private function DisableLoginAccessCheck::hasValidSecretToken in Disable Login Page 1.0.x
Check if the URL has a valid secret token.
Parameters
\Drupal\Core\Routing\RouteMatch $route_match: The route which is attempted to be accessed.
Return value
bool TRUE if the URL has valid secret token.
1 call to DisableLoginAccessCheck::hasValidSecretToken()
- DisableLoginAccessCheck::access in src/
Access/ DisableLoginAccessCheck.php - A custom access check.
File
- src/
Access/ DisableLoginAccessCheck.php, line 103
Class
- DisableLoginAccessCheck
- Class DisableLoginAccessCheck.
Namespace
Drupal\disable_login\AccessCode
private function hasValidSecretToken(RouteMatch $route_match) {
// Uncomment the following line to disable this module if you
// are locked out because you forgot the key/value pair and
// are not able to login.
// return TRUE;
// Check key value pair for user/login routes.
$route_name = $route_match
->getRouteName();
switch ($route_name) {
// For login pages check for token.
case 'user.login':
case 'user.login.http':
$config = $this->configFactory
->get('disable_login.settings');
// If login pages are protected based on the configuration for
// the environment, check for key.
if ($config
->get('disable_login')) {
$key_name = $config
->get('querystring');
$secret_key = $config
->get('secret');
// Allow other modules to alter the key with custom logic
// for example cycle through keys or based on month etc.
$this->moduleHandler
->alter('disable_login_key', $secret_key);
$key_value = $this->request
->get($key_name);
if ($key_value == $secret_key) {
return TRUE;
}
else {
return FALSE;
}
}
default:
}
// Protect only those pages that require the key.
// Return TRUE by default.
return TRUE;
}