From 17211d270761b3e82e8c61c5da0942302e315f22 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Tue, 16 Feb 2021 01:12:45 -0800
Subject: [PATCH] authx - Support Drupal 8 users+sessions

---
 ext/authx/Civi/Authx/Drupal8.php | 60 ++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 ext/authx/Civi/Authx/Drupal8.php

diff --git a/ext/authx/Civi/Authx/Drupal8.php b/ext/authx/Civi/Authx/Drupal8.php
new file mode 100644
index 0000000000..34debea936
--- /dev/null
+++ b/ext/authx/Civi/Authx/Drupal8.php
@@ -0,0 +1,60 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved.                        |
+ |                                                                    |
+ | This work is published under the GNU AGPLv3 license with some      |
+ | permitted exceptions and without any warranty. For full license    |
+ | and copyright information, see https://civicrm.org/licensing       |
+ +--------------------------------------------------------------------+
+ */
+
+namespace Civi\Authx;
+
+class Drupal8 implements AuthxInterface {
+
+  /**
+   * @inheritDoc
+   */
+  public function checkPassword(string $username, string $password) {
+    $uid = \Drupal::service('user.auth')->authenticate($username, $password);
+    // Ensure strict nullness.
+    return $uid ? $uid : NULL;
+  }
+
+  /**
+   * @inheritDoc
+   */
+  public function loginSession($userId) {
+    $user = user_load($userId);
+    user_login_finalize($user);
+  }
+
+  /**
+   * @inheritDoc
+   */
+  public function logoutSession() {
+    user_logout();
+  }
+
+  /**
+   * @inheritDoc
+   */
+  public function loginStateless($userId) {
+    $user = user_load($userId);
+    // In theory, we could use either account_switcher->switchTo() or current_user->setAccount().
+    // switchTo() sounds more conscientious, but setAccount() might be a more accurate rendition
+    // of "stateless login". At time of writing, there doesn't seem to be a compelling difference.
+    // But if you're looking at this line while investigating some bug... then maybe there is?
+    \Drupal::service('account_switcher')->switchTo($user);
+  }
+
+  /**
+   * @inheritDoc
+   */
+  public function getCurrentUserId() {
+    $user = \Drupal::currentUser();
+    return $user ? $user->getAccount()->id() : NULL;
+  }
+
+}
-- 
2.25.1