Issue #2403729 by kim.pepper: Convert user_cancel_confirm() to a new-style Form object

core/modules/user/src/Controller/UserController.php

@@ -9,11 +9,12 @@
 
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Controller\ControllerBase;
+use Drupal\Core\Datetime\DateFormatter;
+use Drupal\user\UserDataInterface;
 use Drupal\user\UserInterface;
+use Drupal\user\UserStorageInterface;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-use Drupal\Core\Datetime\DateFormatter;
-use Drupal\user\UserStorageInterface;
 
 /**
  * Controller routines for user routes.
@@ -34,6 +35,13 @@ class UserController extends ControllerBase {
    */
   protected $userStorage;
 
+  /**
+   * The user data service.
+   *
+   * @var \Drupal\user\UserDataInterface
+   */
+  protected $userData;
+
   /**
    * Constructs a UserController object.
    *
@@ -42,9 +50,10 @@ class UserController extends ControllerBase {
    * @param \Drupal\user\UserStorageInterface $user_storage
    *   The user storage.
    */
-  public function __construct(DateFormatter $date_formatter, UserStorageInterface $user_storage) {
+  public function __construct(DateFormatter $date_formatter, UserStorageInterface $user_storage, UserDataInterface $user_data) {
     $this->dateFormatter = $date_formatter;
     $this->userStorage = $user_storage;
+    $this->userData = $user_data;
   }
 
   /**
@@ -53,7 +62,8 @@ public function __construct(DateFormatter $date_formatter, UserStorageInterface
   public static function create(ContainerInterface $container) {
     return new static(
       $container->get('date.formatter'),
-      $container->get('entity.manager')->getStorage('user')
+      $container->get('entity.manager')->getStorage('user'),
+      $container->get('user.data')
     );
   }
 
@@ -164,11 +174,43 @@ public function logout() {
   }
 
   /**
-   * @todo Remove user_cancel_confirm().
+   * Confirms cancelling a user account via an email link.
+   *
+   * @param \Drupal\user\UserInterface $user
+   *   The user account.
+   * @param int $timestamp
+   *   The timestamp.
+   * @param string $hashed_pass
+   *   The hashed password.
+   *
+   * @return \Symfony\Component\HttpFoundation\RedirectResponse
+   *   A redirect response.
    */
   public function confirmCancel(UserInterface $user, $timestamp = 0, $hashed_pass = '') {
-    module_load_include('pages.inc', 'user');
-    return user_cancel_confirm($user, $timestamp, $hashed_pass);
+    // Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
+    $timeout = 86400;
+    $current = REQUEST_TIME;
+
+    // Basic validation of arguments.
+    $account_data = $this->userData->get('user', $user->id());
+    if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
+      // Validate expiration and hashed password/login.
+      if ($timestamp <= $current && $current - $timestamp < $timeout && $user->id() && $timestamp >= $user->getLastLoginTime() && $hashed_pass == user_pass_rehash($user->getPassword(), $timestamp, $user->getLastLoginTime())) {
+        $edit = array(
+          'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : $this->config('user.settings')->get('notify.status_canceled'),
+        );
+        user_cancel($edit, $user->id(), $account_data['cancel_method']);
+        // Since user_cancel() is not invoked via Form API, batch processing
+        // needs to be invoked manually and should redirect to the front page
+        // after completion.
+        return batch_process('');
+      }
+      else {
+        drupal_set_message(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
+        return $this->redirect('entity.user.cancel_form', ['user' => $user->id()], ['absolute' => TRUE]);
+      }
+    }
+    throw new AccessDeniedHttpException();
   }
 
 }

core/modules/user/src/Form/UserCancelForm.php

@@ -129,7 +129,8 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
     }
     else {
       // Store cancelling method and whether to notify the user in
-      // $this->entity for user_cancel_confirm().
+      // $this->entity for
+      // \Drupal\user\Controller\UserController::confirmCancel().
       $this->entity->user_cancel_method = $form_state->getValue('user_cancel_method');
       $this->entity->user_cancel_notify = $form_state->getValue('user_cancel_notify');
       $this->entity->save();

core/modules/user/user.module

@@ -689,7 +689,7 @@ function user_pass_reset_url($account, $options = array()) {
  *   account.
  *
  * @see user_mail_tokens()
- * @see user_cancel_confirm()
+ * @see \Drupal\user\Controller\UserController::confirmCancel()
  */
 function user_cancel_url($account, $options = array()) {
   $timestamp = REQUEST_TIME;
@@ -711,7 +711,8 @@ function user_cancel_url($account, $options = array()) {
  * same information, and compared to the hash value from the URL. The URL
  * normally contains both the time stamp and the numeric user ID. The login
  * timestamp and hashed password are retrieved from the database as necessary.
- * For a usage example, see user_cancel_url() and user_cancel_confirm().
+ * For a usage example, see user_cancel_url() and
+ * \Drupal\user\Controller\UserController::confirmCancel().
  *
  * @param string $password
  *   The hashed user account password value.

core/modules/user/user.pages.inc

@@ -30,39 +30,3 @@ function template_preprocess_user(&$variables) {
     $variables['content'][$key] = $variables['elements'][$key];
   }
 }
-
-/**
- * Menu callback; Cancel a user account via email confirmation link.
- *
- * @see \Drupal\user\Form\UserCancelForm
- * @see user_cancel_url()
- *
- * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
- *   Use \Drupal\user\Controller\UserController::confirmCancel().
- */
-function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') {
-  // Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
-  $timeout = 86400;
-  $current = REQUEST_TIME;
-
-  // Basic validation of arguments.
-  $account_data = \Drupal::service('user.data')->get('user', $account->id());
-  if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
-    // Validate expiration and hashed password/login.
-    if ($timestamp <= $current && $current - $timestamp < $timeout && $account->id() && $timestamp >= $account->getLastLoginTime() && $hashed_pass == user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime())) {
-      $edit = array(
-        'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : \Drupal::config('user.settings')->get('notify.status_canceled'),
-      );
-      user_cancel($edit, $account->id(), $account_data['cancel_method']);
-      // Since user_cancel() is not invoked via Form API, batch processing needs
-      // to be invoked manually and should redirect to the front page after
-      // completion.
-      return batch_process('');
-    }
-    else {
-      drupal_set_message(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
-      return new RedirectResponse(\Drupal::url('entity.user.cancel_form', ['user' => $account->id()], array('absolute' => TRUE)));
-    }
-  }
-  throw new AccessDeniedHttpException();
-}