currentUser = $current_user; $this->sessionManager = $session_manager; $this->moduleHandler = $module_handler; $this->password = $password; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { return new static( $configuration, $plugin_id, $plugin_definition, $container->getParameter('serializer.formats'), $container->get('logger.factory')->get('exp_fs'), $container->get('current_user'), $container->get('session_manager'), $container->get('module_handler'), $container->get('password') ); } /** * Responds to POST requests. * * @return \Drupal\rest\ModifiedResourceResponse * The HTTP response object. * * @throws \Symfony\Component\HttpKernel\Exception\HttpException * Throws exception expected. */ public function post($data) { $this->validate($data); $pass_check = FALSE; $name = $data['name']; $pass = $data['pass']; $account = user_load_by_name(trim($name)); if ($account) { $pass_check = $this->password->check(trim($pass), $account->getPassword()); } else { $body = [ 'error' => 'Wrong username and/or password.', ]; } if ($pass_check == FALSE) { $body = [ 'error' => 'Wrong username and/or password..', ]; } else { $session = \Drupal::service('session'); $session->migrate(); $session->set('uid', $account->id()); $this->moduleHandler->invokeAll('user_login', [$account]); user_login_finalize($account); $sess_name = $this->sessionManager->getName(); $sess_id = $this->sessionManager->getId(); $body = [ 'sess_name' => $sess_name, 'sess_id' => $sess_id, 'current_user' => [ 'name' => $account->getAccountName(), 'uid' => $account->id(), 'roles' => $account->getRoles(), ], ]; } return new ModifiedResourceResponse($body, 200); } /** * Validates incoming record. * * @param mixed $record * Data to validate. * * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException */ protected function validate($record) { if (!is_array($record) || count($record) == 0) { throw new BadRequestHttpException(t('No record content received')); } if (empty($record['name'])) { throw new BadRequestHttpException(t('name id is required')); } if (empty($record['pass'])) { throw new BadRequestHttpException(t('Password date is required')); } } }