You are here

public function SocialUserLoginForm::validateAuthentication in Open Social 8.7

Same name and namespace in other branches
  1. 8.9 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  2. 8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  3. 8.2 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  4. 8.3 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  5. 8.4 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  6. 8.5 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  7. 8.6 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  8. 8.8 modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  9. 10.3.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  10. 10.0.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  11. 10.1.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()
  12. 10.2.x modules/social_features/social_user/src/Form/SocialUserLoginForm.php \Drupal\social_user\Form\SocialUserLoginForm::validateAuthentication()

Checks supplied username/password against local users table.

If successful, $form_state->get('uid') is set to the matching user ID.

Overrides UserLoginForm::validateAuthentication

File

modules/social_features/social_user/src/Form/SocialUserLoginForm.php, line 154

Class

SocialUserLoginForm
Class SocialUserLoginForm.

Namespace

Drupal\social_user\Form

Code

public function validateAuthentication(array &$form, FormStateInterface $form_state) {
  $password = trim($form_state
    ->getValue('pass'));
  $flood_config = $this
    ->config('user.flood');
  if (!$form_state
    ->isValueEmpty('name_or_mail') && strlen($password) > 0) {

    // Do not allow any login from the current user's IP if the limit has been
    // reached. Default is 50 failed attempts allowed in one hour. This is
    // independent of the per-user limit to catch attempts from one IP to log
    // in to many different user accounts.  We have a reasonably high limit
    // since there may be only one IP for all users at an institution.
    if (!$this->flood
      ->isAllowed('user.failed_login_ip', $flood_config
      ->get('ip_limit'), $flood_config
      ->get('ip_window'))) {
      $form_state
        ->set('flood_control_triggered', 'ip');
      return;
    }

    // Try to retrieve the account with the mail address.
    $name = $form_state
      ->getValue('name_or_mail');
    $accounts = $this->userStorage
      ->loadByProperties([
      'mail' => $form_state
        ->getValue('name_or_mail'),
      'status' => 1,
    ]);
    $account = reset($accounts);
    if ($account) {
      $name = $account
        ->getAccountName();
    }
    $accounts = $this->userStorage
      ->loadByProperties([
      'name' => $name,
      'status' => 1,
    ]);
    $account = reset($accounts);
    if ($account) {
      if ($flood_config
        ->get('uid_only')) {

        // Register flood events based on the uid only, so they apply for any
        // IP address. This is the most secure option.
        $identifier = $account
          ->id();
      }
      else {

        // The default identifier is a combination of uid and IP address. This
        // is less secure but more resistant to denial-of-service attacks that
        // could lock out all users with public user names.
        $identifier = $account
          ->id() . '-' . $this
          ->getRequest()
          ->getClientIP();
      }
      $form_state
        ->set('flood_control_user_identifier', $identifier);

      // Don't allow login if the limit for this user has been reached.
      // Default is to allow 5 failed attempts every 6 hours.
      if (!$this->flood
        ->isAllowed('user.failed_login_user', $flood_config
        ->get('user_limit'), $flood_config
        ->get('user_window'), $identifier)) {
        $form_state
          ->set('flood_control_triggered', 'user');
        return;
      }
    }

    // We are not limited by flood control, so try to authenticate.
    // Store $uid in form state as a flag for self::validateFinal().
    $uid = $this->userAuth
      ->authenticate($name, $password);
    $form_state
      ->set('uid', $uid);
  }
}