You are here

Home » API reference » Services 8.4 » UserLogin.php

class UserLogin in Services 8.4

Same name and namespace in other branches
  1. 9.0.x src/Plugin/ServiceDefinition/UserLogin.php \Drupal\services\Plugin\ServiceDefinition\UserLogin

Plugin annotation


@ServiceDefinition(
  id = "user_login",
  methods = {
    "POST"
  },
  title = @Translation("User login"),
  description = @Translation("Allows users to login."),
  category = @Translation("User"),
  path = "user/login"
)

Hierarchy

Expanded class hierarchy of UserLogin

File

src/Plugin/ServiceDefinition/UserLogin.php, line 33

Namespace

Drupal\services\Plugin\ServiceDefinition
View source 
class UserLogin extends ServiceDefinitionBase implements ContainerFactoryPluginInterface {
  use MessengerTrait;

  /**
   * Constructs a HTTP basic authentication provider object.
   *
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The config factory.
   * @param \Drupal\user\UserAuthInterface $user_auth
   *   The user authentication service.
   * @param \Drupal\Core\Flood\FloodInterface $flood
   *   The flood service.
   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_manager
   *   The entity manager service.
   * @param \Symfony\Component\HttpFoundation\Session\Session $session
   */
  public function __construct($configuration, $plugin_id, $plugin_definition, ConfigFactoryInterface $config_factory, UserAuthInterface $user_auth, FloodInterface $flood, EntityTypeManagerInterface $entity_manager, Session $session) {
    parent::__construct($configuration, $plugin_id, $plugin_definition);
    $this->configFactory = $config_factory;
    $this->userAuth = $user_auth;
    $this->flood = $flood;
    $this->entityManager = $entity_manager;
    $this->session = $session;
  }

  /**
   * {@inheritdoc}
   */
  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
    return new static($configuration, $plugin_id, $plugin_definition, $container
      ->get('config.factory'), $container
      ->get('user.auth'), $container
      ->get('flood'), $container
      ->get('entity_type.manager'), $container
      ->get('session'));
  }

  /**
   * {@inheritdoc}
   */
  public function processRoute(Route $route) {
    $route
      ->setRequirement('_user_is_logged_in', 'FALSE');
  }

  /**
   * {@inheritdoc}
   */
  public function processRequest(Request $request, RouteMatchInterface $route_match, SerializerInterface $serializer) {
    if ($serializer instanceof DecoderInterface) {
      $content = $serializer
        ->decode($request
        ->getContent(), $request
        ->getContentType());
    }
    else {
      throw new HttpException(500, 'The appropriate DecoderInterface was not found.');
    }
    if (!isset($content)) {
      throw new HttpException(500, 'The content of the request was empty.');
    }
    $flood_config = $this->configFactory
      ->get('user.flood');
    $username = $content['username'];
    $password = $content['password'];

    // Flood protection: this is very similar to the user login form code.
    // @see \Drupal\user\Form\UserLoginForm::validateAuthentication()
    // Do not allow any login from the current user's IP if the limit has been
    // reached. Default is 50 failed attempts allowed in one hour. This is
    // independent of the per-user limit to catch attempts from one IP to log
    // in to many different user accounts.  We have a reasonably high limit
    // since there may be only one apparent IP for all users at an institution.
    if ($this->flood
      ->isAllowed('services.failed_login_ip', $flood_config
      ->get('ip_limit'), $flood_config
      ->get('ip_window'))) {
      $accounts = $this->entityManager
        ->getStorage('user')
        ->loadByProperties([
        'name' => $username,
        'status' => 1,
      ]);
      $account = reset($accounts);
      if ($account) {
        if ($flood_config
          ->get('uid_only')) {

          // Register flood events based on the uid only, so they apply for any
          // IP address. This is the most secure option.
          $identifier = $account
            ->id();
        }
        else {

          // The default identifier is a combination of uid and IP address. This
          // is less secure but more resistant to denial-of-service attacks that
          // could lock out all users with public user names.
          $identifier = $account
            ->id() . '-' . $request
            ->getClientIP();
        }

        // Don't allow login if the limit for this user has been reached.
        // Default is to allow 5 failed attempts every 6 hours.
        if ($this->flood
          ->isAllowed('services.failed_login_user', $flood_config
          ->get('user_limit'), $flood_config
          ->get('user_window'), $identifier)) {
          $uid = $this->userAuth
            ->authenticate($username, $password);
          if ($uid) {
            $this->flood
              ->clear('services.failed_login_user', $identifier);
            $this->session
              ->start();
            user_login_finalize($account);
            $this
              ->messenger()
              ->addMessage(t('User successfully logged in'), 'status', FALSE);
            return [
              'id' => $this->session
                ->getId(),
              'name' => $this->session
                ->getName(),
            ];

            // Return $this->entityManager->getStorage('user')->load($uid);
          }
          else {

            // Register a per-user failed login event.
            $this->flood
              ->register('services.failed_login_user', $flood_config
              ->get('user_window'), $identifier);
          }
        }
      }
    }

    // Always register an IP-based failed login event.
    $this->flood
      ->register('services.failed_login_ip', $flood_config
      ->get('ip_window'));
    return [];
  }

