class UserLogin in Services 8.4
Same name and namespace in other branches
- 9.0.x src/Plugin/ServiceDefinition/UserLogin.php \Drupal\services\Plugin\ServiceDefinition\UserLogin
Plugin annotation
@ServiceDefinition(
id = "user_login",
methods = {
"POST"
},
title = @Translation("User login"),
description = @Translation("Allows users to login."),
category = @Translation("User"),
path = "user/login"
)
Hierarchy
- class \Drupal\Component\Plugin\PluginBase implements DerivativeInspectionInterface, PluginInspectionInterface
- class \Drupal\Component\Plugin\ContextAwarePluginBase implements ContextAwarePluginInterface
- class \Drupal\Core\Plugin\ContextAwarePluginBase implements CacheableDependencyInterface, ContextAwarePluginInterface uses DependencySerializationTrait, StringTranslationTrait, TypedDataTrait
- class \Drupal\services\ServiceDefinitionBase implements ServiceDefinitionInterface
- class \Drupal\services\Plugin\ServiceDefinition\UserLogin implements ContainerFactoryPluginInterface uses MessengerTrait
- class \Drupal\services\ServiceDefinitionBase implements ServiceDefinitionInterface
- class \Drupal\Core\Plugin\ContextAwarePluginBase implements CacheableDependencyInterface, ContextAwarePluginInterface uses DependencySerializationTrait, StringTranslationTrait, TypedDataTrait
- class \Drupal\Component\Plugin\ContextAwarePluginBase implements ContextAwarePluginInterface
Expanded class hierarchy of UserLogin
File
- src/
Plugin/ ServiceDefinition/ UserLogin.php, line 33
Namespace
Drupal\services\Plugin\ServiceDefinitionView source
class UserLogin extends ServiceDefinitionBase implements ContainerFactoryPluginInterface {
use MessengerTrait;
/**
* Constructs a HTTP basic authentication provider object.
*
* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
* The config factory.
* @param \Drupal\user\UserAuthInterface $user_auth
* The user authentication service.
* @param \Drupal\Core\Flood\FloodInterface $flood
* The flood service.
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_manager
* The entity manager service.
* @param \Symfony\Component\HttpFoundation\Session\Session $session
*/
public function __construct($configuration, $plugin_id, $plugin_definition, ConfigFactoryInterface $config_factory, UserAuthInterface $user_auth, FloodInterface $flood, EntityTypeManagerInterface $entity_manager, Session $session) {
parent::__construct($configuration, $plugin_id, $plugin_definition);
$this->configFactory = $config_factory;
$this->userAuth = $user_auth;
$this->flood = $flood;
$this->entityManager = $entity_manager;
$this->session = $session;
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
return new static($configuration, $plugin_id, $plugin_definition, $container
->get('config.factory'), $container
->get('user.auth'), $container
->get('flood'), $container
->get('entity_type.manager'), $container
->get('session'));
}
/**
* {@inheritdoc}
*/
public function processRoute(Route $route) {
$route
->setRequirement('_user_is_logged_in', 'FALSE');
}
/**
* {@inheritdoc}
*/
public function processRequest(Request $request, RouteMatchInterface $route_match, SerializerInterface $serializer) {
if ($serializer instanceof DecoderInterface) {
$content = $serializer
->decode($request
->getContent(), $request
->getContentType());
}
else {
throw new HttpException(500, 'The appropriate DecoderInterface was not found.');
}
if (!isset($content)) {
throw new HttpException(500, 'The content of the request was empty.');
}
$flood_config = $this->configFactory
->get('user.flood');
$username = $content['username'];
$password = $content['password'];
// Flood protection: this is very similar to the user login form code.
// @see \Drupal\user\Form\UserLoginForm::validateAuthentication()
// Do not allow any login from the current user's IP if the limit has been
// reached. Default is 50 failed attempts allowed in one hour. This is
// independent of the per-user limit to catch attempts from one IP to log
// in to many different user accounts. We have a reasonably high limit
// since there may be only one apparent IP for all users at an institution.
if ($this->flood
->isAllowed('services.failed_login_ip', $flood_config
->get('ip_limit'), $flood_config
->get('ip_window'))) {
$accounts = $this->entityManager
->getStorage('user')
->loadByProperties([
'name' => $username,
'status' => 1,
]);
$account = reset($accounts);
if ($account) {
if ($flood_config
->get('uid_only')) {
// Register flood events based on the uid only, so they apply for any
// IP address. This is the most secure option.
$identifier = $account
->id();
}
else {
// The default identifier is a combination of uid and IP address. This
// is less secure but more resistant to denial-of-service attacks that
// could lock out all users with public user names.
$identifier = $account
->id() . '-' . $request
->getClientIP();
}
// Don't allow login if the limit for this user has been reached.
