Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Part of #1971384: [META] Convert page callbacks to controllers
Convert this page callback to a new-style Form object, using the instructions on http://drupal.org/node/1800686
Comment | File | Size | Author |
---|---|---|---|
#72 | user-reset-1998198-72.patch | 17.54 KB | tim.plunkett |
#72 | interdiff.txt | 1.91 KB | tim.plunkett |
Comments
Comment #1
Albert Volkman CreditAttribution: Albert Volkman commentedFirst pass.
Comment #2
tim.plunkettContains \Drupal
Missing ;
Whitespace
Missing create() and __construct
Should inject the entity manager and load from that
Inject config as well
return new RedirectResponse
This can stay as it was
Comment #4
Albert Volkman CreditAttribution: Albert Volkman commentedAddresses issues raised in #2 (I think).
Comment #6
dutchyodaComment #7
msmithcti CreditAttribution: msmithcti commentedThe following patch makes the controller implement FormInterface as well as ControllerInterface. Hopefully should get a few more tests passing however it still needs work getting things injected into the controller.
Comment #8
fubhy CreditAttribution: fubhy commentedGo bot.
Comment #9
fubhy CreditAttribution: fubhy commentedNo need to store the entity manager. All we need is the storage controller.
You can directly inject the storage controller here. We don't need the entity manager.
$container->get('plugin.manager.entity')->getStorageController('user'));
80 characters. Just use {@inheritdoc} please.
That variable should be named $account.
We can now inject t() (@see ModuleListForm for an example). Same applies to all other occurrences of t() in here.
Should use UrlGenerator::generateFromPath(). Same applies to all other occurrences of url() in here.
Should be called $user then ($account should always be the currently logged in account from the request imho).
Should use UserInterface::isActive()
Should use UserInterface::getLastLoginTime(). Same applies to all other occurrences of $account->login here. In general: Always use getter methods instead of accessing the properties directly.
Should use UserInterface::getPassword() and UserInterface::getLastLoginTime().
Should use $account->getUsername(). Same applies to all other occurrences of $account->name.
Instead of that you should probably implement a custom access check service.
We always try to avoid shortcuts. Let's use {hash} and {operation} for example.
Comment #10
msmithcti CreditAttribution: msmithcti commentedThanks @fubhy, I will hopefully take a look this week!
Comment #11
msmithcti CreditAttribution: msmithcti commentedThis implements the changes suggested by @fubhy (apart from the access checker for now) - plus I'm also injecting and using the user settings config service.
Hopefully this should be closer to passing!
Comment #13
msmithcti CreditAttribution: msmithcti commentedLet's try that again!
Comment #14
dawehnerformat_time() can now be replaced by the date service.
Afaik the proper codestyle for empty brackets are using a newline between them.
No need to keep this menu callback entry any longer.
Oh this change seems to be a in the wrong direction, as it uses the BC decorator instead of the proper methods on the account object.
Comment #15
msmithcti CreditAttribution: msmithcti commentedThis patch should clear up everything in #14, on the last point - that just ended up in there from the reroll and I've now made sure it's out of this patch.
Comment #16
dawehnerIt would be nice if you provide an interdiff, see https://drupal.org/documentation/git/interdiff
so it is easier to review again.
Instead of using the class directly you should better document the interface, which is Drupal\Core\Routing\PathBasedGeneratorInterface
You have to document all variables.
Comment #17
dawehnerComment #18
msmithcti CreditAttribution: msmithcti commentedThis should clear up some of the documentation issues. Should I convert the documentation for other classes to use the interface?
Comment #20
msmithcti CreditAttribution: msmithcti commented#18: 1998198-user-pass-reset-conversion-17.patch queued for re-testing.
Comment #21
dawehnerThis could reuse the FormBase in some places (getting the request/using t() instead of the translation manager directly)
Comment #22
msmithcti CreditAttribution: msmithcti commentedRerolled, using FormBase, switched PathBasedGeneratorInterface for UrlGeneratorInterface, as well as using generateFromRoute where possible.
Comment #24
disasm CreditAttribution: disasm commented#22: 1998198-user-pass-reset-conversion-21.patch queued for re-testing.
Comment #25
jibranDoc block needs update.
Do we need this?
This should be added to yml.
Comment #26
xjmThanks for your work on this issue! Please see #1971384-43: [META] Convert page callbacks to controllers for an update on the routing system conversion process.
Comment #27
disasm CreditAttribution: disasm commentedI'm partial to storing configFactory, and getting the particular config in the method. However; calling the config userConfig is better than some I've seen.
Comment #28
Albert Volkman CreditAttribution: Albert Volkman commented@jibran:
@disasm:
Done!
Comment #29
tim.plunkettSo, this isn't a standard drupal form. There are six different code paths, 4 of which are redirects, one is a 403, and the sixth is a "form" with a button that does redirect.
So I think that this needs to be cleaned up in this issue, because nowhere else that I know of do we have an empty submit button.
