Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2223631 by znerol: Use request stack in database flood backend.

8.0.x
Alex Pott 2014-04-07 09:35:41 +01:00
parent 0f0edea2a3
commit 797c8de16b
4 changed files with 65 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/core.services.yml
View File

@ -608,7 +608,7 @@ services:
class: Drupal\Core\Transliteration\PHPTransliteration class: Drupal\Core\Transliteration\PHPTransliteration
flood: flood:
class: Drupal\Core\Flood\DatabaseBackend class: Drupal\Core\Flood\DatabaseBackend
arguments: ['@database', '@request'] arguments: ['@database', '@request_stack']
plugin.manager.mail: plugin.manager.mail:
class: Drupal\Core\Mail\MailManager class: Drupal\Core\Mail\MailManager
arguments: ['@container.namespaces', '@cache.default', '@language_manager', '@module_handler', '@config.factory'] arguments: ['@container.namespaces', '@cache.default', '@language_manager', '@module_handler', '@config.factory']

22
core/lib/Drupal/Core/Flood/DatabaseBackend.php
View File

@ -7,7 +7,7 @@
namespace Drupal\Core\Flood; namespace Drupal\Core\Flood;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\RequestStack;
use Drupal\Core\Database\Connection; use Drupal\Core\Database\Connection;
/** /**
@ -23,11 +23,11 @@ class DatabaseBackend implements FloodInterface {
protected $connection; protected $connection;
/** /**
* A request object. * The request stack.
* *
* @var \Symfony\Component\HttpFoundation\Request * @var \Symfony\Component\HttpFoundation\RequestStack
*/ */
protected $request; protected $requestStack;
/** /**
* Construct the DatabaseBackend. * Construct the DatabaseBackend.
@ -35,12 +35,12 @@ class DatabaseBackend implements FloodInterface {
* @param \Drupal\Core\Database\Connection $connection * @param \Drupal\Core\Database\Connection $connection
* The database connection which will be used to store the flood event * The database connection which will be used to store the flood event
* information. * information.
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
* The HttpRequest object representing the current request. * The request stack used to retrieve the current request.
*/ */
public function __construct(Connection $connection, Request $request) { public function __construct(Connection $connection, RequestStack $request_stack) {
$this->connection = $connection; $this->connection = $connection;
$this->request = $request; $this->requestStack = $request_stack;
} }
/** /**
@ -48,7 +48,7 @@ class DatabaseBackend implements FloodInterface {
*/ */
public function register($name, $window = 3600, $identifier = NULL) { public function register($name, $window = 3600, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIp(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
$this->connection->insert('flood') $this->connection->insert('flood')
->fields(array( ->fields(array(
@ -65,7 +65,7 @@ class DatabaseBackend implements FloodInterface {
*/ */
public function clear($name, $identifier = NULL) { public function clear($name, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIp(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
$this->connection->delete('flood') $this->connection->delete('flood')
->condition('event', $name) ->condition('event', $name)
@ -78,7 +78,7 @@ class DatabaseBackend implements FloodInterface {
*/ */
public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) { public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIp(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
$number = $this->connection->select('flood', 'f') $number = $this->connection->select('flood', 'f')
->condition('event', $name) ->condition('event', $name)

28
core/lib/Drupal/Core/Flood/MemoryBackend.php
View File

@ -7,7 +7,7 @@
namespace Drupal\Core\Flood; namespace Drupal\Core\Flood;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\RequestStack;
/** /**
* Defines the memory flood backend. This is used for testing. * Defines the memory flood backend. This is used for testing.
@ -15,11 +15,11 @@ use Symfony\Component\HttpFoundation\Request;
class MemoryBackend implements FloodInterface { class MemoryBackend implements FloodInterface {
/** /**
* A request object. * The request stack.
* *
* @var \Symfony\Component\HttpFoundation\Request * @var \Symfony\Component\HttpFoundation\RequestStack
*/ */
protected $request; protected $requestStack;
/** /**
* An array holding flood events, keyed by event name and identifier. * An array holding flood events, keyed by event name and identifier.
@ -29,11 +29,11 @@ class MemoryBackend implements FloodInterface {
/** /**
* Construct the MemoryBackend. * Construct the MemoryBackend.
* *
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
* The HttpRequest object representing the current request. * The request stack used to retrieve the current request.
*/ */
public function __construct(Request $request) { public function __construct(RequestStack $request_stack) {
$this->request = $request; $this->requestStack = $request_stack;
} }
/** /**
@ -41,11 +41,11 @@ class MemoryBackend implements FloodInterface {
*/ */
public function register($name, $window = 3600, $identifier = NULL) { public function register($name, $window = 3600, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIP(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
// We can't use REQUEST_TIME here, because that would not guarantee // We can't use REQUEST_TIME here, because that would not guarantee
// uniqueness. // uniqueness.
$time = microtime(true); $time = microtime(TRUE);
$this->events[$name][$identifier][$time + $window] = $time; $this->events[$name][$identifier][$time + $window] = $time;
} }
@ -54,7 +54,7 @@ class MemoryBackend implements FloodInterface {
*/ */
public function clear($name, $identifier = NULL) { public function clear($name, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIP(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
unset($this->events[$name][$identifier]); unset($this->events[$name][$identifier]);
} }
@ -64,9 +64,9 @@ class MemoryBackend implements FloodInterface {
*/ */
public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) { public function isAllowed($name, $threshold, $window = 3600, $identifier = NULL) {
if (!isset($identifier)) { if (!isset($identifier)) {
$identifier = $this->request->getClientIP(); $identifier = $this->requestStack->getCurrentRequest()->getClientIp();
} }
$limit = microtime(true) - $window; $limit = microtime(TRUE) - $window;
$number = count(array_filter($this->events[$name][$identifier], function ($timestamp) use ($limit) { $number = count(array_filter($this->events[$name][$identifier], function ($timestamp) use ($limit) {
return $timestamp > $limit; return $timestamp > $limit;
})); }));
@ -83,7 +83,7 @@ class MemoryBackend implements FloodInterface {
$this->events[$name][$identifier] = array_filter($timestamps, function () use (&$timestamps) { $this->events[$name][$identifier] = array_filter($timestamps, function () use (&$timestamps) {
$expiration = key($timestamps); $expiration = key($timestamps);
next($timestamps); next($timestamps);
return $expiration > microtime(true); return $expiration > microtime(TRUE);
}); });
} }
} }

