decode() public method

Decodes a string from the given format back into PHP data
public decode ( string $data, string $format ) : mixed
$data string data to decode
$format string format name
return mixed
Beispiel #1
0
 /**
  * {@inheritdoc}
  */
 public function processRequest(Request $request, RouteMatchInterface $route_match, SerializerInterface $serializer)
 {
     if ($serializer instanceof DecoderInterface) {
         $content = $serializer->decode($request->getContent(), $request->getContentType());
     } else {
         throw new HttpException(500, $this->t("The appropriate DecoderInterface was not found."));
     }
     if (!isset($content)) {
         throw new HttpException(500, $this->t("The content of the request was empty."));
     }
     $flood_config = $this->configFactory->get('user.flood');
     $username = $content['username'];
     $password = $content['password'];
     // Flood protection: this is very similar to the user login form code.
     // @see \Drupal\user\Form\UserLoginForm::validateAuthentication()
     // Do not allow any login from the current user's IP if the limit has been
     // reached. Default is 50 failed attempts allowed in one hour. This is
     // independent of the per-user limit to catch attempts from one IP to log
     // in to many different user accounts.  We have a reasonably high limit
     // since there may be only one apparent IP for all users at an institution.
     if ($this->flood->isAllowed('services.failed_login_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) {
         $accounts = $this->entityManager->getStorage('user')->loadByProperties(array('name' => $username, 'status' => 1));
         $account = reset($accounts);
         if ($account) {
             if ($flood_config->get('uid_only')) {
                 // Register flood events based on the uid only, so they apply for any
                 // IP address. This is the most secure option.
                 $identifier = $account->id();
             } else {
                 // The default identifier is a combination of uid and IP address. This
                 // is less secure but more resistant to denial-of-service attacks that
                 // could lock out all users with public user names.
                 $identifier = $account->id() . '-' . $request->getClientIP();
             }
             // Don't allow login if the limit for this user has been reached.
             // Default is to allow 5 failed attempts every 6 hours.
             if ($this->flood->isAllowed('services.failed_login_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
                 $uid = $this->userAuth->authenticate($username, $password);
                 if ($uid) {
                     $this->flood->clear('services.failed_login_user', $identifier);
                     $this->session->start();
                     user_login_finalize($account);
                     drupal_set_message(t('User succesffully logged in'), 'status', FALSE);
                     return ['id' => $this->session->getId(), 'name' => $this->session->getName()];
                     //return $this->entityManager->getStorage('user')->load($uid);
                 } else {
                     // Register a per-user failed login event.
                     $this->flood->register('services.failed_login_user', $flood_config->get('user_window'), $identifier);
                 }
             }
         }
     }
     // Always register an IP-based failed login event.
     $this->flood->register('services.failed_login_ip', $flood_config->get('ip_window'));
     return [];
 }
Beispiel #2
0
 /**
  * {@inheritdoc}
  */
 public function decode($data, array $context = [])
 {
     return $this->serializer->decode($data, JsonEncoder::FORMAT, $context);
 }