Commit 5f2a572c authored by alexpott's avatar alexpott

Issue #2403729 by kim.pepper: Convert user_cancel_confirm() to a new-style Form object

parent e92465b5
......@@ -9,11 +9,12 @@
use Drupal\Component\Utility\Xss;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Datetime\DateFormatter;
use Drupal\user\UserDataInterface;
use Drupal\user\UserInterface;
use Drupal\user\UserStorageInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Drupal\Core\Datetime\DateFormatter;
use Drupal\user\UserStorageInterface;
/**
* Controller routines for user routes.
......@@ -34,6 +35,13 @@ class UserController extends ControllerBase {
*/
protected $userStorage;
/**
* The user data service.
*
* @var \Drupal\user\UserDataInterface
*/
protected $userData;
/**
* Constructs a UserController object.
*
......@@ -42,9 +50,10 @@ class UserController extends ControllerBase {
* @param \Drupal\user\UserStorageInterface $user_storage
* The user storage.
*/
public function __construct(DateFormatter $date_formatter, UserStorageInterface $user_storage) {
public function __construct(DateFormatter $date_formatter, UserStorageInterface $user_storage, UserDataInterface $user_data) {
$this->dateFormatter = $date_formatter;
$this->userStorage = $user_storage;
$this->userData = $user_data;
}
/**
......@@ -53,7 +62,8 @@ public function __construct(DateFormatter $date_formatter, UserStorageInterface
public static function create(ContainerInterface $container) {
return new static(
$container->get('date.formatter'),
$container->get('entity.manager')->getStorage('user')
$container->get('entity.manager')->getStorage('user'),
$container->get('user.data')
);
}
......@@ -164,11 +174,43 @@ public function logout() {
}
/**
* @todo Remove user_cancel_confirm().
* Confirms cancelling a user account via an email link.
*
* @param \Drupal\user\UserInterface $user
* The user account.
* @param int $timestamp
* The timestamp.
* @param string $hashed_pass
* The hashed password.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* A redirect response.
*/
public function confirmCancel(UserInterface $user, $timestamp = 0, $hashed_pass = '') {
module_load_include('pages.inc', 'user');
return user_cancel_confirm($user, $timestamp, $hashed_pass);
// Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
$timeout = 86400;
$current = REQUEST_TIME;
// Basic validation of arguments.
$account_data = $this->userData->get('user', $user->id());
if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
// Validate expiration and hashed password/login.
if ($timestamp <= $current && $current - $timestamp < $timeout && $user->id() && $timestamp >= $user->getLastLoginTime() && $hashed_pass == user_pass_rehash($user->getPassword(), $timestamp, $user->getLastLoginTime())) {
$edit = array(
'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : $this->config('user.settings')->get('notify.status_canceled'),
);
user_cancel($edit, $user->id(), $account_data['cancel_method']);
// Since user_cancel() is not invoked via Form API, batch processing
// needs to be invoked manually and should redirect to the front page
// after completion.
return batch_process('');
}
else {
drupal_set_message(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
return $this->redirect('entity.user.cancel_form', ['user' => $user->id()], ['absolute' => TRUE]);
}
}
throw new AccessDeniedHttpException();
}
}
......@@ -129,7 +129,8 @@ public function submitForm(array &$form, FormStateInterface $form_state) {
}
else {
// Store cancelling method and whether to notify the user in
// $this->entity for user_cancel_confirm().
// $this->entity for
// \Drupal\user\Controller\UserController::confirmCancel().
$this->entity->user_cancel_method = $form_state->getValue('user_cancel_method');
$this->entity->user_cancel_notify = $form_state->getValue('user_cancel_notify');
$this->entity->save();
......
......@@ -689,7 +689,7 @@ function user_pass_reset_url($account, $options = array()) {
* account.
*
* @see user_mail_tokens()
* @see user_cancel_confirm()
* @see \Drupal\user\Controller\UserController::confirmCancel()
*/
function user_cancel_url($account, $options = array()) {
$timestamp = REQUEST_TIME;
......@@ -711,7 +711,8 @@ function user_cancel_url($account, $options = array()) {
* same information, and compared to the hash value from the URL. The URL
* normally contains both the time stamp and the numeric user ID. The login
* timestamp and hashed password are retrieved from the database as necessary.
* For a usage example, see user_cancel_url() and user_cancel_confirm().
* For a usage example, see user_cancel_url() and
* \Drupal\user\Controller\UserController::confirmCancel().
*
* @param string $password
* The hashed user account password value.
......
......@@ -30,39 +30,3 @@ function template_preprocess_user(&$variables) {
$variables['content'][$key] = $variables['elements'][$key];
}
}
/**
* Menu callback; Cancel a user account via email confirmation link.
*
* @see \Drupal\user\Form\UserCancelForm
* @see user_cancel_url()
*
* @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
* Use \Drupal\user\Controller\UserController::confirmCancel().
*/
function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') {
// Time out in seconds until cancel URL expires; 24 hours = 86400 seconds.
$timeout = 86400;
$current = REQUEST_TIME;
// Basic validation of arguments.
$account_data = \Drupal::service('user.data')->get('user', $account->id());
if (isset($account_data['cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
// Validate expiration and hashed password/login.
if ($timestamp <= $current && $current - $timestamp < $timeout && $account->id() && $timestamp >= $account->getLastLoginTime() && $hashed_pass == user_pass_rehash($account->getPassword(), $timestamp, $account->getLastLoginTime())) {
$edit = array(
'user_cancel_notify' => isset($account_data['cancel_notify']) ? $account_data['cancel_notify'] : \Drupal::config('user.settings')->get('notify.status_canceled'),
);
user_cancel($edit, $account->id(), $account_data['cancel_method']);
// Since user_cancel() is not invoked via Form API, batch processing needs
// to be invoked manually and should redirect to the front page after
// completion.
return batch_process('');
}
else {
drupal_set_message(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'));
return new RedirectResponse(\Drupal::url('entity.user.cancel_form', ['user' => $account->id()], array('absolute' => TRUE)));
}
}
throw new AccessDeniedHttpException();
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment