Issue #2223631 by znerol: Use request stack in database flood backend.
parent
0f0edea2a3
commit
797c8de16b
|
@ -608,7 +608,7 @@ services:
|
|||
class: Drupal\Core\Transliteration\PHPTransliteration
|
||||
flood:
|
||||
class: Drupal\Core\Flood\DatabaseBackend
|
||||
arguments: ['@database', '@request']
|
||||
arguments: ['@database', '@request_stack']
|
||||
plugin.manager.mail:
|
||||
class: Drupal\Core\Mail\MailManager
|
||||
arguments: ['@container.namespaces', '@cache.default', '@language_manager', '@module_handler', '@config.factory']
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
namespace Drupal\Core\Flood;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Drupal\Core\Database\Connection;
|
||||
|
||||
/**
|
||||
|
@ -23,11 +23,11 @@ class DatabaseBackend implements FloodInterface {
|
|||
protected $connection;
|
||||
|
||||
/**
|
||||
* A request object.
|
||||
* The request stack.
|
||||
*
|
||||
* @var \Symfony\Component\HttpFoundation\Request
|
||||
* @var \Symfony\Component\HttpFoundation\RequestStack
|
||||
*/
|
||||
protected $request;
|
||||
protected $requestStack;
|
||||
|
||||
/**
|
||||
* Construct the DatabaseBackend.
|
||||
|
@ -35,12 +35,12 @@ class DatabaseBackend implements FloodInterface {
|
|||
* @param \Drupal\Core\Database\Connection $connection
|
||||
* The database connection which will be used to store the flood event
|
||||
* information.
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The HttpRequest object representing the current request.
|
||||
* @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
|
||||
* The request stack used to retrieve the current request.
|
||||
*/
|
||||
public function __construct(Connection $connection, Request $request) {
|
||||
public function __construct(Connection $connection, RequestStack $request_stack) {
|
||||
$this->connection = $connection;
|
||||
$this->request = $request;
|
||||
$this->requestStack = $request_stack;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -48,7 +48,7 @@ class DatabaseBackend implements FloodInterface {
|
|||
*/
|
||||
public function register($name, $window = 3600, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIp();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
$this->connection->insert('flood')
|
||||
->fields(array(
|
||||
|
@ -65,7 +65,7 @@ class DatabaseBackend implements FloodInterface {
|
|||
*/
|
||||
public function clear($name, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIp();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
$this->connection->delete('flood')
|
||||
->condition('event', $name)
|
||||
|
@ -78,7 +78,7 @@ class DatabaseBackend implements FloodInterface {
|
|||
*/
|
||||
public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIp();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
$number = $this->connection->select('flood', 'f')
|
||||
->condition('event', $name)
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
namespace Drupal\Core\Flood;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
|
||||
/**
|
||||
* Defines the memory flood backend. This is used for testing.
|
||||
|
@ -15,11 +15,11 @@ use Symfony\Component\HttpFoundation\Request;
|
|||
class MemoryBackend implements FloodInterface {
|
||||
|
||||
/**
|
||||
* A request object.
|
||||
* The request stack.
|
||||
*
|
||||
* @var \Symfony\Component\HttpFoundation\Request
|
||||
* @var \Symfony\Component\HttpFoundation\RequestStack
|
||||
*/
|
||||
protected $request;
|
||||
protected $requestStack;
|
||||
|
||||
/**
|
||||
* An array holding flood events, keyed by event name and identifier.
|
||||
|
@ -29,11 +29,11 @@ class MemoryBackend implements FloodInterface {
|
|||
/**
|
||||
* Construct the MemoryBackend.
|
||||
*
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* The HttpRequest object representing the current request.
|
||||
* @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
|
||||
* The request stack used to retrieve the current request.
|
||||
*/
|
||||
public function __construct(Request $request) {
|
||||
$this->request = $request;
|
||||
public function __construct(RequestStack $request_stack) {
|
||||
$this->requestStack = $request_stack;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -41,11 +41,11 @@ class MemoryBackend implements FloodInterface {
|
|||
*/
|
||||
public function register($name, $window = 3600, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIP();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
// We can't use REQUEST_TIME here, because that would not guarantee
|
||||
// uniqueness.
