You are here

Home » API reference » IP Login 4.x » EarlyIpLoginMiddleware.php » EarlyIpLoginMiddleware

public function EarlyIpLoginMiddleware::handle in IP Login 4.x

File

src/StackMiddleware/EarlyIpLoginMiddleware.php, line 53

Class

EarlyIpLoginMiddleware
Provides a HTTP middleware to implement IP based login.

Namespace

Drupal\ip_login\StackMiddleware

Code

public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {

  // Bail out early if we already determined that we can not auto-login.
  if ($request->cookies
    ->get('ipLoginAttempted', NULL)) {
    return $this->httpKernel
      ->handle($request, $type, $catch);
  }
  $uid = NULL;
  if ($type === self::MASTER_REQUEST && PHP_SAPI !== 'cli') {

    // Put the current (unprepared) request on the stack so we can initialize
    // the session.
    $this->container
      ->get('request_stack')
      ->push($request);
    $session = $this->container
      ->get($this->sessionServiceName);
    $session
      ->start();
    $uid = $session
      ->get('uid');

    // Remove the unprepared request from the stack,
    // \Drupal\Core\StackMiddleware\KernelPreHandle::handle() adds the proper
    // one.
    $this->container
      ->get('request_stack')
      ->pop();
  }

  // Do nothing if the user is logged in, or if this is not a web request.
  if ($uid || PHP_SAPI === 'cli') {
    return $this->httpKernel
      ->handle($request, $type, $catch);
  }

  // Check the user's IP.
  if ($matched_uid = IpLoginController::checkIpLoginExists($request)) {

    // For clarity about every scenario, use extensive logic.
    $can_login_as_another_user = $request->cookies
      ->get('ipLoginAsDifferentUser', NULL);
    if ($can_login_as_another_user === NULL) {

      // First time login for user, so log in automatically.
      $request->attributes
        ->set('ip_login_uid', $matched_uid);
    }
    elseif ($can_login_as_another_user == FALSE) {

      // User logged out, but is not allowed to use another user, so log in
      // again.
      $request->attributes
        ->set('ip_login_uid', $matched_uid);
    }
    elseif ($can_login_as_another_user == TRUE) {

      // User logged out, and is allowed to login as another user, so do
      // nothing, just stay on this page and wait for user action.
    }
    else {

      // Do automatic login.
      $request->attributes
        ->set('ip_login_uid', $matched_uid);
    }
  }
  $response = $this->httpKernel
    ->handle($request, $type, $catch);

  // If we determined that we can't auto-login the user, set a session cookie
  // so we don't repeat the user IP check for this browser session.
  if (empty($matched_uid)) {
    $response->headers
      ->setCookie(new Cookie('ipLoginAttempted', 1));
  }
  return $response;
}