You are here

public function UserController::confirmCancel in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::confirmCancel()

Confirms cancelling a user account via an email link.

Parameters

\Drupal\user\UserInterface $user: The user account.

int $timestamp: The timestamp.

string $hashed_pass: The hashed password.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse A redirect response.

1 string reference to 'UserController::confirmCancel'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 337

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function confirmCancel(UserInterface $user, $timestamp = 0, $hashed_pass = '') {

  // Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
  $timeout = 86400;
  $current = REQUEST_TIME;

  // Basic validation of arguments.
  $account_data = $this->userData
    ->get('user', $user
    ->id());
  if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {

    // Validate expiration and hashed password/login.
    if ($timestamp <= $current && $current - $timestamp < $timeout && $user
      ->id() && $timestamp >= $user
      ->getLastLoginTime() && hash_equals($hashed_pass, user_pass_rehash($user, $timestamp))) {
      $edit = [
        'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : $this
          ->config('user.settings')
          ->get('notify.status_canceled'),
      ];
      user_cancel($edit, $user
        ->id(), $account_data['cancel_method']);

      // Since user_cancel() is not invoked via Form API, batch processing
      // needs to be invoked manually and should redirect to the front page
      // after completion.
      return batch_process('<front>');
    }
    else {
      $this
        ->messenger()
        ->addError($this
        ->t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
      return $this
        ->redirect('entity.user.cancel_form', [
        'user' => $user
          ->id(),
      ], [
        'absolute' => TRUE,
      ]);
    }
  }
  throw new AccessDeniedHttpException();
}