/**
* {@inheritdoc}
*
* @param array $form
* An associative array containing the structure of the form.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The current state of the form.
* @param \Drupal\Core\Session\AccountInterface $user
* User requesting reset.
* @param string $expiration_date
* Formatted expiration date for the login link, or NULL if the link does
* not expire.
* @param int $timestamp
* The current timestamp.
* @param string $hash
* Login link hash.
*/
public function buildForm(array $form, FormStateInterface $form_state, AccountInterface $user = NULL, $expiration_date = NULL, $timestamp = NULL, $hash = NULL)
{
if ($expiration_date) {
$form['message'] = array('#markup' => $this->t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to log in to the site and change your password.</p>', array('%user_name' => $user->getUsername(), '%expiration_date' => $expiration_date)));
} else {
// No expiration for first time login.
$form['message'] = array('#markup' => $this->t('<p>This is a one-time login for %user_name.</p><p>Click on this button to log in to the site and change your password.</p>', array('%user_name' => $user->getUsername())));
}
$form['#title'] = 'Reset Password';
$form['user'] = array('#type' => 'value', '#value' => $user);
$form['timestamp'] = array('#type' => 'value', '#value' => $timestamp);
$form['help'] = array('#markup' => '<p>' . $this->t('This login can be used only once.') . '</p>');
$form['actions'] = array('#type' => 'actions');
$form['actions']['submit'] = array('#type' => 'submit', '#value' => $this->t('Log in'));
return $form;
}
/**
* {@inheritdoc}
*/
public function collect(Request $request, Response $response, \Exception $exception = NULL)
{
$this->data['name'] = $this->currentUser->getUsername();
$this->data['authenticated'] = $this->currentUser->isAuthenticated();
$this->data['roles'] = [];
$storage = $this->entityManager->getStorage('user_role');
foreach ($this->currentUser->getRoles() as $role) {
$entity = $storage->load($role);
$this->data['roles'][] = $entity->label();
}
foreach ($this->providerCollector->getSortedProviders() as $provider_id => $provider) {
if ($provider->applies($request)) {
$this->data['provider'] = $provider_id;
}
}
$this->data['anonymous'] = $this->configFactory->get('user.settings')->get('anonymous');
}
/**
* {@inheritdoc}
*/
protected function drupalLogin(AccountInterface $account)
{
if ($this->loggedInUser) {
$this->drupalLogout();
}
$this->drupalGet('user');
$this->submitForm(array('name' => $account->getUsername(), 'pass' => $account->passRaw), t('Log in'));
// @see BrowserTestBase::drupalUserIsLoggedIn()
$account->sessionId = $this->getSession()->getCookie($this->getSessionName());
$this->assertTrue($this->drupalUserIsLoggedIn($account), SafeMarkup::format('User %name successfully logged in.', array('name' => $account->getUsername())));
$this->loggedInUser = $account;
$this->container->get('current_user')->setAccount($account);
}
/**
* Log in a user with the internal browser.
*
* If a user is already logged in, then the current user is logged out before
* logging in the specified user.
*
* Please note that neither the current user nor the passed-in user object is
* populated with data of the logged in user. If you need full access to the
* user object after logging in, it must be updated manually. If you also need
* access to the plain-text password of the user (set by drupalCreateUser()),
* e.g. to log in the same user again, then it must be re-assigned manually.
* For example:
* @code
* // Create a user.
* $account = $this->drupalCreateUser(array());
* $this->drupalLogin($account);
* // Load real user object.
* $pass_raw = $account->pass_raw;
* $account = User::load($account->id());
* $account->pass_raw = $pass_raw;
* @endcode
*
* @param \Drupal\Core\Session\AccountInterface $account
* User object representing the user to log in.
*
* @see drupalCreateUser()
*/
protected function drupalLogin(AccountInterface $account)
{
if ($this->loggedInUser) {
$this->drupalLogout();
}
$edit = array('name' => $account->getUsername(), 'pass' => $account->pass_raw);
$this->drupalPostForm('user/login', $edit, t('Log in'));
// @see WebTestBase::drupalUserIsLoggedIn()
if (isset($this->sessionId)) {
$account->session_id = $this->sessionId;
}
$pass = $this->assert($this->drupalUserIsLoggedIn($account), format_string('User %name successfully logged in.', array('%name' => $account->getUsername())), 'User login');
if ($pass) {
$this->loggedInUser = $account;
$this->container->get('current_user')->setAccount($account);
}
}
/**
* Log in a user via HTTPS.
*
* Note that the parents $session_id and $loggedInUser is not updated.
*/
protected function loginHttps(AccountInterface $account)
{
$this->drupalGet('user/login');
// Alter the form action to submit the login form through https.php, which
// creates a mock HTTPS request on HTTP test environments.
