function UserAuthenticationController::login
Same name and namespace in other branches
- 9 core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::login()
- 8.9.x core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::login()
- 11.x core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::login()
Logs in a user.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
Return value
\Symfony\Component\HttpFoundation\Response A response which contains the ID and CSRF token.
1 string reference to 'UserAuthenticationController::login'
- user.routing.yml in core/
modules/ user/ user.routing.yml - core/modules/user/user.routing.yml
File
-
core/
modules/ user/ src/ Controller/ UserAuthenticationController.php, line 163
Class
- UserAuthenticationController
- Provides controllers for login, login status and logout via HTTP requests.
Namespace
Drupal\user\ControllerCode
public function login(Request $request) {
$format = $this->getRequestFormat($request);
$content = $request->getContent();
$credentials = $this->serializer
->decode($content, $format);
if (!isset($credentials['name']) && !isset($credentials['pass'])) {
throw new BadRequestHttpException('Missing credentials.');
}
if (!isset($credentials['name'])) {
throw new BadRequestHttpException('Missing credentials.name.');
}
if (!isset($credentials['pass'])) {
throw new BadRequestHttpException('Missing credentials.pass.');
}
$this->floodControl($request, $credentials['name']);
$accounts = $this->userStorage
->loadByProperties([
'name' => $credentials['name'],
]);
if (!empty($accounts)) {
/** @var \Drupal\user\UserInterface $account */
$account = reset($accounts);
if ($account->isBlocked()) {
throw new BadRequestHttpException('The user has not been activated or is blocked.');
}
if ($this->userAuth
->authenticateAccount($account, $credentials['pass'])) {
$this->userFloodControl
->clear('user.http_login', $this->getLoginFloodIdentifier($request, $credentials['name']));
$this->userLoginFinalize($account);
// Send basic metadata about the logged in user.
$response_data = [];
if ($account->get('uid')
->access('view', $account)) {
$response_data['current_user']['uid'] = $account->id();
}
if ($account->get('roles')
->access('view', $account)) {
$response_data['current_user']['roles'] = $account->getRoles();
}
if ($account->get('name')
->access('view', $account)) {
$response_data['current_user']['name'] = $account->getAccountName();
}
$response_data['csrf_token'] = $this->csrfToken
->get('rest');
$logout_route = $this->routeProvider
->getRouteByName('user.logout.http');
// Trim '/' off path to match \Drupal\Core\Access\CsrfAccessCheck.
$logout_path = ltrim($logout_route->getPath(), '/');
$response_data['logout_token'] = $this->csrfToken
->get($logout_path);
$encoded_response_data = $this->serializer
->encode($response_data, $format);
return new Response($encoded_response_data);
}
}
$flood_config = $this->config('user.flood');
if ($identifier = $this->getLoginFloodIdentifier($request, $credentials['name'])) {
$this->userFloodControl
->register('user.http_login', $flood_config->get('user_window'), $identifier);
}
// Always register an IP-based failed login event.
$this->userFloodControl
->register('user.failed_login_ip', $flood_config->get('ip_window'));
throw new BadRequestHttpException('Sorry, unrecognized username or password.');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.