You are here

class SocialUserLoginForm in Open Social 8.9

Same name and namespace in other branches
  1. 8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  2. 8.2 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  3. 8.3 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  4. 8.4 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  5. 8.5 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  6. 8.6 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  7. 8.7 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  8. 8.8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  9. 10.3.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  10. 10.0.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  11. 10.1.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm
  12. 10.2.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm

Class SocialUserLoginForm.

This custom login form is build for the following reasons:

  • Enable users to log in with their email address.
  • Protect the privacy of users by not leaking the username and email address in case of validation errors.

Almost all code is altered slightly from the UserLoginForm.

@package Drupal\social_user\Form

Hierarchy

Expanded class hierarchy of SocialUserLoginForm

File

modules/social_features/social_user/src/Form/SocialUserLoginForm.php, line 22

Namespace

Drupal\social_user\Form
View source
class SocialUserLoginForm extends UserLoginForm {

  /**
   * {@inheritdoc}
   */
  public function getFormId() {
    return 'social_user_login_form';
  }

  /**
   * {@inheritdoc}
   */
  public function buildForm(array $form, FormStateInterface $form_state) {
    $config = $this
      ->config('system.site');

    // We create a fieldset for the default username login.
    $form['username_login'] = [
      '#type' => 'fieldset',
      '#title' => $this
        ->t('Log in with <b>username</b> or <b>email</b>'),
    ];

    // If we have a help text then we display it to the user.
    $login_help = \Drupal::config('social_user.settings')
      ->get('login_help');
    if (!empty($login_help)) {
      $form['username_login']['#description'] = $login_help;
    }

    // Display login form:
    $form['username_login']['name_or_mail'] = [
      '#type' => 'textfield',
      '#title' => $this
        ->t('Username or email address'),
      '#size' => 60,
      '#maxlength' => USERNAME_MAX_LENGTH,
      '#description' => $this
        ->t('Enter your @s username or email.', [
        '@s' => $config
          ->get('name'),
      ]),
      '#required' => TRUE,
      '#attributes' => [
        'autocorrect' => 'none',
        'autocapitalize' => 'none',
        'spellcheck' => 'false',
        'autofocus' => 'autofocus',
      ],
    ];
    $reset_pass_link = Link::createFromRoute($this
      ->t('Forgot password?'), 'user.pass');
    $generated_reset_pass_link = $reset_pass_link
      ->toString();
    $pass_description = $generated_reset_pass_link
      ->getGeneratedLink();
    $form['username_login']['pass'] = [
      '#type' => 'password',
      '#title' => $this
        ->t('Password'),
      '#size' => 60,
      '#description' => $pass_description,
      '#required' => TRUE,
    ];
    $link_options = [];

    // Preserve the destination parameter when a user logs in instead.
    $request = \Drupal::request();
    if ($request->query
      ->has('destination')) {
      $link_options['query'] = [
        'destination' => $request->query
          ->get('destination'),
      ];
    }
    if (\Drupal::config('user.settings')
      ->get('register') != 'admin_only') {
      $sign_up_link = Link::createFromRoute($this
        ->t('Sign up'), 'user.register', [], $link_options)
        ->toString();
      $form['username_login']['sign-up-link'] = [
        '#markup' => $this
          ->t("Don't have an account yet? @link", [
          "@link" => $sign_up_link,
        ]),
        '#weight' => 1000,
        '#cache' => [
          'contexts' => [
            'url.query_args',
          ],
        ],
      ];
    }
    $form['actions'] = [
      '#type' => 'actions',
    ];
    $form['actions']['submit'] = [
      '#type' => 'submit',
      '#value' => $this
        ->t('Log in'),
    ];

    // Validates account and sets the form state uid that is used in the
    // submit function.
    $form['#validate'][] = '::validateAuthentication';

    // Validates if the uid is set and display an error message if the input
    // is invalid.
    // Validates if a user with a username or email is blocked.
    $form['#validate'][] = '::validateNameMail';
    $form['#validate'][] = '::validateFinal';
    $this->renderer
      ->addCacheableDependency($form, $config);
    return $form;
  }

  /**
   * {@inheritdoc}
   */
  public function submitForm(array &$form, FormStateInterface $form_state) {
    $account = $this->userStorage
      ->load($form_state
      ->get('uid'));

    // A destination was set, probably on an exception controller,.
    // @TODO: Add validation if route exists.
    if (!$this
      ->getRequest()->request
      ->has('destination')) {
      $form_state
        ->setRedirect('<front>');
    }
    else {
      $this
        ->getRequest()->query
        ->set('destination', $this
        ->getRequest()->request
        ->get('destination'));
    }
    user_login_finalize($account);
  }

  /**
   * Sets an error if supplied username or mail has been blocked.
   */
  public function validateNameMail(array &$form, FormStateInterface $form_state) {
    $user_blocked = social_user_is_blocked($form_state
      ->getValue('name_or_mail'));
    if ($user_blocked) {