$form = $this->xpath('//form[@id="user-login-form"]');
$form[0]['action'] = $this->httpsUrl('user/login');
$edit = array('name' => $account->getUsername(), 'pass' => $account->pass_raw);
// When posting directly to the HTTP or HTTPS mock front controller, the
// location header on the returned response is an absolute URL. That URL
// needs to be converted into a request to the respective mock front
// controller in order to retrieve the target page. Because the URL in the
// location header needs to be modified, it is necessary to disable the
// automatic redirects normally performed by parent::curlExec().
$maximum_redirects = $this->maximumRedirects;
$this->maximumRedirects = 0;
$this->drupalPostForm(NULL, $edit, t('Log in'));
$this->maximumRedirects = $maximum_redirects;
// When logging in via the HTTPS mock, the child site will issue a session
// cookie with the secure attribute set. While this cookie will be stored in
// the curl handle, it will not be used on subsequent requests via the HTTPS
// mock, unless when operating in a true HTTPS environment. Therefore it is
// necessary to manually collect the session cookie and add it to the
// curlCookies property such that it will be used on subsequent requests via
// the HTTPS mock.
$this->curlCookies = array($this->secureSessionName . '=' . $this->cookies[$this->secureSessionName]['value']);
// Follow the location header.
$path = $this->getPathFromLocationHeader(TRUE);
$this->drupalGet($this->httpsUrl($path));
$this->assertResponse(200);
}
/**
* Overrides Drupal\Core\Entity\EntityForm::form().
*/
public function form(array $form, FormStateInterface $form_state)
{
/** @var \Drupal\comment\CommentInterface $comment */
$comment = $this->entity;
$entity = $this->entityManager->getStorage($comment->getCommentedEntityTypeId())->load($comment->getCommentedEntityId());
$field_name = $comment->getFieldName();
$field_definition = $this->entityManager->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$comment->getFieldName()];
// Use #comment-form as unique jump target, regardless of entity type.
$form['#id'] = drupal_html_id('comment_form');
$form['#theme'] = array('comment_form__' . $entity->getEntityTypeId() . '__' . $entity->bundle() . '__' . $field_name, 'comment_form');
$anonymous_contact = $field_definition->getSetting('anonymous');
$is_admin = $comment->id() && $this->currentUser->hasPermission('administer comments');
if (!$this->currentUser->isAuthenticated() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
$form['#attached']['library'][] = 'core/drupal.form';
$form['#attributes']['data-user-info-from-browser'] = TRUE;
}
// If not replying to a comment, use our dedicated page callback for new
// Comments on entities.
if (!$comment->id() && !$comment->hasParentComment()) {
$form['#action'] = $this->url('comment.reply', array('entity_type' => $entity->getEntityTypeId(), 'entity' => $entity->id(), 'field_name' => $field_name));
}
$comment_preview = $form_state->get('comment_preview');
if (isset($comment_preview)) {
$form += $comment_preview;
}
$form['author'] = array();
// Display author information in a details element for comment moderators.
if ($is_admin) {
$form['author'] += array('#type' => 'details', '#title' => $this->t('Administration'));
}
// Prepare default values for form elements.
if ($is_admin) {
$author = $comment->getAuthorName();
$status = $comment->getStatus();
if (empty($comment_preview)) {
$form['#title'] = $this->t('Edit comment %title', array('%title' => $comment->getSubject()));
}
} else {
if ($this->currentUser->isAuthenticated()) {
$author = $this->currentUser->getUsername();
} else {
$author = $comment->getAuthorName() ? $comment->getAuthorName() : '';
}
$status = $this->currentUser->hasPermission('skip comment approval') ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED;
}
$date = '';
if ($comment->id()) {
$date = !empty($comment->date) ? $comment->date : DrupalDateTime::createFromTimestamp($comment->getCreatedTime());
}
// Add the author name field depending on the current user.
$form['author']['name'] = array('#type' => 'textfield', '#title' => $this->t('Your name'), '#default_value' => $author, '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 60, '#size' => 30);
if ($is_admin) {
$form['author']['name']['#title'] = $this->t('Authored by');
$form['author']['name']['#description'] = $this->t('Leave blank for %anonymous.', array('%anonymous' => $this->config('user.settings')->get('anonymous')));
$form['author']['name']['#autocomplete_route_name'] = 'user.autocomplete';
} elseif ($this->currentUser->isAuthenticated()) {
$form['author']['name']['#type'] = 'item';
$form['author']['name']['#value'] = $form['author']['name']['#default_value'];
$form['author']['name']['#theme'] = 'username';
$form['author']['name']['#account'] = $this->currentUser;
} elseif ($this->currentUser->isAnonymous()) {
$form['author']['name']['#attributes']['data-drupal-default-value'] = $this->config('user.settings')->get('anonymous');
}
$language_configuration = \Drupal::moduleHandler()->invoke('language', 'get_default_configuration', array('comment', $comment->getTypeId()));
$form['langcode'] = array('#title' => t('Language'), '#type' => 'language_select', '#default_value' => $comment->getUntranslated()->language()->getId(), '#languages' => Language::STATE_ALL, '#access' => isset($language_configuration['language_show']) && $language_configuration['language_show']);
// Add author email and homepage fields depending on the current user.
