diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc index b4ee2b3..446f8fb 100644 --- a/core/includes/install.core.inc +++ b/core/includes/install.core.inc @@ -2716,7 +2716,7 @@ function install_configure_form_submit($form, &$form_state) { $account->save(); // Load global $user and perform final login tasks. $account = user_load(1); - user_login_finalize($account); + \Drupal::service('user.handler')->login($account); // Record when this install ran. \Drupal::state()->set('install_time', $_SERVER['REQUEST_TIME']); diff --git a/core/modules/user/lib/Drupal/user/Controller/UserController.php b/core/modules/user/lib/Drupal/user/Controller/UserController.php index e3d7431..c75a1be 100644 --- a/core/modules/user/lib/Drupal/user/Controller/UserController.php +++ b/core/modules/user/lib/Drupal/user/Controller/UserController.php @@ -9,12 +9,41 @@ use Drupal\Component\Utility\Xss; use Drupal\Core\Controller\ControllerBase; +use Drupal\Core\DependencyInjection\ContainerInjectionInterface; use Drupal\user\UserInterface; +use Drupal\user\UserHandler; +use Symfony\Component\DependencyInjection\ContainerInterface; /** * Controller routines for user routes. */ -class UserController extends ControllerBase { +class UserController extends ControllerBase implements ContainerInjectionInterface{ + + /** + * The user handler service. + * + * @var \Drupal\user\UserHandler + */ + protected $userHandler; + + /** + * Constructs a UserController instance. + * + * @param \Drupal\user\UserHandler $user_handler + * The user handler service. + */ + public function __construct(UserHandler $user_handler) { + $this->userHandler = $user_handler; + } + + /** + * {@inheritdoc} + */ + public static function create(ContainerInterface $container) { + return new static( + $container->get('user.handler') + ); + } /** * Returns the user page. @@ -57,7 +86,7 @@ public function userTitle(UserInterface $user = NULL) { * A redirection to home page. */ public function logout() { - user_logout(); + $this->userHandler->logout(); return $this->redirect(''); } diff --git a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php index 3c23086..a627cfd 100644 --- a/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php +++ b/core/modules/user/lib/Drupal/user/EventSubscriber/MaintenanceModeSubscriber.php @@ -7,6 +7,7 @@ namespace Drupal\user\EventSubscriber; +use Drupal\user\UserHandler; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpKernel\Event\GetResponseEvent; @@ -18,6 +19,23 @@ class MaintenanceModeSubscriber implements EventSubscriberInterface { /** + * The user handler service. + * + * @var \Drupal\user\UserHandler + */ + protected $userHandler; + + /** + * Constructs a MaintenanceModeSubscriber instance. + * + * @param \Drupal\user\UserHandler $user_handler + * The user handler service. + */ + public function __construct(UserHandler $user_handler) { + $this->userHandler = $user_handler; + } + + /** * Determine whether the page is configured to be offline. * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event diff --git a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php index b01887b..ba7cf70 100644 --- a/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php +++ b/core/modules/user/lib/Drupal/user/Form/UserLoginForm.php @@ -106,7 +106,7 @@ public function submitForm(array &$form, array &$form_state) { $account = $this->userStorage->load($form_state['uid']); $form_state['redirect'] = 'user/' . $account->id(); - user_login_finalize($account); + \Drupal::service('user.handler')->login($account); } /** diff --git a/core/modules/user/lib/Drupal/user/RegisterFormController.php b/core/modules/user/lib/Drupal/user/RegisterFormController.php index 6ace140..d7aaee1 100644 --- a/core/modules/user/lib/Drupal/user/RegisterFormController.php +++ b/core/modules/user/lib/Drupal/user/RegisterFormController.php @@ -114,7 +114,7 @@ public function save(array $form, array &$form_state) { // No e-mail verification required; log in user immediately. elseif (!$admin && !