      // Blocked in user administration.
      if (!$form_state
        ->get('uid')) {
        $this
          ->setGeneralErrorMessage($form, $form_state);
      }
      else {
        $form_state
          ->setErrorByName('name_or_mail', $this
          ->t('The username %name has not been activated or is blocked.', [
          '%name' => $form_state
            ->getValue('name_or_mail'),
        ]));
      }
    }
  }

  /**
   * Checks supplied username/password against local users table.
   *
   * If successful, $form_state->get('uid') is set to the matching user ID.
   */
  public function validateAuthentication(array &$form, FormStateInterface $form_state) {
    $password = trim($form_state
      ->getValue('pass'));
    $flood_config = $this
      ->config('user.flood');
    if (!$form_state
      ->isValueEmpty('name_or_mail') && strlen($password) > 0) {

      // Do not allow any login from the current user's IP if the limit has been
      // reached. Default is 50 failed attempts allowed in one hour. This is
      // independent of the per-user limit to catch attempts from one IP to log
      // in to many different user accounts.  We have a reasonably high limit
      // since there may be only one IP for all users at an institution.
      if (!$this->flood
        ->isAllowed('user.failed_login_ip', $flood_config
        ->get('ip_limit'), $flood_config
        ->get('ip_window'))) {
        $form_state
          ->set('flood_control_triggered', 'ip');
        return;
      }

      // Try to retrieve the account with the mail address.
      $name = $form_state
        ->getValue('name_or_mail');
      $accounts = $this->userStorage
        ->loadByProperties([
        'mail' => $form_state
          ->getValue('name_or_mail'),
        'status' => 1,
      ]);
      $account = reset($accounts);
      if ($account) {
        $name = $account
          ->getAccountName();
      }
      $accounts = $this->userStorage
        ->loadByProperties([
        'name' => $name,
        'status' => 1,
      ]);
      $account = reset($accounts);
      if ($account) {
        if ($flood_config
          ->get('uid_only')) {

          // Register flood events based on the uid only, so they apply for any
          // IP address. This is the most secure option.
          $identifier = $account
            ->id();
        }
        else {

          // The default identifier is a combination of uid and IP address. This
          // is less secure but more resistant to denial-of-service attacks that
          // could lock out all users with public user names.
          $identifier = $account
            ->id() . '-' . $this
            ->getRequest()
            ->getClientIP();
        }
        $form_state
          ->set('flood_control_user_identifier', $identifier);

        // Don't allow login if the limit for this user has been reached.
        // Default is to allow 5 failed attempts every 6 hours.
        if (!$this->flood
          ->isAllowed('user.failed_login_user', $flood_config
          ->get('user_limit'), $flood_config
          ->get('user_window'), $identifier)) {
          $form_state
            ->set('flood_control_triggered', 'user');
          return;
        }
      }

      // We are not limited by flood control, so try to authenticate.
      // Store $uid in form state as a flag for self::validateFinal().
      $uid = $this->userAuth
        ->authenticate($name, $password);
      $form_state
        ->set('uid', $uid);
    }
  }

  /**
   * Checks if user was not authenticated, or if too many logins were attempted.
   *
   * This validation function should always be the last one.
   */
  public function validateFinal(array &$form, FormStateInterface $form_state) {
    $flood_config = $this
      ->config('user.flood');
    if (!$form_state
      ->get('uid')) {

      // Set general error message to not leak privacy information.
      $this
        ->setGeneralErrorMessage($form, $form_state);

      // Always register an IP-based failed login event.
      $this->flood
        ->register('user.failed_login_ip', $flood_config
        ->get('ip_window'));

      // Register a per-user failed login event.
      if ($flood_control_user_identifier = $form_state
        ->get('flood_control_user_identifier')) {
        $this->flood
          ->register('user.failed_login_user', $flood_config
          ->get('user_window'), $flood_control_user_identifier);
      }
      $flood_control_triggered = $form_state
        ->get('flood_control_triggered');
      if (!$flood_control_triggered) {
        $name = $form_state
          ->getValue('name_or_mail');
        $accounts = $this->userStorage
          ->loadByProperties([
          'mail' => $form_state
            ->getValue('name_or_mail'),
          'status' => 1,
        ]);
        $account = reset($accounts);
        if ($account) {
          $name = $account
            ->getAccountName();
        }
        $accounts = $this->userStorage
          ->loadByProperties([
          'name' => $name,
        ]);
        if (!empty($accounts)) {
          $this
            ->logger('user')
            ->notice('Login attempt failed for %user.', [
            '%user' => $name,
          ]);
        }
        else {

          // If the username entered is not a valid user,
          // only store the IP address.
          $this
            ->logger('user')
            ->notice('Login attempt failed from %ip.', [
            '%ip' => $this
              ->getRequest()
              ->getClientIp(),
          ]);
        }
      }
    }
    elseif ($flood_control_user_identifier = $form_state
      ->get('flood_control_user_identifier')) {

