class LdapProtectedUserFieldConstraintValidator in Lightweight Directory Access Protocol (LDAP) 8.4
Validates the LdapProtectedUserFieldConstraint constraint.
Hierarchy
- class \Drupal\user\Plugin\Validation\Constraint\ProtectedUserFieldConstraintValidator extends \Symfony\Component\Validator\ConstraintValidator implements ContainerInjectionInterface
- class \Drupal\ldap_user\Plugin\Validation\Constraint\LdapProtectedUserFieldConstraintValidator
Expanded class hierarchy of LdapProtectedUserFieldConstraintValidator
1 file declares its use of LdapProtectedUserFieldConstraintValidator
- ProtectedUserFieldConstraintValidatorTest.php in ldap_user/
tests/ src/ Unit/ ProtectedUserFieldConstraintValidatorTest.php
File
- ldap_user/
src/ Plugin/ Validation/ Constraint/ LdapProtectedUserFieldConstraintValidator.php, line 16
Namespace
Drupal\ldap_user\Plugin\Validation\ConstraintView source
class LdapProtectedUserFieldConstraintValidator extends ProtectedUserFieldConstraintValidator {
/**
* Login validator.
*
* @var \Drupal\ldap_authentication\Controller\LoginValidatorLoginForm
*/
protected $loginValidator;
/**
* Set the login validator.
*
* @param \Drupal\ldap_authentication\Controller\LoginValidatorLoginForm $loginValidator
* Login validator.
*/
public function setLoginValidator(LoginValidatorLoginForm $loginValidator) : void {
$this->loginValidator = $loginValidator;
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container) : LdapProtectedUserFieldConstraintValidator {
$plugin = parent::create($container);
$plugin
->setLoginValidator($container
->get('ldap_authentication.login_validator'));
return $plugin;
}
/**
* {@inheritdoc}
*/
public function validate($items, Constraint $constraint) : void {
if (!isset($items)) {
return;
}
/** @var \Drupal\Core\Field\FieldItemListInterface $items */
$field = $items
->getFieldDefinition();
/** @var \Drupal\user\UserInterface $account */
$account = $items
->getEntity();
if (!isset($account) || !empty($account->_skipProtectedUserFieldConstraint)) {
// Looks like we are validating a field not being part of a user, or the
// constraint should be skipped, so do nothing.
return;
}
// Only validate for existing entities and if this is the current user.
if ($account
->isNew() || $account
->id() != $this->currentUser
->id()) {
return;
}
// Special case for the password, it being empty means that the existing
// password should not be changed, ignore empty password fields.
$value = $items->value;
if ($field
->getName() === 'pass' && !$value) {
return;
}
/** @var \Drupal\user\UserInterface $account_unchanged */
$account_unchanged = $this->userStorage
->loadUnchanged($account
->id());
if ($items
->getValue() === $account_unchanged
->get($field
->getName())
->getValue()) {
return;
}
// We need the password, the existing one should be here.
CredentialsStorage::storeUserPassword($account
->get('pass')->existing);
$credentialsAuthenticationResult = $this->loginValidator
->validateCredentialsLoggedIn($account_unchanged);
if ($credentialsAuthenticationResult === $this->loginValidator::AUTHENTICATION_SUCCESS) {
// Directory approved the request, existing password matches.
return;
}
parent::validate($items, $constraint);
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
LdapProtectedUserFieldConstraintValidator:: |
protected | property | Login validator. | |
|
LdapProtectedUserFieldConstraintValidator:: |
public static | function |
Instantiates a new instance of this class. Overrides ProtectedUserFieldConstraintValidator:: |
|
|
LdapProtectedUserFieldConstraintValidator:: |
public | function | Set the login validator. | |
|
LdapProtectedUserFieldConstraintValidator:: |
public | function |
Checks if the passed value is valid. Overrides ProtectedUserFieldConstraintValidator:: |
|
|
ProtectedUserFieldConstraintValidator:: |
protected | property | The current user. | |
|
ProtectedUserFieldConstraintValidator:: |
protected | property | User storage handler. | |
|
ProtectedUserFieldConstraintValidator:: |
public | function | Constructs the object. |