\Drupal::config('user.settings')->get('verify_mail') && $account->isActive()) { _user_mail_notify('register_no_approval_required', $account); - user_login_finalize($account); + \Drupal::service('user.handler')->login($account); drupal_set_message($this->t('Registration successful. You are now logged in.')); $form_state['redirect'] = ''; } diff --git a/core/modules/user/lib/Drupal/user/UserHandler.php b/core/modules/user/lib/Drupal/user/UserHandler.php new file mode 100644 index 0000000..1c668db --- /dev/null +++ b/core/modules/user/lib/Drupal/user/UserHandler.php @@ -0,0 +1,92 @@ +moduleHandler = $module_handler; + $this->account = $account; + } + + /** + * Logouts the current user. + */ + public function logout() { + if ($this->account->isAuthenticated()) { + watchdog('user', 'Session closed for %name.', array('%name' => $this->account->getUsername())); + + $this->moduleHandler->invokeAll('user_logout', array($this->account)); + + // Destroy the current session, and reset $user to the anonymous user. + session_destroy(); + } + // @todo Figure out what to do when this called on non-active accounts. + } + + /** + * Finalizes the login process and logs in a user. + * + * The function logs in the user, records a watchdog message about the new + * session, saves the login timestamp, calls hook_user_login(), and generates a + * new session. + * + * The global $user object is replaced with the passed in account. + * + * @param \Drupal\user\UserInterface $user + * The account to log in. + * + * @see hook_user_login() + */ + public function login(UserInterface $user) { + \Drupal::getContainer()->set('current_user', $user); + + watchdog('user', 'Session opened for %name.', array('%name' => $user->getUsername())); + // Update the user table timestamp noting user has logged in. + // This is also used to invalidate one-time login links. + $user->setLastLoginTime(REQUEST_TIME); + $user->save(); + + // Regenerate the session ID to prevent against session fixation attacks. + // This is called before hook_user in case one of those functions fails + // or incorrectly does a redirect which would leave the old session in place. + drupal_session_regenerate(); + + $this->moduleHandler->invokeAll('user_login', array($user)); + } + +} diff --git a/core/modules/user/user.module b/core/modules/user/user.module index e25a4ac..3121be2 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -1000,25 +1000,11 @@ function user_authenticate($name, $password) { * The account to log in. * * @see hook_user_login() + * + * @deprecated as of Drupal 8.0. Use \Drupal::service('user.handler')->logout(). */ function user_login_finalize(UserInterface $account) { - global $user; - $user = $account; - watchdog('user', 'Session opened for %name.', array('%name' => $user->getUsername())); - // Update the user table timestamp noting user has logged in. - // This is also used to invalidate one-time login links. - $account->setLastLoginTime(REQUEST_TIME); - db_update('users') - ->fields(array('login' => $user->getLastLoginTime())) - ->condition('uid', $user->id()) - ->execute(); - - // Regenerate the session ID to prevent against session fixation attacks. - // This is called before hook_user in case one of those functions fails - // or incorrectly does a redirect which would leave the old session in place. - drupal_session_regenerate(); - - \Drupal::moduleHandler()->invokeAll('user_login', array($user)); + \Drupal::service('user.handler')->login($account); } /** @@ -1985,14 +1971,9 @@ function user_library_info() { /** * Logs the current user out. + * + * @deprecated as of Drupal 8.0. Use \Drupal::service('user.handler')->logout(). */ function user_logout() { - global $user; - - watchdog('user', 'Session closed for %name.', array('%name' => $user->getUsername())); - - \Drupal::moduleHandler()->invokeAll('user_logout', array($user)); - - // Destroy the current session, and reset $user to the anonymous user. - session_destroy(); + \Drupal::service('user.handler')->logout(); } diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc index 2977253..8b88409 100644 --- a/core/modules/user/user.pages.inc +++ b/core/modules/user/user.pages.inc @@ -57,7 +57,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a // Set the new user. // user_login_finalize() also updates the login timestamp of the // user, which invalidates further use of the one-time login link. - user_login_finalize($account); + \Drupal::service('user.handler')->login($account); watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->getUsername(), '%timestamp' => $timestamp)); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.')); // Let the user's password be changed without the current password check. diff --git a/core/modules/user/user.services.yml b/core/modules/user/user.services.yml index 6fb7d47..bb1a30b 100644 --- a/core/modules/user/user.services.yml +++ b/core/modules/user/user.services.yml @@ -23,5 +23,9 @@ services: arguments: ['@database', '@config.factory'] user_maintenance_mode_subscriber: class: Drupal\user\EventSubscriber\MaintenanceModeSubscriber + arguments: ['@user.handler'] tags: - { name: event_subscriber } + user.handler: + class: Drupal\user\UserHandler + arguments: ['@module_handler', '@current_user']