diff --git a/core/core.services.yml b/core/core.services.yml index e8b6464e8bc..246f75bfedc 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -460,9 +460,9 @@ services: arguments: ['@state'] csrf_token: class: Drupal\Core\Access\CsrfTokenGenerator - arguments: ['@private_key'] + arguments: ['@private_key', '@settings'] calls: - - [setCurrentUser, ['@?current_user']] + - [setCurrentUser, ['@?current_user=']] access_manager: class: Drupal\Core\Access\AccessManager arguments: ['@router.route_provider', '@url_generator', '@paramconverter_manager'] diff --git a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php index 527fffda38c..b7441b9295b 100644 --- a/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php +++ b/core/lib/Drupal/Core/Access/CsrfTokenGenerator.php @@ -8,6 +8,7 @@ namespace Drupal\Core\Access; use Drupal\Component\Utility\Crypt; +use Drupal\Component\Utility\Settings; use Drupal\Core\PrivateKey; use Drupal\Core\Session\AccountInterface; @@ -32,14 +33,24 @@ class CsrfTokenGenerator { */ protected $currentUser; + /** + * The settings instance. + * + * @var \Drupal\Component\Utility\Settings + */ + protected $settings; + /** * Constructs the token generator. * * @param \Drupal\Core\PrivateKey $private_key * The private key service. + * @param \Drupal\Component\Utility\Settings $settings + * The settings instance. */ - public function __construct(PrivateKey $private_key) { + public function __construct(PrivateKey $private_key, Settings $settings) { $this->privateKey = $private_key; + $this->settings = $settings; } /** @@ -72,7 +83,7 @@ class CsrfTokenGenerator { * @see drupal_session_start() */ public function get($value = '') { - return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . drupal_get_hash_salt()); + return Crypt::hmacBase64($value, session_id() . $this->privateKey->get() . $this->settings->get('hash_salt')); } /** diff --git a/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php b/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php index 766d6413275..26428dc91f4 100644 --- a/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php +++ b/core/tests/Drupal/Tests/Core/Access/CsrfTokenGeneratorTest.php @@ -5,12 +5,12 @@ * Contains \Drupal\Tests\Core\Access\CsrfTokenGeneratorTest. */ -namespace Drupal\Tests\Core\Access { +namespace Drupal\Tests\Core\Access; use Drupal\Tests\UnitTestCase; use Drupal\Core\Access\CsrfTokenGenerator; use Drupal\Component\Utility\Crypt; -use Symfony\Component\HttpFoundation\Request; +use Drupal\Component\Utility\Settings; /** * Tests the CSRF token generator. @@ -48,7 +48,7 @@ class CsrfTokenGeneratorTest extends UnitTestCase { ->method('get') ->will($this->returnValue($this->key)); - $this->generator = new CsrfTokenGenerator($private_key); + $this->generator = new CsrfTokenGenerator($private_key, new Settings(array('hash_salt' => 'test'))); } /** @@ -153,16 +153,3 @@ class CsrfTokenGeneratorTest extends UnitTestCase { } } - -} - -/** - * @todo Remove this when https://drupal.org/node/2036259 is resolved. - */ -namespace { - if (!function_exists('drupal_get_hash_salt')) { - function drupal_get_hash_salt() { - return hash('sha256', 'test_hash_salt'); - } - } -}