|
||||
$time = microtime(true);
|
||||
$time = microtime(TRUE);
|
||||
$this->events[$name][$identifier][$time + $window] = $time;
|
||||
}
|
||||
|
||||
|
@ -54,7 +54,7 @@ class MemoryBackend implements FloodInterface {
|
|||
*/
|
||||
public function clear($name, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIP();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
unset($this->events[$name][$identifier]);
|
||||
}
|
||||
|
@ -64,9 +64,9 @@ class MemoryBackend implements FloodInterface {
|
|||
*/
|
||||
public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) {
|
||||
if (!isset($identifier)) {
|
||||
$identifier = $this->request->getClientIP();
|
||||
$identifier = $this->requestStack->getCurrentRequest()->getClientIp();
|
||||
}
|
||||
$limit = microtime(true) - $window;
|
||||
$limit = microtime(TRUE) - $window;
|
||||
$number = count(array_filter($this->events[$name][$identifier], function ($timestamp) use ($limit) {
|
||||
return $timestamp > $limit;
|
||||
}));
|
||||
|
@ -83,7 +83,7 @@ class MemoryBackend implements FloodInterface {
|
|||
$this->events[$name][$identifier] = array_filter($timestamps, function () use (&$timestamps) {
|
||||
$expiration = key($timestamps);
|
||||
next($timestamps);
|
||||
return $expiration > microtime(true);
|
||||
return $expiration > microtime(TRUE);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,12 +16,8 @@ use Symfony\Component\HttpFoundation\Request;
|
|||
class FloodTest extends WebTestBase {
|
||||
|
||||
/**
|
||||
* The Request object that flood classes should use.
|
||||
*
|
||||
* @var \Symfony\Component\HttpFoundation\Request
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
protected $request;
|
||||
|
||||
public static function getInfo() {
|
||||
return array(
|
||||
'name' => 'Flood control mechanism',
|
||||
|
@ -30,19 +26,22 @@ class FloodTest extends WebTestBase {
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function setUp() {
|
||||
parent::setUp();
|
||||
|
||||
// Flood backends need a request object. Create a dummy one and insert it
|
||||
// to the container.
|
||||
$this->request = Request::createFromGlobals();
|
||||
$this->container->set('request', $this->request);
|
||||
$request = Request::createFromGlobals();
|
||||
$this->container->get('request_stack')->push($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test flood control mechanism clean-up.
|
||||
*/
|
||||
function testCleanUp() {
|
||||
public function testCleanUp() {
|
||||
$threshold = 1;
|
||||
$window_expired = -1;
|
||||
$name = 'flood_test_cleanup';
|
||||
|
@ -68,12 +67,13 @@ class FloodTest extends WebTestBase {
|
|||
/**
|
||||
* Test flood control memory backend.
|
||||
*/
|
||||
function testMemoryBackend() {
|
||||
public function testMemoryBackend() {
|
||||
$threshold = 1;
|
||||
$window_expired = -1;
|
||||
$name = 'flood_test_cleanup';
|
||||
|
||||
$flood = new \Drupal\Core\Flood\MemoryBackend($this->request);
|
||||
$request_stack = \Drupal::service('request_stack');
|
||||
$flood = new \Drupal\Core\Flood\MemoryBackend($request_stack);
|
||||
// Register expired event.
|
||||
$flood->register($name, $window_expired);
|
||||
// Verify event is not allowed.
|
||||
|
@ -90,4 +90,33 @@ class FloodTest extends WebTestBase {
|
|||
$flood->garbageCollection();
|
||||
$this->assertFalse($flood->isAllowed($name, $threshold));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test flood control database backend.
|
||||
*/
|
||||
public function testDatabaseBackend() {
|
||||
$threshold = 1;
|
||||
$window_expired = -1;
|
||||
$name = 'flood_test_cleanup';
|
||||
|
||||
$connection = \Drupal::service('database');
|
||||
$request_stack = \Drupal::service('request_stack');
|
||||
$flood = new \Drupal\Core\Flood\DatabaseBackend($connection, $request_stack);
|
||||
// Register expired event.
|
||||
$flood->register($name, $window_expired);
|
||||
// Verify event is not allowed.
|
||||
$this->assertFalse($flood->isAllowed($name, $threshold));
|
||||
// Run cron and verify event is now allowed.
|
||||
$flood->garbageCollection();
|
||||
$this->assertTrue($flood->isAllowed($name, $threshold));
|
||||
|
||||
// Register unexpired event.
|
||||
$flood->register($name);
|
||||
// Verify event is not allowed.
|
||||
$this->assertFalse($flood->isAllowed($name, $threshold));
|
||||
// Run cron and verify event is still not allowed.
|
||||
$flood->garbageCollection();
|
||||
$this->assertFalse($flood->isAllowed($name, $threshold));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue