/**
* {@inheritdoc}
*/
public function validate($items, Constraint $constraint)
{
/** @var CommentNameConstraint $constraint */
if (!isset($items)) {
return;
}
/** @var CommentInterface $comment */
$comment = $items->getEntity();
if (!isset($comment)) {
// Looks like we are validating a field not being part of a comment,
// nothing we can do then.
return;
}
$author_name = $items->first()->value;
// Do not allow unauthenticated comment authors to use a name that is
// taken by a registered user.
if (isset($author_name) && $author_name !== '' && $comment->getOwnerId() === 0) {
$users = $this->userStorage->loadByProperties(array('name' => $author_name));
if (!empty($users)) {
$this->context->addViolation($constraint->messageNameTaken, array('%name' => $author_name));
}
} elseif (isset($author_name) && $author_name !== '' && $comment->getOwnerId()) {
$owner = $comment->getOwner();
if ($owner->getUsername() != $author_name) {
$this->context->addViolation($constraint->messageMatch);
}
}
// Anonymous account might be required - depending on field settings.
if ($comment->getOwnerId() === 0 && empty($author_name) && $this->getAnonymousContactDetailsSetting($comment) === COMMENT_ANONYMOUS_MUST_CONTACT) {
$this->context->addViolation($constraint->messageRequired);
}
}
/**
* Checks if user was not authenticated, or if too many logins were attempted.
*
* This validation function should always be the last one.
*/
public function validateFinal(array &$form, FormStateInterface $form_state)
{
$flood_config = $this->config('user.flood');
if (!$form_state->get('uid')) {
// Always register an IP-based failed login event.
$this->flood->register('user.failed_login_ip', $flood_config->get('ip_window'));
// Register a per-user failed login event.
if ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
$this->flood->register('user.failed_login_user', $flood_config->get('user_window'), $flood_control_user_identifier);
}
if ($flood_control_triggered = $form_state->get('flood_control_triggered')) {
if ($flood_control_triggered == 'user') {
$form_state->setErrorByName('name', format_plural($flood_config->get('user_limit'), 'Sorry, there has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', 'Sorry, there have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => $this->url('user.pass'))));
} else {
// We did not find a uid, so the limit is IP-based.
$form_state->setErrorByName('name', $this->t('Sorry, too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href="@url">request a new password</a>.', array('@url' => $this->url('user.pass'))));
}
} else {
$form_state->setErrorByName('name', $this->t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => $this->url('user.pass', [], array('query' => array('name' => $form_state->getValue('name')))))));
$accounts = $this->userStorage->loadByProperties(array('name' => $form_state->getValue('name')));
if (!empty($accounts)) {
$this->logger('user')->notice('Login attempt failed for %user.', array('%user' => $form_state->getValue('name')));
} else {
// If the username entered is not a valid user,
// only store the IP address.
$this->logger('user')->notice('Login attempt failed from %ip.', array('%ip' => $this->getRequest()->getClientIp()));
}
}
} elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
// Clear past failures for this user so as not to block a user who might
// log in and out more than once in an hour.
$this->flood->clear('user.failed_login_user', $flood_control_user_identifier);
}
}
/**
* {@inheritdoc}
*/
public function submitForm(array &$form, FormStateInterface $form_state)
{
if ($roles = array_filter($form_state->getValue('roles'))) {
foreach ($roles as $key => $role) {
$roles[$key] = $this->roleStorage->load($role)->label();
}
// Authenticated role includes all users so we can ignore all other roles.