}

Members

Namesort descending Modifiers Type Description Overrides
ContextAwarePluginBase::$context protected property The data objects representing the context of this plugin.
ContextAwarePluginBase::$contexts Deprecated private property Data objects representing the contexts passed in the plugin configuration.
ContextAwarePluginBase::contextHandler protected function Wraps the context handler.
ContextAwarePluginBase::createContextFromConfiguration protected function Overrides ContextAwarePluginBase::createContextFromConfiguration
ContextAwarePluginBase::getCacheContexts public function The cache contexts associated with this object. Overrides CacheableDependencyInterface::getCacheContexts 9
ContextAwarePluginBase::getCacheMaxAge public function The maximum age for which this object may be cached. Overrides CacheableDependencyInterface::getCacheMaxAge 7
ContextAwarePluginBase::getCacheTags public function The cache tags associated with this object. Overrides CacheableDependencyInterface::getCacheTags 4
ContextAwarePluginBase::getContext public function This code is identical to the Component in order to pick up a different Context class. Overrides ContextAwarePluginBase::getContext
ContextAwarePluginBase::getContextDefinition public function Overrides ContextAwarePluginBase::getContextDefinition
ContextAwarePluginBase::getContextDefinitions public function Overrides ContextAwarePluginBase::getContextDefinitions
ContextAwarePluginBase::getContextMapping public function Gets a mapping of the expected assignment names to their context names. Overrides ContextAwarePluginInterface::getContextMapping
ContextAwarePluginBase::getContexts public function Gets the defined contexts. Overrides ContextAwarePluginInterface::getContexts
ContextAwarePluginBase::getContextValue public function Gets the value for a defined context. Overrides ContextAwarePluginInterface::getContextValue
ContextAwarePluginBase::getContextValues public function Gets the values for all defined contexts. Overrides ContextAwarePluginInterface::getContextValues
ContextAwarePluginBase::setContext public function Set a context on this plugin. Overrides ContextAwarePluginBase::setContext
ContextAwarePluginBase::setContextMapping public function Sets a mapping of the expected assignment names to their context names. Overrides ContextAwarePluginInterface::setContextMapping
ContextAwarePluginBase::setContextValue public function Sets the value for a defined context. Overrides ContextAwarePluginBase::setContextValue
ContextAwarePluginBase::validateContexts public function Validates the set values for the defined contexts. Overrides ContextAwarePluginInterface::validateContexts
ContextAwarePluginBase::__get public function Implements magic __get() method.
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
PluginBase::$configuration protected property Configuration information passed into the plugin. 1
PluginBase::$pluginDefinition protected property The plugin implementation definition. 1
PluginBase::$pluginId protected property The plugin_id.
PluginBase::DERIVATIVE_SEPARATOR constant A string which is used to separate base plugin IDs from the derivative ID.
PluginBase::getBaseId public function Gets the base_plugin_id of the plugin instance. Overrides DerivativeInspectionInterface::getBaseId
PluginBase::getDerivativeId public function Gets the derivative_id of the plugin instance. Overrides DerivativeInspectionInterface::getDerivativeId
PluginBase::getPluginDefinition public function Gets the definition of the plugin implementation. Overrides PluginInspectionInterface::getPluginDefinition 3
PluginBase::getPluginId public function Gets the plugin_id of the plugin instance. Overrides PluginInspectionInterface::getPluginId
PluginBase::isConfigurable public function Determines if the plugin is configurable.
ServiceDefinitionBase::getArguments public function Returns an array of service request arguments. Overrides ServiceDefinitionInterface::getArguments
ServiceDefinitionBase::getCategory public function Returns a translated string for the category. Overrides ServiceDefinitionInterface::getCategory
ServiceDefinitionBase::getDescription public function Returns a translated description for the constraint description. Overrides ServiceDefinitionInterface::getDescription
ServiceDefinitionBase::getMethods public function Return an array of allowed methods. Overrides ServiceDefinitionInterface::getMethods
ServiceDefinitionBase::getPath public function Returns the appended path for the service. Overrides ServiceDefinitionInterface::getPath
ServiceDefinitionBase::getTitle public function Returns a translated string for the service title. Overrides ServiceDefinitionInterface::getTitle
ServiceDefinitionBase::processResponse public function Allow plugins to alter the response object before it is returned. Overrides ServiceDefinitionInterface::processResponse
ServiceDefinitionBase::supportsTranslation public function Returns a boolean if this service definition supports translations. Overrides ServiceDefinitionInterface::supportsTranslation
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
TypedDataTrait::$typedDataManager protected property The typed data manager used for creating the data types.
TypedDataTrait::getTypedDataManager public function Gets the typed data manager. 2
TypedDataTrait::setTypedDataManager public function Sets the typed data manager. 2
UserLogin::create public static function Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface::create
UserLogin::processRequest public function Processes the request and returns an array of data as appropriate. Overrides ServiceDefinitionInterface::processRequest
UserLogin::processRoute public function Checks access for the ServiceDefintion. Overrides ServiceDefinitionBase::processRoute
UserLogin::__construct public function Constructs a HTTP basic authentication provider object. Overrides ContextAwarePluginBase::__construct