Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Drupal 8 rest custom login resource, return session data to build cookie in frontend, missing csrf (can be obtained at /rest/session/token). !!! This is a POST resource, so '$ drush cr', enable resource, and add a permission for anonymous role.
<?php
namespace Drupal\exp_fs\Plugin\rest\resource;
use Drupal\Core\Session\AccountProxyInterface;
use Drupal\rest\ModifiedResourceResponse;
use Drupal\rest\Plugin\ResourceBase;
use Drupal\rest\ResourceResponse;
use Psr\Log\LoggerInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Drupal\Core\Session\SessionManagerInterface;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Password\PasswordInterface;
/**
* Provides a POST login resource.
*
* @RestResource(
* id = "custom_login_resource",
* label = @Translation("Custom login resource"),
* uri_paths = {
* "https://www.drupal.org/link-relations/create" = "/custom/login"
* }
* )
*/
class CustomLoginResource extends ResourceBase {
/**
* A current user instance.
*
* @var \Drupal\Core\Session\AccountProxyInterface
*/
protected $currentUser;
protected $sessionManager;
protected $moduleHandler;
protected $password;
/**
* Constructs a new CustomLoginResource object.
*
* @param array $configuration
* A configuration array containing information about the plugin instance.
* @param string $plugin_id
* The plugin_id for the plugin instance.
* @param mixed $plugin_definition
* The plugin implementation definition.
* @param array $serializer_formats
* The available serialization formats.
* @param \Psr\Log\LoggerInterface $logger
* A logger instance.
* @param \Drupal\Core\Session\AccountProxyInterface $current_user
* A current user instance.
*/
public function __construct(
array $configuration,
$plugin_id,
$plugin_definition,
array $serializer_formats,
LoggerInterface $logger,
AccountProxyInterface $current_user,
SessionManagerInterface $session_manager,
ModuleHandlerInterface $module_handler,
PasswordInterface $password) {
parent::__construct($configuration, $plugin_id, $plugin_definition, $serializer_formats, $logger);
$this->currentUser = $current_user;
$this->sessionManager = $session_manager;
$this->moduleHandler = $module_handler;
$this->password = $password;
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
return new static(
$configuration,
$plugin_id,
$plugin_definition,
$container->getParameter('serializer.formats'),
$container->get('logger.factory')->get('exp_fs'),
$container->get('current_user'),
$container->get('session_manager'),
$container->get('module_handler'),
$container->get('password')
);
}
/**
* Responds to POST requests.
*
* @return \Drupal\rest\ModifiedResourceResponse
* The HTTP response object.
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
* Throws exception expected.
*/
public function post($data) {
$pass_check = FALSE;
$name = $data['name'];
$pass = $data['pass'];
$account = user_load_by_name(trim($name));
if ($account) {
$pass_check = $this->password->check(trim($pass), $account->getPassword());
}
else {
$body = [
'error' => 'Wrong username and/or password.'
];
}
if ($pass_check == FALSE) {
$body = [
'error' => 'Wrong username and/or password..'
];
}
else {
$session = \Drupal::service('session');
$session->migrate();
$session->set('uid', $account->id());
$this->moduleHandler->invokeAll('user_login', [$account]);
user_login_finalize($account);
$sess_name = $this->sessionManager->getName();
$sess_id = $this->sessionManager->getId();
$body = [
'sess_name' => $sess_name,
'sess_id' => $sess_id,
'current_user' => [
'name' => $account->getAccountName(),
'uid' => $account->id(),
'roles' => $account->getRoles()
]
];
}
return new ModifiedResourceResponse($body, 200);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.