      // Clear past failures for this user so as not to block a user who might
      // log in and out more than once in an hour.
      $this->flood
        ->clear('user.failed_login_user', $flood_control_user_identifier);
    }
  }

  /**
   * {@inheritdoc}
   */
  protected function setGeneralErrorMessage(array &$form, FormStateInterface $form_state) {
    $form_state
      ->setErrorByName('name_or_mail', $this
      ->t('
        <p>Oops, there was an error. This may have happened for the following reasons:</p>
        <ul>
          <li>Invalid username/email and password combination. </li>
          <li>There has been more than one failed login attempt for this account. It is temporarily blocked. </li>
          <li>Too many failed login attempts from your computer (IP address). This IP address is temporarily blocked. </li>
        </ul>
        <p>To solve the issue, try using different login information, try again later, or <a href=":url">request a new password</a></p>', [
      '%name_or_email' => $form_state
        ->getValue('name_or_mail'),
      ':url' => $this
        ->url('user.pass'),
    ]));
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DependencySerializationTrait::$_entityStorages protected property An array of entity type IDs keyed by the property name of their storages.
DependencySerializationTrait::$_serviceIds protected property An array of service IDs keyed by property name used for serialization.
DependencySerializationTrait::__sleep public function 1
DependencySerializationTrait::__wakeup public function 2
FormBase::$configFactory protected property The config factory. 1
FormBase::$requestStack protected property The request stack. 1
FormBase::$routeMatch protected property The route match.
FormBase::config protected function Retrieves a configuration object.
FormBase::configFactory protected function Gets the config factory for this form. 1
FormBase::container private function Returns the service container.
FormBase::currentUser protected function Gets the current user.
FormBase::getRequest protected function Gets the request object.
FormBase::getRouteMatch protected function Gets the route match.
FormBase::logger protected function Gets the logger for a specific channel.
FormBase::redirect protected function Returns a redirect response object for the specified route. Overrides UrlGeneratorTrait::redirect
FormBase::resetConfigFactory public function Resets the configuration factory.
FormBase::setConfigFactory public function Sets the config factory for this form.
FormBase::setRequestStack public function Sets the request stack object to use.
FormBase::validateForm public function Form validation handler. Overrides FormInterface::validateForm 62
LinkGeneratorTrait::$linkGenerator protected property The link generator. 1
LinkGeneratorTrait::getLinkGenerator Deprecated protected function Returns the link generator.
LinkGeneratorTrait::l Deprecated protected function Renders a link to a route given a route name and its parameters.
LinkGeneratorTrait::setLinkGenerator Deprecated public function Sets the link generator service.
LoggerChannelTrait::$loggerFactory protected property The logger channel factory service.
LoggerChannelTrait::getLogger protected function Gets the logger for a specific channel.
LoggerChannelTrait::setLoggerFactory public function Injects the logger channel factory.
MessengerTrait::$messenger protected property The messenger. 29
MessengerTrait::messenger public function Gets the messenger. 29
MessengerTrait::setMessenger public function Sets the messenger.
RedirectDestinationTrait::$redirectDestination protected property The redirect destination service. 1
RedirectDestinationTrait::getDestinationArray protected function Prepares a 'destination' URL query parameter for use with \Drupal\Core\Url.
RedirectDestinationTrait::getRedirectDestination protected function Returns the redirect destination service.
RedirectDestinationTrait::setRedirectDestination public function Sets the redirect destination service.
SocialUserLoginForm::buildForm public function Form constructor. Overrides UserLoginForm::buildForm
SocialUserLoginForm::getFormId public function Returns a unique string identifying the form. Overrides UserLoginForm::getFormId
SocialUserLoginForm::setGeneralErrorMessage protected function
SocialUserLoginForm::submitForm public function Form submission handler. Overrides UserLoginForm::submitForm
SocialUserLoginForm::validateAuthentication public function Checks supplied username/password against local users table. Overrides UserLoginForm::validateAuthentication
SocialUserLoginForm::validateFinal public function Checks if user was not authenticated, or if too many logins were attempted. Overrides UserLoginForm::validateFinal
SocialUserLoginForm::validateNameMail public function Sets an error if supplied username or mail has been blocked.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.
UrlGeneratorTrait::$urlGenerator protected property The url generator.
UrlGeneratorTrait::getUrlGenerator Deprecated protected function Returns the URL generator service.
UrlGeneratorTrait::setUrlGenerator Deprecated public function Sets the URL generator service.
UrlGeneratorTrait::url Deprecated protected function Generates a URL or path for a specific route based on the given parameters.
UserLoginForm::$flood protected property The flood service.
UserLoginForm::$renderer protected property The renderer.
UserLoginForm::$userAuth protected property The user authentication object.
UserLoginForm::$userStorage protected property The user storage.
UserLoginForm::create public static function Instantiates a new instance of this class. Overrides FormBase::create
UserLoginForm::validateName public function Sets an error if supplied username has been blocked.
UserLoginForm::__construct public function Constructs a new UserLoginForm.