public function Callback::authenticateAccess in Google API PHP Client 8.4
Same name and namespace in other branches
- 8.3 src/Controller/Callback.php \Drupal\google_api_client\Controller\Callback::authenticateAccess()
Checks access for authenticate url.
Parameters
\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
1 string reference to 'Callback::authenticateAccess'
File
- src/
Controller/ Callback.php, line 224
Class
- Callback
- Google Client Callback Controller.
Namespace
Drupal\google_api_client\ControllerCode
public function authenticateAccess(AccountInterface $account) {
$request = $this->requestStack
->getCurrentRequest();
if ($account
->hasPermission('administer google api settings')) {
return AccessResult::allowed();
}
if ($state = $request
->get('state')) {
$state = Json::decode($state);
$tempStore = $this->tempStoreFactory
->get('google_api_client');
/* We implement an additional hash check so that if the callback
* is opened for public access like it will be done for google login
* In that case we rely on the has for verifying that no one is hacking.
*/
if (!isset($state['hash']) || $state['hash'] != $tempStore
->get('state_hash')) {
$this
->messenger()
->addError($this
->t('Invalid state parameter'), 'error');
return AccessResult::forbidden();
}
else {
return AccessResult::allowed();
}
}
$account_id = $request
->get('id');
$account_type = $request
->get('type', 'google_api_client');
$access = $this->moduleHandler
->invokeAll('google_api_client_authenticate_account_access', [
$account_id,
$account_type,
$account,
]);
// If any module returns forbidden then we don't allow authenticate.
if (in_array(AccessResult::forbidden(), $access)) {
return AccessResult::forbidden();
}
elseif (in_array(AccessResult::allowed(), $access)) {
return AccessResult::allowed();
}
return AccessResult::neutral();
}