$form['author']['mail'] = array('#type' => 'email', '#title' => $this->t('Email'), '#default_value' => $comment->getAuthorEmail(), '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 64, '#size' => 30, '#description' => $this->t('The content of this field is kept private and will not be shown publicly.'), '#access' => $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT);
$form['author']['homepage'] = array('#type' => 'url', '#title' => $this->t('Homepage'), '#default_value' => $comment->getHomepage(), '#maxlength' => 255, '#size' => 30, '#access' => $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT);
// Add administrative comment publishing options.
$form['author']['date'] = array('#type' => 'datetime', '#title' => $this->t('Authored on'), '#default_value' => $date, '#size' => 20, '#access' => $is_admin);
$form['author']['status'] = array('#type' => 'radios', '#title' => $this->t('Status'), '#default_value' => $status, '#options' => array(CommentInterface::PUBLISHED => $this->t('Published'), CommentInterface::NOT_PUBLISHED => $this->t('Not published')), '#access' => $is_admin);
// Used for conditional validation of author fields.
$form['is_anonymous'] = array('#type' => 'value', '#value' => $comment->id() ? !$comment->getOwnerId() : $this->currentUser->isAnonymous());
return parent::form($form, $form_state, $comment);
}
/**
* Log in a user with the internal browser.
*
* If a user is already logged in, then the current user is logged out before
* logging in the specified user.
*
* Please note that neither the current user nor the passed-in user object is
* populated with data of the logged in user. If you need full access to the
* user object after logging in, it must be updated manually. If you also need
* access to the plain-text password of the user (set by drupalCreateUser()),
* e.g. to log in the same user again, then it must be re-assigned manually.
* For example:
* @code
* // Create a user.
* $account = $this->drupalCreateUser(array());
* $this->drupalLogin($account);
* // Load real user object.
* $pass_raw = $account->pass_raw;
* $account = user_load($account->id());
* $account->pass_raw = $pass_raw;
* @endcode
*
* @param \Drupal\Core\Session\AccountInterface $account
* User object representing the user to log in.
*
* @see drupalCreateUser()
*/
protected function drupalLogin(AccountInterface $account)
{
if ($this->loggedInUser) {
$this->drupalLogout();
}
$edit = array('name' => $account->getUsername(), 'pass' => $account->pass_raw);
$this->drupalPostForm('user', $edit, t('Log in'));
// @see WebTestBase::drupalUserIsLoggedIn()
if (isset($this->session_id)) {
$account->session_id = $this->session_id;
}
$pass = $this->assert($this->drupalUserIsLoggedIn($account), format_string('User %name successfully logged in.', array('%name' => $account->getUsername())), 'User login');
if ($pass) {
$this->loggedInUser = $account;
$this->container->get('current_user')->setAccount($account);
// @todo Temporary workaround for not being able to use synchronized
// services in non dumped container.
$this->container->get('access_subscriber')->setCurrentUser($account);
}
}
/**
* Login a user on a specific domain.
*
* @param Drupal\domain\DomainInterface $domain
* The domain to log the user into.
* @param Drupal\Core\Session\AccountInterface $account
* The user account to login.
*/
public function domainLogin(DomainInterface $domain, AccountInterface $account)
{
if ($this->loggedInUser) {
$this->drupalLogout();
}
// For this to work, we must reset the password to a known value.
$pass = '******';
$user = \Drupal::entityManager()->getStorage('user')->load($account->id());
$user->setPassword($pass)->save();
$url = $domain->getPath() . '/user/login';
$edit = ['name' => $account->getUsername(), 'pass' => $pass];
$this->drupalPostForm($url, $edit, t('Log in'));
// @see WebTestBase::drupalUserIsLoggedIn()
if (isset($this->sessionId)) {
$account->session_id = $this->sessionId;
}
$pass = $this->assert($this->drupalUserIsLoggedIn($account), format_string('User %name successfully logged in.', array('%name' => $account->getUsername())), 'User login');
if ($pass) {
$this->loggedInUser = $account;
$this->container->get('current_user')->setAccount($account);
}
}