// Default is to allow 5 failed attempts every 6 hours.
if ($this->flood
->isAllowed('services.failed_login_user', $flood_config
->get('user_limit'), $flood_config
->get('user_window'), $identifier)) {
$uid = $this->userAuth
->authenticate($username, $password);
if ($uid) {
$this->flood
->clear('services.failed_login_user', $identifier);
$this->session
->start();
user_login_finalize($account);
$this
->messenger()
->addMessage(t('User successfully logged in'), 'status', FALSE);
return [
'id' => $this->session
->getId(),
'name' => $this->session
->getName(),
];
// Return $this->entityManager->getStorage('user')->load($uid);
}
else {
// Register a per-user failed login event.
$this->flood
->register('services.failed_login_user', $flood_config
->get('user_window'), $identifier);
}
}
}
}
// Always register an IP-based failed login event.
$this->flood
->register('services.failed_login_ip', $flood_config
->get('ip_window'));
return [];
}
}
Members
Name![]() |
Modifiers | Type | Description | Overrides |
---|---|---|---|---|
ContextAwarePluginBase:: |
protected | property | The data objects representing the context of this plugin. | |
ContextAwarePluginBase:: |
private | property | Data objects representing the contexts passed in the plugin configuration. | |
ContextAwarePluginBase:: |
protected | function | Wraps the context handler. | |
ContextAwarePluginBase:: |
protected | function |
Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
The cache contexts associated with this object. Overrides CacheableDependencyInterface:: |
9 |
ContextAwarePluginBase:: |
public | function |
The maximum age for which this object may be cached. Overrides CacheableDependencyInterface:: |
7 |
ContextAwarePluginBase:: |
public | function |
The cache tags associated with this object. Overrides CacheableDependencyInterface:: |
4 |
ContextAwarePluginBase:: |
public | function |
This code is identical to the Component in order to pick up a different
Context class. Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
Gets a mapping of the expected assignment names to their context names. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function |
Gets the defined contexts. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function |
Gets the value for a defined context. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function |
Gets the values for all defined contexts. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function |
Set a context on this plugin. Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
Sets a mapping of the expected assignment names to their context names. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function |
Sets the value for a defined context. Overrides ContextAwarePluginBase:: |
|
ContextAwarePluginBase:: |
public | function |
Validates the set values for the defined contexts. Overrides ContextAwarePluginInterface:: |
|
ContextAwarePluginBase:: |
public | function | Implements magic __get() method. | |
DependencySerializationTrait:: |
protected | property | An array of entity type IDs keyed by the property name of their storages. | |
DependencySerializationTrait:: |
protected | property | An array of service IDs keyed by property name used for serialization. | |
DependencySerializationTrait:: |
public | function | 1 | |
DependencySerializationTrait:: |
public | function | 2 | |
MessengerTrait:: |
protected | property | The messenger. | 29 |
MessengerTrait:: |
public | function | Gets the messenger. | 29 |
MessengerTrait:: |
public | function | Sets the messenger. | |
PluginBase:: |
protected | property | Configuration information passed into the plugin. | 1 |
PluginBase:: |
protected | property | The plugin implementation definition. | 1 |
PluginBase:: |
protected | property | The plugin_id. | |
PluginBase:: |
constant | A string which is used to separate base plugin IDs from the derivative ID. | ||
PluginBase:: |
public | function |
Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface:: |
|
PluginBase:: |
public | function |
Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface:: |
|
PluginBase:: |
public | function |
Gets the definition of the plugin implementation. Overrides PluginInspectionInterface:: |
3 |
PluginBase:: |
public | function |
Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface:: |
|
PluginBase:: |
public | function | Determines if the plugin is configurable. | |
ServiceDefinitionBase:: |
public | function |
Returns an array of service request arguments. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Returns a translated string for the category. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Returns a translated description for the constraint description. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Return an array of allowed methods. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Returns the appended path for the service. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Returns a translated string for the service title. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Allow plugins to alter the response object before it is returned. Overrides ServiceDefinitionInterface:: |
|
ServiceDefinitionBase:: |
public | function |
Returns a boolean if this service definition supports translations. Overrides ServiceDefinitionInterface:: |
|
StringTranslationTrait:: |
protected | property | The string translation service. | 1 |
StringTranslationTrait:: |
protected | function | Formats a string containing a count of items. | |
StringTranslationTrait:: |
protected | function | Returns the number of plurals supported by a given language. | |
StringTranslationTrait:: |
protected | function | Gets the string translation service. | |
StringTranslationTrait:: |
public | function | Sets the string translation service to use. | 2 |
StringTranslationTrait:: |
protected | function | Translates a string to the current language or to a given language. | |
TypedDataTrait:: |
protected | property | The typed data manager used for creating the data types. | |
TypedDataTrait:: |
public | function | Gets the typed data manager. | 2 |
TypedDataTrait:: |
public | function | Sets the typed data manager. | 2 |
UserLogin:: |
public static | function |
Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface:: |
|
UserLogin:: |
public | function |
Processes the request and returns an array of data as appropriate. Overrides ServiceDefinitionInterface:: |
|
UserLogin:: |
public | function |
Checks access for the ServiceDefintion. Overrides ServiceDefinitionBase:: |
|
UserLogin:: |
public | function |
Constructs a HTTP basic authentication provider object. Overrides ContextAwarePluginBase:: |