public function TfaLoginController::access in Two-factor Authentication (TFA) 8
Denies access unless user matches hash value.
Parameters
\Drupal\Core\Routing\RouteMatchInterface $route: The route to be checked.
\Drupal\Core\Session\AccountInterface $account: The current logged in user, if any.
Return value
\Drupal\Core\Access\AccessResult The access result.
1 string reference to 'TfaLoginController::access'
File
- src/
Controller/ TfaLoginController.php, line 30
Class
- TfaLoginController
- Provides access control on the verification form.
Namespace
Drupal\tfa\ControllerCode
public function access(RouteMatchInterface $route, AccountInterface $account) {
$user = $route
->getParameter('user');
// Start with a positive access check which is cacheable for the current
// route, which includes both route name and parameters.
$access = AccessResult::allowed();
$access
->addCacheContexts([
'route',
]);
if (!$user instanceof UserInterface) {
return $access
->andIf(AccessResult::forbidden('Invalid user.'));
}
// Since we're about to check the login hash, which is based on properties
// of the user, we now need to vary the cache based on the user object.
$access
->addCacheableDependency($user);
// If the login hash doesn't match, forbid access.
if ($this
->getLoginHash($user) !== $route
->getParameter('hash')) {
return $access
->andIf(AccessResult::forbidden('Invalid hash.'));
}
// If we've gotten here, we need to check that the current user is allowed
// to use TFA features for this account. To make this decision, we need to
// vary the cache based on the current user.
$access
->addCacheableDependency($account);
if ($account
->isAuthenticated()) {
return $access
->andIf($this
->accessSelfOrAdmin($route, $account));
}
return $access;
}