Comment #31
jibranThis doc block. :)
Comment #32
Albert Volkman CreditAttribution: Albert Volkman commentedSo, something like this?
Comment #34
disasm CreditAttribution: disasm commented@Albert Volkman please attach interdiff's to any changes you make. Makes it really hard to review without them.
Comment #35
disasm CreditAttribution: disasm commentedInterdiff is to #28. I don't think the approach in #32 was correct. Splitting buildForm into buildForm and submitForm. This negates the need of the $operation param, but leaving it to not break BC. This was tested and working with drush uli. Adding needs security review because, well this is the reset password link and changing something probably warrants a security review.
Comment #37
jibranWhy not use $this->url('') here.
Comment #38
disasm CreditAttribution: disasm commentedfixes ConfigFactory type hint.
Comment #40
willieseabrook CreditAttribution: willieseabrook commentedProceeding as part of drupal mentoring prague
Comment #41
willieseabrook CreditAttribution: willieseabrook commentedDidnt get time to make much progress
Comment #41.0
willieseabrook CreditAttribution: willieseabrook commentedLinking back to meta issue
Comment #42
pwolanin CreditAttribution: pwolanin commentedHere's a re-roll and fixes to align it with the existing code better. Need ot decide if we still want a GET request to work as it used to.
Comment #43
tim.plunkettYou don't need this, FormBase comes with a config() method
FormBase doesn't have a redirect() method, but this should use the FormBase::url() method
Comment #45
pwolanin CreditAttribution: pwolanin commentedOk, discussed with Crell. The form builder cannot return redirects, so we need to wrap this in a normal route controller and then render the form within that. Makes for a much cleaner separation of logic anyhow, rather than having all that crap in the form (that code was carried over from ancient Drupal versions).
Comment #46
pwolanin CreditAttribution: pwolanin commentedA little more cleanup of the form builder parameters and logic
Comment #47
dawehnerSo how did it worked before?
Comment #48
pwolanin CreditAttribution: pwolanin commented@dawehner - before it was also a _content controller wrapping drupal_get_form(), so it's just somehow when using _form it doesn't work.
Comment #49
pwolanin CreditAttribution: pwolanin commentedThis just removes the #action being hard-coded which is not required since we don't need to append the operation.
Note also that this patch changes the behavior in a subtle way. Previously, you could make a GET request to the URL with /login appended and get logged in.
Now, it actually must run through the whole form submit code path. I think this is a big improvement, since now modules could add additional validate or submit steps if desired.
Comment #50
pwolanin CreditAttribution: pwolanin commentedFeedback from dawehner in IRC: based on #2110643: ControllerBase::container() and FormBase::container() needs to be private we shouldn't invoke the container() method like:
This fixes that call using \Drupal, but opened an issue here to make it part of ControllerBase: #2166863: Add a formBuilder() method to ControllerBase
Comment #51
dawehnerTechnically this does also return redirect response objects
It would be helpful if we would explain here why the exception is thrown.
Comment #52
pwolanin CreditAttribution: pwolanin commentedThis patch fixes up the dependency injection, adds comments, and adds a test case for the reset link for a blocked user.
Comment #53
Les LimRe-rolled after #2166863: Add a formBuilder() method to ControllerBase. Instead of injecting \Drupal\Core\Form\FormBuilderInterface, we can use the formBuilder() method on ControllerBase.
Comment #54
Les LimAfter this initial conversion is resolved/committed, I'd like to hack on it some more in #75924: Include fields for resetting password on the one-time password reset page.
Comment #55
andypostSimple re-roll, patch looks great now!
Comment #57
andypostMissed in re-roll changed crypt
Comment #59
andypostproper patch
Comment #60
tim.plunkettReroll.
Comment #62
tkuldeep17 CreditAttribution: tkuldeep17 commentedRe-rolled patch..
Comment #63
tkuldeep17 CreditAttribution: tkuldeep17 commented@tim.plunket
user_cancel_form in
user.pages.inc
has to be converted into new style controller. It's issue has been closedhttps://drupal.org/node/1946466. So can here I submit patch for it ?Comment #64
xjm62: user-pass-1998198-62.patch queued for re-testing.
Comment #66
xjmComment #67
Albert Volkman CreditAttribution: Albert Volkman commentedPSR-4 re-roll.
Comment #68
rodrigoaguileraComment #69
andypostUser storage missed in docs
not sure about policy, but better to inject this services too
Comment #70
tim.plunkett1, yes
2, no need
Fixed watchdog usage.
Comment #71
jibranWe can make this one statement.
Could we wrap each bool statement in ()? Just for sanity. No one will ever touch this code again so this is the only chance to make it more readable.
Comment #72
tim.plunkettSure.
Comment #73
jibranThanks for the fixes.
Comment #74
alexpottCommitted f475171 and pushed to 8.x. Thanks!
Comment #76
damiankloip CreditAttribution: damiankloip commentedIsn't that a bit hacky? Shouldn't we redirect instead in this case?