From a9f02030a228698fad9592011df1eccde83b6b47 Mon Sep 17 00:00:00 2001
From: Md Nadim Hossain <getovic@gmail.com>
Date: Wed, 30 Oct 2024 12:29:31 +1100
Subject: [PATCH] [SD-375] Added dependency injection for request stack.

---
 .../src/Controller/TideTfaUserController.php  | 27 ++++++++++++++++---
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/modules/tide_tfa/src/Controller/TideTfaUserController.php b/modules/tide_tfa/src/Controller/TideTfaUserController.php
index 6a6fc6ba8..9b046f9ea 100644
--- a/modules/tide_tfa/src/Controller/TideTfaUserController.php
+++ b/modules/tide_tfa/src/Controller/TideTfaUserController.php
@@ -6,19 +6,38 @@
 use Drupal\prlp\Controller\PrlpController;
 use Drupal\tfa\Controller\TfaUserControllerBase;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * Custom controller to override the TfaUserControllerBase.
  */
 class TideTfaUserController extends TfaUserControllerBase {
 
+  /**
+   * The request stack service.
+   *
+   * @var \Symfony\Component\HttpFoundation\RequestStack
+   */
+  protected $requestStack;
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    // Get the parent instance with inherited dependencies.
+    $instance = parent::create($container);
+    $instance->requestStack = $container->get('request_stack');
+
+    return $instance;
+  }
+
   /**
    * {@inheritdoc}
    */
   public function doResetPassLogin($uid, $timestamp, $hash, $request = NULL) {
     // Ensure a valid request object.
     if (!$request) {
-      $request = \Drupal::request();
+      $request = $this->requestStack->getCurrentRequest();
     }
 
     // Check if the PRLP module is enabled.
@@ -41,8 +60,8 @@ public function doResetPassLogin($uid, $timestamp, $hash, $request = NULL) {
     $user = $this->userStorage->load($uid);
     $this->setUser($user);
 
-    // Let Drupal core deal with the one time login,
-    // if Tfa is not enabled or
+    // Let Drupal core deal with the one-time login,
+    // if TFA is not enabled or
     // current user can skip TFA while resetting password.
     if ($this->isTfaDisabled() || $this->canSkipPassReset()) {
       // Use PRLP's resetPassLogin instead of the core function.
@@ -76,7 +95,7 @@ public function doResetPassLogin($uid, $timestamp, $hash, $request = NULL) {
       if ($tfa_ready) {
         $this->session->migrate();
         $token = Crypt::randomBytesBase64(55);
-        $request ? $request->getSession()->set('pass_reset_' . $uid, $token) : $_SESSION['pass_reset_' . $uid] = $token;
+        $request->getSession()->set('pass_reset_' . $uid, $token);
 
         $this->logger->notice('User %name used one-time login link at time %timestamp.', [
           '%name' => $user->getDisplayName(),