49
core/modules/system/lib/Drupal/system/Tests/System/FloodTest.php
View File

@ -16,12 +16,8 @@ use Symfony\Component\HttpFoundation\Request;
class FloodTest extends WebTestBase { class FloodTest extends WebTestBase {
/** /**
* The Request object that flood classes should use. * {@inheritdoc}
*
* @var \Symfony\Component\HttpFoundation\Request
*/ */
protected $request;
public static function getInfo() { public static function getInfo() {
return array( return array(
'name' => 'Flood control mechanism', 'name' => 'Flood control mechanism',
@ -30,19 +26,22 @@ class FloodTest extends WebTestBase {
); );
} }
/**
* {@inheritdoc}
*/
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
// Flood backends need a request object. Create a dummy one and insert it // Flood backends need a request object. Create a dummy one and insert it
// to the container. // to the container.
$this->request = Request::createFromGlobals(); $request = Request::createFromGlobals();
$this->container->set('request', $this->request); $this->container->get('request_stack')->push($request);
} }
/** /**
* Test flood control mechanism clean-up. * Test flood control mechanism clean-up.
*/ */
function testCleanUp() { public function testCleanUp() {
$threshold = 1; $threshold = 1;
$window_expired = -1; $window_expired = -1;
$name = 'flood_test_cleanup'; $name = 'flood_test_cleanup';
@ -68,12 +67,13 @@ class FloodTest extends WebTestBase {
/** /**
* Test flood control memory backend. * Test flood control memory backend.
*/ */
function testMemoryBackend() { public function testMemoryBackend() {
$threshold = 1; $threshold = 1;
$window_expired = -1; $window_expired = -1;
$name = 'flood_test_cleanup'; $name = 'flood_test_cleanup';
$flood = new \Drupal\Core\Flood\MemoryBackend($this->request); $request_stack = \Drupal::service('request_stack');
$flood = new \Drupal\Core\Flood\MemoryBackend($request_stack);
// Register expired event. // Register expired event.
$flood->register($name, $window_expired); $flood->register($name, $window_expired);
// Verify event is not allowed. // Verify event is not allowed.
@ -90,4 +90,33 @@ class FloodTest extends WebTestBase {
$flood->garbageCollection(); $flood->garbageCollection();
$this->assertFalse($flood->isAllowed($name, $threshold)); $this->assertFalse($flood->isAllowed($name, $threshold));
} }
/**
* Test flood control database backend.
*/
public function testDatabaseBackend() {
$threshold = 1;
$window_expired = -1;
$name = 'flood_test_cleanup';
$connection = \Drupal::service('database');
$request_stack = \Drupal::service('request_stack');
$flood = new \Drupal\Core\Flood\DatabaseBackend($connection, $request_stack);
// Register expired event.
$flood->register($name, $window_expired);
// Verify event is not allowed.
$this->assertFalse($flood->isAllowed($name, $threshold));
// Run cron and verify event is now allowed.
$flood->garbageCollection();
$this->assertTrue($flood->isAllowed($name, $threshold));
// Register unexpired event.
$flood->register($name);
// Verify event is not allowed.
$this->assertFalse($flood->isAllowed($name, $threshold));
// Run cron and verify event is still not allowed.
$flood->garbageCollection();
$this->assertFalse($flood->isAllowed($name, $threshold));
}
} }