View source
<?php
namespace Drupal\services\Plugin\ServiceDefinition;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Flood\FloodInterface;
use Drupal\Core\Messenger\MessengerTrait;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Routing\RouteMatchInterface;
use Drupal\services\ServiceDefinitionBase;
use Drupal\user\UserAuthInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\Route;
use Symfony\Component\Serializer\Encoder\DecoderInterface;
use Symfony\Component\Serializer\SerializerInterface;
class UserLogin extends ServiceDefinitionBase implements ContainerFactoryPluginInterface {
use MessengerTrait;
public function __construct($configuration, $plugin_id, $plugin_definition, ConfigFactoryInterface $config_factory, UserAuthInterface $user_auth, FloodInterface $flood, EntityTypeManagerInterface $entity_manager, Session $session) {
parent::__construct($configuration, $plugin_id, $plugin_definition);
$this->configFactory = $config_factory;
$this->userAuth = $user_auth;
$this->flood = $flood;
$this->entityManager = $entity_manager;
$this->session = $session;
}
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
return new static($configuration, $plugin_id, $plugin_definition, $container
->get('config.factory'), $container
->get('user.auth'), $container
->get('flood'), $container
->get('entity_type.manager'), $container
->get('session'));
}
public function processRoute(Route $route) {
$route
->setRequirement('_user_is_logged_in', 'FALSE');
}
public function processRequest(Request $request, RouteMatchInterface $route_match, SerializerInterface $serializer) {
if ($serializer instanceof DecoderInterface) {
$content = $serializer
->decode($request
->getContent(), $request
->getContentType());
}
else {
throw new HttpException(500, $this
->t('The appropriate DecoderInterface was not found.'));
}
if (!isset($content)) {
throw new HttpException(500, $this
->t('The content of the request was empty.'));
}
$flood_config = $this->configFactory
->get('user.flood');
$username = $content['username'];
$password = $content['password'];
if ($this->flood
->isAllowed('services.failed_login_ip', $flood_config
->get('ip_limit'), $flood_config
->get('ip_window'))) {
$accounts = $this->entityManager
->getStorage('user')
->loadByProperties(array(
'name' => $username,
'status' => 1,
));
$account = reset($accounts);
if ($account) {
if ($flood_config
->get('uid_only')) {
$identifier = $account
->id();
}
else {
$identifier = $account
->id() . '-' . $request
->getClientIP();
}
if ($this->flood
->isAllowed('services.failed_login_user', $flood_config
->get('user_limit'), $flood_config
->get('user_window'), $identifier)) {
$uid = $this->userAuth
->authenticate($username, $password);
if ($uid) {
$this->flood
->clear('services.failed_login_user', $identifier);
$this->session
->start();
user_login_finalize($account);
$this
->messenger()
->addMessage(t('User successfully logged in'), 'status', FALSE);
return [
'id' => $this->session
->getId(),
'name' => $this->session
->getName(),
];
}
else {
$this->flood
->register('services.failed_login_user', $flood_config
->get('user_window'), $identifier);
}
}
}
}
$this->flood
->register('services.failed_login_ip', $flood_config
->get('ip_window'));
return [];
}
}