/** * {@inheritdoc} */ public function validate($items, Constraint $constraint) { /** @var CommentNameConstraint $constraint */ if (!isset($items)) { return; } /** @var CommentInterface $comment */ $comment = $items->getEntity(); if (!isset($comment)) { // Looks like we are validating a field not being part of a comment, // nothing we can do then. return; } $author_name = $items->first()->value; // Do not allow unauthenticated comment authors to use a name that is // taken by a registered user. if (isset($author_name) && $author_name !== '' && $comment->getOwnerId() === 0) { $users = $this->userStorage->loadByProperties(array('name' => $author_name)); if (!empty($users)) { $this->context->addViolation($constraint->messageNameTaken, array('%name' => $author_name)); } } elseif (isset($author_name) && $author_name !== '' && $comment->getOwnerId()) { $owner = $comment->getOwner(); if ($owner->getUsername() != $author_name) { $this->context->addViolation($constraint->messageMatch); } } // Anonymous account might be required - depending on field settings. if ($comment->getOwnerId() === 0 && empty($author_name) && $this->getAnonymousContactDetailsSetting($comment) === COMMENT_ANONYMOUS_MUST_CONTACT) { $this->context->addViolation($constraint->messageRequired); } }
/** * Checks if user was not authenticated, or if too many logins were attempted. * * This validation function should always be the last one. */ public function validateFinal(array &$form, FormStateInterface $form_state) { $flood_config = $this->config('user.flood'); if (!$form_state->get('uid')) { // Always register an IP-based failed login event. $this->flood->register('user.failed_login_ip', $flood_config->get('ip_window')); // Register a per-user failed login event. if ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) { $this->flood->register('user.failed_login_user', $flood_config->get('user_window'), $flood_control_user_identifier); } if ($flood_control_triggered = $form_state->get('flood_control_triggered')) { if ($flood_control_triggered == 'user') { $form_state->setErrorByName('name', format_plural($flood_config->get('user_limit'), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => $this->url('user.pass')))); } else { // We did not find a uid, so the limit is IP-based. $form_state->setErrorByName('name', $this->t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => $this->url('user.pass')))); } } else { $form_state->setErrorByName('name', $this->t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => $this->url('user.pass', [], array('query' => array('name' => $form_state->getValue('name'))))))); $accounts = $this->userStorage->loadByProperties(array('name' => $form_state->getValue('name'))); if (!empty($accounts)) { $this->logger('user')->notice('Login attempt failed for %user.', array('%user' => $form_state->getValue('name'))); } else { // If the username entered is not a valid user, // only store the IP address. $this->logger('user')->notice('Login attempt failed from %ip.', array('%ip' => $this->getRequest()->getClientIp())); } } } elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) { // Clear past failures for this user so as not to block a user who might // log in and out more than once in an hour. $this->flood->clear('user.failed_login_user', $flood_control_user_identifier); } }
/** * {@inheritdoc} */ public function submitForm(array &$form, FormStateInterface $form_state) { if ($roles = array_filter($form_state->getValue('roles'))) { foreach ($roles as $key => $role) { $roles[$key] = $this->roleStorage->load($role)->label(); } // Authenticated role includes all users so we can ignore all other roles. $properties = []; if (!array_key_exists(AccountInterface::AUTHENTICATED_ROLE, $roles)) { $properties['roles'] = array_keys($roles); } $users = $this->userStorage->loadByProperties($properties); $exclude_myself = $form_state->getValue('exclude_myself') == '1'; $account = \Drupal::currentUser(); /** @var \Drupal\user\UserInterface $user */ foreach ($users as $user) { if ($exclude_myself && $user->id() == $account->id()) { continue; } if ($user->hasRole(AccountInterface::ANONYMOUS_ROLE)) { continue; } $user->set('field_password_expiration', '1'); $user->save(); } drupal_set_message($this->formatPlural(count($roles), 'Reset the %roles role.', 'Reset the %roles roles.', ['%roles' => implode(', ', array_values($roles))])); } else { drupal_set_message($this->t('No roles selected.'), 'warning'); } $form_state->setRedirectUrl(new Url('entity.password_policy.collection')); }
/** * {@inheritdoc} */ public function validateForm(array &$form, FormStateInterface $form_state) { $name = trim($form_state->getValue('name')); // Try to load by email. $users = $this->userStorage->loadByProperties(array('mail' => $name)); if (empty($users)) { // No success, try to load by name. $users = $this->userStorage->loadByProperties(array('name' => $name)); } $account = reset($users); if ($account && $account->id()) { // Blocked accounts cannot request a new password. if (!$account->isActive()) { $form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $name))); } else { $form_state->setValueForElement(array('#parents' => array('account')), $account); } } else { $form_state->setErrorByName('name', $this->t('%name is not recognized as a username or an email address.', array('%name' => $name))); } }
/** * {@inheritdoc} */ public function submitForm(array &$form, FormStateInterface $form_state) { $roles = $form_state->getValue('roles'); $role_names = []; foreach ($roles as $role) { if ($role_obj = $this->role_storage->load($role)) { $role_names[] = $role_obj->label(); } else { $role_names[] = $role; } $users = $this->user_storage->loadByProperties(['roles' => $role]); foreach ($users as $user) { if ($form_state->getValue('exclude_myself') == '1' and $user->id() == \Drupal::currentUser()->id()) { continue; } $user->set('field_password_expiration', '1'); $user->save(); } } drupal_set_message($this->t('Reset the %roles roles.', array('%roles' => implode(', ', $role_names)))); $form_state->setRedirectUrl(new Url('entity.password_policy.collection')); }
