prevent_unsafe_login-8.x-1.x-dev/prevent_unsafe_login.module

<?php
/**
 * Prevent unsafe login module file.
 */

use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;

/**
 * Implements hook_form_alter().
 */
function prevent_unsafe_login_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  if ($form_id === 'user_login_form') {
    if (Drupal::request()->getScheme() !== 'https') {
      foreach (Element::children($form) as $key) {
        $form['#disabled'] = TRUE;
      }
      $form['prevent_unsafe_login'] = [
        '#type' => 'fieldset',
        '#weight' => -999,
        'text' => [
          '#type' => 'markup',
          '#title' => t('Unsafe login forbidden'),
          '#markup' => t('It is forbidden to send login data over a non-https connection. Please request a one-time-login link or login using <em>drush uli</em>.'),
          // Work around
          // https://www.drupal.org/project/prevent_unsafe_login/issues/3181250
          '#id' => 'prevent-unsafe-login',
          '#parents' => [],
        ],
      ];
    }
    $form['#cache']['contexts'][] = 'url.site.scheme__prevent_unsafe_login';
  }
}

/**
 * Implements hook_module_implements_alter().
 *
 * Move our form alter to the end of the list.
 */
function prevent_unsafe_login_module_implements_alter(&$implementations, $hook) {
  if ($hook == 'form_alter') {
    $group = $implementations['prevent_unsafe_login'];
    unset($implementations['prevent_unsafe_login']);
    $implementations['prevent_unsafe_login'] = $group;
  }
}