MainDeprecatedController.php in Bakery Single Sign-On System 8.2

<?php

namespace Drupal\bakery\Controller;

use Drupal\bakery\BakeryService;
use Drupal\bakery\Cookies\OatmealCookie;
use Drupal\bakery\Kitchen;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Form\FormState;
use Drupal\Core\Routing\TrustedRedirectResponse;
use Drupal\Core\Url;
use Drupal\user\Entity\User;
use Drupal\user\Form\UserLoginForm;
use Drupal\user\UserInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class MainDeprecatedController extends ControllerBase {

  /**
   * @var \Drupal\bakery\BakeryService
   */
  protected $bakeryService;

  /**
   * @var \Drupal\bakery\Kitchen
   */
  protected $kitchen;

  /**
   * Initialize bakery service.
   *
   * @param \Drupal\bakery\BakeryService $bakery_service
   *   For bakery service.
   * @param \Drupal\bakery\Kitchen $kitchen
   *   For bakery service.
   */
  public function __construct(BakeryService $bakery_service, Kitchen $kitchen) {
    $this->bakeryService = $bakery_service;
    $this->kitchen = $kitchen;
  }

  /**
   * When this controller is created, it will get the bakery.bakery_service.
   *
   * @param \Symfony\Component\DependencyInjection\ContainerInterface $container
   *   For getting Bakery service.
   *
   * @return static
   */
  public static function create(ContainerInterface $container) {
    return new static($container
      ->get('bakery.bakery_service'), $container
      ->get('bakery.kitchen'));
  }

  /**
   * Special Bakery register callback registers the user and returns to child.
   */
  public function register() {
    $cookie = $this->kitchen
      ->taste(Kitchen::OATMEAL);
    if ($cookie) {

      // Valid cookie.
      // Destroy the current oatmeal cookie,
      // we'll set a new one when we return to the slave.
      $this->kitchen
        ->eat(Kitchen::OATMEAL);

      // Users are allowed to register.
      if ($this
        ->config('user.settings')
        ->get('register') != UserInterface::REGISTER_ADMINISTRATORS_ONLY) {
        $name = trim($cookie['data']['name']);
        $mail = trim($cookie['data']['mail']);
        $data = [
          'name' => $name,
        ];

        // Save errors.
        $errors = [];

        // Check if user exists with same email.
        if (user_load_by_mail($mail)) {
          $errors['mail'] = 1;
        }
        elseif (user_load_by_name($name)) {
          $errors['name'] = 1;
        }
        else {

          // Create user.
          if (!$cookie['data']['pass']) {
            $pass = user_password();
          }
          else {
            $pass = $cookie['data']['pass'];
          }
          $language = $this
            ->languageManager()
            ->getCurrentLanguage()
            ->getId();
          $account = User::create();

          // Mandatory settings.
          $account
            ->setPassword($pass);
          $account
            ->enforceIsNew();
          $account
            ->setEmail($mail);

          // This username must be unique and accept only a-Z,0-9, - _ @ .
          $account
            ->setUsername($name);

          // Optional settings.
          $account
            ->set("init", $mail);
          $account
            ->set("langcode", $language);
          $account
            ->set("preferred_langcode", $language);
          $account
            ->set("preferred_admin_langcode", $language);

          // $user->set("setting_name", 'setting_value');.
          $account
            ->activate();

          // Save user.
          $account
            ->save();

          // Set some info to return to the slave.
          $data['uid'] = $account
            ->id();
          $data['mail'] = $mail;
          $this
            ->getLogger('bakery')
            ->notice('New external user: %name using module bakery from slave !slave.', [
            '%name' => $account
              ->getAccountName(),
            '!slave' => $cookie['slave'],
          ]);

          // Redirect to slave.
          if (!$this
            ->config('user.settings')
            ->get('verify_mail')) {

            // Create identification cookie and log user in.
            $this->kitchen
              ->reBakeChocolateChipCookie($account);
            $this->bakeryService
              ->userExternalLogin($account);
          }
          else {

