You are here

Home » API reference » Require Login 8 » RequireLoginSubscriber.php » RequireLoginSubscriber

private function RequireLoginSubscriber::checkLogin in Require Login 8

Same name and namespace in other branches
  1. 8.2 src/EventSubscriber/RequireLoginSubscriber.php \Drupal\require_login\EventSubscriber\RequireLoginSubscriber::checkLogin()

Check login authentication enforcement for current request.

Parameters

\Symfony\Component\HttpKernel\Event\GetResponseEvent $event: The event response.

\Drupal\Core\Config\ImmutableConfig $config: The configuration object.

\Symfony\Component\HttpFoundation\Request $request: The HTTP request.

Return value

bool Return FALSE if authentication isn't required. Otherwise TRUE.

1 call to RequireLoginSubscriber::checkLogin()
RequireLoginSubscriber::loginRedirect in src/EventSubscriber/RequireLoginSubscriber.php
Prepare login redirect response.

File

src/EventSubscriber/RequireLoginSubscriber.php, line 136

Class

RequireLoginSubscriber
Login requirement.

Namespace

Drupal\require_login\EventSubscriber

Code

private function checkLogin(GetResponseEvent $event, ImmutableConfig $config, Request $request) {

  // Check event exception status codes.
  if ($event instanceof GetResponseForExceptionEvent) {
    switch ($event
      ->getException()
      ->getStatusCode()) {
      case '403':
        if ($config
          ->get('excluded_403')) {
          return FALSE;
        }
        break;
      case '404':
        if ($config
          ->get('excluded_404')) {
          return FALSE;
        }
        break;
    }
  }

  // Default authentication exclusions.
  $route_name = $request
    ->get('_route');
  $default_checks = [
    // Check if CLI environment.
    PHP_SAPI === 'cli',
    // Check system.cron route.
    $route_name === 'system.cron',
    // Check system.db_update route (/update.php).
    $route_name === 'system.db_update',
    // Check user.* routes (/user/*).
    $route_name === 'user.login' || $route_name === 'user.register' || $route_name === 'user.pass' || substr($route_name, 0, 10) === 'user.reset',
  ];
  $this->moduleHandler
    ->alter('require_login_authcheck', $default_checks);
  if (in_array(TRUE, $default_checks)) {
    return FALSE;
  }

  // Configurable route name exclusions.
  $excluded_routes = array_filter(preg_split('/\\r\\n|\\r|\\n/', $config
    ->get('excluded_routes')));
  if (in_array($route_name, $excluded_routes)) {
    return FALSE;
  }

  // Configurable path exclusions.
  $current_path = $this->currentPath
    ->getPath($request);
  $current_path_alias = $this->aliasManager
    ->getAliasByPath($current_path);
  $current_path_parameters = $request->query
    ->all();
  $excluded_paths = array_filter(preg_split('/\\r\\n|\\r|\\n/', $config
    ->get('excluded_paths')));
  $excluded_paths[] = $config
    ->get('auth_path');
  foreach ($excluded_paths as $path) {
    $path = trim($path);
    $path_parts = UrlHelper::parse($path);
    $path_parts['path'] = mb_strtolower($path_parts['path']);
    $current_checks = [
      $this->pathMatcher
        ->matchPath($current_path, $path_parts['path']),
      $this->pathMatcher
        ->matchPath($current_path_alias, $path_parts['path']),
    ];
    if (!empty($path_parts['query'])) {
      if (in_array(TRUE, $current_checks)) {

        // Path matched an exclusion. Now check for matching query parameters.
        if (count(array_intersect($current_path_parameters, $path_parts['query'])) === count($path_parts['query'])) {
          return FALSE;
        }
      }
    }
    elseif (in_array(TRUE, $current_checks)) {

      // Path matched an exclusion. No query parameters to check.
      return FALSE;
    }
  }
  return TRUE;
}