View source
<?php
namespace Drupal\user\Form;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\RendererInterface;
use Drupal\Core\Url;
use Drupal\user\UserAuthInterface;
use Drupal\user\UserInterface;
use Drupal\user\UserStorageInterface;
use Drupal\user\UserFloodControlInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Response;
class UserLoginForm extends FormBase {
protected $userFloodControl;
protected $userStorage;
protected $userAuth;
protected $renderer;
public function __construct($user_flood_control, UserStorageInterface $user_storage, UserAuthInterface $user_auth, RendererInterface $renderer) {
if (!$user_flood_control instanceof UserFloodControlInterface) {
@trigger_error('Passing the flood service to ' . __METHOD__ . ' is deprecated in drupal:9.1.0 and is replaced by user.flood_control in drupal:10.0.0. See https://www.drupal.org/node/3067148', E_USER_DEPRECATED);
$user_flood_control = \Drupal::service('user.flood_control');
}
$this->userFloodControl = $user_flood_control;
$this->userStorage = $user_storage;
$this->userAuth = $user_auth;
$this->renderer = $renderer;
}
public static function create(ContainerInterface $container) {
return new static($container
->get('user.flood_control'), $container
->get('entity_type.manager')
->getStorage('user'), $container
->get('user.auth'), $container
->get('renderer'));
}
public function getFormId() {
return 'user_login_form';
}
public function buildForm(array $form, FormStateInterface $form_state) {
$config = $this
->config('system.site');
$form['name'] = [
'#type' => 'textfield',
'#title' => $this
->t('Username'),
'#size' => 60,
'#maxlength' => UserInterface::USERNAME_MAX_LENGTH,
'#description' => $this
->t('Enter your @s username.', [
'@s' => $config
->get('name'),
]),
'#required' => TRUE,
'#attributes' => [
'autocorrect' => 'none',
'autocapitalize' => 'none',
'spellcheck' => 'false',
'autofocus' => 'autofocus',
],
];
$form['pass'] = [
'#type' => 'password',
'#title' => $this
->t('Password'),
'#size' => 60,
'#description' => $this
->t('Enter the password that accompanies your username.'),
'#required' => TRUE,
];
$form['actions'] = [
'#type' => 'actions',
];
$form['actions']['submit'] = [
'#type' => 'submit',
'#value' => $this
->t('Log in'),
];
$form['#validate'][] = '::validateName';
$form['#validate'][] = '::validateAuthentication';
$form['#validate'][] = '::validateFinal';
$this->renderer
->addCacheableDependency($form, $config);
return $form;
}
public function submitForm(array &$form, FormStateInterface $form_state) {
if (empty($uid = $form_state
->get('uid'))) {
return;
}
$account = $this->userStorage
->load($uid);
if (!$this
->getRequest()->request
->has('destination')) {
$form_state
->setRedirect('entity.user.canonical', [
'user' => $account
->id(),
]);
}
else {
$this
->getRequest()->query
->set('destination', $this
->getRequest()->request
->get('destination'));
}
user_login_finalize($account);
}
public function validateName(array &$form, FormStateInterface $form_state) {
if (!$form_state
->isValueEmpty('name') && user_is_blocked($form_state
->getValue('name'))) {
$form_state
->setErrorByName('name', $this
->t('The username %name has not been activated or is blocked.', [
'%name' => $form_state
->getValue('name'),
]));
}
}
public function validateAuthentication(array &$form, FormStateInterface $form_state) {
$password = trim($form_state
->getValue('pass'));
$flood_config = $this
->config('user.flood');
if (!$form_state
->isValueEmpty('name') && strlen($password) > 0) {
if (!$this->userFloodControl
->isAllowed('user.failed_login_ip', $flood_config
->get('ip_limit'), $flood_config
->get('ip_window'))) {
$form_state
->set('flood_control_triggered', 'ip');
return;
}
$accounts = $this->userStorage
->loadByProperties([
'name' => $form_state
->getValue('name'),
'status' => 1,
]);
$account = reset($accounts);
if ($account) {
if ($flood_config
->get('uid_only')) {
$identifier = $account
->id();
}
else {
$identifier = $account
->id() . '-' . $this
->getRequest()
->getClientIP();
}
$form_state
->set('flood_control_user_identifier', $identifier);
if (!$this->userFloodControl
->isAllowed('user.failed_login_user', $flood_config
->get('user_limit'), $flood_config
->get('user_window'), $identifier)) {
$form_state
->set('flood_control_triggered', 'user');
return;
}
}
$uid = $this->userAuth
->authenticate($form_state
->getValue('name'), $password);
$form_state
->set('uid', $uid);
}
}
public function validateFinal(array &$form, FormStateInterface $form_state) {
$flood_config = $this
->config('user.flood');
if (!$form_state
->get('uid')) {
$this->userFloodControl
->register('user.failed_login_ip', $flood_config
->get('ip_window'));
if ($flood_control_user_identifier = $form_state
->get('flood_control_user_identifier')) {
$this->userFloodControl
->register('user.failed_login_user', $flood_config
->get('user_window'), $flood_control_user_identifier);
}
if ($flood_control_triggered = $form_state
->get('flood_control_triggered')) {
if ($flood_control_triggered == 'user') {
$message = $this
->formatPlural($flood_config
->get('user_limit'), 'There has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', 'There have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', [
':url' => Url::fromRoute('user.pass')
->toString(),
]);
}
else {
$message = $this
->t('Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', [
':url' => Url::fromRoute('user.pass')
->toString(),
]);
}
$form_state
->setResponse(new Response($message, 403));
}
else {
$user_input = $form_state
->getUserInput();
$query = isset($user_input['name']) ? [
'name' => $user_input['name'],
] : [];
$form_state
->setErrorByName('name', $this
->t('Unrecognized username or password. <a href=":password">Forgot your password?</a>', [
':password' => Url::fromRoute('user.pass', [], [
'query' => $query,
])
->toString(),
]));
$accounts = $this->userStorage
->loadByProperties([
'name' => $form_state
->getValue('name'),
]);
if (!empty($accounts)) {
$this
->logger('user')
->notice('Login attempt failed for %user.', [
'%user' => $form_state
->getValue('name'),
]);
}
else {
$this
->logger('user')
->notice('Login attempt failed from %ip.', [
'%ip' => $this
->getRequest()
->getClientIp(),
]);
}
}
}
elseif ($flood_control_user_identifier = $form_state
->get('flood_control_user_identifier')) {
$this->userFloodControl
->clear('user.failed_login_user', $flood_control_user_identifier);
}
}
}