From a3b755e7241dcb77fbcbfee77fe8b55126708ec1 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Thu, 7 Mar 2024 14:49:15 +0000
Subject: [PATCH] Issue #3410707 by alexpott, catch: Optimize
 UserAuthenticationController by remove duplicate entity queries

---
 .../UserAuthenticationController.php          | 60 ++++++++++---------
 1 file changed, 32 insertions(+), 28 deletions(-)

diff --git a/core/modules/user/src/Controller/UserAuthenticationController.php b/core/modules/user/src/Controller/UserAuthenticationController.php
index abab9a585661..72eeb8694f24 100644
--- a/core/modules/user/src/Controller/UserAuthenticationController.php
+++ b/core/modules/user/src/Controller/UserAuthenticationController.php
@@ -178,36 +178,39 @@ public function login(Request $request) {
 
     $this->floodControl($request, $credentials['name']);
 
-    if ($this->userIsBlocked($credentials['name'])) {
-      throw new BadRequestHttpException('The user has not been activated or is blocked.');
-    }
+    $accounts = $this->userStorage->loadByProperties(['name' => $credentials['name']]);
+    if (!empty($accounts)) {
+      /** @var \Drupal\user\UserInterface $account */
+      $account = reset($accounts);
+      if ($account->isBlocked()) {
+        throw new BadRequestHttpException('The user has not been activated or is blocked.');
+      }
 
-    if ($uid = $this->userAuth->authenticate($credentials['name'], $credentials['pass'])) {
-      $this->userFloodControl->clear('user.http_login', $this->getLoginFloodIdentifier($request, $credentials['name']));
-      /** @var \Drupal\user\UserInterface $user */
-      $user = $this->userStorage->load($uid);
-      $this->userLoginFinalize($user);
+      if ($this->userAuth->authenticateAccount($account, $credentials['pass'])) {
+        $this->userFloodControl->clear('user.http_login', $this->getLoginFloodIdentifier($request, $credentials['name']));
+        $this->userLoginFinalize($account);
 
-      // Send basic metadata about the logged in user.
-      $response_data = [];
-      if ($user->get('uid')->access('view', $user)) {
-        $response_data['current_user']['uid'] = $user->id();
-      }
-      if ($user->get('roles')->access('view', $user)) {
-        $response_data['current_user']['roles'] = $user->getRoles();
-      }
-      if ($user->get('name')->access('view', $user)) {
-        $response_data['current_user']['name'] = $user->getAccountName();
-      }
-      $response_data['csrf_token'] = $this->csrfToken->get('rest');
+        // Send basic metadata about the logged in user.
+        $response_data = [];
+        if ($account->get('uid')->access('view', $account)) {
+          $response_data['current_user']['uid'] = $account->id();
+        }
+        if ($account->get('roles')->access('view', $account)) {
+          $response_data['current_user']['roles'] = $account->getRoles();
+        }
+        if ($account->get('name')->access('view', $account)) {
+          $response_data['current_user']['name'] = $account->getAccountName();
+        }
+        $response_data['csrf_token'] = $this->csrfToken->get('rest');
 
-      $logout_route = $this->routeProvider->getRouteByName('user.logout.http');
-      // Trim '/' off path to match \Drupal\Core\Access\CsrfAccessCheck.
-      $logout_path = ltrim($logout_route->getPath(), '/');
-      $response_data['logout_token'] = $this->csrfToken->get($logout_path);
+        $logout_route = $this->routeProvider->getRouteByName('user.logout.http');
+        // Trim '/' off path to match \Drupal\Core\Access\CsrfAccessCheck.
+        $logout_path = ltrim($logout_route->getPath(), '/');
+        $response_data['logout_token'] = $this->csrfToken->get($logout_path);
 
-      $encoded_response_data = $this->serializer->encode($response_data, $format);
-      return new Response($encoded_response_data);
+        $encoded_response_data = $this->serializer->encode($response_data, $format);
+        return new Response($encoded_response_data);
+      }
     }
 
     $flood_config = $this->config('user.flood');
@@ -250,10 +253,10 @@ public function resetPassword(Request $request) {
       $users = $this->userStorage->loadByProperties(['mail' => trim($identifier)]);
     }
 
-    /** @var \Drupal\Core\Session\AccountInterface $account */
+    /** @var \Drupal\user\UserInterface $account */
     $account = reset($users);
     if ($account && $account->id()) {
-      if ($this->userIsBlocked($account->getAccountName())) {
+      if ($account->isBlocked()) {
         $this->logger->error('Unable to send password reset email for blocked or not yet activated user %identifier.', [
           '%identifier' => $identifier,
         ]);
@@ -288,6 +291,7 @@ public function resetPassword(Request $request) {
    *   TRUE if the user is blocked, otherwise FALSE.
    */
   protected function userIsBlocked($name) {
+    @trigger_error(__METHOD__ . ' is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. There is no replacement. See https://www.drupal.org/node/3425340', E_USER_DEPRECATED);
     return user_is_blocked($name);
   }
 
-- 
GitLab