protected function UserAuthenticationController::getLoginFloodIdentifier in Drupal 10
Same name and namespace in other branches
- 8 core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::getLoginFloodIdentifier()
- 9 core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::getLoginFloodIdentifier()
Gets the login identifier for user login flood control.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The current request.
string $username: The username supplied in login credentials.
Return value
string The login identifier or if the user does not exist an empty string.
2 calls to UserAuthenticationController::getLoginFloodIdentifier()
- UserAuthenticationController::floodControl in core/
modules/ user/ src/ Controller/ UserAuthenticationController.php - Enforces flood control for the current login request.
- UserAuthenticationController::login in core/
modules/ user/ src/ Controller/ UserAuthenticationController.php - Logs in a user.
File
- core/
modules/ user/ src/ Controller/ UserAuthenticationController.php, line 387
Class
- UserAuthenticationController
- Provides controllers for login, login status and logout via HTTP requests.
Namespace
Drupal\user\ControllerCode
protected function getLoginFloodIdentifier(Request $request, $username) {
$flood_config = $this
->config('user.flood');
$accounts = $this->userStorage
->loadByProperties([
'name' => $username,
'status' => 1,
]);
if ($account = reset($accounts)) {
if ($flood_config
->get('uid_only')) {
// Register flood events based on the uid only, so they apply for any
// IP address. This is the most secure option.
$identifier = $account
->id();
}
else {
// The default identifier is a combination of uid and IP address. This
// is less secure but more resistant to denial-of-service attacks that
// could lock out all users with public user names.
$identifier = $account
->id() . '-' . $request
->getClientIp();
}
return $identifier;
}
return '';
}