You are here

Home » API reference » Bakery Single Sign-On System 8.2 » MainDeprecatedController.php » MainDeprecatedController

public function MainDeprecatedController::login in Bakery Single Sign-On System 8.2

Special Bakery login callback authenticates the user and returns to slave.

File

src/Controller/MainDeprecatedController.php, line 162

Class

MainDeprecatedController

Namespace

Drupal\bakery\Controller

Code

public function login(Request $request) {
  $cookie = $this->kitchen
    ->taste(Kitchen::OATMEAL, $request->cookies);
  if ($cookie) {

    // Remove the data pass cookie.
    $this->kitchen
      ->eat(Kitchen::OATMEAL);
    $current_user = $this
      ->currentUser();
    if ($current_user
      ->id()) {
      if ($current_user
        ->getAccountName() != $cookie['data']['name']) {

        // Trying to log in as another user. That seems likely to cause
        // problems. Let's just bail.
        throw new AccessDeniedHttpException();
      }

      // This user is already logged in. Let's make sure the CC is correct and
      // redirect them back.
      $this->kitchen
        ->reBakeChocolateChipCookie($current_user);
      $data = [
        'errors' => [],
        'name' => $current_user
          ->getAccountName(),
      ];
    }
    else {

      // First see if the user_login form validation has any errors for them.
      $name = trim($cookie['data']['name']);

      // Execute the login form which checks
      // username, password, status and flood.
      $form_state = new FormState();
      $form_state
        ->setValues($cookie['data']);
      $form_builder = $this
        ->formBuilder();
      $form_builder
        ->submitForm(UserLoginForm::class, $form_state);
      $errors = $form_state
        ->getErrors();
      if (empty($errors)) {

        // Check if account credentials are correct.

        /** @var \Drupal\user\UserInterface|false $account */
        $account = user_load_by_name($name);
        if ($account && $account
          ->id()) {

          // Check if the mail is denied.
          if ($account
            ->isBlocked()) {
            $errors['name'] = t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', [
              '%name' => $name,
            ]);
          }
          else {

            // Passed all checks, create identification cookie and log in.
            $this->kitchen
              ->reBakeChocolateChipCookie($account);
            $this->bakeryService
              ->userExternalLogin($account);
          }
        }
        else {
          $errors['incorrect-credentials'] = 1;
        }
      }
      if (!empty($errors)) {

        // Report failed login.
        $this
          ->getLogger('user')
          ->notice('Login attempt failed for %user.', [
          '%user' => $name,
        ]);

        // Clear the messages on the master's session,
        // since they were set during
        // drupal_form_submit() and will be displayed out of context.
        $this
          ->messenger()
          ->deleteAll();
      }

      // Bake a new cookie for validation on the slave.
      $data = [
        'errors' => $errors,
        'name' => $name,
      ];
    }

    // Carry destination through login.
    if (isset($cookie['data']['destination'])) {
      $data['destination'] = $cookie['data']['destination'];
    }
    $this->kitchen
      ->bake(new OatmealCookie($name, $data));
    return new TrustedRedirectResponse(Url::fromUri(rtrim($cookie['slave'], '/') . '/bakery/login')
      ->toString());
  }
  throw new AccessDeniedHttpException();
}