MainController.php in Bakery Single Sign-On System 8.2

<?php

namespace Drupal\bakery\Controller;


/**
 * @file
 * Router call back functions for bakery SSO functions.
 */
use Drupal\bakery\Cookies\Gingerbread;
use Drupal\bakery\Cookies\GingerbreadReturn;
use Drupal\bakery\Kitchen;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Database\Connection;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * Route callback functionlities.
 */
class MainController extends ControllerBase {

  /**
   * @var \Drupal\Core\Database\Connection
   */
  protected $connection;

  /**
   * @var \Drupal\bakery\Kitchen
   */
  protected $kitchen;

  /**
   * Initialize bakery service.
   *
   * @param \Drupal\bakery\Kitchen $kitchen
   *   For bakery service.
   * @param \Drupal\Core\Database\Connection $connection
   *   Database connection for saving mapping storage.
   */
  public function __construct(Kitchen $kitchen, Connection $connection) {
    $this->kitchen = $kitchen;
    $this->connection = $connection;
  }

  /**
   * When this controller is created, it will get the bakery.bakery_service.
   *
   * @param \Symfony\Component\DependencyInjection\ContainerInterface $container
   *   For getting Bakery service.
   *
   * @return static
   */
  public static function create(ContainerInterface $container) {
    return new static($container
      ->get('bakery.kitchen'), $container
      ->get('database'));
  }

  /**
   * Respond with account information.
   */
  public function eatGingerbreadCookie(Request $request) {

    // storage populated in validate.
    $ginger_bread = Gingerbread::fromData($request->attributes
      ->get('bakery'));
    $request->attributes
      ->remove('bakery');
    $account = user_load_by_name($ginger_bread
      ->getAccountName());
    if (!$account && $ginger_bread
      ->getOrEmail()) {
      $account = user_load_by_mail($ginger_bread
        ->getAccountName());
    }

    /** @var \Drupal\user\UserInterface|false $account */
    if ($account) {
      $this
        ->saveChildUid($account, $ginger_bread
        ->getChild(), $ginger_bread
        ->getChildUid());
      $fields = [];

      // Add any synced fields.
      $config = $this
        ->config('bakery.settings');
      foreach ($config
        ->get('bakery_supported_fields') as $type => $enabled) {
        if ($enabled && $account->{$type}) {
          $fields[$type] = $account->{$type};
        }
      }
      $message = $this->kitchen
        ->bakeData(new GingerbreadReturn($account
        ->getAccountName(), $account
        ->getEmail(), $account
        ->id(), $fields));
      return new Response($message);
    }
    return new Response('No account found', Response::HTTP_CONFLICT);
  }

  /**
   * Validate the account information request.
   */
  public function tasteGingerbreadCookie(Request $request = NULL) {

    // Work around https://www.drupal.org/project/drupal/issues/2786941
    $request = $request ?? \Drupal::request();
    $type = 'gingerbread';
    $post = $request->request;
    if (!$post
      ->has($type)) {
      return AccessResult::forbidden();
    }
    $cookie = $this->kitchen
      ->tasteData($post
      ->get($type), $type);
    if ($cookie === FALSE) {
      return AccessResult::forbidden();
    }
    $request->attributes
      ->set('bakery', $cookie);
    return AccessResult::allowed();
  }

  /**
   * Save UID provided by a slave site. Should only be used on the master site.
   *
   * @param object $account
   *   A local user object.
   * @param string $child
   *   The URL of the slave site.
   * @param int $child_uid
   *   The corresponding UID on the slave site.
   */
  private function saveChildUid($account, $child, $child_uid) {

    // This looks like a big overly complicated merge statement?
    $child_site_user_exists = $this->connection
      ->select('bakery_user', 'f')
      ->fields('f', [
      'uid',
    ])
      ->condition('uid', $account
      ->id())
      ->condition('slave', $child)
      ->range(0, 1)
      ->execute()
      ->fetchField();
    if (!empty($child_uid) && !$child_site_user_exists && in_array($child, $this
      ->config('bakery.settings')
      ->get('bakery_slaves') ?: [])) {
      $row = [
        'uid' => $account
          ->id(),
        'slave' => $child,
        'slave_uid' => $child_uid,
      ];
      $this->connection
        ->insert('bakery_user')
        ->fields($row)
        ->execute();
    }
  }

}