public function Password::applyAccountFormProtection in User protect 8

Implements applyAccountFormProtection::isEnabled().

By default, no protection is applied.

Overrides UserProtectionBase::applyAccountFormProtection

File

src/Plugin/UserProtection/Password.php, line 21

Class

Password: Protects user's password.

Namespace

Drupal\userprotect\Plugin\UserProtection

Code

public function applyAccountFormProtection(array &$form, FormStateInterface $form_state) {
  if (isset($form['account']['current_pass'])) {
    $form['account']['current_pass']['#access'] = FALSE;
  }

  // Since current_pass gets hidden, any constraints regarding the current
  // password needs to be removed or bypassed as well.
  // \Drupal\user\AccountForm::validate() uses the constraint
  // \Drupal\user\Plugin\Validation\Constraint\ProtectedUserFieldConstraintValidator
  // to determine if filling the current pass is required.
  // This constraint can be bypassed by setting
  // "_skipProtectedUserFieldConstraint" on the account to true. Since
  // \Drupal\user\AccountForm::validate() sets that value to the form state's
  // "user_pass_reset" and there seems to be no easy way to set
  // "_skipProtectedUserFieldConstraint" at a later time, "user_pass_reset" is
  // set to true here, even though the user might not have logged in via a
  // one-time link.
  $form_state
    ->set('user_pass_reset', TRUE);
  if (isset($form['account']['pass'])) {
    $form['account']['pass']['#access'] = FALSE;
    return TRUE;
  }
  return FALSE;
}

You are here

public function Password::applyAccountFormProtection in User protect 8

File

Class

Namespace

Code

API Navigation