class CookieAuthentication in RESTful 7.2
Class CookieAuthentication @package Drupal\restful\Plugin\authentication
Plugin annotation
@Authentication(
id = "cookie",
label = "Cookie based authentication",
description = "Authenticate requests based on the user cookie.",
)
Hierarchy
- class \Drupal\restful\Plugin\authentication\Authentication extends \Drupal\Component\Plugin\PluginBase implements \Drupal\Component\Plugin\ConfigurablePluginInterface, AuthenticationInterface uses ConfigurablePluginTrait
- class \Drupal\restful\Plugin\authentication\CookieAuthentication
Expanded class hierarchy of CookieAuthentication
File
- src/
Plugin/ authentication/ CookieAuthentication.php, line 24 - Contains \Drupal\restful\Plugin\authentication\CookieAuthentication
Namespace
Drupal\restful\Plugin\authenticationView source
class CookieAuthentication extends Authentication {
/**
* {@inheritdoc}
*/
public function authenticate(RequestInterface $request) {
if (!drupal_session_started() && !$this
->isCli($request)) {
return NULL;
}
global $user;
$account = user_load($user->uid);
if (!$request::isWriteMethod($request
->getMethod()) || $request
->getApplicationData('rest_call')) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (!RestfulManager::isRestfulPath($request)) {
return $account;
}
if (!$request
->getCsrfToken()) {
throw new BadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request
->getCsrfToken(), Authentication::TOKEN_VALUE)) {
throw new ForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}
/**
* Detects whether the script is running from a command line environment.
*
* @param RequestInterface $request.
* The request.
*
* @return bool
* TRUE if a command line environment is detected. FALSE otherwise.
*/
protected function isCli(RequestInterface $request) {
// Needed to detect if run-tests.sh is running the tests.
$cli = $request
->getHeaders()
->get('User-Agent')
->getValueString() == 'Drupal command line';
return $cli || drupal_is_cli();
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
Authentication:: |
protected | property | Settings from the plugin definition. | |
|
Authentication:: |
public | function |
Determines if the request can be checked for authentication. For example,
when authenticating with HTTP header, return FALSE if the header values do
not exist. Overrides AuthenticationInterface:: |
3 |
|
Authentication:: |
public | function |
Get the name of the authentication plugin. Overrides AuthenticationInterface:: |
|
|
Authentication:: |
constant | Token value for token generation functions. | ||
|
ConfigurablePluginTrait:: |
protected | property | Plugin instance configuration. | |
|
ConfigurablePluginTrait:: |
public | function | ||
|
ConfigurablePluginTrait:: |
public | function | 1 | |
|
ConfigurablePluginTrait:: |
public | function | ||
|
ConfigurablePluginTrait:: |
public | function | ||
|
CookieAuthentication:: |
public | function |
Authenticate the request by trying to match a user. Overrides AuthenticationInterface:: |
|
|
CookieAuthentication:: |
protected | function | Detects whether the script is running from a command line environment. |