/** * {@inheritdoc} */ public function validate($entity, Constraint $constraint) { $author_name = $entity->name->value; $owner_id = (int) $entity->uid->target_id; // Do not allow unauthenticated comment authors to use a name that is // taken by a registered user. if (isset($author_name) && $author_name !== '' && $owner_id === 0) { $users = $this->userStorage->loadByProperties(array('name' => $author_name)); if (!empty($users)) { $this->context->buildViolation($constraint->messageNameTaken, array('%name' => $author_name))->atPath('name')->addViolation(); } } elseif (isset($author_name) && $author_name !== '' && $owner_id) { $owner = $this->userStorage->load($owner_id); if ($owner->getUsername() != $author_name) { $this->context->buildViolation($constraint->messageMatch)->atPath('name')->addViolation(); } } // Anonymous account might be required - depending on field settings. if ($owner_id === 0 && empty($author_name) && $this->getAnonymousContactDetailsSetting($entity) === COMMENT_ANONYMOUS_MUST_CONTACT) { $this->context->buildViolation($constraint->messageRequired)->atPath('name')->addViolation(); } }
/** * {@inheritdoc} */ public function validateForm(array &$form, FormStateInterface $form_state) { $name = trim($form_state->getValue('name')); // Try to load by email. $users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1')); if (empty($users)) { // No success, try to load by name. $users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1')); } $account = reset($users); if ($account && $account->id()) { $form_state->setValueForElement(array('#parents' => array('account')), $account); } else { $form_state->setErrorByName('name', $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name))); } }
/** * {@inheritdoc} */ public function validateForm(array &$form, array &$form_state) { $name = trim($form_state['values']['name']); // Try to load by email. $users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1')); if (empty($users)) { // No success, try to load by name. $users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1')); } $account = reset($users); if ($account && $account->id()) { form_set_value(array('#parents' => array('account')), $account, $form_state); } else { $this->setFormError('name', $form_state, $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name))); } }
/** * Gets the login identifier for user login flood control. * * @param \Symfony\Component\HttpFoundation\Request $request * The current request. * @param string $username * The username supplied in login credentials. * * @return string * The login identifier or if the user does not exist an empty string. */ protected function getLoginFloodIdentifier(Request $request, $username) { $flood_config = $this->config('user.flood'); $accounts = $this->userStorage->loadByProperties(['name' => $username, 'status' => 1]); if ($account = reset($accounts)) { if ($flood_config->get('uid_only')) { // Register flood events based on the uid only, so they apply for any // IP address. This is the most secure option. $identifier = $account->id(); } else { // The default identifier is a combination of uid and IP address. This // is less secure but more resistant to denial-of-service attacks that // could lock out all users with public user names. $identifier = $account->id() . '-' . $request->getClientIp(); } return $identifier; } return ''; }
/** * Checks if user was not authenticated, or if too many logins were attempted. * * This validation function should always be the last one. */ public function validateFinal(array &$form, FormStateInterface $form_state) { $flood_config = $this->config('user.flood'); if (!$form_state->get('uid')) { // Always register an IP-based failed login event. $this->flood->register('user.failed_login_ip', $flood_config->get('ip_window')); // Register a per-user failed login event. if ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) { $this->flood->register('user.failed_login_user', $flood_config->get('user_window'), $flood_control_user_identifier); } if ($flood_control_triggered = $form_state->get('flood_control_triggered')) { if ($flood_control_triggered == 'user') { $form_state->setErrorByName('name', $this->formatPlural($flood_config->get('user_limit'), 'There has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', 'There have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', array(':url' => $this->url('user.pass')))); } else { // We did not find a uid, so the limit is IP-based. $form_state->setErrorByName('name', $this->t('Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', array(':url' => $this->url('user.pass')))); } } else { // Use $form_state->getUserInput() in the error message to guarantee // that we send exactly what the user typed in. The value from // $form_state->getValue() may have been modified by validation // handlers that ran earlier than this one. $user_input = $form_state->getUserInput(); $query = isset($user_input['name']) ? array('name' => $user_input['name']) : array(); $form_state->setErrorByName('name', $this->t('Unrecognized username or password. <a href=":password">Have you forgotten your password?</a>', array(':password' => $this->url('user.pass', [], array('query' => $query))))); $accounts = $this->userStorage->loadByProperties(array('name' => $form_state->getValue('name'))); if (!empty($accounts)) { $this->logger('user')->notice('Login attempt failed for %user.', array('%user' => $form_state->getValue('name'))); } else { // If the username entered is not a valid user, // only store the IP address. $this->logger('user')->notice('Login attempt failed from %ip.', array('%ip' => $this->getRequest()->getClientIp())); } } } elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) { // Clear past failures for this user so as not to block a user who might // log in and out more than once in an hour. $this->flood->clear('user.failed_login_user', $flood_control_user_identifier); } }