account = $account; $this->userStorage = $user_storage; $this->moduleHandler = $module_handler; $this->sessionManager = $session_manager; $this->session = $session; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container) { return new static( $container->get('current_user'), $container->get('entity.manager')->getStorage('user'), $container->get('module_handler'), $container->get('session_manager'), $container->get('session') ); } /** * Switches to a different user. * * We don't call session_save_session() because we really want to change users. * Usually unsafe! * * @param string $name * The username to switch to, or NULL to log out. * * @return \Symfony\Component\HttpFoundation\RedirectResponse * A redirect response object. * * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException */ public function switchUser($name = NULL) { if (empty($name) || !($account = $this->userStorage->loadByProperties(['name' => $name]))) { throw new AccessDeniedHttpException(); } $account = reset($account); // Call logout hooks when switching from original user. $this->moduleHandler->invokeAll('user_logout', [$this->account]); // Regenerate the session ID to prevent against session fixation attacks. $this->sessionManager->regenerate(); // Based off masquarade module as: // https://www.drupal.org/node/218104 doesn't stick and instead only // keeps context until redirect. $this->account->setAccount($account); $this->session->set('uid', $account->id()); // Call all login hooks when switching to masquerading user. $this->moduleHandler->invokeAll('user_login', [$account]); return $this->redirect(''); } }