should be disabled