function RestAuthenticationController::login

Same name and namespace in other branches
  1. 11.x core/modules/rest/src/Controller/RestAuthenticationController.php \Drupal\rest\Controller\RestAuthenticationController::login()

Logs in a user.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

Return value

\Symfony\Component\HttpFoundation\Response A response which contains the ID and CSRF token.

1 string reference to 'RestAuthenticationController::login'
rest.routing.yml in core/modules/rest/rest.routing.yml
core/modules/rest/rest.routing.yml

File

core/modules/rest/src/Controller/RestAuthenticationController.php, line 96

Class

RestAuthenticationController
Provides controllers for login, login status and logout via HTTP requests.

Namespace

Drupal\rest\Controller

Code

public function login(Request $request) : Response {
  $format = $this->getRequestFormat($request);
  $content = $request->getContent();
  $credentials = $this->serializer
    ->decode($content, $format);
  if (!isset($credentials['name']) && !isset($credentials['pass'])) {
    throw new BadRequestHttpException('Missing credentials.');
  }
  if (!isset($credentials['name'])) {
    throw new BadRequestHttpException('Missing credentials.name.');
  }
  if (!isset($credentials['pass'])) {
    throw new BadRequestHttpException('Missing credentials.pass.');
  }
  $this->floodControl($request, $credentials['name']);
  $account = $this->userAuth
    ->lookupAccount($credentials['name']);
  if ($account) {
    if ($account->isBlocked()) {
      throw new BadRequestHttpException('The user has not been activated or is blocked.');
    }
    $authenticated = $this->userAuth
      ->authenticateAccount($account, $credentials['pass']) && $account->id();
    if ($authenticated) {
      $this->userFloodControl
        ->clear('user.http_login', $this->getLoginFloodIdentifier($request, $credentials['name']));
      $this->userLoginFinalize($account);
      // Send basic metadata about the logged in user.
      $response_data = [];
      if ($account->get('uid')
        ->access('view', $account)) {
        $response_data['current_user']['uid'] = $account->id();
      }
      if ($account->get('roles')
        ->access('view', $account)) {
        $response_data['current_user']['roles'] = $account->getRoles();
      }
      if ($account->get('name')
        ->access('view', $account)) {
        $response_data['current_user']['name'] = $account->getAccountName();
      }
      $response_data['csrf_token'] = $this->csrfToken
        ->get('rest');
      $logout_route = $this->routeProvider
        ->getRouteByName('rest.logout');
      // Trim '/' off path to match \Drupal\Core\Access\CsrfAccessCheck.
      $logout_path = ltrim($logout_route->getPath(), '/');
      $response_data['logout_token'] = $this->csrfToken
        ->get($logout_path);
      $encoded_response_data = $this->serializer
        ->encode($response_data, $format);
      return new Response($encoded_response_data);
    }
  }
  $flood_config = $this->config('user.flood');
  if ($identifier = $this->getLoginFloodIdentifier($request, $credentials['name'])) {
    $this->userFloodControl
      ->register('user.http_login', $flood_config->get('user_window'), $identifier);
  }
  // Always register an IP-based failed login event.
  $this->userFloodControl
    ->register('user.failed_login_ip', $flood_config->get('ip_window'));
  throw new BadRequestHttpException('Unrecognized username or password.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.