function UserController::confirmCancel

Same name in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::confirmCancel()
  2. 10 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::confirmCancel()
  3. 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::confirmCancel()

Confirms cancelling a user account via an email link.

Parameters

\Drupal\user\UserInterface $user: The user account.

int $timestamp: The timestamp.

string $hashed_pass: The hashed password.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse A redirect response.

1 string reference to 'UserController::confirmCancel'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 337

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function confirmCancel(UserInterface $user, $timestamp = 0, $hashed_pass = '') {
    // Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
    $timeout = 86400;
    $current = REQUEST_TIME;
    // Basic validation of arguments.
    $account_data = $this->userData
        ->get('user', $user->id());
    if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
        // Validate expiration and hashed password/login.
        if ($timestamp <= $current && $current - $timestamp < $timeout && $user->id() && $timestamp >= $user->getLastLoginTime() && hash_equals($hashed_pass, user_pass_rehash($user, $timestamp))) {
            $edit = [
                'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : $this->config('user.settings')
                    ->get('notify.status_canceled'),
            ];
            user_cancel($edit, $user->id(), $account_data['cancel_method']);
            // Since user_cancel() is not invoked via Form API, batch processing
            // needs to be invoked manually and should redirect to the front page
            // after completion.
            return batch_process('<front>');
        }
        else {
            $this->messenger()
                ->addError($this->t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
            return $this->redirect('entity.user.cancel_form', [
                'user' => $user->id(),
            ], [
                'absolute' => TRUE,
            ]);
        }
    }
    throw new AccessDeniedHttpException();
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.