$properties = [];
if (!array_key_exists(AccountInterface::AUTHENTICATED_ROLE, $roles)) {
$properties['roles'] = array_keys($roles);
}
$users = $this->userStorage->loadByProperties($properties);
$exclude_myself = $form_state->getValue('exclude_myself') == '1';
$account = \Drupal::currentUser();
/** @var \Drupal\user\UserInterface $user */
foreach ($users as $user) {
if ($exclude_myself && $user->id() == $account->id()) {
continue;
}
if ($user->hasRole(AccountInterface::ANONYMOUS_ROLE)) {
continue;
}
$user->set('field_password_expiration', '1');
$user->save();
}
drupal_set_message($this->formatPlural(count($roles), 'Reset the %roles role.', 'Reset the %roles roles.', ['%roles' => implode(', ', array_values($roles))]));
} else {
drupal_set_message($this->t('No roles selected.'), 'warning');
}
$form_state->setRedirectUrl(new Url('entity.password_policy.collection'));
}
/**
* {@inheritdoc}
*/
public function validateForm(array &$form, FormStateInterface $form_state)
{
$name = trim($form_state->getValue('name'));
// Try to load by email.
$users = $this->userStorage->loadByProperties(array('mail' => $name));
if (empty($users)) {
// No success, try to load by name.
$users = $this->userStorage->loadByProperties(array('name' => $name));
}
$account = reset($users);
if ($account && $account->id()) {
// Blocked accounts cannot request a new password.
if (!$account->isActive()) {
$form_state->setErrorByName('name', $this->t('%name is blocked or has not been activated yet.', array('%name' => $name)));
} else {
$form_state->setValueForElement(array('#parents' => array('account')), $account);
}
} else {
$form_state->setErrorByName('name', $this->t('%name is not recognized as a username or an email address.', array('%name' => $name)));
}
}
/**
* {@inheritdoc}
*/
public function submitForm(array &$form, FormStateInterface $form_state)
{
$roles = $form_state->getValue('roles');
$role_names = [];
foreach ($roles as $role) {
if ($role_obj = $this->role_storage->load($role)) {
$role_names[] = $role_obj->label();
} else {
$role_names[] = $role;
}
$users = $this->user_storage->loadByProperties(['roles' => $role]);
foreach ($users as $user) {
if ($form_state->getValue('exclude_myself') == '1' and $user->id() == \Drupal::currentUser()->id()) {
continue;
}
$user->set('field_password_expiration', '1');
$user->save();
}
}
drupal_set_message($this->t('Reset the %roles roles.', array('%roles' => implode(', ', $role_names))));
$form_state->setRedirectUrl(new Url('entity.password_policy.collection'));
}
/**
* {@inheritdoc}
*/
public function validate($entity, Constraint $constraint)
{
$author_name = $entity->name->value;
$owner_id = (int) $entity->uid->target_id;
// Do not allow unauthenticated comment authors to use a name that is
// taken by a registered user.
if (isset($author_name) && $author_name !== '' && $owner_id === 0) {
$users = $this->userStorage->loadByProperties(array('name' => $author_name));
if (!empty($users)) {
$this->context->buildViolation($constraint->messageNameTaken, array('%name' => $author_name))->atPath('name')->addViolation();
}
} elseif (isset($author_name) && $author_name !== '' && $owner_id) {
$owner = $this->userStorage->load($owner_id);
if ($owner->getUsername() != $author_name) {
$this->context->buildViolation($constraint->messageMatch)->atPath('name')->addViolation();
}
}
// Anonymous account might be required - depending on field settings.
if ($owner_id === 0 && empty($author_name) && $this->getAnonymousContactDetailsSetting($entity) === COMMENT_ANONYMOUS_MUST_CONTACT) {
$this->context->buildViolation($constraint->messageRequired)->atPath('name')->addViolation();
}
}
/**
* {@inheritdoc}
*/
public function validateForm(array &$form, FormStateInterface $form_state)
{
$name = trim($form_state->getValue('name'));
// Try to load by email.
$users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1'));
if (empty($users)) {
// No success, try to load by name.
$users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1'));
}
$account = reset($users);
if ($account && $account->id()) {
$form_state->setValueForElement(array('#parents' => array('account')), $account);
} else {
$form_state->setErrorByName('name', $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name)));
}
}
/**
* {@inheritdoc}
*/
public function validateForm(array &$form, array &$form_state)
{
$name = trim($form_state['values']['name']);
// Try to load by email.
