class Cookie in Drupal 10
Same name and namespace in other branches
- 8 core/modules/user/src/Authentication/Provider/Cookie.php \Drupal\user\Authentication\Provider\Cookie
- 9 core/modules/user/src/Authentication/Provider/Cookie.php \Drupal\user\Authentication\Provider\Cookie
Cookie based authentication provider.
Hierarchy
- class \Drupal\user\Authentication\Provider\Cookie implements \Symfony\Component\EventDispatcher\EventSubscriberInterface, AuthenticationProviderInterface uses StringTranslationTrait
Expanded class hierarchy of Cookie
1 file declares its use of Cookie
- UserAuthTest.php in core/
modules/ user/ tests/ src/ Unit/ UserAuthTest.php
6 string references to 'Cookie'
- CookieResourceTestTrait::getAuthenticationRequestOptions in core/
modules/ rest/ tests/ src/ Functional/ CookieResourceTestTrait.php - FinishResponseSubscriber::setResponseCacheable in core/
lib/ Drupal/ Core/ EventSubscriber/ FinishResponseSubscriber.php - Add Cache-Control and Expires headers to a cacheable response.
- JsonApiRequestTestTrait::decorateWithXdebugCookie in core/
modules/ jsonapi/ tests/ src/ Functional/ JsonApiRequestTestTrait.php - Adds the Xdebug cookie to the request options.
- PageCache::lookup in core/
modules/ page_cache/ src/ StackMiddleware/ PageCache.php - Retrieves a response from the cache or fetches it from the backend.
- ResourceTestBase::decorateWithXdebugCookie in core/
modules/ rest/ tests/ src/ Functional/ ResourceTestBase.php - Adds the Xdebug cookie to the request options.
1 service uses Cookie
- user.authentication.cookie in core/
modules/ user/ user.services.yml - Drupal\user\Authentication\Provider\Cookie
File
- core/
modules/ user/ src/ Authentication/ Provider/ Cookie.php, line 24
Namespace
Drupal\user\Authentication\ProviderView source
class Cookie implements AuthenticationProviderInterface, EventSubscriberInterface {
use StringTranslationTrait;
/**
* The session configuration.
*
* @var \Drupal\Core\Session\SessionConfigurationInterface
*/
protected $sessionConfiguration;
/**
* The database connection.
*
* @var \Drupal\Core\Database\Connection
*/
protected $connection;
/**
* The messenger.
*
* @var \Drupal\Core\Messenger\MessengerInterface
*/
protected $messenger;
/**
* Constructs a new cookie authentication provider.
*
* @param \Drupal\Core\Session\SessionConfigurationInterface $session_configuration
* The session configuration.
* @param \Drupal\Core\Database\Connection $connection
* The database connection.
* @param \Drupal\Core\Messenger\MessengerInterface $messenger
* The messenger.
*/
public function __construct(SessionConfigurationInterface $session_configuration, Connection $connection, MessengerInterface $messenger) {
$this->sessionConfiguration = $session_configuration;
$this->connection = $connection;
$this->messenger = $messenger;
}
/**
* {@inheritdoc}
*/
public function applies(Request $request) {
$applies = $request
->hasSession() && $this->sessionConfiguration
->hasSession($request);
if (!$applies && $request->query
->has('check_logged_in')) {
$domain = ltrim(ini_get('session.cookie_domain'), '.') ?: $request
->getHttpHost();
$this->messenger
->addMessage($this
->t('To log in to this site, your browser must accept cookies from the domain %domain.', [
'%domain' => $domain,
]), 'error');
}
return $applies;
}
/**
* {@inheritdoc}
*/
public function authenticate(Request $request) {
return $this
->getUserFromSession($request
->getSession());
}
/**
* Returns the UserSession object for the given session.
*
* @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
* The session.
*
* @return \Drupal\Core\Session\AccountInterface|null
* The UserSession object for the current user, or NULL if this is an
* anonymous session.
*/
protected function getUserFromSession(SessionInterface $session) {
if ($uid = $session
->get('uid')) {
// @todo Load the User entity in SessionHandler so we don't need queries.
// @see https://www.drupal.org/node/2345611
$values = $this->connection
->query('SELECT * FROM {users_field_data} [u] WHERE [u].[uid] = :uid AND [u].[default_langcode] = 1', [
':uid' => $uid,
])
->fetchAssoc();
// Check if the user data was found and the user is active.
if (!empty($values) && $values['status'] == 1) {
// Add the user's roles.
$rids = $this->connection
->query('SELECT [roles_target_id] FROM {user__roles} WHERE [entity_id] = :uid', [
':uid' => $values['uid'],
])
->fetchCol();
$values['roles'] = array_merge([
AccountInterface::AUTHENTICATED_ROLE,
], $rids);
return new UserSession($values);
}
}
// This is an anonymous session.
return NULL;
}
/**
* Adds a query parameter to check successful log in redirect URL.
*
* @param \Symfony\Component\HttpKernel\Event\ResponseEvent $event
* The Event to process.
*/
public function addCheckToUrl(ResponseEvent $event) {
$response = $event
->getResponse();
if ($response instanceof RedirectResponse && $event
->getRequest()
->hasSession()) {
if ($event
->getRequest()
->getSession()
->has('check_logged_in')) {
$event
->getRequest()
->getSession()
->remove('check_logged_in');
$url = $response
->getTargetUrl();
$options = UrlHelper::parse($url);
$options['query']['check_logged_in'] = '1';
$url = $options['path'] . '?' . UrlHelper::buildQuery($options['query']);
if (!empty($options['#fragment'])) {
$url .= '#' . $options['#fragment'];
}
// In the case of trusted redirect, we have to update the list of
// trusted URLs because here we've just modified its target URL
// which is in the list.
if ($response instanceof TrustedRedirectResponse) {
$response
->setTrustedTargetUrl($url);
}
$response
->setTargetUrl($url);
}
}
}
/**
* Registers the methods in this class that should be listeners.
*
* @return array
* An array of event listener definitions.
*/
public static function getSubscribedEvents() : array {
$events[KernelEvents::RESPONSE][] = [
'addCheckToUrl',
-1000,
];
return $events;
}
}