public function CookieAuthentication::authenticate in RESTful 7.2
Authenticate the request by trying to match a user.
Parameters
RequestInterface $request: The request.
Return value
object The user object.
Overrides AuthenticationInterface::authenticate
File
- src/
Plugin/ authentication/ CookieAuthentication.php, line 29 - Contains \Drupal\restful\Plugin\authentication\CookieAuthentication
Class
- CookieAuthentication
- Class CookieAuthentication @package Drupal\restful\Plugin\authentication
Namespace
Drupal\restful\Plugin\authenticationCode
public function authenticate(RequestInterface $request) {
if (!drupal_session_started() && !$this
->isCli($request)) {
return NULL;
}
global $user;
$account = user_load($user->uid);
if (!$request::isWriteMethod($request
->getMethod()) || $request
->getApplicationData('rest_call')) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (!RestfulManager::isRestfulPath($request)) {
return $account;
}
if (!$request
->getCsrfToken()) {
throw new BadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request
->getCsrfToken(), Authentication::TOKEN_VALUE)) {
throw new ForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}