protected function CredentialsCheckFlood::getAccountIdentifier in Commerce Core 8.2
Gets the identifier used to register account flood events.
Parameters
string $ip: The client IP address.
string $name: The account name.
Return value
string|null The flood identifier name or NULL if there is no account with the given name.
3 calls to CredentialsCheckFlood::getAccountIdentifier()
- CredentialsCheckFlood::clearAccount in src/
CredentialsCheckFlood.php - Clears failed credential checks by the given user.
- CredentialsCheckFlood::isAllowedAccount in src/
CredentialsCheckFlood.php - Whether or not a credentials check with the given account is allowed.
- CredentialsCheckFlood::register in src/
CredentialsCheckFlood.php - Registers a new failed credentials check by the given user.
File
- src/
CredentialsCheckFlood.php, line 120
Class
- CredentialsCheckFlood
- Provides flood protection for login credential checks.
Namespace
Drupal\commerceCode
protected function getAccountIdentifier($ip, $name) {
if (!isset($this->accounts[$name])) {
$storage = $this->entityTypeManager
->getStorage('user');
$account_by_name = $storage
->loadByProperties([
'name' => $name,
]);
$this->accounts[$name] = reset($account_by_name);
}
/** @var \Drupal\Core\Session\AccountInterface $account */
$account = $this->accounts[$name];
if ($account) {
if ($this->config
->get('uid_only')) {
// Register flood events based on the uid only, so they apply for any
// IP address. This is the most secure option.
return $account
->id();
}
else {
// The default identifier is a combination of uid and IP address. This
// is less secure but more resistant to denial-of-service attacks that
// could lock out all users with public user names.
return $account
->id() . '-' . $ip;
}
}
}