            // The user needs to validate their email, redirect back to slave to
            // inform them.
            $errors['validate'] = 1;
          }
        }
      }
      else {
        $this
          ->getLogger('bakery')
          ->error('Master Bakery site user registration is disabled but users are trying to register from a subsite.');
        $errors['register'] = 1;
      }
      if (!empty($errors)) {

        // There were errors.
        session_destroy();
      }

      // Redirect back to custom Bakery callback on slave.
      $data['errors'] = $errors;

      // Carry destination through return.
      if (isset($cookie['data']['destination'])) {
        $data['destination'] = $cookie['data']['destination'];
      }

      // Bake a new cookie for validation on the slave.
      $this->kitchen
        ->bake(new OatmealCookie($name, $data));
      return new TrustedRedirectResponse(Url::fromUri(rtrim($cookie['slave'], '/') . '/bakery')
        ->toString());
    }

    // Invalid request.
    throw new AccessDeniedHttpException();
  }

  /**
   * Special Bakery login callback authenticates the user and returns to slave.
   */
  public function login(Request $request) {
    $cookie = $this->kitchen
      ->taste(Kitchen::OATMEAL, $request->cookies);
    if ($cookie) {

      // Remove the data pass cookie.
      $this->kitchen
        ->eat(Kitchen::OATMEAL);
      $current_user = $this
        ->currentUser();
      if ($current_user
        ->id()) {
        if ($current_user
          ->getAccountName() != $cookie['data']['name']) {

          // Trying to log in as another user. That seems likely to cause
          // problems. Let's just bail.
          throw new AccessDeniedHttpException();
        }

        // This user is already logged in. Let's make sure the CC is correct and
        // redirect them back.
        $this->kitchen
          ->reBakeChocolateChipCookie($current_user);
        $data = [
          'errors' => [],
          'name' => $current_user
            ->getAccountName(),
        ];
      }
      else {

        // First see if the user_login form validation has any errors for them.
        $name = trim($cookie['data']['name']);

        // Execute the login form which checks
        // username, password, status and flood.
        $form_state = new FormState();
        $form_state
          ->setValues($cookie['data']);
        $form_builder = $this
          ->formBuilder();
        $form_builder
          ->submitForm(UserLoginForm::class, $form_state);
        $errors = $form_state
          ->getErrors();
        if (empty($errors)) {

          // Check if account credentials are correct.

          /** @var \Drupal\user\UserInterface|false $account */
          $account = user_load_by_name($name);
          if ($account && $account
            ->id()) {

            // Check if the mail is denied.
            if ($account
              ->isBlocked()) {
              $errors['name'] = t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', [
                '%name' => $name,
              ]);
            }
            else {

              // Passed all checks, create identification cookie and log in.
              $this->kitchen
                ->reBakeChocolateChipCookie($account);
              $this->bakeryService
                ->userExternalLogin($account);
            }
          }
          else {
            $errors['incorrect-credentials'] = 1;
          }
        }
        if (!empty($errors)) {

          // Report failed login.
          $this
            ->getLogger('user')
            ->notice('Login attempt failed for %user.', [
            '%user' => $name,
          ]);

          // Clear the messages on the master's session,
          // since they were set during
          // drupal_form_submit() and will be displayed out of context.
          $this
            ->messenger()
            ->deleteAll();
        }

        // Bake a new cookie for validation on the slave.
        $data = [
          'errors' => $errors,
          'name' => $name,
        ];
      }

      // Carry destination through login.
      if (isset($cookie['data']['destination'])) {
        $data['destination'] = $cookie['data']['destination'];
      }
      $this->kitchen
        ->bake(new OatmealCookie($name, $data));
      return new TrustedRedirectResponse(Url::fromUri(rtrim($cookie['slave'], '/') . '/bakery/login')
        ->toString());
    }
    throw new AccessDeniedHttpException();
  }

  /**
   * User is anonymous or not .
   */
  public function userIsAnonymous() {
    if ($this
      ->currentUser()
      ->isAnonymous()) {
      return AccessResult::allowed();
    }
    else {
      return AccessResult::forbidden();
    }
  }

}