$users = $this->userStorage->loadByProperties(array('mail' => $name, 'status' => '1'));
if (empty($users)) {
// No success, try to load by name.
$users = $this->userStorage->loadByProperties(array('name' => $name, 'status' => '1'));
}
$account = reset($users);
if ($account && $account->id()) {
form_set_value(array('#parents' => array('account')), $account, $form_state);
} else {
$this->setFormError('name', $form_state, $this->t('Sorry, %name is not recognized as a username or an email address.', array('%name' => $name)));
}
}
/**
* Gets the login identifier for user login flood control.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The current request.
* @param string $username
* The username supplied in login credentials.
*
* @return string
* The login identifier or if the user does not exist an empty string.
*/
protected function getLoginFloodIdentifier(Request $request, $username)
{
$flood_config = $this->config('user.flood');
$accounts = $this->userStorage->loadByProperties(['name' => $username, 'status' => 1]);
if ($account = reset($accounts)) {
if ($flood_config->get('uid_only')) {
// Register flood events based on the uid only, so they apply for any
// IP address. This is the most secure option.
$identifier = $account->id();
} else {
// The default identifier is a combination of uid and IP address. This
// is less secure but more resistant to denial-of-service attacks that
// could lock out all users with public user names.
$identifier = $account->id() . '-' . $request->getClientIp();
}
return $identifier;
}
return '';
}
/**
* Checks if user was not authenticated, or if too many logins were attempted.
*
* This validation function should always be the last one.
*/
public function validateFinal(array &$form, FormStateInterface $form_state)
{
$flood_config = $this->config('user.flood');
if (!$form_state->get('uid')) {
// Always register an IP-based failed login event.
$this->flood->register('user.failed_login_ip', $flood_config->get('ip_window'));
// Register a per-user failed login event.
if ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
$this->flood->register('user.failed_login_user', $flood_config->get('user_window'), $flood_control_user_identifier);
}
if ($flood_control_triggered = $form_state->get('flood_control_triggered')) {
if ($flood_control_triggered == 'user') {
$form_state->setErrorByName('name', $this->formatPlural($flood_config->get('user_limit'), 'There has been more than one failed login attempt for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', 'There have been more than @count failed login attempts for this account. It is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', array(':url' => $this->url('user.pass'))));
} else {
// We did not find a uid, so the limit is IP-based.
$form_state->setErrorByName('name', $this->t('Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or <a href=":url">request a new password</a>.', array(':url' => $this->url('user.pass'))));
}
} else {
// Use $form_state->getUserInput() in the error message to guarantee
// that we send exactly what the user typed in. The value from
// $form_state->getValue() may have been modified by validation
// handlers that ran earlier than this one.
$user_input = $form_state->getUserInput();
$query = isset($user_input['name']) ? array('name' => $user_input['name']) : array();
$form_state->setErrorByName('name', $this->t('Unrecognized username or password. <a href=":password">Have you forgotten your password?</a>', array(':password' => $this->url('user.pass', [], array('query' => $query)))));
$accounts = $this->userStorage->loadByProperties(array('name' => $form_state->getValue('name')));
if (!empty($accounts)) {
$this->logger('user')->notice('Login attempt failed for %user.', array('%user' => $form_state->getValue('name')));
} else {
// If the username entered is not a valid user,
// only store the IP address.
$this->logger('user')->notice('Login attempt failed from %ip.', array('%ip' => $this->getRequest()->getClientIp()));
}
}
} elseif ($flood_control_user_identifier = $form_state->get('flood_control_user_identifier')) {
// Clear past failures for this user so as not to block a user who might
// log in and out more than once in an hour.
$this->flood->clear('user.failed_login_user', $flood_control_user_identifier);
}
}
