public function SocialUserLoginForm::validateAuthentication in Open Social 10.1.x
Same name and namespace in other branches
- 8.9 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.2 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.3 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.4 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.5 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.6 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.7 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 8.8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 10.3.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 10.0.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
- 10.2.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
Checks supplied username/password against local users table.
If successful, $form_state->get('uid') is set to the matching user ID.
Overrides UserLoginForm::validateAuthentication
File
- modules/
social_features/ social_user/ src/ Form/ SocialUserLoginForm.php, line 159
Class
- SocialUserLoginForm
- Class SocialUserLoginForm.
Namespace
Drupal\social_user\FormCode
public function validateAuthentication(array &$form, FormStateInterface $form_state) {
$password = trim($form_state
->getValue('pass'));
$flood_config = $this
->config('user.flood');
if (!$form_state
->isValueEmpty('name_or_mail') && strlen($password) > 0) {
// Do not allow any login from the current user's IP if the limit has been
// reached. Default is 50 failed attempts allowed in one hour. This is
// independent of the per-user limit to catch attempts from one IP to log
// in to many different user accounts. We have a reasonably high limit
// since there may be only one IP for all users at an institution.
if (!$this->flood
->isAllowed('user.failed_login_ip', $flood_config
->get('ip_limit'), $flood_config
->get('ip_window'))) {
$form_state
->set('flood_control_triggered', 'ip');
return;
}
// Try to retrieve the account with the mail address.
$name = $form_state
->getValue('name_or_mail');
$accounts = $this->userStorage
->loadByProperties([
'mail' => $form_state
->getValue('name_or_mail'),
'status' => 1,
]);
$account = reset($accounts);
if ($account) {
$name = $account
->getAccountName();
}
$accounts = $this->userStorage
->loadByProperties([
'name' => $name,
'status' => 1,
]);
$account = reset($accounts);
if ($account) {
if ($flood_config
->get('uid_only')) {
// Register flood events based on the uid only, so they apply for any
// IP address. This is the most secure option.
$identifier = $account
->id();
}
else {
// The default identifier is a combination of uid and IP address. This
// is less secure but more resistant to denial-of-service attacks that
// could lock out all users with public user names.
$identifier = $account
->id() . '-' . $this
->getRequest()
->getClientIP();
}
$form_state
->set('flood_control_user_identifier', $identifier);
// Don't allow login if the limit for this user has been reached.
// Default is to allow 5 failed attempts every 6 hours.
if (!$this->flood
->isAllowed('user.failed_login_user', $flood_config
->get('user_limit'), $flood_config
->get('user_window'), $identifier)) {
$form_state
->set('flood_control_triggered', 'user');
return;
}
}
// We are not limited by flood control, so try to authenticate.
// Store $uid in form state as a flag for self::validateFinal().
$uid = $this->userAuth
->authenticate($name, $password);
$form_state
->set('uid', $uid);
}
}